Forensic Science and Technology Commons^™

Evaluation Of The Trunarc Handheld Narcotics Analyzer As A Pre-Analysis Screening Device For The Orange County Crime Lab, Sarah Yang, D. Bauer, C. Woltz, S. Soto, Michael Ibba

Student Scholar Symposium Abstracts and Posters

Forensic analysis of suspected narcotics is often dangerous as the substances’ composition is unknown. Many techniques for drug identification require handling of the substance outside of its packaging, which can expose the analyst to potentially harmful chemicals. The TruNarc Handheld Narcotics Analyzer is a portable Raman spectroscopy device that is non-destructive of evidence and can be used to screen drugs through simple packaging to minimize the risk of exposure. The Orange County Crime Lab (OCCL) is testing the limits of this device to determine if it can be used to screen new evidence within the Seized Drugs Lab. The OCCL …

Detecting Child Sexual Abuse Images: Traits Of Child Sexual Exploitation Hosting And Displaying Websites, Enrique Guerra, Bryce G. Westlake

Faculty Research, Scholarly, and Creative Activity

Background
Automated detection of child sexual abuse images (CSAI) often relies on image attributes, such as hash values. However, electronic service providers and others without access to hash value databases are limited in their ability to detect CSAI. Additionally, the increasing amount of CSA content being distributed means that a large percentage of images are not yet cataloged in hash value databases. Therefore, additional detection criteria need to be determined to improve identification of non-hashed CSAI.
Objective
We aim to identify patterns in the locations and folder/file naming practices of websites hosting and displaying CSAI, to use as additional detection …

Forensicast: A Non-Intrusive Approach & Tool For Logical Forensic Acquisition & Analysis Of The Google Chromecast Tv, Alex Sitterer, Nicholas Dubois, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The era of traditional cable Television (TV) is swiftly coming to an end. People today subscribe to a multitude of streaming services. Smart TVs have enabled a new generation of entertainment, not only limited to constant on-demand streaming as they now offer other features such as web browsing, communication, gaming etc. These functions have recently been embedded into a small IoT device that can connect to any TV with High Definition Multimedia Interface (HDMI) input known as Google Chromecast TV. Its wide adoption makes it a treasure trove for potential digital evidence. Our work is the primary source on forensically …

Forensic Artifact Finder (Forensicaf): An Approach & Tool For Leveraging Crowd-Sourced Curated Forensic Artifacts, Tyler Balon, Krikor Herlopian, Ibrahim Baggili, Cinthya Grajeda-Mendez

Electrical & Computer Engineering and Computer Science Faculty Publications

Current methods for artifact analysis and understanding depend on investigator expertise. Experienced and technically savvy examiners spend a lot of time reverse engineering applications while attempting to find crumbs they leave behind on systems. This takes away valuable time from the investigative process, and slows down forensic examination. Furthermore, when specific artifact knowledge is gained, it stays within the respective forensic units. To combat these challenges, we present ForensicAF, an approach for leveraging curated, crowd-sourced artifacts from the Artifact Genome Project (AGP). The approach has the overarching goal of uncovering forensically relevant artifacts from storage media. We explain our approach …

Duck Hunt: Memory Forensics Of Usb Attack Platforms, Tyler Thomas, Mathew Piscitelli, Bhavik Ashok Nahar, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

To explore the memory forensic artifacts generated by USB-based attack platforms, we analyzed two of the most popular commercially available devices, Hak5's USB Rubber Ducky and Bash Bunny. We present two open source Volatility plugins, usbhunt and dhcphunt, which extract artifacts generated by these USB attacks from Windows 10 system memory images. Such artifacts include driver-related diagnostic events, unique device identifiers, and DHCP client logs. Our tools are capable of extracting metadata-rich Windows diagnostic events generated by any USB device. The device identifiers presented in this work may also be used to definitively detect device usage. Likewise, the DHCP logs …

Another Brick In The Wall: An Exploratory Analysis Of Digital Forensics Programs In The United States, Syria Mccullough, Stella Abudu, Ebere Onwubuariri, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

We present a comprehensive review of digital forensics programs offered by universities across the United States (U.S.). While numerous studies on digital forensics standards and curriculum exist, few, if any, have examined digital forensics courses offered across the nation. Since digital forensics courses vary from university to university, online course catalogs for academic institutions were evaluated to curate a dataset. Universities were selected based on online searches, similar to those that would be made by prospective students. Ninety-seven (n = 97) degree programs in the U.S. were evaluated. Overall, results showed that advanced technical courses are missing from curricula. We …

Zooming Into The Pandemic! A Forensic Analysis Of The Zoom Application, Andrew Mahr, Meghan Cichon, Sophia Mateo, Cinthya Grajeda, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The global pandemic of COVID-19 has turned the spotlight on video conferencing applications like never before. In this critical time, applications such as Zoom have experienced a surge in its user base jump over the 300 million daily mark (ZoomBlog, 2020). The increase in use has led malicious actors to exploit the application, and in many cases perform Zoom Bombings. Therefore forensically examining Zoom is inevitable. Our work details the primary disk, network, and memory forensic analysis of the Zoom video conferencing application. Results demonstrate it is possible to find users' critical information in plain text and/or encrypted/encoded, such …

