Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Information Security

Institution
Keyword
Publication Year
Publication
Publication Type

Articles 1 - 30 of 767

Full-Text Articles in Law

An Economical Method For Securely Disintegrating Solid-State Drives Using Blenders, Brandon J. Hopkins Phd, Kevin A. Riggle Jul 2021

An Economical Method For Securely Disintegrating Solid-State Drives Using Blenders, Brandon J. Hopkins Phd, Kevin A. Riggle

Journal of Digital Forensics, Security and Law

Pulverizing solid-state drives (SSDs) down to particles no larger than 2 mm is required by the United States National Security Agency (NSA) to ensure the highest level of data security, but commercial disintegrators that achieve this standard are large, heavy, costly, and often difficult to access globally. Here, we present a portable, inexpensive, and accessible method of pulverizing SSDs using a household blender and other readily available materials. We verify this approach by pulverizing SSDs with a variety of household blenders for fixed periods of time and sieve the resulting powder to ensure appropriate particle size. Among the 6 household ...


Viability Of Consumer Grade Hardware For Learning Computer Forensics Principles, Lazaro A. Herrera Apr 2021

Viability Of Consumer Grade Hardware For Learning Computer Forensics Principles, Lazaro A. Herrera

Journal of Digital Forensics, Security and Law

We propose utilizing budget consumer hardware and software to teach computer forensics principles and for non-case work, research and developing new techniques. Consumer grade hardware and free / open source software is more easily accessible in most developing markets and can be used as a first purchase for education, technique development and even when developing new techniques. These techniques should allow for small forensics laboratories or classroom settings to have the tooling and framework for trying existing forensics techniques or creating new forensics techniques on consumer grade hardware. We'll be testing how viable each individual piece of hardware is as ...


Technological Tethereds: Potential Impact Of Untrustworthy Artificial Intelligence In Criminal Justice Risk Assessment Instruments, Sonia M. Gipson Rankin Apr 2021

Technological Tethereds: Potential Impact Of Untrustworthy Artificial Intelligence In Criminal Justice Risk Assessment Instruments, Sonia M. Gipson Rankin

Faculty Scholarship

Issues of racial inequality and violence are front and center in today’s society, as are issues surrounding artificial intelligence (AI). This Article, written by a law professor who is also a computer scientist, takes a deep dive into understanding how and why hacked and rogue AI creates unlawful and unfair outcomes, particularly for persons of color.

Black Americans are disproportionally featured in criminal justice, and their stories are obfuscated. The seemingly endless back-to-back murders of George Floyd, Breonna Taylor, and Ahmaud Arbery, and heartbreakingly countless others have finally shaken the United States from its slumbering journey towards intentional criminal ...


Identification Of Lsb Image Steganography Using Cover Image Comparisons, Michael Pelosi, Chuck Easttom Feb 2021

Identification Of Lsb Image Steganography Using Cover Image Comparisons, Michael Pelosi, Chuck Easttom

Journal of Digital Forensics, Security and Law

Steganography has long been used to counter forensic investigation. This use of steganography as an anti-forensics technique is becoming more widespread. This requires forensic examiners to have additional tools to more effectively detect steganography. In this paper we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of LSB image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. This technique is embodied in a software implementation named CounterSteg. The CounterSteg software allows detailed analysis and comparison of both the original cover image ...


Backup And Recovery Mechanisms Of Cassandra Database: A Review, Karina Bohora, Amol Bothe, Damini Sheth, Rupali Chopade, V. K. Pachghare Feb 2021

Backup And Recovery Mechanisms Of Cassandra Database: A Review, Karina Bohora, Amol Bothe, Damini Sheth, Rupali Chopade, V. K. Pachghare

Journal of Digital Forensics, Security and Law

Cassandra is a NoSQL database having a peer-to-peer, ring-type architecture. Cassandra offers fault-tolerance, data replication for higher availability as well as ensures no single point of failure. Given that Cassandra is a NoSQL database, it is evident that it lacks the amount of research that has gone into comparatively older and more widely and broadly used SQL databases. Cassandra’s growing popularity in recent times gives rise to the need of addressing any security-related or recovery-related concerns associated with its usage. This review paper discusses the existing deletion mechanism in Cassandra and presents some identified issues related to backup and ...


