Distributed Digital Forensics on Pre-existing Internal Networks

Today\u27s large datasets are a major hindrance on digital investigations and have led to a substantial backlog of media that must be examined. While this media sits idle, its relevant investigation must sit idle inducing investigative time lag. This study created a client/server application architecture that operated on an existing pool of internally networked Windows 7 machines. This distributed digital forensic approach helps to address scalability concerns with other approaches while also being financially feasible. Text search runtimes and match counts were evaluated using several scenarios including a 100 GB image with prefabricated data. When compared to FTK 4.1, a 125 times speed up was experienced in the best case while a three times speed up was experienced in the worst case. These rapid search times nearly irrationalize the need to utilize long indexing processes to analyze digital evidence allowing for faster digital investigations

On the Epistemological Status and Technicolegal Consolidation of Digital Forensics

La crisis en las ciencias forenses y, en particular, en la informática forense parece haber quedado superada en la actualidad gracias a un plan integrado que contiene distintos elementos de armonización. Se ha acogido una aproximación epistemológica que presta más atención a las fases previas y de instrucción: se sitúa en un marco jurídico común destinado a luchar contra el ciberdelito, que comparte protocolos operativos y estándares tecnológicos. Además, se han organizado algunas unidades especiales con el fin de gestionar las pruebas digitales; a través de la creación de ambientes virtuales, estas unidades pueden automatizar algunas de las fases de la gestión forense, memorización y análisis, lo que da lugar a investigaciones más efectivas y limita el recurso a la pseudociencia. Por último, la práctica interdisciplinar desempeña un papel estratégico, ya que permite a cada uno de los grupos —científicos forenses y prácticos del derecho— entender mejor las necesidades y limitaciones del otro.The crisis in forensic science, and in particular in computer forensics, seems to have been overcome today thanks an integrated governance plan containing several harmonizing elements. A new epistemological approach has been embraced that pays closer attention to the pretrial and investigative phases: It is set within a common legal framework for fighting cybercrime and shares operating protocols and technological standards. Also, some special units have been set up for the purpose of managing digital evidence: By creating virtual environments, these units can automate some of the phases in forensic management, memorization, and analysis, thus making investigations more effective and limiting recourse to «junk science.» Finally, interdisciplinary training plays a strategic role by enabling each group —forensic scientists and legal practitioners— to better understand the needs and limitations of the other

The Response Of American Police Agencies To Digital Evidence

Little is known about the variation in digital forensics practice in the United States as adopted by large local police agencies. This study investigated how environmental constraints, contextual factors, organizational complexity, and organizational control relate to the adoption of digital forensics practice. This study integrated 3 theoretical perspectives in organizational studies to guide the analysis of the relations: institutional theory, contingency theory, and adoption-of-innovation theory. Institutional theory was used to analyze the impact of environmental constraints on the adoption of innovation, and contingency theory was used to examine the impacts of organizational control on the adoption of innovation. Adoption of innovation theory was employed to describe the degree to which digital forensics practice has been adopted by large municipal police agencies having 100 or more sworn police officers. The data set was assembled primarily by using Law Enforcement Management and Administrative Statistics (LEMAS) 2003 and 1999. Dr. Edward Maguire`s survey was used to obtain 1 variable. The joining up of the data set to construct the sample resulted in 345 large local police agencies. The descriptive results on the degree of adoption of digital forensics practice indicate that 37.7% of large local police agencies have dedicated personnel to address digital evidence, 32.8% of police agencies address digital evidence but do not have dedicated personnel, and only 24.3% of police agencies have a specialized unit with full-time personnel to address digital evidence. About 5% of local police agencies do nothing to address digital evidence in any circumstance. These descriptive statistics indicate that digital evidence is a matter of concern for most large local police agencies and that they respond to varying degrees to digital evidence at iv the organizational level. Agencies that have not adopted digital forensics practice are in the minority. The structural equation model was used to test the hypothesized relations, easing the rigorous analysis of relations between latent constructs and several indicator variables. Environmental constraints have the largest impact on the adoption of innovation, exerting a positive influence. No statistically significant relation was found between organizational control and adoption of digital forensic practice. Contextual factors (task scope and personnel size) positively influence the adoption of digital forensics. Structural control factors, including administrative weight and formalization, have no significant influence on the adoption of innovation. The conclusions of the study are as follows. Police agencies adopt digital forensics practice primarily by relying on environmental constraints. Police agencies exposed to higher environmental constraints are more frequently expected to adopt digital forensics practice. Because organizational control of police agencies is not significantly related to digital forensics practice adoption, police agencies do not take their organizational control extensively into consideration when they consider adopting digital forensics practice. The positive influence of task scope and size on digital forensics practice adoption was expected. The extent of task scope and the number of personnel indicate a higher capacity for police agencies to adopt digital forensics practice. Administrative weight and formalization do not influence the adoption of digital forensics practice. Therefore, structural control and coordination are not important for large local police agencies to adopt digital forensics practice. v The results of the study indicate that the adoption of digital forensics practice is based primarily on environmental constraints. Therefore, more drastic impacts on digital forensics practice should be expected from local police agencies’ environments than from internal organizational factors. Researchers investigating the influence of various factors on the adoption of digital forensics practice should further examine environmental variables. The unexpected results concerning the impact of administrative weight and formalization should be researched with broader considerations