Digital Forensic Readiness Intelligence Crime Repository, Victor R. Kebande, Nickson M. Karie, Kim-Kwang R. Choo, Sadi Alawadi

Research outputs 2014 to 2021

It may not always be possible to conduct a digital (forensic) investigation post-event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic-by-design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross-reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from …

Forensic Entomology: Insect Succession – Northern Colorado, Thomas Nissen

Department of Entomology: Distance Master of Science Projects

Forensic entomology is considered a relatively new field of entomology yet insects have been around for millions of years. Insects have been associated with dead animals and humans for centuries. The remains of insects have been recorded from Ancient Egypt to the present time. Recent advancements have been with data presented to the courts that show that there is a specific order to insects arriving on a corpse and that order helps to determine time of death. This study investigates the order of insect succession in the northern front range area of Colorado.

Differentiation Between Peripheral Blood And Menstrual Blood Using Mirna Markers, Anaya Valentine

Master of Science in Forensic Science Directed Research Projects

Abstract

In forensic investigations, body fluids can provide crucial information and is helpful for corroborating the circumstance of the case. For cases of sexual assaults or homicides, being able to differentiate if the blood is peripheral blood or menstrual blood is important. Peripheral blood can be indicative of a traumatic event, while menstrual blood is of a natural cause. Currently, serology based methods are used for body fluid identification, however, their lack of sensitivity and specificity remains an issue. MicroRNAs (miRNAs) are a class of non-protein coding nucleic acids that are able to be co-extracted with DNA, and their small …

Digital Forensic Readiness In Operational Cloud Leveraging Iso/Iec 27043 Guidelines On Security Monitoring, Sheunesu Makura, H. S. Venter, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Sadi Alawadi

Research outputs 2014 to 2021

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. …

Evaluating The Impact Of Sandbox Applications On Live Digital Forensics Investigation, Reem Bashir, Helge Janicke, Wen Zeng

Research outputs 2014 to 2021

Sandbox applications can be used as anti-forensics techniques to hide important evidence in the digital forensics investigation. There is limited research on sandboxing technologies, and the existing researches on sandboxing are focusing on the technology itself. The impact of sandbox applications on live digital forensics investigation has not been systematically analysed and documented. In this study, we proposed a methodology to analyse sandbox applications on Windows systems. The impact of having standalone sandbox applications on Windows operating systems image was evaluated. Experiments were conducted to examine the artefacts of three sandbox applications: Sandboxie, BufferZone and ToolWiz Time Freeze on Windows …

Development Of An Analytical Method And Sample Preparation Technique For The Analysis Of Sulfur-Containing Fentanyl Analogs By Uplcmsms, And The Application To Forensic Science, Amber D. Budmark

Master of Science in Forensic Science Directed Research Projects

In February 2018, the US DEA Agency released a statement of the emergency scheduling (Schedule 1) of all fentanyl analogs not already regulated by the CSA due to an alarming increase in overdose deaths linked to synthetic opioids. Fentanyl analogs are pharmacologically similar to fentanyl, but often more potent. This increased potency can create problems with proper dosing of fentanyl analogs leading to untoward effects including an increase in overdoses and deaths. Since 2018, there has been a 38.4% increase in illicitly manufactured fentanyl overdose deaths leading the CDC to make available the FAS Kit and Emergent Panels containing previously …

The Efficacy Of Recovering Latent Fingerprints From Fired Cartridge Cases By Way Of Cyanoacrylate Fuming Combined With Basic Yellow Dye Staining, Lily Mantz

Master of Science in Forensic Science Directed Research Projects

This experiment attempted to tackle the long-standing struggle to consistently recover latent fingerprints from fired cartridges. With an emphasis on realistic handling of high volume of samples combined with Cyanoacrylate fuming followed by Basic Yellow dye staining, a total of 740 cartridges were examined. These included fired and unfired brass and nickel case 9mm Luger and 40 S&W cartridges. The cartridges were divided into five different groups; each were treated differently prior to cyanoacrylate fuming and dye staining, which was conducted in the same manner for the groups. The groups included the positive and negative controls, loaded, cycled, and fired. …

The Impact Of Latent Print Processing On Firing Pin And Breechface Impressions During Firearm Examination, Brittany B. Harrington

Master of Science in Forensic Science Directed Research Projects

Latent prints can be a valuable source of forensic evidence when solving a crime. They can verify if a person was at a specific scene, identify unknown individuals to connect them to a scene, and help to corroborate eyewitness accounts. Latent prints, however, are not always visible until they have undergone enhancement or visualization techniques. When fired cartridge cases are suspected of containing latent prints, they are brought in for latent print processing before any firearm analysis is performed. As a result, these cartridges are often coated in various residues or dyes when they arrive for firearm examination. In response, …

