Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Information Security

Institution
Keyword
Publication Year
Publication
Publication Type

Articles 1 - 30 of 795

Full-Text Articles in Law

An Evaluation Framework For Digital Image Forensics Tools, Zainab Khalid, Sana Qadir Oct 2022

An Evaluation Framework For Digital Image Forensics Tools, Zainab Khalid, Sana Qadir

Journal of Digital Forensics, Security and Law

The boom of digital cameras, photography, and social media has drastically changed how humans live their day-to-day, but this normalization is accompanied by malicious agents finding new ways to forge and tamper with images for unlawful monetary (or other) gains. Disinformation in the photographic media realm is an urgent threat. The availability of a myriad of image editing tools renders it almost impossible to differentiate between photo-realistic and original images. The tools available for image forensics require a standard framework against which they can be evaluated. Such a standard framework can aid in evaluating the suitability of an image forensics …


A Study Of The Data Remaining On Second-Hand Mobile Devices In The Uk, Olga Angelopoulou, Andy Jones, Graeme Horsman, Seyedali Pourmoafi Oct 2022

A Study Of The Data Remaining On Second-Hand Mobile Devices In The Uk, Olga Angelopoulou, Andy Jones, Graeme Horsman, Seyedali Pourmoafi

Journal of Digital Forensics, Security and Law

This study was carried out intending to identify the level and type of information that remained on portable devices that were purchased from the second-hand market in the UK over the last few years. The sample for this study consisted of 100 second hand mobile phones and tablets. The aim of the study was to determine the proportion of devices that still contained data and the type of data that they contained. Where data was identified, the study attempted to determine the level of personal identifiable information that is associated with the previous owner. The research showed that when sensitive …


A Qualitative Look Into Repair Practices, Jumana Labib Aug 2022

A Qualitative Look Into Repair Practices, Jumana Labib

Undergraduate Student Research Internships Conference

This research poster is based on a working research paper which moves beyond the traditional scope of repair and examines the Right to Repair movement from a smaller, more personal lens by detailing the 6 categorical impediments as dubbed by Dr. Alissa Centivany (design, law, economic/business strategy, material asymmetry, informational asymmetry, and social impediments) have continuously inhibited repair and affected repair practices, which has consequently had larger implications (environmental, economic, social, etc.) on ourselves, our objects, and our world. The poster builds upon my research from last year (see "The Right to Repair: (Re)building a better future"), this time pulling …


To License Or Not To License Reexamined: An Updated Report On Licensing Of Digital Examiners Under State Private Investigator Statutes, Thomas Lonardo, Alan Rea, Doug White Jul 2022

To License Or Not To License Reexamined: An Updated Report On Licensing Of Digital Examiners Under State Private Investigator Statutes, Thomas Lonardo, Alan Rea, Doug White

Journal of Digital Forensics, Security and Law

In this update to the 2015 study, the authors examine US state statutes and regulations relating to licensing and enforcement of Digital Examiner functions under each state’s private investigator/detective statute. As with the prior studies, the authors find that very few state statutes explicitly distinguish between Private Investigators (PI) and Digital Examiners (DE), and when they do, they either explicitly require a license or exempt them from the licensing statute. As noted in the previous 2015 study there is a minor trend in which some states are moving to exempt DE from PI licensing requirements. We examine this trend as …


Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo Jun 2022

Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo

Research Collection Yong Pung How School Of Law

In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore’s implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with …


Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa May 2022

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …


Unreasonable: A Strict Liability Solution To The Ftc’S Data Security Problem, James C. Cooper, Bruce H. Kobayashi Apr 2022

Unreasonable: A Strict Liability Solution To The Ftc’S Data Security Problem, James C. Cooper, Bruce H. Kobayashi

