Law Commons^™

Back Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Bloom Filters Optimized Wu-Manber For Intrusion Detection, Monther Aldwairi, Koloud Al-Khamaiseh, Fatima Alharbi, Babar Shah

Journal of Digital Forensics, Security and Law

With increasing number and severity of attacks, monitoring ingress and egress network traffic is becoming essential everyday task. Intrusion detection systems are the main tools for capturing and searching network traffic for potential harm. Signature-based intrusion detection systems are the most widely used, and they simply use a pattern matching algorithms to locate attack signatures in intercepted network traffic. Pattern matching algorithms are very expensive in terms of running time and memory usage, leaving intrusion detection systems unable to detect attacks in real-time. We propose a Bloom filters optimized Wu-Manber pattern matching algorithm to speed up intrusion detection. The Bloom …

The Impact Of Md5 File Hash Collisions On Digital Forensic Imaging, Gary C. Kessler

Journal of Digital Forensics, Security and Law

The Message Digest 5 (MD5) hash is commonly used as for integrity verification in the forensic imaging process. The ability to force MD5 hash collisions has been a reality for more than a decade, although there is a general consensus that hash collisions are of minimal impact to the practice of computer forensics. This paper describes an experiment to determine the results of imaging two disks that are identical except for one file, the two versions of which have different content but otherwise occupy the same byte positions on the disk, are the same size, and have the same hash …

Leveraging The Windows Amcache.Hve File In Forensic Investigations, Bhupendra Singh, Upasna Singh

Journal of Digital Forensics, Security and Law

The Amcache.hve is a registry hive file that is created by Microsoft® Windows® to store the information related to execution of programs. This paper highlights the evidential potential of Amcache.hve file and its application in the area of user activity analysis. The study uncovers numerous artifacts retained in Amcache.hve file when a user performs certain actions such as running host-based applications, installation of new applications, or running portable applications from external devices. The results of experiments demonstrate that Amcache.hve file stores intriguing artifacts related to applications such as timestamps of creation and last modification of any application; name, description, publisher …

The 2016 Analysis Of Information Remaining On Computer Hard Disks Offered For Sale On The Second Hand Market In The Uae, Thomas Martin, Andy Jones, Mohammed Alzaabi

Journal of Digital Forensics, Security and Law

This research describes our survey of data remaining on computer hard disks sold on the second hand market in the United Arab Emirates (UAE). This is a repetition of the first survey conducted in 2012 (Jones, Martin, & Alzaabi, 2012). Similar studies have been carried over the last ten years in the United Kingdom, Australia, USA, Germany and France: (Jones, Mee, Meyler, & Gooch, 2005), (Jones, Valli, Sutherland, & Thomas, 2006), (Jones, Valli, Dardick, & Sutherland, 2008), (Jones, Valli, Dardick, & Sutherland, 2009). This research was undertaken to gain insight into the volumes of data found on second-hand disks purchased …

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

A New Distributed Chinese Wall Security Policy Model, Saad Fehis, Omar Nouali, Mohand-Tahar Kechadi

Journal of Digital Forensics, Security and Law

The application of the Chinese wall security policy model (CWSPM) to control the information flows between two or more competing and/or conflicting companies in cloud computing (Multi-tenancy) or in the social network, is a very interesting solution. The main goal of the Chinese Wall Security Policy is to build a wall between the datasets of competing companies, and among the system subjects. This is done by the applying to the subjects mandatory rules, in order to control the information flow caused between them. This problem is one of the hottest topics in the area of cloud computing (as a distributed …

The Impact Of Sha-1 File Hash Collisions On Digital Forensic Imaging: A Follow-Up Experiment, Gary C. Kessler

Journal of Digital Forensics, Security and Law

A previous paper described an experiment showing that Message Digest 5 (MD5) hash collisions of files have no impact on integrity verification in the forensic imaging process. This paper describes a similar experiment applied when two files have a Secure Hash Algorithm (SHA-1) collision.