Social Media User Relationship Framework (Smurf), Anne David, Sarah Morris, Gareth Appleby-Thomas Feb 2021

Social Media User Relationship Framework (Smurf), Anne David, Sarah Morris, Gareth Appleby-Thomas

Journal of Digital Forensics, Security and Law

The use of social media has spread through many aspects of society, allowing millions of individuals, corporate as well as government entities to leverage the opportunities it affords. These opportunities often end up being exploited by a small percentage of the user community who use it for objectionable or unlawful activities; for example, trolling, cyber bullying, grooming, luring. In some cases, these unlawful activities result in investigations where swift retrieval of critical evidence required in order to save a life.

This paper presents a proof of concept (PoC) framework for social media user attribution. The framework aims to provide digital ...


Law Library Blog (January 2021): Legal Beagle's Blog Archive, Roger Williams University School Of Law Jan 2021

Law Library Blog (January 2021): Legal Beagle's Blog Archive, Roger Williams University School Of Law

Law Library Newsletters/Blog

No abstract provided.


An Analysis Of Technological Components In Relation To Privacy In A Smart City, Kayla Rutherford, Ben Lands, A. J. Stiles Nov 2020

An Analysis Of Technological Components In Relation To Privacy In A Smart City, Kayla Rutherford, Ben Lands, A. J. Stiles

James Madison Undergraduate Research Journal (JMURJ)

A smart city is an interconnection of technological components that store, process, and wirelessly transmit information to enhance the efficiency of applications and the individuals who use those applications. Over the course of the 21st century, it is expected that an overwhelming majority of the world’s population will live in urban areas and that the number of wireless devices will increase. The resulting increase in wireless data transmission means that the privacy of data will be increasingly at risk. This paper uses a holistic problem-solving approach to evaluate the security challenges posed by the technological components that make up ...


Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools, Ian M. Kennedy, Blaine Price, Arosha Bandara Oct 2020

Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools, Ian M. Kennedy, Blaine Price, Arosha Bandara

Journal of Digital Forensics, Security and Law

Following a series of high profile miscarriages of justice in the UK linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008. The main objective of this role is to improve the standard of practitioner competences and forensic procedures. One of the key strategies deployed to achieve this is the push to incorporate a greater level of scientific conduct in the various fields of forensic practice. Currently there is no statutory requirement for practitioners to become accredited to continue working with the Criminal Justice System of England and Wales. However, the Forensic Science Regulator ...


A Forensic First Look At A Pos Device: Searching For Pci Dss Data Storage Violations, Stephen Larson, James Jones, Jim Swauger Oct 2020

A Forensic First Look At A Pos Device: Searching For Pci Dss Data Storage Violations, Stephen Larson, James Jones, Jim Swauger

Journal of Digital Forensics, Security and Law

According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in about 14% of the 2,216 data breaches in 2017 (Verizon, 2018). These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system which is ubiquitous in smaller retail stores and restaurants. An attempt to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data were be made. Persistent storage (flash memory chips) were removed from the devices and their ...


The Internet Never Forgets: Image-Based Sexual Abuse And The Workplace, John Schriner, Melody Lee Rood Oct 2020

The Internet Never Forgets: Image-Based Sexual Abuse And The Workplace, John Schriner, Melody Lee Rood

Publications and Research

Image-based sexual abuse (IBSA), commonly known as revenge pornography, is a type of cyberharassment that often results in detrimental effects to an individual's career and livelihood. Although there exists valuable research concerning cyberharassment in the workplace generally, there is little written about specifically IBSA and the workplace. This chapter examines current academic research on IBSA, the issues with defining this type of abuse, victim blaming, workplace policy, and challenges to victim-survivors' redress. The authors explore monetary motivation for websites that host revenge pornography and unpack how the dark web presents new challenges to seeking justice. Additionally, this chapter presents ...


Revisiting The Law Of Confidence In Singapore And A Proposal For A New Tort Of Misuse Of Private Information, Cheng Lim Saw, Zheng Wen Samuel Chan, Wen Min Chai Oct 2020

Revisiting The Law Of Confidence In Singapore And A Proposal For A New Tort Of Misuse Of Private Information, Cheng Lim Saw, Zheng Wen Samuel Chan, Wen Min Chai

Research Collection School Of Law

This article critically examines the recent Court of Appeal decision in I-Admin (Singapore) Pte Ltd v Hong Ying Ting [2020] 1 SLR 1130 and its implications for the law of confidence. The article begins by setting out the decision at first instance, and then on appeal. It argues that the Court of Appeal’s “modified approach” fails to meaningfully engage the plaintiff ’s wrongful gain interest and places the law’s emphasis primarily, if not wholly, on the plaintiff ’s wrongful loss interest. The new framework also appears to have been influenced by English jurisprudence, which has had a long ...


Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik Sep 2020

Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik

Research Collection School Of Law

This chapter discusses the hearing of essential and urgent court matters in the Singapore courts during the COVID-19 pandemic. On 27 march 2020, the Singapore judiciary notified courst users that remote hearings were to be implemented for certain types of hearings by means of video and telephone conferencing facilities. Court users were also provided with indicative lists of matters which might be considered essential and urgent.


Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik Sep 2020

Coronavirus: Pandemics, Artificial Intelligence And Personal Data: How To Manage Pandemics Using Ai And What That Means For Personal Data Protection, Warren B. Chik

Research Collection School Of Law

This chapter discusses the hearing of essential and urgent court matters in the Singapore courts during the COVID-19 pandemic. On 27 march 2020, the Singapore judiciary notified courst users that remote hearings were to be implemented for certain types of hearings by means of video and telephone conferencing facilities. Court users were also provided with indicative lists of matters which might be considered essential and urgent.


Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips Aug 2020

Cryptography, Passwords, Privacy, And The Fifth Amendment, Gary C. Kessler, Ann M. Phillips

Journal of Digital Forensics, Security and Law

Military-grade cryptography has been widely available at no cost for personal and commercial use since the early 1990s. Since the introduction of Pretty Good Privacy (PGP), more and more people encrypt files and devices, and we are now at the point where our smartphones are encrypted by default. While this ostensibly provides users with a high degree of privacy, compelling a user to provide a password has been interpreted by some courts as a violation of our Fifth Amendment protections, becoming an often insurmountable hurdle to law enforcement lawfully executing a search warrant. This paper will explore some of the ...


A Two-Stage Model For Social Network Investigations In Digital Forensics, Anne David, Sarah Morris, Gareth Appleby-Thomas Aug 2020

A Two-Stage Model For Social Network Investigations In Digital Forensics, Anne David, Sarah Morris, Gareth Appleby-Thomas

Journal of Digital Forensics, Security and Law

This paper proposes a two-stage model for identifying and contextualizing features from artefacts created as a result of social networking activity. This technique can be useful in digital investigations and is based on understanding and the deconstruction of the processes that take place prior to, during and after user activity; this includes corroborating artefacts. Digital Investigations are becoming more complex due to factors such as, the volume of data to be examined; different data formats; a wide range of sources for digital evidence; the volatility of data and the limitations of some of the standard digital forensic tools. This paper ...


Should Judges Have A Duty Of Tech Competence?, John G. Browning Jul 2020

Should Judges Have A Duty Of Tech Competence?, John G. Browning

St. Mary's Journal on Legal Malpractice & Ethics

In an era in which lawyers are increasingly held to a higher standard of “tech competence” in their representation of clients, shouldn’t we similarly require judges to be conversant in relevant technology? Using real world examples of judicial missteps with or refusal to use technology, and drawn from actual cases and judicial disciplinary proceedings, this Article argues that in today’s Digital Age, judicial technological competence is necessary. At a time when courts themselves have proven vulnerable to cyberattacks, and when courts routinely tackle technology related issues like data privacy and the admissibility of digital evidence, Luddite judges are ...


What’S In The Cloud? - An Examination Of The Impact Of Cloud Storage Usage On The Browser Cache., Graeme Horsman Jun 2020

What’S In The Cloud? - An Examination Of The Impact Of Cloud Storage Usage On The Browser Cache., Graeme Horsman

Journal of Digital Forensics, Security and Law

Cloud storage is now a well established and popular service adopted by many individuals, often at limited or no cost. It provides users with the ability to store content on a cloud service provider’s infrastructure offering the benefit of redundancy, reliability, security, flexibility of access and the potential assumed liability of the provider for data loss within the contexts of a licensing agreement. Consequently, this form of remote storage provides a regulatory challenge as content which once resided upon a seized digital exhibit, available for scrutiny during a digital forensic investigatory, may no longer be present where attempting to ...


