Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Steganography (2)
- ADSL router; manuals; quick start guide; network security; wireless (1)
- Accounting education (1)
- Accounting information systems (1)
- Afterglow (1)
-
- Audit trails. (1)
- Auditing (1)
- Bluetooth hacking (1)
- Child pornography (1)
- Computer Forensics (1)
- Continuous assurance (1)
- Continuous audit (1)
- Correlation (1)
- Cyber crime (1)
- Cyber law (1)
- Cybercrime (1)
- Data Structures (1)
- Defence in depth (1)
- Digital Examiner (1)
- Digital Forensics (1)
- Enterprise system (1)
- Evidence analysis (1)
- File artifact detection (1)
- Financial reporting. (1)
- Firmware (1)
- Forensic accounting (1)
- Forensic audits (1)
- Forensics (1)
- Forms-based computing (1)
- Fraud detection (1)
- Publication
- Publication Type
Articles 1 - 30 of 43
Full-Text Articles in Law
Cybercrime And The 2012 London Olympics, Denis Edgar-Nevill
Cybercrime And The 2012 London Olympics, Denis Edgar-Nevill
Annual ADFSL Conference on Digital Forensics, Security and Law
The London 2012 Olympics is just three years away and the clock is ticking to put in place plans get it right. The potential for cybercrime to cause harm during this event is very great; harm to national reputation, harm to the reputation to the Olympic movement, and harm to individuals competing, watching or officiating. This paper considers the need to address these risks by taking a look at what has happened in the past at sporting events and the rising wave of electronic security threats and fraud facilitated by computers at recent Olympics. The problems for law enforcement are …
Methodology For Investigating Individuals Online Social Networking Persona, Jonathan T. Rajewski
Methodology For Investigating Individuals Online Social Networking Persona, Jonathan T. Rajewski
Annual ADFSL Conference on Digital Forensics, Security and Law
When investigators from either the private or public sector review digital data surrounding a case for evidentiary value, they typically conduct a systematic categorization process to identify the relevant digital devices. Armed with the proper methodology to accomplish this task, investigators can quickly recognize the appropriate digital devices for forensic processing and review. This paper purposes a methodology for investigating an individual’s online social networking persona.
Keywords: Social Networking, Web 2.0, Internet Investigations, Online Social Networking Community
Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler
Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler
Annual ADFSL Conference on Digital Forensics, Security and Law
This paper describes a student project examining mechanisms with which to attack Bluetooth-enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two attack tools, Bloover II and BT Info.
Keywords: Bluetooth hacking, mobile phone hacking, wireless hacking
Concerning File Slack, Stephen P. Larson
Concerning File Slack, Stephen P. Larson
Annual ADFSL Conference on Digital Forensics, Security and Law
In this paper we discuss the phenomena known as file slack. File slack is created each time a file is created on a hard disk, and can contain private or confidential data. Unfortunately, the methods used by Microsoft Windows operating systems to organize and save files require file slack, and users have no control over what data is saved in file slack. This document will help create awareness about the security issue of file slack and discuss research results concerning file slack.
Keywords : Computer Forensics, File Slack, Ram Slack, Disk Slack
The Computer Fraud And Abuse Act And The Law Of Unintended Consequences, Milton Luoma, Vicki Luoma
The Computer Fraud And Abuse Act And The Law Of Unintended Consequences, Milton Luoma, Vicki Luoma
Annual ADFSL Conference on Digital Forensics, Security and Law
One of the most unanticipated results of the Computer Fraud and Abuse Act arose from the law of unintended consequences. The CFAA was originally enacted in 1984 to protect federal government computers from intrusions and damage caused by hackers, identity thieves, and other cyber criminals. The law was later amended to extend the scope of its application to financial institutions’, business’s and consumers’ computers. To aid in the pursuit of cyber criminals, one of the subsequent revisions to the law included provision “G” that gave the right to private parties to seek compensation for damages in a civil action for …
Why Are We Not Getting Better At Data Disposal?, Andy Jones
Why Are We Not Getting Better At Data Disposal?, Andy Jones
Annual ADFSL Conference on Digital Forensics, Security and Law
This paper describes two sets of research, the first of which has been carried out over a period of four years into the levels and types of information that can be found on computer hard disks that are offered for sale on the second hand market. The second research project examined a number of second-hand hand held devices including PDAs, mobile (cell) phones and RIM Blackberry devices. The primary purpose of this research was to gain an understanding of the reasons for the failure to effectively remove potentially sensitive information from the disks and handheld devices. Other objectives included determining …
Don’T Touch That! And Other E-Discovery Issues, Linda Volonino
Don’T Touch That! And Other E-Discovery Issues, Linda Volonino
Annual ADFSL Conference on Digital Forensics, Security and Law
The ability to preserve and access electronically stored information (ESI) took on greater urgency when amendments to the Federal Rules of Civil Procedure went into effect in December 2006. These amendments, referred to as the electronic discovery (e-discovery) amendments, focus on the discovery phase of civil litigation, audits, or investigations. Discovery is the investigative phase of a legal case when opponents learn what evidence is available and how accessible it is. When ESI is the subject of discovery, it is called e-discovery. Recognizing that most business and personal records and communications are electronic, Judge Shira A. Scheindlin stated, "We used …
Analysis Of The ‘Db’ Windows Registry Data Structure, Damir Kahvedžić, Tahar Kechadi
Analysis Of The ‘Db’ Windows Registry Data Structure, Damir Kahvedžić, Tahar Kechadi
Annual ADFSL Conference on Digital Forensics, Security and Law