Michigan Technology Law Review

For over two decades, the FTC creatively employed its capacious statute to police against shoddy data practices. Although the FTC’s actions were arguably needed at the time to fill a gap in enforcement, there are reasons to believe that its current approach has outlived its usefulness and is in serious need of updating. In particular, our analysis shows that the FTC’s current approach to data security is unlikely to instill anything close to optimal incentives for data holders. These shortcomings cannot be fixed through changes to the FTC enforcement approach, as they are largely generated by a mismatch between the …


Proposed L-Shape Pattern On Ufs Acm For Risk Analysis, Abhishek Asthana, Padma Lochan Pradhan Dr Mar 2022

Proposed L-Shape Pattern On Ufs Acm For Risk Analysis, Abhishek Asthana, Padma Lochan Pradhan Dr

Journal of Digital Forensics, Security and Law

At this cloud age, there is tremendous growth in business, services, resources, and cloud technology. This growth comes with a risk of unsafe, unordered, and uncertainty due to unauthorized access and theft of confidential propriety data. Our objective is to model around Read, Write and Execute to resolve these unordered, unsafe, and uncertain issues. We will develop a L-Shape pattern model matching UFS ACM to minimize the accessibilities based on RIGHT & ROLE of the resources and maximize the quality of services for safety and high availability. The preventive, detective, corrective (PDC) services are the major roles for all levels …


A Critical Comparison Of Brave Browser And Google Chrome Forensic Artefacts, Stuart Berham, Sarah Morris Mar 2022

A Critical Comparison Of Brave Browser And Google Chrome Forensic Artefacts, Stuart Berham, Sarah Morris

Journal of Digital Forensics, Security and Law

Digital forensic practitioners are tasked with the identification, recovery and analysis of Internet browser artefacts which may have been used in the pursuit of committing a civil or criminal offence. This research paper critically compares the most downloaded browser, Google Chrome, against an increasingly popular Chromium browser known as Brave, said to offer privacy-by-default. With increasing forensic caseloads, data complexity, and requirements for method validation to satisfy ISO 17025 accreditation, recognising the similarities and differences between the browsers, developed on the same underlying technology is essential. The paper describes a series of conducted experiments and subsequent analysis to identify artefacts …


Digital Evidence In Appeals Of Criminal Cases Before The U.S. Courts Of Appeal: A Review Of Decisions And Examination Of The Legal Landscape From 2016 – 2020, Martin Novak Jan 2022

Digital Evidence In Appeals Of Criminal Cases Before The U.S. Courts Of Appeal: A Review Of Decisions And Examination Of The Legal Landscape From 2016 – 2020, Martin Novak

Journal of Digital Forensics, Security and Law

This study is a follow-up to Digital Evidence in Criminal Cases before the U.S. Courts of Appeal: Trends and Issues for Consideration – 2010 to 2015. The current study examines appeals of criminal cases before the United States Courts of Appeal from January 2016 through August 2020, where one or more appeal claims were related to digital evidence. The purpose of this research was to determine if the legal landscape has changed since 2015; examine the most relevant legal issues related to digital evidence; and analyze how precedential cases may have affected digital forensics as evidence.


Technical Behaviours Of Child Sexual Exploitation Material Offenders, Chad Steel, Emily Newman, Suzanne O'Rourke, Ethel Quayle Jan 2022

Technical Behaviours Of Child Sexual Exploitation Material Offenders, Chad Steel, Emily Newman, Suzanne O'Rourke, Ethel Quayle

Journal of Digital Forensics, Security and Law

An exploration of the technological behaviours of previously convicted child sexual exploitation material (CSEM) offenders provides a foundation for future applied research into deterrence, investigation, and treatment efforts. This study evaluates the technology choices and transitions of individuals previously convicted of CSEM offenses. Based on their inclusion in two sex offender registries, anonymous survey results (n=78) were collected from English-speaking adults within the United States. CSEM offenders chose technologies based on both utility and perceived risk; peer-to-peer and web-browsers were the most common gateway technologies and showed substantial sustained usage; a substantial minority of users never stored CSEM and only …


