Legal Studies Commons^™

Preliminary Forensic Analysis Of The Xbox One, Jason Moore, Ibrahim Baggili, Andrew Marrington, Armindo Rodrigues

Electrical & Computer Engineering and Computer Science Faculty Publications

Video game consoles can no longer be viewed as just gaming consoles but rather as full multimedia machines, capable of desktop computer-like performance. The past has shown that game consoles have been used in criminal activities such as extortion, identity theft, and child pornography, but with their ever-increasing capabilities, the likelihood of the expansion of criminal activities conducted on or over the consoles increases. This research aimed to take the initial step of understanding the Xbox One, the most powerful Microsoft console to date. We report the outcome of conducting a forensic examination of the Xbox One, and we provide …

Testing The Forensic Soundness Of Forensic Examination Environments On Bootable Media, Ahmed F.A.L. Mohamed, Andrew Marrington, Farkhund Iqbal, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we experimentally examine the forensic soundness of the use of forensic bootable CD/DVDs as forensic examination environments. Several Linux distributions with bootable CD/DVDs which are marketed as forensic examination environments are used to perform a forensic analysis of a captured computer system. Before and after the bootable CD/DVD examination, the computer system's hard disk is removed and a forensic image acquired by a second system using a hardware write blocker. The images acquired before and after the bootable CD/DVD examination are hashed and the hash values compared. Where the hash values are inconsistent, a differential analysis is …

On The Database Lookup Problem Of Approximate Matching, Frank Breitinger, Harald Baier, Douglas White

Electrical & Computer Engineering and Computer Science Faculty Publications

Investigating seized devices within digital forensics gets more and more difficult due to the increasing amount of data. Hence, a common procedure uses automated file identification which reduces the amount of data an investigator has to look at by hand. Besides identifying exact duplicates, which is mostly solved using cryptographic hash functions, it is also helpful to detect similar data by applying approximate matching.

Let x denote the number of digests in a database, then the lookup for a single similarity digest has the complexity of O(x). In other words, the digest has to be compared against …

Life (Logical Ios Forensics Examiner): An Open Source Ios Backup Forensics Examination Tool, Ibrahim Baggili, Shadi Al Awawdeh, Jason Moore

Electrical & Computer Engineering and Computer Science Faculty Publications

In this paper, we present LiFE (Logical iOS Forensics Examiner), an open source iOS backup forensics examination tool. This tool helps both researchers and practitioners alike in both understanding the backup structures of iOS devices and forensically examining iOS backups. The tool is currently capable of parsing device information, call history, voice messages, GPS locations, conversations, notes, images, address books, calendar entries, SMS messages, Aux locations, facebook data and e-mails. The tool consists of both a manual interface (where the user is able to manually examine the backup structures) and an automated examination interface (where the tool pulls out evidence …

Volume 06, Kristen Gains, Amanda Willis, Holly Backer, Monika Gutierrez, Cara O'Neal, Sara Nelson, Sasha Silberman, Jessica Beardsley, Jamie Gardner, Edward Peeples, Matthew Sakach, Tess Lione, Emily Wilkins, Kelsey Holt, Jessica Page, Jamie Clift, Charles Vancampen, Gilbert Hall, Jenny Nehrt, Kasey Dye, Amanda Tharp, Jamie Leeuwrik, Ashley Mcgee, Emily Poulin, Michael Kropf, Nick Pastore, Austin Polasky, Morgan Glasco, Laura L. Kahler, Melinda L. Edwards, Brandon C. Smith, Mariah Asbell, Cabell Edmunds, Amelia D. Perry, Alyssa Hayes, Irina Boothe, Perry Bason, James Early

Incite: The Journal of Undergraduate Scholarship

Introduction from Dean Dr. Charles Ross

Caught Between Folklore and the Cold War: The Americanization of Russian Children's Literature by Kristen Gains