The Windows Registry stores a wide variety of data representing a host of different user properties, settings and program information. The data structures used by the registry are designed to be adaptable to store these differences in a simple format. In this paper we will highlight the existence of a rare data structure that is used to store a large amount of data within the registry hives. We analyse the manner in which this data structure stores its data and the implications that it may have on evidence retrieval and digital investigation. In particular, we reveal that the three of …
Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi
Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi
Annual ADFSL Conference on Digital Forensics, Security and Law
Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …
Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns
Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns
Annual ADFSL Conference on Digital Forensics, Security and Law
Forensics and information technology (IT) have become increasingly important to accountants and auditors. Undergraduate accounting students are introduced to general IT topics but discussion of forensic knowledge is limited. A few schools have introduced an undergraduate major in forensic accounting. Some graduate schools offer accounting students an emphasis in forensic or fraud accounting that includes instruction in forensics and information technology. When students do not view the IT topics as being equally important to their careers as traditional accounting topics, these attitudes may reduce the quality of the course. In an effort to assess student attitudes, a survey of 46 …
Visualization Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Visualization Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Annual ADFSL Conference on Digital Forensics, Security and Law
This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.
Keywords: honeypot, network forensics, visualization, Graphviz, Afterglow
Continuous Fraud Detection In Enterprise Systems Through Audit Trail Analysis, Peter J. Best, Pall Rikhardsson, Mark Toleman
Continuous Fraud Detection In Enterprise Systems Through Audit Trail Analysis, Peter J. Best, Pall Rikhardsson, Mark Toleman
Journal of Digital Forensics, Security and Law
Enterprise systems, real time recording and real time reporting pose new and significant challenges to the accounting and auditing professions. This includes developing methods and tools for continuous assurance and fraud detection. In this paper we propose a methodology for continuous fraud detection that exploits security audit logs, changes in master records and accounting audit trails in enterprise systems. The steps in this process are: (1) threat monitoringsurveillance of security audit logs for ‘red flags’, (2) automated extraction and analysis of data from audit trails, and (3) using forensic investigation techniques to determine whether a fraud has actually occurred. We …
Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Journal of Digital Forensics, Security and Law
This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.
The Impact Of Hard Disk Firmware Steganography On Computer Forensics, Iain Sutherland, Gareth Davies, Nick Pringle, Andrew Blyth
The Impact Of Hard Disk Firmware Steganography On Computer Forensics, Iain Sutherland, Gareth Davies, Nick Pringle, Andrew Blyth
Journal of Digital Forensics, Security and Law
The hard disk drive is probably the predominant form of storage media and is a primary data source in a forensic investigation. The majority of available software tools and literature relating to the investigation of the structure and content contained within a hard disk drive concerns the extraction and analysis of evidence from the various file systems which can reside in the user accessible area of the disk. It is known that there are other areas of the hard disk drive which could be used to conceal information, such as the Host Protected Area and the Device Configuration Overlay. There …
Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler
Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler
Journal of Digital Forensics, Security and Law
This paper describes a student project examining mechanisms with which to attack Bluetooth-enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two attack tools, Bloover II and BT Info.
Detection Of Steganography-Producing Software Artifacts On Crime-Related Seized Computers, Asawaree Kulkarni, James Goldman, Brad Nabholz, William Eyre
Detection Of Steganography-Producing Software Artifacts On Crime-Related Seized Computers, Asawaree Kulkarni, James Goldman, Brad Nabholz, William Eyre
Journal of Digital Forensics, Security and Law
Steganography is the art and science of hiding information within information so that an observer does not know that communication is taking place. Bad actors passing information using steganography are of concern to the national security establishment and law enforcement. An attempt was made to determine if steganography was being used by criminals to communicate information. Web crawling technology was used and images were downloaded from Web sites that were considered as likely candidates for containing information hidden using steganographic techniques. A detection tool was used to analyze these images. The research failed to demonstrate that steganography was prevalent on …
Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi
Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi
Journal of Digital Forensics, Security and Law
Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …
To License Or Not To License Revisited: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea
To License Or Not To License Revisited: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea
Journal of Digital Forensics, Security and Law
In this update to the previous year's study, the authors examine statutes that regulate, license, and enforce investigative functions in each US state. After identification and review of Private Investigator licensing requirements, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners. After contacting all state agencies the authors present a distinct grouping organizing state approaches to professional Digital Examiner licensing. The authors conclude that states must differentiate between Private Investigator and Digital Examiner licensing requirements and oversight.