Social and Behavioral Sciences Commons^™

Cybercrime And The 2012 London Olympics, Denis Edgar-Nevill

Annual ADFSL Conference on Digital Forensics, Security and Law

The London 2012 Olympics is just three years away and the clock is ticking to put in place plans get it right. The potential for cybercrime to cause harm during this event is very great; harm to national reputation, harm to the reputation to the Olympic movement, and harm to individuals competing, watching or officiating. This paper considers the need to address these risks by taking a look at what has happened in the past at sporting events and the rising wave of electronic security threats and fraud facilitated by computers at recent Olympics. The problems for law enforcement are …

Methodology For Investigating Individuals Online Social Networking Persona, Jonathan T. Rajewski

Annual ADFSL Conference on Digital Forensics, Security and Law

When investigators from either the private or public sector review digital data surrounding a case for evidentiary value, they typically conduct a systematic categorization process to identify the relevant digital devices. Armed with the proper methodology to accomplish this task, investigators can quickly recognize the appropriate digital devices for forensic processing and review. This paper purposes a methodology for investigating an individual’s online social networking persona.

Keywords: Social Networking, Web 2.0, Internet Investigations, Online Social Networking Community

Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper describes a student project examining mechanisms with which to attack Bluetooth-enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two attack tools, Bloover II and BT Info.

Keywords: Bluetooth hacking, mobile phone hacking, wireless hacking

Concerning File Slack, Stephen P. Larson

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we discuss the phenomena known as file slack. File slack is created each time a file is created on a hard disk, and can contain private or confidential data. Unfortunately, the methods used by Microsoft Windows operating systems to organize and save files require file slack, and users have no control over what data is saved in file slack. This document will help create awareness about the security issue of file slack and discuss research results concerning file slack.

Keywords : Computer Forensics, File Slack, Ram Slack, Disk Slack

The Computer Fraud And Abuse Act And The Law Of Unintended Consequences, Milton Luoma, Vicki Luoma

Annual ADFSL Conference on Digital Forensics, Security and Law

One of the most unanticipated results of the Computer Fraud and Abuse Act arose from the law of unintended consequences. The CFAA was originally enacted in 1984 to protect federal government computers from intrusions and damage caused by hackers, identity thieves, and other cyber criminals. The law was later amended to extend the scope of its application to financial institutions’, business’s and consumers’ computers. To aid in the pursuit of cyber criminals, one of the subsequent revisions to the law included provision “G” that gave the right to private parties to seek compensation for damages in a civil action for …

Why Are We Not Getting Better At Data Disposal?, Andy Jones

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper describes two sets of research, the first of which has been carried out over a period of four years into the levels and types of information that can be found on computer hard disks that are offered for sale on the second hand market. The second research project examined a number of second-hand hand held devices including PDAs, mobile (cell) phones and RIM Blackberry devices. The primary purpose of this research was to gain an understanding of the reasons for the failure to effectively remove potentially sensitive information from the disks and handheld devices. Other objectives included determining …

Don’T Touch That! And Other E-Discovery Issues, Linda Volonino

Annual ADFSL Conference on Digital Forensics, Security and Law

The ability to preserve and access electronically stored information (ESI) took on greater urgency when amendments to the Federal Rules of Civil Procedure went into effect in December 2006. These amendments, referred to as the electronic discovery (e-discovery) amendments, focus on the discovery phase of civil litigation, audits, or investigations. Discovery is the investigative phase of a legal case when opponents learn what evidence is available and how accessible it is. When ESI is the subject of discovery, it is called e-discovery. Recognizing that most business and personal records and communications are electronic, Judge Shira A. Scheindlin stated, "We used …

Analysis Of The ‘Db’ Windows Registry Data Structure, Damir Kahvedžić, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

The Windows Registry stores a wide variety of data representing a host of different user properties, settings and program information. The data structures used by the registry are designed to be adaptable to store these differences in a simple format. In this paper we will highlight the existence of a rare data structure that is used to store a large amount of data within the registry hives. We analyse the manner in which this data structure stores its data and the implications that it may have on evidence retrieval and digital investigation. In particular, we reveal that the three of …

Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi

Annual ADFSL Conference on Digital Forensics, Security and Law

Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …

Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns

Annual ADFSL Conference on Digital Forensics, Security and Law

Forensics and information technology (IT) have become increasingly important to accountants and auditors. Undergraduate accounting students are introduced to general IT topics but discussion of forensic knowledge is limited. A few schools have introduced an undergraduate major in forensic accounting. Some graduate schools offer accounting students an emphasis in forensic or fraud accounting that includes instruction in forensics and information technology. When students do not view the IT topics as being equally important to their careers as traditional accounting topics, these attitudes may reduce the quality of the course. In an effort to assess student attitudes, a survey of 46 …

Visualization Of Honeypot Data Using Graphviz And Afterglow, Craig Valli

Annual ADFSL Conference on Digital Forensics, Security and Law

This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.

Keywords: honeypot, network forensics, visualization, Graphviz, Afterglow