An Evaluation Of Data Erasing Tools, Andrew Jones, Isaac Afrifa Jun 2020

An Evaluation Of Data Erasing Tools, Andrew Jones, Isaac Afrifa

Journal of Digital Forensics, Security and Law

The permanent removal of data from media is a major area of concern mainly because of the misconception that once a file is deleted or storage media is formatted, it cannot be recovered. There has been the development of both commercial and freeware data erasing tools, which all claim complete file or disk erasure. This report analyzes the efficiency of a number of these tools in performing erasures on an electromechanical drive. It focuses on a selection of popular and modern erasing tools; taking into consideration their usability, claimed erasing standards and whether they perform complete data erasure with the ...


Cybersecurity, Privacy, And Artificial Intelligence: An Examination Of Legal Issues Surrounding The European Union General Data Protection Regulation And Autonomous Network Defense, Brandon W. Jackson Jun 2020

Cybersecurity, Privacy, And Artificial Intelligence: An Examination Of Legal Issues Surrounding The European Union General Data Protection Regulation And Autonomous Network Defense, Brandon W. Jackson

Minnesota Journal of Law, Science & Technology

No abstract provided.


The Use Of Digital Millenium Copyright Act To Stifle Speech Through Non-Copyright Related Takedowns, Miller Freeman May 2020

The Use Of Digital Millenium Copyright Act To Stifle Speech Through Non-Copyright Related Takedowns, Miller Freeman

Seattle Journal of Technology, Environmental & Innovation Law

In 1998, Congress passed the Digital Millennium Copyright Act. This law provided new methods of protecting copyright in online media. These protections shift the normal judicial process that would stop the publication of infringing materials to private actors: the online platforms. As a result, online platforms receive notices of infringement and issue takedowns of allegedly copyrighted works without the judicial process which normally considers the purpose of the original notice of infringement. In at least one case, discussed in detail below, this has resulted in a notice and takedown against an individual for reasons not related to the purpose of ...


Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina May 2020

Regulating Personal Data Usage In Covid-19 Control Conditions, Mark Findlay, Nydia Remolina

Centre for AI & Data Governance

As the COVID-19 health pandemic ebbs and flows world-wide, governments and private companies across the globe are utilising AI-assisted surveillance, reporting, mapping and tracing technologies with the intention of slowing the spread of the virus. These technologies have capacity to amass and share personal data for community control and citizen safety motivations that empower state agencies and inveigle citizen co-operation which could only be imagined outside times of real and present personal danger. While not cavilling with the short-term necessity for these technologies and the data they control, process and share in the health regulation mission (provided that the technology ...


Teaching Data Carving Using The Real World Problem Of Text Message Extraction From Unstructured Mobile Device Data Dumps, Gary D. Cantrell, Joan Runs Through Apr 2020

Teaching Data Carving Using The Real World Problem Of Text Message Extraction From Unstructured Mobile Device Data Dumps, Gary D. Cantrell, Joan Runs Through

Journal of Digital Forensics, Security and Law

Data carving is a technique used in data recovery to isolate and extract files based on file content without any file system guidance. It is an important part of data recovery and digital forensics, but it is also useful in teaching computer science students about file structure and binary encoding of information especially within a digital forensics program. This work demonstrates how the authors teach data carving using a real world problem they encounter in digital forensics evidence processing involving the extracting of text messages from unstructured small device binary extractions. The authors have used this problem for instruction in ...


Cyber-Security Risks Of Fedwire, Mark J. Bilger Apr 2020

Cyber-Security Risks Of Fedwire, Mark J. Bilger

Journal of Digital Forensics, Security and Law

This paper will review the risks associated with the Federal Reserve's Fedwire network as a key resource necessary for the efficient function of the American financial system. It will examine the business model of the Fedwire system of real-time interbank transfers, the network characteristics of Fedwire, and the possibility of a successful attack on Fedwire and its potential impact on the U.S. financial system.


