Physical Sciences and Mathematics Commons^™

Digital Forensic Readiness In Organizations: Issues And Challenges, Nickson Menza Karie, Simon Maina Karume Dr.

Journal of Digital Forensics, Security and Law

With the evolution in digital technologies, organizations have been forced to change the way they plan, develop, and enact their information technology strategies. This is because modern digital technologies do not only present new opportunities to business organizations but also a different set of issues and challenges that need to be resolved. With the rising threats of cybercrimes, for example, which have been accelerated by the emergence of new digital technologies, many organizations as well as law enforcement agencies globally are now erecting proactive measures as a way to increase their ability to respond to security incidents as well as …

Informing Responders Using Gis And Gps, Deidre Mccarthy

CHAR

Hurricane Katrina devastated the Gulf Coast in August 2005 and created the single largest disaster for cultural resources that the United States has witnessed since the inception of the National Historic Preservation Act (NHPA) in 1966. Notably, the NHPA created the National Register of Historic Places, our nation’s catalog of important cultural resources. The NHPA also stipulates that any federal undertaking which may adversely affect National Register eligible resources be mitigated. For the Federal Emergency Management Agency (FEMA), Katrina created the largest compliance project ever under Section 106 of the NHPA.

Although causing a great deal of damage, Katrina also …

Keynote Address: Climate Change: From Global To New York Scale, Christopher D. Thorncroft

CHAR

This talk is concerned with the science and impacts of climate change from global to New York scales. It will provide an assessment of how the climate has changed over the past Century based on a purely observational perspective. The scientific basis for anthroprogenic climate change will be explained and discussed including a description of the “greenhouse effect” and why it is important for life on this planet. We will briefly discuss global and local consequences of a warmer climate and what we need to be prepared for going forward in the coming decades.

Legislative Requirements For Cyber Peacekeeping, Nikolay Akatyev, Joshua I. James

Journal of Digital Forensics, Security and Law

Cyber Peacekeeping strives for the prevention, mitigation and cessation of cyber and physical conflicts. The creation of a Cyber Peacekeeping organization, however, has major legal and political implications. In this work we review current international legislation applicable for functions of Cyber Peacekeeping. Specifically, we analyze prominent works which contribute to definitions, law and ethics regulating cyber conflicts from the perspective of the creation of a CPK organization. Legislative and terminological foundations are analyzed and adopted from current practice. Further, this work analyzes guiding principles of global organizations such as ITU IMPACT, INTERPOL and regional organizations such as NATO and the …

Forensic State Acquisition From Internet Of Things (Fsaiot): A General Framework And Practical Approach For Iot Forensics Through Iot Device State Acquisition, Christopher S. Meffert, Devon R. Clark, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

IoT device forensics is a difficult problem given that manufactured IoT devices are not standardized, many store little to no historical data, and are always connected; making them extremely volatile. The goal of this paper was to address these challenges by presenting a primary account for a general framework and practical approach we term Forensic State Acquisition from Internet of Things (FSAIoT). We argue that by leveraging the acquisition of the state of IoT devices (e.g. if an IoT lock is open or locked), it becomes possible to paint a clear picture of events that have occurred. To this end, …

Card Tricks: A Workflow For Scalability And Dynamic Content Creation Using Paper2d And Unreal Engine 4, Owen Gottlieb, Dakota Herold, Edward Amidon

Presentations and other scholarship

In this paper, we describe the design and technological methods of

our dynamic sprite system in Lost & Found, a table-top-to-mobile

card game designed to improve literacy regarding prosocial

aspects of religious legal systems, specifically, collaboration and

cooperation. Harnessing the capabilities of Unreal Engine’s

Paper2D system, we created a dynamic content creation pipeline

that empowered our game designers so that they could rapidly

iterate on the game’s systems and balance externally from the

engine. Utilizing the Unreal Blueprint component system we were

also able to modularize each actor during runtime as data may be

changed. The technological approach behind Lost …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

Digital Anti-Forensics: An Implementation And Examination, Stephanie Dachs

Student Theses

The rise of computer use and technical adeptness by the general public in the last two decades are undeniable. With greater use comes a greater possibility for misuse, evidenced by today’s incredible number of crimes involving computers as well as the growth in severity from that of cyber hooliganism to cyber warfare. Although frequently utilized for privacy and security purposes, the vast range of anti-forensic techniques has contributed to the ability for hackers and criminals to obstruct computer forensic investigations.