Graphic Design by Amanda Willis

Graphic Design by Holly Backer

Prejudices in Swiss German Accents by Monika Gutierrez

Photography by Cara O'Neal

Photography by Sara Nelson

Edmund Tyrone's Long Journey through Night by Sasha Silberman

Photography by Jessica Beardsley

Photography by Jamie Gardner and Edward Peeples

The Republican Razor: The Guillotine as a Symbol of Equality by Jamie Clift

Graphic Design by Matthew Sakach

Genocide: The Lasting Effects of Gender Stratification in Rwanda By Tess Lione and Emily …

Asymmetric Empirical Similarity, Joshua C. Teitelbaum

Georgetown Law Faculty Publications and Other Works

The paper offers a formal model of analogical legal reasoning and takes the model to data. Under the model, the outcome of a new case is a weighted average of the outcomes of prior cases. The weights capture precedential influence and depend on fact similarity (distance in fact space) and precedential authority (position in the judicial hierarchy). The empirical analysis suggests that the model is a plausible model for the time series of U.S. maritime salvage cases. Moreover, the results evince that prior cases decided by inferior courts have less influence than prior cases decided by superior courts.

Identification Of Characteristic Volatile Organic Compounds Released During The Decomposition Process Of Human Remains And Analogues, Norma Iris Caraballo

FIU Electronic Theses and Dissertations

The manner in which remains decompose has been and is currently being researched around the world, yet little is still known about the generated scent of death. In fact, it was not until the Casey Anthony trial that research on the odor released from decomposing remains, and the compounds that it is comprised of, was brought to light. The Anthony trial marked the first admission of human decomposition odor as forensic evidence into the court of law; however, it was not “ready for prime time” as the scientific research on the scent of death is still in its infancy.

This …

File Detection On Network Traffic Using Approximate Matching, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

In recent years, Internet technologies changed enormously and allow faster Internet connections, higher data rates and mobile usage. Hence, it is possible to send huge amounts of data / files easily which is often used by insiders or attackers to steal intellectual property. As a consequence, data leakage prevention systems (DLPS) have been developed which analyze network traffic and alert in case of a data leak. Although the overall concepts of the detection techniques are known, the systems are mostly closed and commercial. Within this paper we present a new technique for network traffic analysis based on approximate matching (a.k.a …

Automated Evaluation Of Approximate Matching Algorithms On Real Data, Frank Breitinger, Vassil Roussev

Electrical & Computer Engineering and Computer Science Faculty Publications

Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to screen and analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similarrepresentations.

Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages and evaluation methodology is still evolving. Broadly, prior approaches have …

An Efficient Similarity Digests Database Lookup -- A Logarithmic Divide And Conquer Approach, Frank Breitinger, Christian Rathgeb, Harald Baier

Electrical & Computer Engineering and Computer Science Faculty Publications

Investigating seized devices within digital forensics represents a challenging task due to the increasing amount of data. Common procedures utilize automated file identification, which reduces the amount of data an investigator has to examine manually. In the past years the research field of approximate matching arises to detect similar data. However, if n denotes the number of similarity digests in a database, then the lookup for a single similarity digest is of complexity of O(n). This paper presents a concept to extend existing approximate matching algorithms, which reduces the lookup complexity from O(n) to O(log(n)). Our proposed approach is based …

Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practices, Shahzad Saleem, Ibrahim Baggili, Oliver Popov

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a data set of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant …

Educating The Next Generation Of Cyberforensic Professionals, Mark Pollitt, Philip Craiger

Publications

This paper provides a historical overview of the development of cyberforensics as a scientific discipline, along with a description of the current state of training, educational programs, certification and accreditation. The paper traces the origins of cyberforensics, the acceptance of cyberforensics as a forensic science and its recognition as a component of information security. It also discusses the development of professional certification and standardized bodies of knowledge that have had a substantial impact on the discipline. Finally, it discusses the accreditation of cyberforensic educational programs, its linkage with the bodies of knowledge and its effect on cyberforensic educational programs.