A Survey Of Social Network Forensics, Umit Karabiyik, Muhammed Abdullah Canbaz, Ahmet Aksoy, Tayfun Tuna, Esra Akbas, Bilal Gonen, Ramazan S. Aygun

Journal of Digital Forensics, Security and Law

Social networks in any form, specifically online social networks (OSNs), are becoming a part of our everyday life in this new millennium especially with the advanced and simple communication technologies through easily accessible devices such as smartphones and tablets. The data generated through the use of these technologies need to be analyzed for forensic purposes when criminal and terrorist activities are involved. In order to deal with the forensic implications of social networks, current research on both digital forensics and social networks need to be incorporated and understood. This will help digital forensics investigators to predict, detect and even prevent …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Facilitated Plagiarism: The Saga Of Term-Paper Mills And The Failure Of Legislation And Litigation To Control Them, Darby Dickerson

Darby Dickerson

No abstract provided.

Rwu First Amendment Blog: David Logan's Blog: When Facts And News Diverge 12-2-2016, David A. Logan

Law School Blogs

No abstract provided.

Preserving Human Agency In Automated Compliance, Onnig H. Dombalagian

Brooklyn Journal of Corporate, Financial & Commercial Law

As technology transforms financial services, so too must it transform the regulation of financial markets and intermediaries. The imperative of real-time, prophylactic regulation increasingly compels reallocation of regulatory and compliance budgets to surveillance and enforcement technology. At the same time, in light of the well-known weaknesses of automated systems, securities firms (and their regulators) must temper investment in automation with efforts to augment the agency of compliance professionals. This symposium contribution considers how investment in the professional development of compliance personnel can better integrate automated tools within established compliance and supervisory structures and thereby advance regulatory and operational objectives.

Consenting To Computer Use, James Grimmelmann

Cornell Law Faculty Publications

The federal Computer Fraud and Abuse Act (CFAA) makes it a crime to “access a computer without authorization or exceed authorized access.” Courts and commentators have struggled to explain what types of conduct by a computer user are “without authorization.” But this approach is backwards; authorization is not so much a question of what a computer user does, as it is a question of what a computer owner allows.

In other words, authorization under the CFAA is an issue of consent, not conduct; to understand authorization, we need to understand consent. Building on Peter Westen’s taxonomy of consent, I argue …

The Impact Of Technological Developments On The Rules Of Attorney Ethics Regarding Attorney–Client Privilege, Confidentiality, And Social Media, Pamela A. Bresnahan, Lucian T. Pera

St. Mary's Journal on Legal Malpractice & Ethics

This article focuses on the development of the law of ethics and technology. Emphasis is placed on how technological developments have affected the rules and means by which lawyers practice law and certain ethical pitfalls that have developed hand-in-hand with technological advancements. Topics examined include: (1) the ways by which electronic communication has increased the potential for the attorney–client privilege to be waived and the resulting impact on the present-day practice of law; (2) the effect of social media on lawyers’ ethical obligations, including counseling clients regarding the client’s use of social media and the lawyer’s own use of social …

The Question Concerning Technology In Compliance, Sean J. Griffith

Brooklyn Journal of Corporate, Financial & Commercial Law

In this symposium Essay, I apply insights from philosophy and psychology to argue that modes of achieving compliance that focus on technology undermine, and are undermined by, modes of achieving compliance that focus on culture. Insisting on both may mean succeeding at neither. How an organization resolves this apparent contradiction in program design, like the broader question of optimal corporate governance arrangements, is highly idiosyncratic. Firms should therefore be accorded maximum freedom in designing their compliance programs, rather than being forced by enforcement authorities into a set of de facto mandatory compliance structures.

The Cybersecurity Threat: Compliance And The Role Of Whistleblowers, Jennifer M. Pacella

Brooklyn Journal of Corporate, Financial & Commercial Law

In today’s technologically dependent world, concerns about cybersecurity, data breaches, and compromised personal information infiltrate the news almost daily. The Securities and Exchange Commission (SEC) has recently emerged as a regulator that is keenly focused on cybersecurity, specifically with respect to encouraging disclosures in this arena by regulated entities. Although the SEC has issued non-binding “guidance” to help companies navigate their reporting obligations in this sector, the agency lacks binding cybersecurity disclosure regulations as they pertain generally to public companies. Given that the SEC has already relied on such guidance in threatening enforcement actions, reporting companies are increasingly pressured for …

Like A Bad Neighbor, Hackers Are There: The Need For Data Security Legislation And Cyber Insurance In Light Of Increasing Ftc Enforcement Actions, Jennifer Gordon