Forensic Discoverability Of Ios Vault Applications, Alissa Gilbert, Kathryn C. Seigfried-Spellar Jan 2022

Forensic Discoverability Of Ios Vault Applications, Alissa Gilbert, Kathryn C. Seigfried-Spellar

Journal of Digital Forensics, Security and Law

Vault Applications are used to store potentially sensitive information on a smartphone; and are available on Android and iOS. The purpose of using these applications could be used to hide potential evidence or illicit photos. After comparing five different iOS photo vaults, each vault left evidence and photos behind. However, of the three forensic toolkits used, each produced different results in their scans of the phone. The media left behind was due to the photo vaults not protecting their information as claimed, and using basic obfuscation techniques in place of security controls. Future research will look at how newer security …


Microsoft Defender Will Be Defended: Memoryranger Prevents Blinding Windows Av, Denis Pogonin, Igor Korkin, Phd Jan 2022

Microsoft Defender Will Be Defended: Memoryranger Prevents Blinding Windows Av, Denis Pogonin, Igor Korkin, Phd

Annual ADFSL Conference on Digital Forensics, Security and Law

Windows OS is facing a huge rise in kernel attacks. An overview of popular techniques that result in loading kernel drivers will be presented. One of the key targets of modern threats is disabling and blinding Microsoft Defender, a default Windows AV. The analysis of recent driver-based attacks will be given, the challenge is to block them. The survey of user- and kernel-level attacks on Microsoft Defender will be given. One of the recently published attackers’ techniques abuses Mandatory Integrity Control (MIC) and Security Reference Monitor (SRM) by modifying Integrity Level and Debug Privileges for the Microsoft Defender via syscalls. …


Human-Controlled Fuzzing With Afl, Maxim Grishin, Igor Korkin, Phd Jan 2022

Human-Controlled Fuzzing With Afl, Maxim Grishin, Igor Korkin, Phd

Annual ADFSL Conference on Digital Forensics, Security and Law

Fuzzing techniques are applied to reveal different types of bugs and vulnerabilities. American Fuzzy Lop (AFL) is a free most popular software fuzzer used by many other fuzzing frameworks. AFL supports autonomous mode of operation that uses the previous step output into the next step, as a result fuzzer spends a lot of time analyzing minor code sections. By making fuzzing process more focused and human controlled security expert can save time and find more bugs in less time. We designed a new module that can fuzz only the specified functions. As a result, the chosen ones will be inspected …


The Amorphous Nature Of Hackers: An Exploratory Study, Kento Yasuhara, Daniel Walnycky, Ibrahim Baggili, Ahmed Alhishwan Jan 2022

The Amorphous Nature Of Hackers: An Exploratory Study, Kento Yasuhara, Daniel Walnycky, Ibrahim Baggili, Ahmed Alhishwan

Annual ADFSL Conference on Digital Forensics, Security and Law

In this work, we aim to better understand outsider perspectives of the hacker community through a series of situation based survey questions. By doing this, we hope to gain insight into the overall reputation of hackers from participants in a wide range of technical and non-technical backgrounds. This is important to digital forensics since convicted hackers will be tried by people, each with their own perception of who hackers are. Do cyber crimes and national security issues negatively affect people’s perceptions of hackers? Does hacktivism and information warfare positively affect people’s perception of hackers? Do individual personality factors affect one’s …


Timestamp Estimation From Outdoor Scenes, Tawfiq Salem, Jisoo Hwang, Rafael Padilha Jan 2022

Timestamp Estimation From Outdoor Scenes, Tawfiq Salem, Jisoo Hwang, Rafael Padilha

Annual ADFSL Conference on Digital Forensics, Security and Law

The increasing availability of smartphones allowed people to easily capture and share images on the internet. These images are often associated with metadata, including the image capture time (timestamp) and the location where the image was captured (geolocation). The metadata associated with images provides valuable information to better understand scenes and events presented in these images. The timestamp can be manipulated intentionally to provide false information to convey a twisted version of reality. Images with manipulated timestamps are often used as a cover-up for wrongdoing or broadcasting false claims and competing views on the internet. Estimating the time of capture …


