Open Access. Powered by Scholars. Published by Universities.®
Social and Behavioral Sciences Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Forensic analysis (3)
- Digital evidence (2)
- Digital forensics (2)
- Accreditation (1)
- CD-R media (1)
-
- Certification (1)
- Cryptographic hash functions (1)
- Education (1)
- FAT12 file system (1)
- Forensic investigation (1)
- Gaming console (1)
- Linux system forensics (1)
- Mac OS X forensics (1)
- Macintosh computers (1)
- One-way hashing (1)
- Parallels (1)
- Plug computers (1)
- Secure deletion (1)
- Sony PlayStation 3 (1)
- Sony Playstation Portable (1)
- Trace evidence (1)
- VMware (1)
- Virtual machine (1)
- Virtualization (1)
- Windows XP (1)
- Xbox consoles (1)
Articles 1 - 10 of 10
Full-Text Articles in Social and Behavioral Sciences
Educating The Next Generation Of Cyberforensic Professionals, Mark Pollitt, Philip Craiger
Educating The Next Generation Of Cyberforensic Professionals, Mark Pollitt, Philip Craiger
J. Philip Craiger, Ph.D.
This paper provides a historical overview of the development of cyberforensics as a scientific discipline, along with a description of the current state of training, educational programs, certification and accreditation. The paper traces the origins of cyberforensics, the acceptance of cyberforensics as a forensic science and its recognition as a component of information security. It also discusses the development of professional certification and standardized bodies of knowledge that have had a substantial impact on the discipline. Finally, it discusses the accreditation of cyberforensic educational programs, its linkage with the bodies of knowledge and its effect on cyberforensic educational programs.
Forensic Analysis Of Plug Computers, Scott Conrad, Greg Dorn, Philip Craiger
Forensic Analysis Of Plug Computers, Scott Conrad, Greg Dorn, Philip Craiger
J. Philip Craiger, Ph.D.
A plug computer is essentially a cross between an embedded computer and a traditional computer, and with many of the same capabilities. However, the architecture of a plug computer makes it difficult to apply commonly used digital forensic methods. This paper describes methods for extracting and analyzing digital evidence. from plug computers. Two popular plug computer models are examined, the SheevaPlug and the Pogoplug
Forensic Analysis Of A Playstation 3 Console, Scott Conrad, Greg Dorn, Philip Craiger
Forensic Analysis Of A Playstation 3 Console, Scott Conrad, Greg Dorn, Philip Craiger
J. Philip Craiger, Ph.D.
The Sony PlayStation 3 (PS3) is a powerful gaming console that supports Internet-related activities, local file storage and the playing of Blu-ray movies. The PS3 also allows users to partition and install a secondary operating system on the hard drive. This “desktop-like” functionality along with the encryption of the primary hard drive containing the gaming software raises significant issues related to the forensic analysis of PS3 systems. This paper discusses the PS3 architecture and behavior, and provides recommendations for conducting forensic investigations of PS3 systems.
Forensic Analysis Of The Sony Playstation Portable, Scott Conrad, Carlos Rodriguez, Chris Marberry, Philip Craiger
Forensic Analysis Of The Sony Playstation Portable, Scott Conrad, Carlos Rodriguez, Chris Marberry, Philip Craiger
J. Philip Craiger, Ph.D.
The Sony PlayStation Portable (PSP) is a popular portable gaming device with features such as wireless Internet access and image, music and movie playback. As with most systems built around a processor and storage, the PSP can be used for purposes other than it was originally intended – legal as well as illegal. This paper discusses the features of the PSP browser and suggests best practices for extracting digital evidence.
Analyzing The Impact Of A Virtual Machine On A Host Machine, Greg Dorn, Chris Marberry, Scott Conrad, Philip Craiger
Analyzing The Impact Of A Virtual Machine On A Host Machine, Greg Dorn, Chris Marberry, Scott Conrad, Philip Craiger
J. Philip Craiger, Ph.D.
As virtualization becomes more prevalent in the enterprise and in personal computing, there is a great need to understand the technology as well as its ramifications for recovering digital evidence. This paper focuses on trace evidence related to the installation and execution of virtual machines (VMs) on a host machine. It provides useful information regarding the types and locations of files installed by VM applications, the processes created by running VMs and the structure and identity of VMs, ancillary files and associated artifacts
Factors Affecting One-Way Hashing Of Cd-R Media, Christopher Marberry, Philip Craiger
Factors Affecting One-Way Hashing Of Cd-R Media, Christopher Marberry, Philip Craiger
J. Philip Craiger, Ph.D.
While conducting a validation study of proficiency test media we found that applying the same hash algorithm against a single CD using different forensic applications resulted in different hash values. We formulated a series of experiments to determine the cause of the anomalous hash values. Our results suggest that certain write options cause forensic applications to report different hash values. We examine the possible consequences of these anomalies in legal proceedings and provide best practices for the use of hashing procedures.
Forensic Analysis Of Xbox Consoles, Paul Burke, Philip Craiger
Forensic Analysis Of Xbox Consoles, Paul Burke, Philip Craiger
J. Philip Craiger, Ph.D.
Microsoft’s Xbox game console can be modified to run additional operating systems, enabling it to store gigabytes of non-game related files and run various computer services. Little has been published, however, on procedures for determining whether or not an Xbox console has been modified, for creating a forensic duplicate, and for conducting a forensic investigation. Given the growing popularity of Xbox systems, it is important to understand how to identify, image and examine these devices while reducing the potential of corrupting the media. This paper discusses Xbox forensics and provides a set of forensically-sound procedures for analyzing Xbox consoles.
Mac Os X Forensics, Philip Craiger, Paul Burke
Mac Os X Forensics, Philip Craiger, Paul Burke
J. Philip Craiger, Ph.D.
This paper describes procedures for conducting forensic examinations of Apple Macs running Mac OS X. The target disk mode is used to create a forensic duplicate of a Mac hard drive and preview it. Procedures are discussed for recovering evidence from allocated space, unallocated space, slack space and virtual memory. Furthermore, procedures are described for recovering trace evidence from Mac OS X default email, web browser and instant messaging applications, as well as evidence pertaining to commands executed from a terminal.
Assessing Trace Evidence Left By Secure Deletion Programs, Paul Burke, Philip Craiger
Assessing Trace Evidence Left By Secure Deletion Programs, Paul Burke, Philip Craiger
J. Philip Craiger, Ph.D.
Secure deletion programs purport to permanently erase files from digital media. These programs are used by businesses and individuals to remove sensitive information from media, and by criminals to remove evidence of the tools or fruits of illegal activities. This paper focuses on the trace evidence left by secure deletion programs. In particular, five Windows-based secure deletion programs are tested to determine if they leave identifiable signatures after deleting a file. The results show that the majority of the programs leave identifiable signatures. Moreover, some of the programs do not completely erase file metadata, which enables forensic investigators to extract …
Recovering Digital Evidence From Linux Systems, Philip Craiger
Recovering Digital Evidence From Linux Systems, Philip Craiger
J. Philip Craiger, Ph.D.
As Linux-kernel-based operating systems proliferate there will be an inevitable increase in Linux systems that law enforcement agents must process in criminal investigations. The skills and expertise required to recover evidence from Microsoft-Windows-based systems do not necessarily translate to Linux systems. This paper discusses digital forensic procedures for recovering evidence from Linux systems. In particular, it presents methods for identifying and recovering deleted files from disk and volatile memory, identifying notable and Trojan files, finding hidden files, and finding files with renamed extensions. All the procedures are accomplished using Linux command line utilities and require no special or commercial tools.