Brooklyn Journal of Corporate, Financial & Commercial Law

Privacy has come to the forefront of the technology world as third party hackers are constantly attacking companies for their customers’ data. With increasing instances of compromised customer information, the Federal Trade Commission (FTC) has been bringing suit against companies for inadequate data security procedures. The FTC’s newfound authority to bring suit regarding cybersecurity breaches, based on the Third Circuit’s decision in FTC v. Wyndham Worldwide Corp., is a result of inaction—Congress has been unable to pass sufficient cybersecurity legislation, causing the FTC to step in and fill the void in regulation. In the absence of congressional action, this self-proclaimed …

Mitigating Cyber Risk In It Supply Chains, Maureen Wallace

Global Business Law Review

This note argues that the United States needs to utilize current federal agencies to begin introducing cyber supply chain risk management regulation for IT supply chains. Cyber supply chain risk management is a critical area of cybersecurity that has barely been recognized by the United States government. The globalization of the digital world has introduced a new spectrum of risk management issues that affect the products exchanged by businesses and consumed by individuals and government agencies. While there have been some initiatives toward the promotion of tighter cybersecurity regulation, most initiatives only concern the public sector, leaving the private sector …

“Hello…It’S Me. [Please Don’T Sue Me!]” Examining The Fcc’S Overbroad Calling Regulations Under The Tcpa, Marissa A. Potts

Brooklyn Law Review

Americans have received unwanted telemarketing calls for decades. In response to a rapid increase in pre-recorded calls made using autodialer devices, Congress enacted the Telephone Consumer Protection Act (TCPA) in 1992. The TCPA imposes restrictions on calls made to consumers’ residences and wireless phones using autodialer devices, even if they are not telemarketing calls. Congress appointed the Federal Communications Commission (FCC) to prescribe rules and regulations to enforce the TCPA. In 2015, the FCC released an order that defined autodialer more broadly under the statute. Consequently, devices that have the potential to become autodialers in the future, even if they …

Open Source, Modular Platforms, And The Challenge Of Fragmentation, Christopher S. Yoo

All Faculty Scholarship

Open source and modular platforms represent two powerful conceptual paradigms that have fundamentally transformed the software industry. While generally regarded complementary, the freedom inherent in open source rests in uneasy tension with the strict structural requirements required by modularity theory. In particular, third party providers can produce noncompliant components, and excessive experimentation can fragment the platform in ways that reduce its economic benefits for end users and app providers and force app providers to spend resources customizing their code for each variant. The classic solutions to these problems are to rely on some form of testing to ensure that the …

Patent Injunctions And The Problem Of Uniformity Cost, Michael W. Carroll

Michael W. Carroll

In eBay v. MercExchange, the Supreme Court correctly rejected a one-size-fits-all approach to patent injunctions. However, the Court's opinion does not fully recognize that the problem of uniformity in patent law is more general and that this problem cannot be solved through case-by-case analysis. This Essay provides a field guide for implementing eBay using functional analysis and insights from a uniformity-cost framework developed more fully in prior work. While there can be no general rule governing equitable relief in patent cases, the traditional four factor analysis for injunctive relief should lead the cases to cluster around certain patterns that often …

Creative Commons And The New Intermediaries, Michael W. Carroll

Michael W. Carroll

This symposium contribution examines the disintermediating and reintermediating roles played by Creative Commons licenses on the Internet. Creative Commons licenses act as a disintermediating force because they enable end-to-end transactions in copyrighted works. The licenses have reintermediating force by enabling new services and new online communities to form around content licensed under a Creative Commons license. Intermediaries focused on the copyright dimension have begun to appear online as search engines, archives, libraries, publishers, community organizers, and educators. Moreover, the growth of machine-readable copyright licenses and the new intermediaries that they enable is part of a larger movement toward a Semantic …

Introduction, Tracy Mitrano

Tracy Mitrano

No abstract provided.

Chapter Five: The San Bernardino Iphone Case, Tracy Mitrano

Tracy Mitrano

Chapter Four: Information Security, Tracy Mitrano

Tracy Mitrano

No abstract provided.

Chapter One: Free Speech, Tracy Mitrano

Tracy Mitrano

No abstract provided.

Chapter Two: Privacy, Tracy Mitrano

Tracy Mitrano

Chapter Three: Intellectual Property, Tracy Mitrano

Tracy Mitrano

No abstract provided.