Detection Of Overlapping Passive Manipulation Techniques In Image Forensics, Gianna S. Lint, Umit Karabiyik Jan 2022

Detection Of Overlapping Passive Manipulation Techniques In Image Forensics, Gianna S. Lint, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

With a growing number of images uploaded daily to social media sites, it is essential to understand if an image can be used to trace its origin. Forensic investigations are focusing on analyzing images that are uploaded to social media sites resulting in an emphasis on building and validating tools. There has been a strong focus on understanding active manipulation or tampering techniques and building tools for analysis. However, research on manipulation is often studied in a vacuum, involving only one technique at a time. Additionally, less focus has been placed on passive manipulation, which can occur by simply uploading …


Digital Forensics For Mobility As A Service Platform: Analysis Of Uber Application On Iphone And Cloud, Nina Matulis, Umit Karabiyik Jan 2022

Digital Forensics For Mobility As A Service Platform: Analysis Of Uber Application On Iphone And Cloud, Nina Matulis, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Uber is a ride-hailing smartphone application (app) that allows users to order a ride in a highly efficient manner. The Uber app provides Mobility as a Service and allows users to easily order a ride in a private car with just a few clicks. Uber stores large amounts of data on both the mobile device the app is being used on, and in the cloud. Examples of this data include geolocation data, date/time, origin/destination addresses, departure/arrival times, and distance. Uber geolocation data has been previously researched to investigate the privacy of the Uber app; however, there is minimal research relating …


Smart Home Forensics: Identifying Ddos Attack Patterns On Iot Devices, Samuel Ho, Hope Greeson, Umit Karabiyik Jan 2022

Smart Home Forensics: Identifying Ddos Attack Patterns On Iot Devices, Samuel Ho, Hope Greeson, Umit Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Smart homes are becoming more common as more people integrate IoT devices into their home environment. As such, these devices have access to personal data on their homeowners’ networks. One of the advantages of IoT devices is that they are compact. However, this limits the incorporation of security measures in their hardware. Misconfigured IoT devices are commonly the target of malicious attacks. Additionally, distributed denial-of-service attacks are becoming more common due to applications and software that provides users with easy-to-use user interfaces. Since one vulnerable device is all an attacker needs to launch an attack on a network, in regards …


A Lightweight Reliably Quantified Deepfake Detection Approach, Tianyi Wang, Kam Pui Chow Jan 2022

A Lightweight Reliably Quantified Deepfake Detection Approach, Tianyi Wang, Kam Pui Chow

Annual ADFSL Conference on Digital Forensics, Security and Law

Deepfake has brought huge threats to society such that everyone can become a potential victim. Current Deepfake detection approaches have unsatisfactory performance in either accuracy or efficiency. Meanwhile, most models are only evaluated on different benchmark test datasets with different accuracies, which could not imitate the real-life Deepfake unknown population. As Deepfake cases have already been raised and brought challenges at the court, it is disappointed that no existing work has studied the model reliability and attempted to make the detection model act as the evidence at the court. We propose a lightweight Deepfake detection deep learning approach using the …


Anatomy Of An Internet Hijack And Interception Attack: A Global And Educational Perspective, Ben A. Scott, Michael N. Johnstone, Patryk Szewczyk Jan 2022

Anatomy Of An Internet Hijack And Interception Attack: A Global And Educational Perspective, Ben A. Scott, Michael N. Johnstone, Patryk Szewczyk

Annual ADFSL Conference on Digital Forensics, Security and Law

The Internet’s underlying vulnerable protocol infrastructure is a rich target for cyber crime, cyber espionage and cyber warfare operations. The stability and security of the Internet infrastructure are important to the function of global matters of state, critical infrastructure, global e-commerce and election systems. There are global approaches to tackle Internet security challenges that include governance, law, educational and technical perspectives. This paper reviews a number of approaches to these challenges, the increasingly surgical attacks that target the underlying vulnerable protocol infrastructure of the Internet, and the extant cyber security education curricula; we find the majority of predominant cyber security …


