Open Access. Powered by Scholars. Published by Universities.®
Social and Behavioral Sciences Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Digital forensics (35)
- Computer forensics (17)
- Digital Forensics (15)
- Digital evidence (14)
- Forensics (12)
-
- Computer Forensics (9)
- Privacy (7)
- Data recovery (6)
- Information security (6)
- Cyber crime (5)
- Cyber forensics (5)
- Cyber security (5)
- Data disposal (5)
- Disk analysis (5)
- Visualization (5)
- Cybercrime (4)
- Digital Examiner (4)
- Evidence (4)
- Investigation (4)
- Mobile device forensics (4)
- Private Investigator (4)
- State Statutes (4)
- VoIP (4)
- Approximate matching (3)
- Child pornography (3)
- Clustering (3)
- Computer crime (3)
- Computer security (3)
- Data (3)
- Digital investigation (3)
Articles 31 - 60 of 298
Full-Text Articles in Social and Behavioral Sciences
Security Analysis Of Mvhash-B Similarity Hashing, Donghoon Chang, Somitra Sanadhya, Monika Singh
Security Analysis Of Mvhash-B Similarity Hashing, Donghoon Chang, Somitra Sanadhya, Monika Singh
Journal of Digital Forensics, Security and Law
In the era of big data, the volume of digital data is increasing rapidly, causing new challenges for investigators to examine the same in a reasonable amount of time. A major requirement of modern forensic investigation is the ability to perform automatic filtering of correlated data, and thereby reducing and focusing the manual effort of the investigator. Approximate matching is a technique to find “closeness” between two digital artifacts. mvHash-B is a well-known approximate matching scheme used for finding similarity between two digital objects and produces a ‘score of similarity’ on a scale of 0 to 100. However, no security …
Evidential Reasoning For Forensic Readiness, Yi-Ching Liao, Hanno Langweg
Evidential Reasoning For Forensic Readiness, Yi-Ching Liao, Hanno Langweg
Journal of Digital Forensics, Security and Law
To learn from the past, we analyse 1,088 "computer as a target" judgements for evidential reasoning by extracting four case elements: decision, intent, fact, and evidence. Analysing the decision element is essential for studying the scale of sentence severity for cross-jurisdictional comparisons. Examining the intent element can facilitate future risk assessment. Analysing the fact element can enhance an organization's capability of analysing criminal activities for future offender profiling. Examining the evidence used against a defendant from previous judgements can facilitate the preparation of evidence for upcoming legal disclosure. Follow the concepts of argumentation diagrams, we develop an automatic judgement summarizing …
Low Budget Forensic Drive Imaging Using Arm Based Single Board Computers, Eric Olson, Narasimha Shashidhar
Low Budget Forensic Drive Imaging Using Arm Based Single Board Computers, Eric Olson, Narasimha Shashidhar
Journal of Digital Forensics, Security and Law
Traditional forensic analysis of hard disks and external media typically involves a powered down machine and “dead analysis” of these devices. Forensic acquisition of hard drives and external media has traditionally been by one of several means: standalone forensic duplicator; using a hardware write-blocker or dock attached to a laptop, computer, workstation, etc., forensic operating systems that live boot from a USB, CD/DVD or virtual machines with preinstalled operating systems. Standalone forensics acquisition and imaging devices generally cost thousands of dollars. In this paper, we propose the use of single board computers as forensic imaging devices. Single board computers can …
Digital Forensics In Law Enforcement: A Needs Based Analysis Of Indiana Agencies, Teri A. Cummins Flory
Digital Forensics In Law Enforcement: A Needs Based Analysis Of Indiana Agencies, Teri A. Cummins Flory
Journal of Digital Forensics, Security and Law
Cyber crime is a growing problem, with the impact to society increasing exponentially, but the ability of local law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear. Many national needs assessments have previously been conducted, and all indicated that state and local law enforcement did not have the training, tools, or staff to effectively conduct digital investigations, but very few have been completed recently. This study provided a current and localized assessment of the ability of Indiana law enforcement agencies to effectively investigate crimes involving digital evidence, the availability of training for both law enforcement …
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Exploring Deviant Hacker Networks (Dhm) On Social Media Platforms, Samer Al-Khateeb, Kevin J. Conlan, Nitin Agarwal, Ibrahim Baggili, Frank Breitinger
Exploring Deviant Hacker Networks (Dhm) On Social Media Platforms, Samer Al-Khateeb, Kevin J. Conlan, Nitin Agarwal, Ibrahim Baggili, Frank Breitinger
