Physical Sciences and Mathematics Commons^™

Analysis Of Windows 8 Registry Artifacts, Jeremy M. Stormo

University of New Orleans Theses and Dissertations

Microsoft’s series of Windows operating systems represents some of the most commonly encountered technologies in the field of digital forensics. It is then fair to say that Microsoft’s design decisions greatly affect forensic efforts. Because of this, it is exceptionally important for the forensics community to keep abreast of new developments in the Windows product line. With each new release, the Windows operating system may present investigators with significant new artifacts to explore. Described by some as the heart of the Windows operating system, the Windows registry has been proven to contain many of these forensically interesting artifacts. Given the …

Including Network Routers In Forensic Investigation, Brian Cusack, Raymond Lutui

Australian Digital Forensics Conference

Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the …

Automated Timeline Anomaly Detection, Joshua M. Barone

University of New Orleans Theses and Dissertations

Digital forensics is the practice of trained investigators gathering and analyzing evidence from digital devices such as computers and smart phones. On these digital devices, it is possible to change the time on the device for a purpose other than what is intended. Currently there are no documented techniques to determine when this occurs. This research seeks to prove out a technique for determining when the time has been changed on forensic disk image by analyzing the log files found on the image. Out of this research a tool is created to perform this analysis in automated fashion. This tool …

Development Of Micro Volume Dna And Rna Profiling Assays To Identify The Donor And Tissue Source Of Origin Of Trace Forensic Biological Evidence, Brittany Morgan

Electronic Theses and Dissertations

In forensic casework analysis it is necessary to obtain genetic profiles from increasingly smaller amounts of biological material left behind by perpetrators of crime. The ability to obtain profiles from trace biological evidence is demonstrated with so-called ‘touch DNA evidence’ which is perceived to be the result of DNA obtained from shed skin cells transferred from donor to an object or person during physical contact. However, the current method of recovery of trace DNA involves cotton swabs or adhesive tape to sample an area of interest. This "blindswabbing" approach may result in the recovery of biological material from different individuals …

Analysis Of Android Update Packages As A Method To Load Forensic Utilities And Malicious Applications To An Android Device, Mark Lohrum

Open Access Theses

Android devices are extremely popular and are projected to stay popular. Both forensic tools and malware exist designed specifically for Android devices. The purpose of this study is to explore a new method of loading forensic tools and malware to Android devices. This new method is the update module, which is used to install updates to the operating system. This thesis proposed and completed research to test four different custom update packages on three different Android devices. Two of the update packages contain forensic utilities and the other two contain malicious tools. An update package collecting web history using the …

Analysis Of A Second Hand Google Mini Search Appliance, Stephen Larson

Journal of Digital Forensics, Security and Law

Information and the technological advancements for which mankind develops with regards to its storage has increased tremendously over the past few decades. As the total amount of data stored rapidly increases in conjunction with the amount of widely available computer-driven devices being used, solutions are being developed to better harness this data (LaTulippe, 2011). One of these solutions is commonly known as a search appliance. Search appliances have been used in e-discovery for several years. The Google Mini Search Appliance (Mini) has not only been used for e-discovery, but for indexing and searching internal documents. To accomplish these tasks, search …

Development And Figures Of Merit Of Microextraction And Ultra-Performance Liquid Chromatography For Forensic Characterization Of Dye Profiles On Trace Acrylic, Nylon, Polyester, And Cotton Textile Fibers, Scott James Hoy

Theses and Dissertations

Methodology for the microextraction of basic dyes on acrylic, acid dyes on nylon, disperse dyes on polyester, and reactive dyes, direct dyes, and indigo on cotton textile fibers is reported. Although these processes are destructive to the fiber evidence, the ability to analyze dye extracts from sub-millimeter fiber lengths of single fibers, coupled with detection limits in the hundred picogram range by ultra-performance liquid chromatography (UPLC) with both diode array detection (DAD) and tandem mass spectrometry (MS-MS) makes routine forensic characterization feasible.

Microextraction, followed by UPLC, can often distinguish similar fibers containing different, but similar, dyes with the combination of …