Reasoning About a Simulated Printer Case Investigation with Forensic Lucid

In this work we model the ACME (a fictitious company name) "printer case incident" and make its specification in Forensic Lucid, a Lucid- and intensional-logic-based programming language for cyberforensic analysis and event reconstruction specification. The printer case involves a dispute between two parties that was previously solved using the finite-state automata (FSA) approach, and is now re-done in a more usable way in Forensic Lucid. Our simulation is based on the said case modeling by encoding concepts like evidence and the related witness accounts as an evidential statement context in a Forensic Lucid program, which is an input to the transition function that models the possible deductions in the case. We then invoke the transition function (actually its reverse) with the evidential statement context to see if the evidence we encoded agrees with one's claims and then attempt to reconstruct the sequence of events that may explain the claim or disprove it.Comment: 18 pages, 3 figures, 7 listings, TOC, index; this article closely relates to arXiv:0906.0049 and arXiv:0904.3789 but to remain stand-alone repeats some of the background and introductory content; abstract presented at HSC'09 and the full updated paper at ICDF2C'11. This is an updated/edited version after ICDF2C proceedings with more references and correction

Digital Affordances and Human Rights Advocacy

Keck and Sikkink’s boomerang model (1998) and Risse, Ropp, and Sikkink’s spiral model (1999) anchor much of the scholarly debate about human rights norms propagation. At the heart of both models is “information exchange” among members of broad coalitions advocating for better compliance with human rights norms. An updated spiral model (2013) offers a more liminal, ambiguous, and conditional set of actors and processes than appeared in the first boomerang and spiral models. In this context, we consider the effects of a wide array of digital technologies on human rights NGOs advocacy work and how they affect 21st century information exchange. Traditionally, evidence in human rights investigations is collected in face-to-face meetings among activists and on fact-finding missions. We argue that clusters of digital technologies create “digital affordances” that provide nonstate actors with tools that strengthen their ability to gather scientifically grounded information that pressures noncompliant actors toward commitments with broadly shared human rights norms. As to whether this also leads to greater compliance is less clear.Das Boomerang-Modell von Keck und Sikkink (1998) und das Spiral-Modell von Risse, Ropp und Sikkink (1999) bestimmen einen großen Teil der wissenschaftlichen Debatte über die Verbreitung von Menschenrechtsnormen. Beiden Modellen liegt im Kern der 'Informationsaustausch' unter Angehörigen breiter Koalitionen zugrunde, die die bessere Einhaltung der Menschenrechtsnormen befürworten. Das aktualisierte Spiral-Modell (2013) bietet eine kontextspezifischere und mehrdeutigere Zusammenstellung von Akteuren und Prozessen, als dies in den ersten Boomerang- und Spiral-Modellen der Fall war. In diesem Zusammenhang untersuchen wir die Auswirkungen eines breiten Spektrums an digitalen Technologien auf die Advocacy-Arbeit von Nichtregierungsorganisationen im Bereich der Menschenrechte und wie diese den Informationsaustausch im 21. Jahrhundert beeinflussen. Herkömmlicherweise wird Beweismaterial bei Menschenrechtsuntersuchungen in direktem Austausch unter Aktivist/Innen und bei Erkundungsmissionen gesammelt. Unserer Argumentation zufolge schaffen Cluster von digitalen Technologien "digital affordances", die nichtstaatlichen Akteuren Werkzeuge zur Stärkung ihrer Fähigkeit verschaffen, wissenschaftlich fundierte Informationen zu sammeln, Akteure unter Druck zu setzen und sie zur Einhaltung weitgehend gemeinsamer Menschenrechtsnormen zu verpflichten. Ob dies auch zu einer besseren Einhaltung der Normen führt, ist weniger klar

Rethinking affordance

n/a – Critical survey essay retheorising the concept of 'affordance' in digital media context. Lead article in a special issue on the topic, co-edited by the authors for the journal Media Theory

Validating digital forensic evidence

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This dissertation focuses on the forensic validation of computer evidence. It is a burgeoning field, by necessity, and there have been significant advances in the detection and gathering of evidence related to electronic crimes. What makes the computer forensics field similar to other forensic fields is that considerable emphasis is placed on the validity of the digital evidence. It is not just the methods used to collect the evidence that is a concern. What is also a problem is that perpetrators of digital crimes may be engaged in what is called anti-forensics. Digital forensic evidence techniques are deliberately thwarted and corrupted by those under investigation. In traditional forensics the link between evidence and perpetrator's actions is often straightforward: a fingerprint on an object indicates that someone has touched the object. Anti-forensic activity would be the equivalent of having the ability to change the nature of the fingerprint before, or during the investigation, thus making the forensic evidence collected invalid or less reliable. This thesis reviews the existing security models and digital forensics, paying particular attention to anti-forensic activity that affects the validity of data collected in the form of digital evidence. This thesis will build on the current models in this field and suggest a tentative first step model to manage and detect possibility of anti-forensic activity. The model is concerned with stopping anti-forensic activity, and thus is not a forensic model in the normal sense, it is what will be called a “meta-forensic” model. A meta-forensic approach is an approach intended to stop attempts to invalidate digital forensic evidence. This thesis proposes a formal procedure and guides forensic examiners to look at evidence in a meta-forensic way

KFREAIN: Design of A Kernel-Level Forensic Layer for Improving Real-Time Evidence Analysis Performance in IoT Networks

An exponential increase in number of attacks in IoT Networks makes it essential to formulate attack-level mitigation strategies. This paper proposes design of a scalable Kernel-level Forensic layer that assists in improving real-time evidence analysis performance to assist in efficient pattern analysis of the collected data samples. It has an inbuilt Temporal Blockchain Cache (TBC), which is refreshed after analysis of every set of evidences. The model uses a multidomain feature extraction engine that combines lightweight Fourier, Wavelet, Convolutional, Gabor, and Cosine feature sets that are selected by a stochastic Bacterial Foraging Optimizer (BFO) for identification of high variance features. The selected features are processed by an ensemble learning (EL) classifier that use low complexity classifiers reducing the energy consumption during analysis by 8.3% when compared with application-level forensic models. The model also showcased 3.5% higher accuracy, 4.9% higher precision, and 4.3% higher recall of attack-event identification when compared with standard forensic techniques. Due to kernel-level integration, the model is also able to reduce the delay needed for forensic analysis on different network types by 9.5%, thus making it useful for real-time & heterogenous network scenarios