Understanding how anti-forensics may alter important and relevant data on an electronic device will prove useful for the success and …

A Cross-Sectional Exploration Of Household Financial Reactions And Homebuyer Awareness Of Registered Sex Offenders In A Rural, Suburban, And Urban County., John Charles Navarro

Electronic Theses and Dissertations

As stigmatized persons, registered sex offenders betoken instability in communities. Depressed home sale values are associated with the presence of registered sex offenders even though the public is largely unaware of the presence of registered sex offenders. Using a spatial multilevel approach, the current study examines the role registered sex offenders influence sale values of homes sold in 2015 for three U.S. counties (rural, suburban, and urban) located in Illinois and Kentucky within the social disorganization framework. Homebuyers were surveyed to examine whether awareness of local registered sex offenders and the homebuyer’s community type operate as moderators between home selling …

Species Identification Of Necrophagous Insect Eggs Based On Amino Acid Profile Differences Revealed By Direct Analysis In Real Time-High Resolution Mass Spectrometry, Justine E. Giffen, Jennifer Y. Rosati, Cameron M. Longo, Rabi A. Musah

Publications and Research

The colonization of decomposing remains by necrophagous insects such as blow flies is of forensic importance because the progression through the various stages of insect development can be correlated to time of death. The ability to infer this information hinges on accurate determination of the fly species that are associated with the entomological evidence collected. This evidence can include eggs, larvae, pupae, and puparial casings. Determination of the egg’s identity is particularly challenging because the eggs of multiple species are morphologically very similar. We report here that the species identity of fly eggs can be determined from their chemical fingerprint …

The Advanced Spectroscopic Analysis Of Organic Gunshot Residue And Explosives, Jennifer M. Leonard

Dissertations, Theses, and Capstone Projects

With the prevalence of shooting cases and terrorist attacks/or threats that plague the current state of the criminal justice system, it is of paramount importance to be able to detect, identify and interpret the presence of gunshot residue or explosives material. This concern is seen in law enforcement agencies and the media throughout the United States and abroad.

Currently, the typical method of analyzing gunshot residue in most crime laboratories serves to identify the inorganic constituents of the primer residue, namely lead, barium and antimony. However, it is possible that the organic matter from the propellant could provide different information …

Detection Of Cathinone And Mephedrone In Plasma By Lc-Ms/Ms Using Standard Addition Quantification Technique, Theron W. Ng-A-Qui

Student Theses

Designer drugs are structural analogs of Drug Enforcement Agency (DEA) Schedule I and II substances. They are synthesized to mimic the effects of illegal drugs of abuse and to bypass the provisions of drug regulations. Despite the increased availability of designer drugs, few studies have focused on specific analytical extraction techniques for their detection and quantification in biological samples. Solid phase extraction (SPE) is the most commonly used technique for sample preparation. The purpose of this study is to evaluate the extraction efficiency of the various SPE columns with different sorbent materials for two designer drugs, cathinone and mephedrone in …

Exploring Digital Evidence With Graph Theory, Imani Palmer, Boris Gelfand, Roy Campbell

Annual ADFSL Conference on Digital Forensics, Security and Law

The analysis phase of the digital forensic process is the most complex. The analysis phase remains very subjective to the views of the forensic practitioner. There are many tools dedicated to assisting the investigator during the analysis process. However, they do not address the challenges. Digital forensics is in need of a consistent approach to procure the most judicious conclusions from the digital evidence. The objective of this paper is to discuss the ability of graph theory, a study of related mathematical structures, to aid in the analysis phase of the digital forensic process. We develop a graph-based representation of …

Case Study: A New Method For Investigating Crimes Against Children, Hallstein Asheim Hansen, Stig Andersen, Stefan Axelsson, Svein Hopland

Annual ADFSL Conference on Digital Forensics, Security and Law

Investigations of crimes against children are often complex, both in terms of the varied and large amount of digital technology encountered and the offensive nature of the crimes. Such cases are numerous, large, and prioritised, requiring digital forensics competence. Earlier digital forensics was considered and treated as a typical forensic science like fingerprint analysis, performed in a laboratory isolated from the investigative team. This decoupled way of working has proved to be both inefficient and error prone.