A Low-Cost Machine Learning Based Network Intrusion Detection System With Data Privacy Preservation, Jyoti Fakirah, Lauhim Mahfuz Zishan, Roshni Mooruth, Michael L. Johnstone, Wencheng Yang Jan 2022

A Low-Cost Machine Learning Based Network Intrusion Detection System With Data Privacy Preservation, Jyoti Fakirah, Lauhim Mahfuz Zishan, Roshni Mooruth, Michael L. Johnstone, Wencheng Yang

Annual ADFSL Conference on Digital Forensics, Security and Law

Network intrusion is a well-studied area of cyber security. Current machine learning-based network intrusion detection systems (NIDSs) monitor network data and the patterns within those data but at the cost of presenting significant issues in terms of privacy violations which may threaten end-user privacy. Therefore, to mitigate risk and preserve a balance between security and privacy, it is imperative to protect user privacy with respect to intrusion data. Moreover, cost is a driver of a machine learning-based NIDS because such systems are increasingly being deployed on resource-limited edge devices. To solve these issues, in this paper we propose a NIDS …


Defining Smart Contract Defects On Ethereum, Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiapu Luo, Ting Chen Jan 2022

Defining Smart Contract Defects On Ethereum, Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiapu Luo, Ting Chen

Research Collection School Of Computing and Information Systems

Smart contracts are programs running on a blockchain. They are immutable to change, and hence can not be patched for bugs once deployed. Thus it is critical to ensure they are bug-free and well-designed before deployment. A Contract defect is an error, flaw or fault in a smart contract that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The detection of contract defects is a method to avoid potential bugs and improve the design of existing code. Since smart contracts contain numerous distinctive features, such as the gas system. decentralized, it is important …


Performance Assessment Of Some Phishing Predictive Models Based On Minimal Feature Corpus, Orunsolu Abdul Abiodun, Sodiya A.S, Kareem S.O, Oladimeji G. B Mr. Dec 2021

Performance Assessment Of Some Phishing Predictive Models Based On Minimal Feature Corpus, Orunsolu Abdul Abiodun, Sodiya A.S, Kareem S.O, Oladimeji G. B Mr.

Journal of Digital Forensics, Security and Law

Phishing is currently one of the severest cybersecurity challenges facing the emerging online community. With damages running into millions of dollars in financial and brand losses, the sad tale of phishing activities continues unabated. This led to an arms race between the con artists and online security community which demand a constant investigation to win the cyberwar. In this paper, a new approach to phishing is investigated based on the concept of minimal feature set on some selected remarkable machine learning algorithms. The goal of this is to select and determine the most efficient machine learning methodology without undue high …


Don't Bite The Bait: Phishing Attack For Internet Banking (E-Banking), Ilker Kara Nov 2021

Don't Bite The Bait: Phishing Attack For Internet Banking (E-Banking), Ilker Kara

Journal of Digital Forensics, Security and Law

Phishing attacks are based on obtaining desired information from users quickly and easily with the help of misdirecting, panicking, curiosity, or excitement. Most of the phishing web sites are designed on internet banking(e-banking) and the attackers can acquire financial information of misled users with the tactics and discourses they develop. Despite the increase of prevention techniques against phishing attacks day by day, an effective solution could not be found for this issue due to the human factor. Because of this reason, real phishing attack studies are essential to study and analyze the attackers’ attack techniques and strategies. This study focused …


Professional Responsibility, Legal Malpractice, Cybersecurity, And Cyber-Insurance In The Covid-19 Era, Ethan S. Burger Oct 2021

Professional Responsibility, Legal Malpractice, Cybersecurity, And Cyber-Insurance In The Covid-19 Era, Ethan S. Burger

St. Mary's Journal on Legal Malpractice & Ethics

In response to the COVID-19 outbreak, law firms conformed their activities to the Centers for Disease Control and Prevention (CDC), Occupational Safety and Health Administration (OSHA), and state health authority guidelines by immediately reducing the size of gatherings, encouraging social distancing, and mandating the use of protective gear. These changes necessitated the expansion of law firm remote operations, made possible by the increased adoption of technological tools to coordinate workflow and administrative tasks, communicate with clients, and engage with judicial and governmental bodies.