Journal of Digital Forensics, Security and Law
Online Social Networks (OSNs) have grown exponentially over the past decade. The initial use of social media for benign purposes (e.g., to socialize with friends, browse pictures and photographs, and communicate with family members overseas) has now transitioned to include malicious activities (e.g., cybercrime, cyberterrorism, and cyberwarfare). These nefarious uses of OSNs poses a significant threat to society, and thus requires research attention. In this exploratory work, we study activities of one deviant groups: hacker groups on social media, which we term Deviant Hacker Networks (DHN). We investigated the connection between different DHNs on Twitter: how they are connected, identified …
Log Analysis Using Temporal Logic And Reconstruction Approach: Web Server Case, Murat Gunestas, Zeki Bilgin
Log Analysis Using Temporal Logic And Reconstruction Approach: Web Server Case, Murat Gunestas, Zeki Bilgin
Journal of Digital Forensics, Security and Law
We present a post-mortem log analysis method based on Temporal Logic (TL), Event Processing Language (EPL), and reconstruction approach. After showing that the proposed method could be adapted to any misuse event or attack, we specifically investigate the case of web server misuses. To this end, we examine 5 different misuses on Wordpress web servers, and generate corresponding log files of these attacks for forensic analysis. Then we establish attack patterns and formalize them by means of a special case of temporal logic, i.e. many sorted first order metric temporal logic (MSFOMTL). Later on, we implement these attack patterns in …
Bytewise Approximate Matching: The Good, The Bad, And The Unknown, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili
Bytewise Approximate Matching: The Good, The Bad, And The Unknown, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili
Journal of Digital Forensics, Security and Law
Hash functions are established and well-known in digital forensics, where they are commonly used for proving integrity and file identification (i.e., hash all files on a seized device and compare the fingerprints against a reference database). However, with respect to the latter operation, an active adversary can easily overcome this approach because traditional hashes are designed to be sensitive to altering an input; output will significantly change if a single bit is flipped. Therefore, researchers developed approximate matching, which is a rather new, less prominent area but was conceived as a more robust counterpart to traditional hashing. Since the conception …
On Efficiency Of Distributed Password Recovery, Radek Hranický, Martin Holkovič, Petr Matoušek
On Efficiency Of Distributed Password Recovery, Radek Hranický, Martin Holkovič, Petr Matoušek
Journal of Digital Forensics, Security and Law
One of the major challenges in digital forensics today is data encryption. Due to the leaked information about unlawful sniffing, many users decided to protect their data by encryption. In case of criminal activities, forensic experts are challenged how to decipher suspect's data that are subject to investigation. A common method how to overcome password-based protection is a brute force password recovery using GPU-accelerated hardware. This approach seems to be expensive. This paper presents an alternative approach using task distribution based on BOINC platform. The cost, time and energy efficiency of this approach is discussed and compared to the GPU-based …
Towards Syntactic Approximate Matching - A Pre-Processing Experiment, Doowon Jeong, Frank Breitinger, Hari Kang, Sangjin Lee
Towards Syntactic Approximate Matching - A Pre-Processing Experiment, Doowon Jeong, Frank Breitinger, Hari Kang, Sangjin Lee
Journal of Digital Forensics, Security and Law
Over the past few years the popularity of approximate matching algorithms (a.k.a. fuzzy hashing) has increased. Especially within the area of bytewise approximate matching, several algorithms were published, tested and improved. It has been shown that these algorithms are powerful, however they are sometimes too precise for real world investigations. That is, even very small commonalities (e.g., in the header of a le) can cause a match. While this is a desired property, it may also lead to unwanted results. In this paper we show that by using simple pre-processing, we signicantly can in uence the outcome. Although our test …
Electronic Voting Service Using Block-Chain, Kibin Lee, Joshua I. James, Tekachew G. Ejeta, Hyoung J. Kim
Electronic Voting Service Using Block-Chain, Kibin Lee, Joshua I. James, Tekachew G. Ejeta, Hyoung J. Kim
Journal of Digital Forensics, Security and Law