Powerplex® Fusion 6c System Versus Powerplex® Fusion 5c: A Comparison Of Performance Metrics, Caitlin M. Mccaughan

Master of Science in Forensic Science Directed Research Projects

Following the FBI mandated expansion of the CODIS core loci from 13 to 20, several manufacturers developed short tandem repeat (STR) typing kits in response to the new criteria. One such manufacturer was the Promega Corporation, which released the PowerPlex® Fusion 5C megaplex STR typing kit (Fusion 5C) in 2012. Currently, the Virginia Department of Forensic Science (VDFS) utilizes this amplification kit for both casework and database applications. In 2015, Promega released the PowerPlex® Fusion 6C STR typing kit (Fusion 6C), which contains three additional loci beyond those included in PowerPlex® Fusion 5C, and a sixth color channel. The power …

Creation And Optimization Of An Optical Trapping Microfluidic Device For The Separation Of Mock Forensic Sexual Assault Samples, Mackenzie Lally

Master of Science in Forensic Science Directed Research Projects

Cell mixtures are often seen in forensic samples and commonly involve sexual assault cases where mixtures of sperm cells and vaginal epithelial cells are frequently encountered. This produces challenges in downstream analysis in the form of STR mixture profiles. The only method currently in use in crime laboratories for front-end sperm and epithelial cell separation is differential extraction. This method often results in STR mixture profiles due to carryover into both the male and female fractions and suffers from a wide range of efficiency depending on the laboratory or individual processing the sample. Optical trapping offers an alternative method for …

Evaluation Of Cell Lysis Techniques For Direct Amplification Of Sexual Assault Samples, Sarah Schellhammer

Master of Science in Forensic Science Directed Research Projects

Sexual assault is one of the most common crimes committed today with a delay in sample processing, resulting in the “rape kit backlog”. The traditional method to extract DNA from these samples containing both male and female DNA is a differential extraction; taking hours to process. This study examined a variety of different cell lysis techniques to develop a method which can consistently generate high-quality profiles at a fast rate and with low volumes when compared to the currently used method in our laboratory.

Six lysis methods, in addition to the currently used forensicGEM™ Sperm kit, were performed on …

Evaluation Of Dna Extraction Efficiencies Of Promega’S Dna Iq™ Methods And Casework Extraction Kit For Low Template Samples, Emily M. Anderson

Master of Science in Forensic Science Directed Research Projects

Biological evidence from crime scene samples frequently contain low levels of DNA, such as the most predominant form of evidence, which is DNA deposited by handling objects or “touch evidence”. To maximize the DNA yield recovered from theses challenging samples, forensic laboratories must optimize the extraction methods utilized to isolate and purify DNA for downstream short tandem repeat (STR) amplifications. Currently, the Virginia Department of Forensic Science (VADFS) uses a DNA IQ™ System (DNA IQ) extraction method for isolation of DNA from most forensic samples. This extraction procedure, which combines DNA IQ™ lysis buffer and Dithiothreitol (DTT), has been validated …

Testing The Efficacy Of Surface Swab Sampling To Determine Post-Mortem Submersion Interval (Pmsi), Using The Microbiome Colonization Of Skeletal Remains Submerged In A Lotic Environment, Sarah Rose

Master of Science in Forensic Science Directed Research Projects

Estimating the post-mortem submersion interval (PMSI) can provide a valuable forensic tool for medicolegal death investigations involving victims discovered in aquatic environments. Previous studies conducted by Cartozzo et al. (2021) successfully demonstrated the use of microbial succession to create predictive models for the estimation of PMSI from submerged bone. Though effective, bone sampling requires time consuming processing techniques that result in destruction of decedent tissue. This study investigates the use of bone surface swabbing as an effective alternative method to bone sampling, with the goal of predicting PMSI using a simpler, non-invasive sampling technique. Porcine (Sus scrofa) skeletal remains (rib …

Comparison Of The Bacterial Community Structure Of Bone Swabs To Ground Bone Recovered From Waterlogged Skeletal Remains From A Lentic Environment For Postmortem Submersion Interval (Pmsi) Estimation, Hannah Johnson

Master of Science in Forensic Science Directed Research Projects

Postmortem submersion interval (PMSI) is an essential factor when recovering bodies from aquatic environments. Although several studies exist on postmortem interval (PMI) estimation of mammalian cadavers in terrestrial systems, the same is not true for the aquatic systems. Cartozzo et al. (11) developed PMSI prediction models using bacterial succession data associated with waterlogged skeletal remains. This study is a continuation of the Cartozzo et al. (11) study, but the aim of this study is to compare the bacterial DNA (16S rDNA) community found on the surface of swabs recovered from waterlogged bones to the bacterial DNA obtained from ground bone …