Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 17 of 17
Full-Text Articles in Law
The Survey On Cross-Border Collection Of Digital Evidence By Representatives From Polish Prosecutors’ Offices And Judicial Authorities, Paweł Olber Dr
The Survey On Cross-Border Collection Of Digital Evidence By Representatives From Polish Prosecutors’ Offices And Judicial Authorities, Paweł Olber Dr
Journal of Digital Forensics, Security and Law
Dynamic development of IT technology poses new challenges related to the cross-border collection of electronic evidence from the cloud. Many times investigators need to secure data stored on foreign servers directly and then look for solutions on how to turn the data into a legitimate source of evidence. To study the situation and propose solutions, I conducted a survey among Polish representatives of public prosecutors' offices and courts. This paper presents information from digital evidence collection practices across multiple jurisdictions. I stated that representatives from the prosecution and the judiciary in Poland are aware of the issues associated with cross-border …
A Two-Stage Model For Social Network Investigations In Digital Forensics, Anne David, Sarah Morris, Gareth Appleby-Thomas
A Two-Stage Model For Social Network Investigations In Digital Forensics, Anne David, Sarah Morris, Gareth Appleby-Thomas
Journal of Digital Forensics, Security and Law
This paper proposes a two-stage model for identifying and contextualizing features from artefacts created as a result of social networking activity. This technique can be useful in digital investigations and is based on understanding and the deconstruction of the processes that take place prior to, during and after user activity; this includes corroborating artefacts. Digital Investigations are becoming more complex due to factors such as, the volume of data to be examined; different data formats; a wide range of sources for digital evidence; the volatility of data and the limitations of some of the standard digital forensic tools. This paper …
A Forensic Enabled Data Provenance Model For Public Cloud, Shariful Haque, Travis Atkison
A Forensic Enabled Data Provenance Model For Public Cloud, Shariful Haque, Travis Atkison
Journal of Digital Forensics, Security and Law
Cloud computing is a newly emerging technology where storage, computation and services are extensively shared among a large number of users through virtualization and distributed computing. This technology makes the process of detecting the physical location or ownership of a particular piece of data even more complicated. As a result, improvements in data provenance techniques became necessary. Provenance refers to the record describing the origin and other historical information about a piece of data. An advanced data provenance system will give forensic investigators a transparent idea about the data's lineage, and help to resolve disputes over controversial pieces of data …
Protecting Digital Evidence Integrity And Preserving Chain Of Custody, Makhdoom Syed Muhammad Baqir Shah, Shahzad Saleem, Roha Zulqarnain
Protecting Digital Evidence Integrity And Preserving Chain Of Custody, Makhdoom Syed Muhammad Baqir Shah, Shahzad Saleem, Roha Zulqarnain
Journal of Digital Forensics, Security and Law
Evidence is the key to solve any crime. Evidence integrity needs to be protected in order to make it admissible in the court of law. Digital evidence is more revealing, but it is fragile; it can easily be tampered with or modified. There are different techniques available to protect the integrity of digital evidence. Different automated digital evidence acquisition tools are available in the market. In this paper, we have analyzed two automated tools (EnCase and FTK Imager) that are used for disk imaging. These tools claim to protect the integrity of digital evidence. The techniques used by these tools …
Digital Forensics In Law Enforcement: A Needs Based Analysis Of Indiana Agencies, Teri A. Cummins Flory
Digital Forensics In Law Enforcement: A Needs Based Analysis Of Indiana Agencies, Teri A. Cummins Flory
Journal of Digital Forensics, Security and Law
Cyber crime is a growing problem, with the impact to society increasing exponentially, but the ability of local law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear. Many national needs assessments have previously been conducted, and all indicated that state and local law enforcement did not have the training, tools, or staff to effectively conduct digital investigations, but very few have been completed recently. This study provided a current and localized assessment of the ability of Indiana law enforcement agencies to effectively investigate crimes involving digital evidence, the availability of training for both law enforcement …
Understanding Computer Forensics Requirements In China Via The “Panda Burning Incense” Virus Case, Frank Law, K. P. Chow, Y. H. Mai
Understanding Computer Forensics Requirements In China Via The “Panda Burning Incense” Virus Case, Frank Law, K. P. Chow, Y. H. Mai
Journal of Digital Forensics, Security and Law
In March 2012, Mainland China has amended its Criminal Procedure Law, which includes the introduction of a new type of evidence, i.e., digital evidence, to the court of law. To better understand the development of computer forensics and digital evidence in Mainland China, this paper discusses the Chinese legal system in relation to digital investigation and how the current legal requirements affect the existing legal and technical usage of digital evidence at legal proceedings. Through studying the famous “Panda Burning Incense (Worm.WhBoy.cw)” virus case that happened in 2007, this paper aims to provide a better understanding of how to properly …
Leveraging Decentralization To Extend The Digital Evidence Acquisition Window: Case Study On Bittorrent Sync, Mark Scanlon, Jason Farina, Nhien A. Khac, Tahar Kechadi
Leveraging Decentralization To Extend The Digital Evidence Acquisition Window: Case Study On Bittorrent Sync, Mark Scanlon, Jason Farina, Nhien A. Khac, Tahar Kechadi
Journal of Digital Forensics, Security and Law
File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today’s always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect’s computer or mobile device. A methodology for the identification, investigation, recovery and verification …
Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera
Relating Admissibility Standards For Digital Evidence To Attack Scenario Reconstruction, Changwei Liu, Anoop Singhal, Duminda Wijesekera
Journal of Digital Forensics, Security and Law
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct …
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Quantifying Relevance Of Mobile Digital Evidence As They Relate To Case Types: A Survey And A Guide For Best Practice, Shahzad Saleem, Ibrahim Baggili, Oliver Popov
Journal of Digital Forensics, Security and Law
In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a dataset of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant type …
System-Generated Digital Forensic Evidence In Graphic Design Applications, Enos Mabuto, Hein Venter
System-Generated Digital Forensic Evidence In Graphic Design Applications, Enos Mabuto, Hein Venter
Journal of Digital Forensics, Security and Law
Graphic design applications are often used for the editing and design of digital art. The same applications can be used for creating counterfeit documents such as identity documents (IDs), driver’s licences, passports, etc. However, the use of any graphic design application leaves behind traces of digital information that can be used during a digital forensic investigation. Current digital forensic tools examine a system to find digital evidence, but they do not examine a system specifically for the creating of counterfeit documents created through the use of graphic design applications. The paper in hand reviews the system-generated digital forensic evidence gathered …
Pandora’S Email Box? An Exploratory Study Of Web-Based Email Forgery Detection And Validation., Richard Boddington, Grant Boxall, Jeremy Ardley
Pandora’S Email Box? An Exploratory Study Of Web-Based Email Forgery Detection And Validation., Richard Boddington, Grant Boxall, Jeremy Ardley
Journal of Digital Forensics, Security and Law
Web based email systems may be a source of pristine digital evidence because of the perceived difficulty of client tampering with messages stored inside the email account. We demonstrate that such assumption is wrong in the case of Windows Live Hotmail®1 . Windows Live Mail®1 synchronises message on client-side computers with the Hotmail® server, benefiting users wishing to synchronise their email accounts and personal devices. However, this synchronisation opens an exploit for wrongdoers to tamper with existing email messages and attachments as well as facilitating the insertion of fabricated messages. The exploit process enables persistent storage of tampered and fabricated …
Extraction Of Electronic Evidence From Voip: Identification & Analysis Of Digital Speech, David Irwin, Arek Dadej, Jill Slay
Extraction Of Electronic Evidence From Voip: Identification & Analysis Of Digital Speech, David Irwin, Arek Dadej, Jill Slay
Journal of Digital Forensics, Security and Law
The Voice over Internet Protocol (VoIP) is increasing in popularity as a cost effective and efficient means of making telephone calls via the Internet. However, VoIP may also be an attractive method of communication to criminals as their true identity may be hidden and voice and video communications are encrypted as they are deployed across the Internet. This produces a new set of challenges for forensic analysts compared with traditional wire-tapping of the Public Switched Telephone Network (PSTN) infrastructure, which is not applicable to VoIP. Therefore, other methods of recovering electronic evidence from VoIP are required. This research investigates the …
Extraction Of Electronic Evidence From Voip: Forensic Analysis Of A Virtual Hard Disk Vs Ram, David Irwin, Jill Slay, Arek Dadej, Malcolm Shore
Extraction Of Electronic Evidence From Voip: Forensic Analysis Of A Virtual Hard Disk Vs Ram, David Irwin, Jill Slay, Arek Dadej, Malcolm Shore
Journal of Digital Forensics, Security and Law
The popularity of Voice over the Internet Protocol (VoIP) is increasing as the cost savings and ease of use is realised by a wide range of home and corporate users. However, the technology is also attractive to criminals. This is because VoIP is a global telephony service, in which it is difficult to verify the user’s identification. The security of placing such calls may also be appealing to criminals, as many implementations use strong encryption to secure both the voice payload as well as to control messages making monitoring such VoIP calls difficult since conventional methods such as wire-tapping is …
Judges’ Awareness, Understanding, And Application Of Digital Evidence, Gary C. Kessler
Judges’ Awareness, Understanding, And Application Of Digital Evidence, Gary C. Kessler
Journal of Digital Forensics, Security and Law
As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence. This paper describes a recent study, using grounded theory methods, into judges’ awareness, knowledge, and perceptions of digital evidence. This study is the …
Solid State Drives: The Beginning Of The End For Current Practice In Digital Forensic Recovery?, Graeme B. Bell, Richard Boddington
Solid State Drives: The Beginning Of The End For Current Practice In Digital Forensic Recovery?, Graeme B. Bell, Richard Boddington
Journal of Digital Forensics, Security and Law
Digital evidence is increasingly relied upon in computer forensic examinations and legal proceedings in the modern courtroom. The primary storage technology used for digital information has remained constant over the last two decades, in the form of the magnetic disc. Consequently, investigative, forensic, and judicial procedures are well-established for magnetic disc storage devices (Carrier, 2005). However, a paradigm shift has taken place in technology storage and complex, transistor-based devices for primary storage are now increasingly common. Most people are aware of the transition from portable magnetic floppy discs to portable USB transistor flash devices, yet the transition from magnetic hard …
Developing A Process Model For The Forensic Extraction Of Information From Desktop Search, Timothy Pavlic, Jill Slay, Benjamin Turnbull
Developing A Process Model For The Forensic Extraction Of Information From Desktop Search, Timothy Pavlic, Jill Slay, Benjamin Turnbull
Journal of Digital Forensics, Security and Law
Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of …
Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota
Computer Forensics Field Triage Process Model, Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, Steve Debrota
Journal of Digital Forensics, Security and Law
With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time - measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it to the lab, making a forensic image(s), and then searching the entire system for potential evidence, is no longer appropriate in some circumstances. In cases such as child abductions, pedophiles, missing or exploited persons, time is of the essence. In …