Law firms’ increased use of these technological tools for carrying out legal and administrative activities has implications …


Internet Of Things Software And Hardware Architectures And Their Impacts On Forensic Investigations: Current Approaches And Challenges, Abel Alex Boozer, Arun John, Tathagata Mukherjee Sep 2021

Internet Of Things Software And Hardware Architectures And Their Impacts On Forensic Investigations: Current Approaches And Challenges, Abel Alex Boozer, Arun John, Tathagata Mukherjee

Journal of Digital Forensics, Security and Law

The never-before-seen proliferation of interconnected low-power computing devices, patently dubbed the Internet of Things (IoT), is revolutionizing how people, organizations, and malicious actors interact with one another and the Internet. Many of these devices collect data in different forms, be it audio, location data, or user commands. In civil or criminal nature investigations, the data collected can act as evidence for the prosecution or the defense. This data can also be used as a component of cybersecurity efforts. When data is extracted from these devices, investigators are expected to do so using proven methods. Still, unfortunately, given the heterogeneity in …


The Survey On Cross-Border Collection Of Digital Evidence By Representatives From Polish Prosecutors’ Offices And Judicial Authorities, Paweł Olber Dr Sep 2021

The Survey On Cross-Border Collection Of Digital Evidence By Representatives From Polish Prosecutors’ Offices And Judicial Authorities, Paweł Olber Dr

Journal of Digital Forensics, Security and Law

Dynamic development of IT technology poses new challenges related to the cross-border collection of electronic evidence from the cloud. Many times investigators need to secure data stored on foreign servers directly and then look for solutions on how to turn the data into a legitimate source of evidence. To study the situation and propose solutions, I conducted a survey among Polish representatives of public prosecutors' offices and courts. This paper presents information from digital evidence collection practices across multiple jurisdictions. I stated that representatives from the prosecution and the judiciary in Poland are aware of the issues associated with cross-border …


An Economical Method For Securely Disintegrating Solid-State Drives Using Blenders, Brandon J. Hopkins Phd, Kevin A. Riggle Jul 2021

An Economical Method For Securely Disintegrating Solid-State Drives Using Blenders, Brandon J. Hopkins Phd, Kevin A. Riggle

Journal of Digital Forensics, Security and Law

Pulverizing solid-state drives (SSDs) down to particles no larger than 2 mm is required by the United States National Security Agency (NSA) to ensure the highest level of data security, but commercial disintegrators that achieve this standard are large, heavy, costly, and often difficult to access globally. Here, we present a portable, inexpensive, and accessible method of pulverizing SSDs using a household blender and other readily available materials. We verify this approach by pulverizing SSDs with a variety of household blenders for fixed periods of time and sieve the resulting powder to ensure appropriate particle size. Among the 6 household …


Data Regulation With Chinese Characteristics, Henry S. Gao Jul 2021

Data Regulation With Chinese Characteristics, Henry S. Gao

Research Collection Yong Pung How School Of Law

The regulation of data has increasingly become a common feature of trade agreements. While all regulators would agree on the need to strike a balance between the clashing interests of different stakeholders, their approaches often differ in practice. The various regulatory approaches often reflect the different legal, political, economic, social and cultural backgrounds of different countries. Thereby, it is important to understand the inherent logic and mechanisms of the different regulatory regimes.In this chapter, the focus lies on China, which is not only home to the largest e-commerce market in the world, but also has one of the most tightly …