At the Digital Forensic Unit of Oslo Police District we have developed a new way of working that addresses many of the problems …

Downstream Competence Challenges And Legal/Ethical Risks In Digital Forensics, Michael M. Losavio, Antonio Losavio

Annual ADFSL Conference on Digital Forensics, Security and Law

Forensic practice is an inherently human-mediated system, from processing and collection of evidence to presentation and judgment. This requires attention to human factors and risks which can lead to incorrect judgments and unjust punishments.

For digital forensics, such challenges are magnified by the relative newness of the discipline and the use of electronic evidence in forensic proceedings. Traditional legal protections, rules of procedure and ethics rules mitigate these challenges. Application of those traditions better ensures forensic findings are reliable. This has significant consequences where findings may impact a person's liberty or property, a person's life or even the political direction …

Digital Forensics Tool Selection With Multi-Armed Bandit Problem, Umit Karabiyik, Tugba Karabiyik

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital forensics investigation is a long and tedious process for an investigator in general. There are many tools that investigators must consider, both proprietary and open source. Forensics investigators must choose the best tool available on the market for their cases to make sure they do not overlook any evidence resides in suspect device within a reasonable time frame. This is however hard decision to make, since learning and testing all available tools make their job only harder. In this project, we define the digital forensics tool selection for a specific investigative task as a multi-armed bandit problem assuming that …

Detecting Deception In Asynchronous Text, Fletcher Glancy

Annual ADFSL Conference on Digital Forensics, Security and Law

Glancy and Yadav (2010) developed a computational fraud detection model (CFDM) that successfully detected financial reporting fraud in the text of the management’s discussion and analysis (MDA) portion of annual filings with the United States Securities and Exchange Commission (SEC). This work extends the use of the CFDM to additional genres, demonstrates the generalizability of the CFDM and the use of text mining for quantitatively detecting deception in asynchronous text. It also demonstrates that writers committing fraud use words differently from truth tellers.

Understanding Deleted File Decay On Removable Media Using Differential Analysis, James H. Jones Jr, Anurag Srivastava, Josh Mosier, Connor Anderson, Seth Buenafe

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital content created by picture recording devices is often stored internally on the source device, on either embedded or removable media. Such storage media is typically limited in capacity and meant primarily for interim storage of the most recent image files, and these devices are frequently configured to delete older files as necessary to make room for new files. When investigations involve such devices and media, it is sometimes these older deleted files that would be of interest. It is an established fact that deleted file content may persist in part or in its entirety after deletion, and identifying the …

Development Of A Professional Code Of Ethics In Digital Forensics, Kathryn C. Seigfried-Spellar, Marcus Rogers, Danielle M. Crimmins 2184089

Annual ADFSL Conference on Digital Forensics, Security and Law

Academics, government officials, and practitioners suggest the field of digital forensics is in need of a professional code of ethics. In response to this need, the authors developed and proposed a professional code of ethics in digital forensics. The current paper will discuss the process of developing the professional code of ethics, which included four sets of revisions based on feedback and suggestions provided by members of the digital forensic community. The final version of the Professional Code of Ethics in Digital Forensics includes eight statements, and we hope this is a step toward unifying the field of digital forensics …

Fast Filtering Of Known Png Files Using Early File Features, Sean Mckeown, Gordon Russell, Petra Leimich

Annual ADFSL Conference on Digital Forensics, Security and Law

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual digests with a database of known contraband. However, the large capacities of modern storage media, and increased time pressure on forensics examiners, necessitates that more efficient processing mechanisms be developed. This work describes a technique for creating signatures for images of the PNG format which only requires a tiny fraction of the file to effectively distinguish between a large number of images. Highly …

Detect Kernel-Mode Rootkits Via Real Time Logging & Controlling Memory Access, Satoshi Tanda, Irvin Homem, Igor Korkin

Annual ADFSL Conference on Digital Forensics, Security and Law

Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis, support of multi-core CPUs and 64-bit Windows 10. MemoryMonRWX …

Harnessing Predictive Models For Assisting Network Forensic Investigations Of Dns Tunnels, Irvin Homem, Panagiotis Papapetrou

Annual ADFSL Conference on Digital Forensics, Security and Law

In recent times, DNS tunneling techniques have been used for malicious purposes, however network security mechanisms struggle to detect them. Network forensic analysis has been proven effective, but is slow and effort intensive as Network Forensics Analysis Tools struggle to deal with undocumented or new network tunneling techniques. In this paper, we present a machine learning approach, based on feature subsets of network traffic evidence, to aid forensic analysis through automating the inference of protocols carried within DNS tunneling techniques. We explore four network protocols, namely, HTTP, HTTPS, FTP, and POP3. Three features are extracted from the DNS tunneled traffic: …