A Comprehensive Cybersecurity Policy For The United States Government According To Cyberattacks And Exploits In The 21st Century, Diana Hallisey Apr 2020

A Comprehensive Cybersecurity Policy For The United States Government According To Cyberattacks And Exploits In The 21st Century, Diana Hallisey

Honors Program Contracts

Adversaries launch cyberattacks or cyber-exploits with contrasting intentions and desired outcomes. A cyberattack is a malicious attempt by a state, third party, or individual to disrupt a computer’s network; whereas, a cyber-exploit is an action that uncovers and steals “confidential” information from a computer’s data. 1 Within this research paper, the main adversary of such cyberattacks and/or exploits will be the nation-state. The victims of these cyberattacks will range from multinational corporations, such as Sony, to nuclear programs in Iran. This essay will focus on four motivations behind such cyberattacks: (1) private sector hacking (the theft of ...


Geopolitics And The Digital Domain: How Cyberspace Is Impacting International Security, Georgia Wood Apr 2020

Geopolitics And The Digital Domain: How Cyberspace Is Impacting International Security, Georgia Wood

Independent Study Project (ISP) Collection

The digital domain is the emerging environment for which the internet and data connectivity exists. This new domain is challenging the traditional place for geopolitics to exist, and creating new challenges to international relations. The use of cyberweapons through direct cyberattacks, such as the possibility of an attack on the U.S. power grid, or misinformation campaigns, such as the one launched by Russia against the 2016 U.S. Presidential election, can expand the international threat landscape. While these new threats increase, states are widely not prepared to address the new challenges in the digital domain. This paper will use ...


Front Matter Mar 2020

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.


Regulation Of Algorithmic Tools In The United States, Christopher S. Yoo, Alicia Lai Jan 2020

Regulation Of Algorithmic Tools In The United States, Christopher S. Yoo, Alicia Lai

Faculty Scholarship at Penn Law

Policymakers in the United States have just begun to address regulation of artificial intelligence technologies in recent years, gaining momentum through calls for additional research funding, piece-meal guidance, proposals, and legislation at all levels of government. This Article provides an overview of high-level federal initiatives for general artificial intelligence (AI) applications set forth by the U.S. president and responding agencies, early indications from the incoming Biden Administration, targeted federal initiatives for sector-specific AI applications, pending federal legislative proposals, and state and local initiatives. The regulation of the algorithmic ecosystem will continue to evolve as the United States continues to ...


Securing Technological Privacy: Modernizing The Texas Disciplinary Rules Of Professional Conduct To Protect Electronic Data, Ashley "Nikki" Vega Jan 2020

Securing Technological Privacy: Modernizing The Texas Disciplinary Rules Of Professional Conduct To Protect Electronic Data, Ashley "Nikki" Vega

St. Mary's Journal on Legal Malpractice & Ethics

This comment explains how and why the Texas Disciplinary Rules of Professional Conduct (the “Texas Disciplinary Rules”) should be updated to reflect the modernization of technology. Lawyers must keep abreast of changes in the law and its practices; including those which are technological in nature. The American Bar Association (the “ABA”) recently amended the “technology provisions” of its Model Rules of Professional Conduct (the “Model Rules”); namely Rule 1.1 “Competence” and Rule 1.6 “Confidentiality of Information” in order to keep up with the benefits and risks associated with technology in the legal profession. Additionally, over half of all ...


Hacking For Intelligence Collection In The Fight Against Terrorism: Israeli, Comparative, And International Perspectives, Asaf Lubin Jan 2020

Hacking For Intelligence Collection In The Fight Against Terrorism: Israeli, Comparative, And International Perspectives, Asaf Lubin

Articles by Maurer Faculty

תקציר בעברית: הניסיון של המחוקק הישראלי להביא להסדרה מפורשת של סמכויות השב״כ במרחב הקיברנטי משקף מגמה רחבה יותר הניכרת בעולם לעיגון בחקיקה ראשית של הוראות בדבר פעולות פצחנות מצד גופי ביון ומודיעין ורשויות אכיפת חוק למטרות איסוף מודיעין לשם סיכול עבירות חמורות, ובייחוד עבירות טרור אם בעבר היו פעולות מסוג אלה כפופות לנהלים פנימיים ומסווגים, הרי שהדרישה לשקיפות בעידן שלאחר גילויי אדוארד סנודן מחד והשימוש הנרחב בתקיפות מחשב לביצוע פעולות חיפוש וחקירה לסיכול טרור מאידך, מציפים כעת את הדרישה להסמכה מפורשת. במאמר זה אבקש למפות הן את השדה הטכנולוגי והן את השדה המשפטי בכל האמור בתקיפות מחשבים למטרות ריגול ...