Cryptocurrency, and its underlying technologies, has been gaining popularity for transaction management beyond financial transactions. Transaction information is maintained in the block-chain, which can be used to audit the integrity of the transaction. The focus on this paper is the potential availability of block-chain technology of other transactional uses. Block-chain is one of the most stable open ledgers that preserves transaction information, and is difficult to forge. Since the information stored in block-chain is not related to personally identify information, it has the characteristics of anonymity. Also, the block-chain allows for transparent transaction verification since all information in the block-chain …
Countering Noise-Based Splicing Detection Using Noise Density Transfer, Thibault Julliand, Vincent Nozick, Hugues Talbot
Countering Noise-Based Splicing Detection Using Noise Density Transfer, Thibault Julliand, Vincent Nozick, Hugues Talbot
Journal of Digital Forensics, Security and Law
Image splicing is a common and widespread type of manipulation, which is defined as pasting a portion of an image onto a second image. Several forensic methods have been developed to detect splicing, using various image properties. Some of these methods exploit the noise statistics of the image to try and find discrepancies. In this paper, we propose a new counter-forensic approach to eliminate the noise differences that can appear in a spliced image. This approach can also be used when creating computer graphics images, in order to endow them with a realistic noise. This is performed by changing the …
An Automated Approach For Digital Forensic Analysis Of Heterogeneous Big Data, Hussam Mohammed, Nathan Clarke, Fudong Li
An Automated Approach For Digital Forensic Analysis Of Heterogeneous Big Data, Hussam Mohammed, Nathan Clarke, Fudong Li
Journal of Digital Forensics, Security and Law
The major challenges with big data examination and analysis are volume, complex interdependence across content, and heterogeneity. The examination and analysis phases are considered essential to a digital forensics process. However, traditional techniques for the forensic investigation use one or more forensic tools to examine and analyse each resource. In addition, when multiple resources are included in one case, there is an inability to cross-correlate findings which often leads to inefficiencies in processing and identifying evidence. Furthermore, most current forensics tools cannot cope with large volumes of data. This paper develops a novel framework for digital forensic analysis of heterogeneous …
Making Sense Of Email Addresses On Drives, Neil C. Rowe, Riqui Schwamm, Michael R. Mccarrin, Ralucca Gera
Making Sense Of Email Addresses On Drives, Neil C. Rowe, Riqui Schwamm, Michael R. Mccarrin, Ralucca Gera
Journal of Digital Forensics, Security and Law
Drives found during investigations often have useful information in the form of email addresses which can be acquired by search in the raw drive data independent of the file system. Using this data we can build a picture of the social networks that a drive owner participated in, even perhaps better than investigating their online profiles maintained by social-networking services because drives contain much data that users have not approved for public display. However, many addresses found on drives are not forensically interesting, such as sales and support links. We developed a program to filter these out using a Naïve …
Verification Of Recovered Digital Evidence On The Amazon Kindle, Marcus Thompson, Raymond Hansen
Verification Of Recovered Digital Evidence On The Amazon Kindle, Marcus Thompson, Raymond Hansen
Journal of Digital Forensics, Security and Law
The Amazon Kindle is a popular e-book reader. This popularity will lead criminals to use the Kindle as an accessory to their crime. Very few Kindle publications in the digital forensics domain exist at the time of this writing. Various blogs on the Internet currently provide some of the foundation for Kindle forensics. For this research each fifth generation Kindle was populated with various types of files a typical user may introduce using one method, the USB interface. The Kindle was forensically imaged with AccessData’s Forensic Toolkit Imager before and after each Kindle was populated. Each file was deleted through …
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
From The Editor-In-Chief, Ibrahim Baggili
From The Editor-In-Chief, Ibrahim Baggili
Journal of Digital Forensics, Security and Law
Welcome to JDFSL’s first issue for 2015! First, I would like to thank our editorial board, reviewers, and the JDFSL team for bringing this issue to life. It has been a big year for JDFSL as the journal continues to progress. We are continuing our indexing efforts for the journal and we are getting closer with some of the major databases.
