Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Privacy (3)
- Computer Forensics (2)
- Data disposal (2)
- Data recovery (2)
- Digital Forensics (2)
-
- Digital forensics (2)
- Electronic data destruction (2)
- Access control (1)
- Analysis (1)
- Bayesian Network (1)
- Civil Procedure (1)
- Computer forensics (1)
- Computer law (1)
- Computer security (1)
- Confusion Matrix (1)
- Crash Reconstruction (1)
- Data (1)
- Data Mining (1)
- Data hiding (1)
- Data protection Act (1)
- Decision Tree (1)
- Desktop search (1)
- Digital Examiner (1)
- Digital evidence (1)
- Disk analysis (1)
- EnCase (1)
- Event Data Recorder (1)
- Evidence Production (1)
- Extraction technique (1)
- FTK (1)
- Publication
- Publication Type
Articles 1 - 30 of 40
Full-Text Articles in Computer Law
The Cyber-Workplace – Identifying Liability Issues In The Information Age And Managing E-Risk, Nigel Wilson
The Cyber-Workplace – Identifying Liability Issues In The Information Age And Managing E-Risk, Nigel Wilson
Annual ADFSL Conference on Digital Forensics, Security and Law
The information age provides numerous opportunities for modern society but also presents significant challenges in identifying liability issues and in managing risk. Technological change has occurred rapidly and is continuing at the same time as other major trends and changes are taking place in society and, in particular, in the workplace. The prospect of global liability and the complexity of jurisdictional differences present a considerable hurdle to the uniform regulation of liability issues. General legislation and legal principles have been readily applied to the cyber-world and to modern business practices and the workplace. Where necessary, legislatures have introduced specific legislation …
Data Mining Techniques For Fraud Detection, Rekha Bhowmik
Data Mining Techniques For Fraud Detection, Rekha Bhowmik
Annual ADFSL Conference on Digital Forensics, Security and Law
The paper presents application of data mining techniques to fraud analysis. We present some classification and prediction data mining techniques which we consider important to handle fraud detection. There exist a number of data mining algorithms and we present statistics-based algorithm, decision tree-based algorithm and rule-based algorithm. We present Bayesian classification model to detect fraud in automobile insurance. Naïve Bayesian visualization is selected to analyze and interpret the classifier predictions. We illustrate how ROC curves can be deployed for model assessment in order to provide a more intuitive analysis of the models.
Keywords: Data Mining, Decision Tree, Bayesian Network, ROC …
Simple - Rethinking The Monolithic Approach To Digital Forensic Software, Craig Valli
Simple - Rethinking The Monolithic Approach To Digital Forensic Software, Craig Valli
Annual ADFSL Conference on Digital Forensics, Security and Law
This paper outlines a collaborative project nearing completion between the sec.au Security Research Group at Edith Cowan University and Western Australian Police Computer Crime Squad. The primary goal of this project is to create a software tool for use by non-technical law enforcement officers during the initial investigation and assessment of an electronic crime scene. This tool will be designed as an initial response tool, to quickly and easily find, view and export any relevant files stored on a computer, establishing if further expert investigation of that computer is warranted. When fully developed, the tool will allow investigators unprecedented real …
How Virtualized Environments Affect Computer Forensics, Diane Barrett
How Virtualized Environments Affect Computer Forensics, Diane Barrett
Annual ADFSL Conference on Digital Forensics, Security and Law
Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will describe the …
The Virtual Digital Forensics Lab - Expanding Law Enforcement Capabilities, Mark Mccoy, Sean A. Ensz
The Virtual Digital Forensics Lab - Expanding Law Enforcement Capabilities, Mark Mccoy, Sean A. Ensz
Annual ADFSL Conference on Digital Forensics, Security and Law
Law enforcement is attempting to respond to the growing and complex need to examine all manner of digital evidence using stand-alone forensic workstations and limited storage solutions. Digital forensic investigators often find their cases stalled by cumbersome and inflexible technology limiting their effectiveness. The Virtual Digital Forensics Lab (VDFL) is a new concept that applies existing enterprise host, storage, and network virtualization technologies to current forensic investigative methods. This paper details the concept of the VDFL, the technology solutions it employs, and the flexibility it provides for digital forensic investigators.