An Accidental Discovery Of Iot Botnets And A Method For Investigating Them With A Custom Lua Dissector, Max Gannon, Gary Warner, Arsh Arora

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper presents a case study that occurred while observing peer-to-peer network communications on a botnet monitoring station and shares how tools were developed to discover what ultimately was identified as Mirai and many related IoT DDOS Botnets. The paper explains how researchers developed a customized protocol dissector in Wireshark using the Lua coding language, and how this enabled them to quickly identify new DDOS variants over a five month period of study.

Kelihos Botnet: A Never-Ending Saga, Arsh Arora, Max Gannon, Gary Warner

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper investigates the recent behavior of the Kelihos botnet, a spam-sending botnet that accounts for many millions of emails sent each day. The paper demonstrates how a team of students are able to perform a longitudinal malware study, making significant observations and contributions to the understanding of a major botnet using tools and techniques taught in the classroom. From this perspective the paper has two objectives: encouragement and observation. First, by providing insight into the methodology and tools used by student researchers to document and understand a botnet, the paper strives to embolden other academic programs to follow a …

Ua12/2/2 2017 Talisman: Well Being, Wku Student Affairs

WKU Archives Records

2017 Talisman yearbook.

• Kaetzel, Kylee. Editor’s Note
• Upton, Jordan. His Hands
• Watkins, Abby. The Meal Plan – Recipes
• Eastham, Lillie. New Hieghts – Reed Mattison, Rock Climbing
• Robb, Hayley. A Life Transformed – Annabeth Welborn
• Robb, Hayley. 6:00 AM Bright & Early – Exercise
• Doyel, Rachael. Redifining Ability – Jacob Holt
• Upton, Jordan. Yom Kippur at Happy Hills Buddhist Temple
• Wegert, Sally. Inner Peace – Allison Adams, Yoga
• Mattingly, Evan. The Future’s in Your Hands – Bianca Williams, Psychics
• Frint, Hunter. Too Often Silenced – Unity Walk
• Doyel, Rachael. Changing Tides
• Wells, Spencer. Struggle & Rebirth – Trey Farlee, Musicians …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Special Issue Of Best Papers From The 11th International Conference On Systematic Approaches To Digital Forensic Engineering (Sadfe 2016)

Journal of Digital Forensics, Security and Law

The SADFE series feature the different editions of the International Conference on Systematic Approaches to Digital Forensics Engineering. Now in its eleventh edition, SADFE has established itself as the premier conference for researchers and practitioners working in Systematic Approaches to Digital Forensics Engineering.

SADFE 2016, the eleventh international conference on Systematic Approaches to Digital Forensic Engineering was held in Kyoto, Japan, September 20 - 22, 2016.

Digital forensics engineering and the curation of digital collections in cultural institutions face pressing and overlapping challenges related to provenance, chain of custody, authenticity, integrity, and identity. The generation, analysis and sustainability of digital …

A Forensic Email Analysis Tool Using Dynamic Visualization, Johannes Stadlinger, Andreas Dewald

Journal of Digital Forensics, Security and Law

Communication between people counts to the most important information of today’s business. As a result, in case of forensic investigations in big companies, analysis of communication data in general and especially email, as the still most widely used business communication platform with an immense and still growing volume, is a typical task in digital forensics. One of the challenges is to identify the relevant communication partners and structures in the suspects surrounding as quickly as possible in order to react appropriately and identify further targets of evaluation. Due to the amount of emails in typical inboxes, reading through all the …

Find Me If You Can: Mobile Gps Mapping Applications Forensic Analysis & Snavp The Open Source, Modular, Extensible Parser, Jason Moore, Ibrahim Baggili, Frank Breitinger

Journal of Digital Forensics, Security and Law

The use of smartphones as navigation devices has become more prevalent. The ubiquity of hand-held navigation devices such as Garmins or Toms Toms has been falling whereas the ownership of smartphones and their adoption as GPS devices is growing. This work provides a comprehensive study of the most popular smartphone mapping applications, namely Google Maps, Apple Maps, Waze, MapQuest, Bing, and Scout, on both Android and iOS. It details what data was found, where it was found, and how it was acquired for each application. Based on the findings, the work allowed for the construction of a tool capable of …