Data Loss Prevention Management And Control: Inside Activity Incident Monitoring, Identification, And Tracking In Healthcare Enterprise Environments, Manghui Tu, Kimberly Spoa-Harty, Liangliang Xiao
Data Loss Prevention Management And Control: Inside Activity Incident Monitoring, Identification, And Tracking In Healthcare Enterprise Environments, Manghui Tu, Kimberly Spoa-Harty, Liangliang Xiao
Journal of Digital Forensics, Security and Law
As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and public organizations under obligations to take actions to prevent data breach. Among various threats, insider threats have been identified to be a major threat on data loss. Thus, effective mechanisms to control insider threats on data loss are urgently needed. The objective of this research is to address data loss prevention challenges in healthcare enterprise environment. First, a novel approach is provided to model internal threat, specifically inside activities. With inside activities modeling, data …
On The Network Performance Of Digital Evidence Acquisition Of Small Scale Devices Over Public Networks, Irvin Homem, Spyridon Dosis
On The Network Performance Of Digital Evidence Acquisition Of Small Scale Devices Over Public Networks, Irvin Homem, Spyridon Dosis
Journal of Digital Forensics, Security and Law
While cybercrime proliferates – becoming more complex and surreptitious on the Internet – the tools and techniques used in performing digital investigations are still largely lagging behind, effectively slowing down law enforcement agencies at large. Real-time remote acquisition of digital evidence over the Internet is still an elusive ideal in the combat against cybercrime. In this paper we briefly describe the architecture of a comprehensive proactive digital investigation system that is termed as the Live Evidence Information Aggregator (LEIA). This system aims at collecting digital evidence from potentially any device in real time over the Internet. Particular focus is made …
A 3-D Stability Analysis Of Lee Harvey Oswald In The Backyard Photo, Srivamshi Pittala, Emily Whiting, Hany Farid
A 3-D Stability Analysis Of Lee Harvey Oswald In The Backyard Photo, Srivamshi Pittala, Emily Whiting, Hany Farid
Journal of Digital Forensics, Security and Law
Fifty years have passed since the assassination of U.S. President Kennedy. Despite the long passage of time, it is still argued that the famous backyard photo of Oswald, holding the same type of rifle used to assassinate the President, is a fake. These claims include, among others, that Oswald’s pose in the photo is physically implausible. We describe a detailed 3-D stability analysis to determine if this claim is warranted.
Open Forensic Devices, Lee Tobin, Pavel Gladyshev
Open Forensic Devices, Lee Tobin, Pavel Gladyshev
Journal of Digital Forensics, Security and Law
Cybercrime has been a growing concern for the past two decades. What used to be the responsibility of specialist national police has become routine work for regional and district police. Unfortunately, funding for law enforcement agencies is not growing as fast as the amount of digital evidence. In this paper, we present a forensic platform that is tailored for cost effectiveness, extensibility, and ease of use. The software for this platform is open source and can be deployed on practically all commercially available hardware devices such as standard desktop motherboards or embedded systems such as Raspberry Pi and Gizmosphere’s Gizmo …
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Data Extraction On Mtk-Based Android Mobile Phone Forensics, Joe Kong
Data Extraction On Mtk-Based Android Mobile Phone Forensics, Joe Kong
Journal of Digital Forensics, Security and Law
In conducting criminal investigations it is quite common that forensic examiners need to recover evidentiary data from smartphones used by offenders. However, examiners encountered difficulties in acquiring complete memory dump from MTK Android phones, a popular brand of smartphones, due to a lack of technical knowledge on the phone architecture and that system manuals are not always available. This research will perform tests to capture data from MTK Android phone by applying selected forensic tools and compare their effectiveness by analyzing the extracted results. It is anticipated that a generic extraction tool, once identified, can be used on different brands …
A Survey Of Botnet Detection Techniques By Command And Control Infrastructure, Thomas S. Hyslip, Jason M. Pittman
A Survey Of Botnet Detection Techniques By Command And Control Infrastructure, Thomas S. Hyslip, Jason M. Pittman
Journal of Digital Forensics, Security and Law
Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting peer-to-peer and other decentralized botnets. Furthermore, the detection techniques aimed at decentralized and peer-to-peer botnets focus on detecting communications between the infected bots. Recent research has shown hierarchical clustering of flow data and machine learning are effective techniques for detecting botnet peer-to-peer …
To License Or Not To License Reexamined: An Updated Report On State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Alan Rea, Doug White
To License Or Not To License Reexamined: An Updated Report On State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Alan Rea, Doug White
Journal of Digital Forensics, Security and Law
In this update to the 2012 year's study, the authors examine statutes that regulate, license, and enforce investigative functions in each US state. As before, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners. There is a small trend in which some states are changing definitions or moving to exempt DE from PI licensing requirements. However, we look at some additional information in terms of practicing attorney exemptions that may cloud the licensing waters.