Contribuciones al análisis forense de evidencias digitales procedentes de aplicaciones de mensajería instantánea

La continua evolución de las Tecnologías de la Información y Comunicaciones está propiciando que cada vez más, nos encontremos ante una sociedad más interconectada, permitiendo el intercambio inmediato de información digital desde casi cualquier lugar del planeta. Desde el punto de vista de las ciencias forenses, como ciencia que estudia los elementos recolectados en la escena de un crimen, el nacimiento y la rápida evolución de las TICs implica que las ciencias forenses deban adaptarse continuamente a esta evolución, investigando nuevos métodos científicos de análisis que permitan la resolución de los hechos delictivos a través de medios digitales. El uso que se realiza en concreto de las aplicaciones de intercambio de información en la comisión de hechos delictivos implica que éstas deban ser objeto de un análisis forense minucioso, a partir del cual identificar, recuperar y extraer toda aquella información relativa con el hecho investigado, manteniendo en todo momento el valor probatorio de la misma. La Tesis con el título La Tesis con el título CONTRIBUCIONES AL ANÁLISIS FORENSE DE EVIDENCIAS DIGITALES PROCEDENTES DE APLICACIONES DE MENSAJERÍA INSTANTÁNEA lleva a cabo la investigación de la evolución de las aplicaciones de mensajería instantánea y su impacto en el ámbito de las ciencias forenses. La investigación realizada pretende reseñar la transformación de este tipo de aplicaciones en cuando a los diferentes métodos de acceso e infinidad de funcionalidades ofrecidas a sus usuarios. Así mismo se persigue contribuir de forma directa en los métodos científicos utilizados en el análisis forense que se vienen realizando sobre las aplicaciones de mensajería instantánea, medio de prueba principal en multitud de procesos judiciales. Esta Tesis expondrá el estado actual de los procesos utilizados tanto en el proceso de adquisición como en el proceso de análisis de las aplicaciones de mensajería instantánea, así como las diferentes problemáticas a las que se enfrenta el especialista forense digital en el análisis forense de este tipo de aplicaciones. Se desarrollará una metodología específica para el análisis forense de las aplicaciones de mensajería instantánea, suma de diversos métodos de estudios, la cual permitirá identificar, decodificar e interpretar la información generada por este tipo de aplicaciones con independencia del dispositivo electrónico, sistema operativo o aplicación analizada. A partir de los tres métodos de estudio incluidos en la metodología propuesta, se pretende verificar y validar la integridad de la información extraída más allá del uso generalizado de soluciones forenses comerciales. Por último, se expondrán los resultados y conclusiones obtenidas de aplicar la metodología de análisis forense propuesta en esta investigación sobre alguno de los clientes de las principales aplicaciones de mensajería instantánea que existen en la actualidad

A Virtual Digital Forensics Laboratory

This paper from Advances in Digital Forensics IV discusses the concept of a digital forensic laboratory, which incorporates networked examination and storage machines, secure communications, multi-factor authentication, role-based access control, and case management and digital asset management systems. Digital forensics laboratories provide law enforcement agencies a decentralized digital environment in which to store, examine, and present digital evidence. These online environments offer unique challenges for agencies that will acquire them including system performance, security, system management, and usability. A prototype for a virtual laboratory is included that features the following architecture: Internal network, authentication and access control, virtualization, forensic tools, storage, and internal network security. Challenges encountered when developing the virtual laboratory are also discussed.Â