Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Institution
- Publication
- Publication Type
Articles 1 - 10 of 10
Full-Text Articles in Physical Sciences and Mathematics
Extracting The Windows Clipboard From Physical Memory, James S. Okolica, Gilbert L. Peterson
Extracting The Windows Clipboard From Physical Memory, James S. Okolica, Gilbert L. Peterson
Faculty Publications
When attempting to reconstruct the events leading up to a cyber security incident, one potentially important piece of information is the clipboard (Prosise et al., 2003). The clipboard has been present in Windows since Windows 3.1 and is the mechanism for transferring information from one application to another through copy and pasting actions. Being able to retrieve the last file copied or the last password used may provide investigators with invaluable information during a forensic investigation. This paper describes the Windows clipboard structure and the process of retrieving copy/paste information from Windows XP, Vista, and Windows 7 (both 32 bit …
A Case Study In Forensic Analysis Of Control, Fred Cohen
A Case Study In Forensic Analysis Of Control, Fred Cohen
Journal of Digital Forensics, Security and Law
This paper describes a case study in which a method for forensic analysis of control was applied to resolve probative technical issues in a legal action. It describes one instance in which the analysis was successfully applied without challenge, addresses the details of most of the different facets of the analysis method, and demonstrates how such analysis provides a systematic approach to using technical methods to address legal issues as a case study.
Kindle Forensics: Acquisition & Analysis, Peter Hannay
Kindle Forensics: Acquisition & Analysis, Peter Hannay
Journal of Digital Forensics, Security and Law
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.
Legal Issues Regarding Digital Forensic Examiners Third Party Consent To Search, Thomas Lonardo, Doug White, Tricia P. Martland, Alan Rea
Legal Issues Regarding Digital Forensic Examiners Third Party Consent To Search, Thomas Lonardo, Doug White, Tricia P. Martland, Alan Rea
Journal of Digital Forensics, Security and Law
This paper focuses on Federal law as it relates to consent to search relating to Fourth Amendment privacy in the practice of Digital Forensics. In particular, Digital Examiners should be aware of how decisions in Federal Court may impact their ability to acquire evidence in both civil and criminal settings. Digital Forensics, being a relatively new field, is particularly subject to change as cases and appeals are decided. This paper provides an overview of relevant case law relating to issues in Digital Forensics. More importantly, our research provides Digital Forensic Examiners (DFE), as defined by Lonardo, White, and Rea (2008, …
Guidelines For The Digital Forensic Processing Of Smartphones, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin
Guidelines For The Digital Forensic Processing Of Smartphones, Khawla Abdulla Alghafli, Andrew Jones, Thomas Anthony Martin
Australian Digital Forensics Conference
Today Smartphone devices are widespread and they hold a number of types of information about the owner and their activities. As a result of the widespread adoption of these devices into every aspect of our lives they can be involved in almost any crime. The aim of digital forensics of Smartphone devices is to recover the digital evidence in a forensically sound manner so that the digital evidence can be presented and accepted in court. The digital forensic process consists of four phases which are preservation, acquisition, examination/analysis and finally presentation. In this paper we look at various types of …
Investigating Modern Communication Technologies: The Effect Of Internet-Based Communication Technologies On The Investigation Process, Matthew Simon, Jill Slay
Investigating Modern Communication Technologies: The Effect Of Internet-Based Communication Technologies On The Investigation Process, Matthew Simon, Jill Slay
Journal of Digital Forensics, Security and Law
Communication technologies are commonplace in modern society. For many years there were only a handful of communication technologies provided by large companies, namely the Public Switched Telephone Network (PSTN) and mobile telephony; these can be referred to as traditional communication technologies. Over the lifetime of traditional communication technologies has been little technological evolution and as such, law enforcement developed sound methods for investigating targets using them. With the advent of communication technologies that use the Internet – Internet-based or contemporary communication technologies – law enforcement are faced with many challenges. This paper discusses these challenges and their potential impact. It …
Organisational Preparedness For Hosted Virtual Desktops In The Context Of Digital Forensics, Nirbhay Jawale, Ajit Narayanan
Organisational Preparedness For Hosted Virtual Desktops In The Context Of Digital Forensics, Nirbhay Jawale, Ajit Narayanan
Australian Digital Forensics Conference
Virtualization in computing has progressed to an extent where desktops can be virtualized and accessed from anywhere. The server hosted model has already surpassed 1% market share of the worldwide professional PC market, with estimates indicating that this is a rapidly growing area. This paper investigates the adequacy of current digital forensic procedures on hosted virtual desktops (HVDs) as there does not appear to be specific methods of locating and extracting evidences from this infrastructure. A hosted virtual desktop deployed in private clouds was simulated to reflect two different computer crime scenarios. It was found that current digital forensic procedures …
A 2011 Investigation Into Remnant Data On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Krishnun Sansurooah
A 2011 Investigation Into Remnant Data On Second Hand Memory Cards Sold In Australia, Patryk Szewczyk, Krishnun Sansurooah
Australian Digital Forensics Conference
The use of memory cards is widely used in numerous electronic devices including tablet computers, cameras, mobile phones and multimedia devices. Like a USB drive, memory cards are an inexpensive and portable persistent storage solution. Numerous manufactures are incorporating a memory card interface into their product, allowing for a large array of confidential data to be stored. This research aimed to determine the sensitivity, type and amount of data that remained on second hand memory cards post sale. In 2011, over an eight month period, 119 second hand memory cards were randomly purchased from eBay Australia. The findings from the …
Forensic Recovery And Analysis Of The Artefacts Of Crimeware Toolkits, Murray Brand
Forensic Recovery And Analysis Of The Artefacts Of Crimeware Toolkits, Murray Brand
Australian Digital Forensics Conference
The total cost of cybercrime has been estimated to exceed US$388 billion annually. The availability of crimeware toolkits has lowered the bar for entry to the world of cybercrime. With very little technical knowledge required, cybercriminals can create, deploy and harvest financial data using banking trojans though a point and click graphical user interface that can cost less than US$1000. Technical support is also available for a fee, including technical infrastructure and servers to store harvested data. Fraudsters employing crimeware toolkits have been reported to have stolen US$3.2 million dollars in as little as six months. This paper presents preliminary …
Kindle Forensics: Acquisition And Analysis, Peter Hannay
Kindle Forensics: Acquisition And Analysis, Peter Hannay
Research outputs 2011
The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.