Keywords: Virtual Digital Forensics, digital forensic investigations, law enforcement, virtual …
Digital Forensic Certification Versus Forensic Science Certification, Nena Lim
Digital Forensic Certification Versus Forensic Science Certification, Nena Lim
Annual ADFSL Conference on Digital Forensics, Security and Law
Companies often rely on certifications to select appropriate individuals in disciplines such as accounting and engineering. The general public also tends to have confidence in a professional who has some kinds of certification because certification implies a standard of excellence and that the individual has expert knowledge in a specific discipline. An interesting question to the digital forensic community is: How is a digital forensic certification compared to a forensic science certification? The objective of this paper is to compare the requirements of a digital forensic certification to those of a forensic science certification. Results of the comparison shed lights …
The 2007 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland
The 2007 Analysis Of Information Remaining On Disks Offered For Sale On The Second Hand Market, Andy Jones, Craig Valli, Glenn S. Dardick, Iain Sutherland
Journal of Digital Forensics, Security and Law
All organisations, whether in the public or private sector, increasingly use computers and other devices that contain computer hard disks for the storage and processing of information relating to their business, their employees or their customers. Individual home users also increasingly use computers and other devices containing computer hard disks for the storage and processing of information relating to their private, personal affairs. It continues to be clear that the majority of organisations and individual home users still remain ignorant or misinformed of the volume and type of information that is stored on the hard disks that these devices contain …
Steganography: Forensic, Security, And Legal Issues, Merrill Warkentin, Ernst Bekkering, Mark B. Schmidt
Steganography: Forensic, Security, And Legal Issues, Merrill Warkentin, Ernst Bekkering, Mark B. Schmidt
Journal of Digital Forensics, Security and Law
Steganography has long been regarded as a tool used for illicit and destructive purposes such as crime and warfare. Currently, digital tools are widely available to ordinary computer users also. Steganography software allows both illicit and legitimate users to hide messages so that they will not be detected in transit. This article provides a brief history of steganography, discusses the current status in the computer age, and relates this to forensic, security, and legal issues. The paper concludes with recommendations for digital forensics investigators, IT staff, individual users, and other stakeholders.
Book Review: Challenges To Digital Forensic Evidence, Gary C. Kessler
Book Review: Challenges To Digital Forensic Evidence, Gary C. Kessler
Journal of Digital Forensics, Security and Law
This issue presents the fifth Book Review column for the JDFSL. It is an experiment to broaden the services that the journal provides to readers, so we are anxious to get your reaction. Is the column useful and interesting? Should we include more than one review per issue? Should we also review products? Do you have suggested books/products for review and/or do you want to write a review? All of this type of feedback -- and more -- is appreciated. Please feel free to send comments to Gary Kessler (gary.kessler@champlain.edu) or Glenn S. Dardick (gdardick@dardick.net).
Developing A Process Model For The Forensic Extraction Of Information From Desktop Search, Timothy Pavlic, Jill Slay, Benjamin Turnbull
Developing A Process Model For The Forensic Extraction Of Information From Desktop Search, Timothy Pavlic, Jill Slay, Benjamin Turnbull
Journal of Digital Forensics, Security and Law
Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of …
The Forensics Aspects Of Event Data Recorders, Jeremy S. Daily, Nathan Singleton, Elizabeth Downing, Gavin W. Manes
The Forensics Aspects Of Event Data Recorders, Jeremy S. Daily, Nathan Singleton, Elizabeth Downing, Gavin W. Manes
Journal of Digital Forensics, Security and Law
The proper generation and preservation of digital data from Event Data Recorders (EDRs) can provide invaluable evidence to automobile crash reconstruction investigations. However, data collected from the EDR can be difficult to use and authenticate, complicating the presentation of such information as evidence in legal proceedings. Indeed, current techniques for removing and preserving such data do not meet the court’s standards for electronic evidence. Experimentation with an EDR unit from a 2001 GMC Sierra pickup truck highlighted particular issues with repeatability of results. Fortunately, advances in the digital forensics field and memory technology can be applied to EDR analysis in …
Data Mining Techniques In Fraud Detection, Rekha Bhowmik
Data Mining Techniques In Fraud Detection, Rekha Bhowmik
Journal of Digital Forensics, Security and Law
The paper presents application of data mining techniques to fraud analysis. We present some classification and prediction data mining techniques which we consider important to handle fraud detection. There exist a number of data mining algorithms and we present statistics-based algorithm, decision treebased algorithm and rule-based algorithm. We present Bayesian classification model to detect fraud in automobile insurance. Naïve Bayesian visualization is selected to analyze and interpret the classifier predictions. We illustrate how ROC curves can be deployed for model assessment in order to provide a more intuitive analysis of the models.