As with the previous research studies (Lonardo et al., 2008, 2009, 2012) the authors contacted all state regulatory agencies …
Litigation Holds: Past, Present, And Future Directions, Milton Luoma, Vicki M. Luoma
Litigation Holds: Past, Present, And Future Directions, Milton Luoma, Vicki M. Luoma
Journal of Digital Forensics, Security and Law
Electronically Stored Information (ESI) first became a serious litigation issue in the late 1990s, and the first attempts to determine best practices did not occur until the early 2000s. As best practices developed, the litigation hold to prevent routine destruction of documents and to preserve documents relevant to litigation came into existence. The duty to preserve ESI is triggered when litigation is reasonably anticipated. All information that relates to potential litigation must be preserved from the time it becomes reasonably apparent that litigation is possible until the expiration of the statute of limitations. If steps are not taken to properly …
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
From The Editor-In-Chief, Ibrahim Baggili
From The Editor-In-Chief, Ibrahim Baggili
Journal of Digital Forensics, Security and Law
Welcome to JDFSL’s second issue for 2015! First, I would like to thank our editorial board, reviewers, and the JDFSL team for bringing this issue to life. In this issue, we continue our multidisciplinary tradition. The first paper, Two challenges of stealthy hypervisors detection: time cheating and data fluctuations, showcases an important contribution to the computing discipline. The use of virtualization has dramatically increased given our strong reliance on cloud services both private and public. Even though hypervisors enhance security, they can also be exploited by malware. Therefore, this paper is of importance given that it introduces a novel method …
Two Challenges Of Stealthy Hypervisors Detection: Time Cheating And Data Fluctuations, Igor Korkin
Two Challenges Of Stealthy Hypervisors Detection: Time Cheating And Data Fluctuations, Igor Korkin
Journal of Digital Forensics, Security and Law
Hardware virtualization technologies play a significant role in cyber security. On the one hand these technologies enhance security levels, by designing a trusted operating system. On the other hand these technologies can be taken up into modern malware which is rather hard to detect. None of the existing methods is able to efficiently detect a hypervisor in the face of countermeasures such as time cheating, temporary self uninstalling, memory hiding etc. New hypervisor detection methods which will be described in this paper can detect a hypervisor under these countermeasures and even count several nested ones. These novel approaches rely on …
Rules Of Professional Responsibility In Digital Forensics: A Comparative Analysis, Filipo Sharevski
Rules Of Professional Responsibility In Digital Forensics: A Comparative Analysis, Filipo Sharevski
Journal of Digital Forensics, Security and Law
The consolidation of the rules of professional responsibility as recommended by the Committee on Identifying the Needs of Forensic Sciences Community (2009) accents the establishment of an uniform code of ethics emphasizing the importance of enforceability in strengthening the role the forensic science plays within the criminal justice system. Equally pertinent for the domain of digital forensics, this imperative entails a research commitment in comparing and contrasting the respective codes of ethics to illustrate their “variety, specificity and enforceability” in order to inform the discussion on the regulative aspects of the digital forensic discipline. Accordingly, this paper reviews the professional …