To License Or Not To License: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea
To License Or Not To License: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea
Journal of Digital Forensics, Security and Law
In this paper the authors examine statutes that regulate, license, and enforce investigative functions in each US state. After identification and review of Private Investigator licensing requirements, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners. After contacting all state agencies the authors present a distinct grouping organizing state approaches to professional Digital Examiner licensing. The authors conclude that states must differentiate between Private Investigator and Digital Examiner licensing requirements and oversight.
An Evaluation Of Windows-Based Computer Forensics Application Software Running On A Macintosh, Gregory H. Carlton
An Evaluation Of Windows-Based Computer Forensics Application Software Running On A Macintosh, Gregory H. Carlton
Journal of Digital Forensics, Security and Law
The two most common computer forensics applications perform exclusively on Microsoft Windows Operating Systems, yet contemporary computer forensics examinations frequently encounter one or more of the three most common operating system environments, namely Windows, OS-X, or some form of UNIX or Linux. Additionally, government and private computer forensics laboratories frequently encounter budget constraints that limit their access to computer hardware. Currently, Macintosh computer systems are marketed with the ability to accommodate these three common operating system environments, including Windows XP in native and virtual environments. We performed a series of experiments to measure the functionality and performance of the two …
Book Review: Guide To Computer Forensics And Investigations (3rd Ed.), Keyu Jiang, Ruifeng Xuan
Book Review: Guide To Computer Forensics And Investigations (3rd Ed.), Keyu Jiang, Ruifeng Xuan
Journal of Digital Forensics, Security and Law
No abstract provided.
Remote Forensics May Bring The Next Sea Change In E-Discovery: Are All Networked Computers Now Readily Accessible Under The Revised Federal Rules Of Civil Procedure?, Joseph J. Schwerha, Scott Inch
Remote Forensics May Bring The Next Sea Change In E-Discovery: Are All Networked Computers Now Readily Accessible Under The Revised Federal Rules Of Civil Procedure?, Joseph J. Schwerha, Scott Inch
Journal of Digital Forensics, Security and Law
The recent amendments to Rule 26 of the Federal Rules of Civil Procedure created a two-tiered approach to discovery of electronically stored information (“ESI”). Responding parties must produce ESI that is relevant, not subject to privilege, and reasonably accessible. However, because some methods of storing ESI, such as on magnetic backup tapes and within enormous databases, require substantial cost to access and search their contents, the rules permit parties to designate those repositories as “not reasonably accessible” because of undue burden or cost. But even despite the difficulty in searching for ESI, the party’s duty to preserve potentially responsive evidence …
Trends In Virtualized User Environments, Diane Barrett
Trends In Virtualized User Environments, Diane Barrett
Journal of Digital Forensics, Security and Law
Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will explain how …
Extraction And Categorisation Of User Activity From Windows Restore Points, Damir Kahvedžić, Tahar Kechadi
Extraction And Categorisation Of User Activity From Windows Restore Points, Damir Kahvedžić, Tahar Kechadi
Journal of Digital Forensics, Security and Law
The extraction of the user activity is one of the main goals in the analysis of digital evidence. In this paper we present a methodology for extracting this activity by comparing multiple Restore Points found in the Windows XP operating system. The registry copies represent a snapshot of the state of the system at a certain point in time. Differences between them can reveal user activity from one instant to another. The algorithms for comparing the hives and interpreting the results are of high complexity. We develop an approach that takes into account the nature of the investigation and the …