194 research outputs found
A CRITICAL COMPARISON OF BRAVE BROWSER AND GOOGLE CHROME FORENSIC ARTEFACTS
Digital forensic practitioners are tasked with the identification, recovery and analysis of Internet browser artefacts which may have been used in the pursuit of committing a civil or criminal offence. This research paper critically compares the most downloaded browser, Google Chrome, against an increasingly popular Chromium browser known as Brave, said to offer privacy-by-default. With increasing forensic caseloads, data complexity, and requirements for method validation to satisfy ISO 17025 accreditation, recognising the similarities and differences between the browsers, developed on the same underlying technology is essential. The paper describes a series of conducted experiments and subsequent analysis to identify artefacts created as part of normal user browsing activity. Analysis of the artefacts found that Brave and Chrome share almost identical data structures, with on-disk artefact recovery successful, even for deleted data. The outcome of this research, based upon the results, serves to enrich understanding and provide best practice for practitioners and software developers, respectively responsible with the examination of Chromium artefacts for use in evidence production, and development of new forensic tools and techniques
Digital evidence bags
This thesis analyses the traditional approach and methodology used to conduct
digital forensic information capture, analysis and investigation. The predominant
toolsets and utilities that are used and the features that they provide are reviewed.
This is used to highlight the difficulties that are encountered due to both
technological advances and the methodologies employed. It is suggested that these
difficulties are compounded by the archaic methods and proprietary formats that are
used.
An alternative framework for the capture and storage of information used in digital
forensics is defined named the `Digital Evidence Bag' (DEB). A DEB is a universal
extensible container for the storage of digital information acquired from any digital
source. The format of which can be manipulated to meet the requirements of the
particular information that is to be stored. The format definition is extensible thereby
allowing it to encompass new sources of data, cryptographic and compression
algorithms and protocols as developed, whilst also providing the flexibility for some
degree of backwards compatibility as the format develops.
The DEB framework utilises terminology to define its various components that are
analogous with evidence bags, tags and seals used for traditional physical evidence
storage and continuity. This is crucial for ensuring that the functionality provided by
each component is comprehensible by the general public, judiciary and law
enforcement personnel without detracting or obscuring the evidential information
contained within.
Furthermore, information can be acquired from a dynamic or more traditional static
environment and from a disparate range of digital devices. The flexibility of the DEB
framework permits selective and/or intelligent acquisition methods to be employed
together with enhanced provenance and continuity audit trails to be recorded.
Evidential integrity is assured using accepted cryptographic techniques and
algorithms.
The DEB framework is implemented in a number of tool demonstrators and applied
to a number of typical scenarios that illustrate the flexibility of the DEB framework
and format.
The DEB framework has also formed the basis of a patent application
Data mining Techniques for Digital Forensic Analysis
The computer forensic involve the protection, classification, taking out information and documents the evidence stored as data or magnetically encoded information. But the organizations have an increasing amount of data from many sources like computing peripherals, personal digital assistants (PDA), consumer electronic devices, computer systems, networking equipment and various types of media, among other sources. To find similar kinds of evidences, crimes happened previously, the law enforcement officers, police forces and detective agencies is time consuming and headache. The main motive of this work is by combining a data mining techniques with computer forensic tools to get the data ready for analysis, find crime patterns, understand the mind of the criminal, assist investigation agencies have to be one step ahead of the bad guys, to speed up the process of solving crimes and carry out computer forensics analyses for criminal affairs
A critical comparison of Brave Browser and Google Chrome forensic artefacts
Digital forensic practitioners are tasked with the identification, recovery, and analysis of Internet browser artefacts which may have been used in the pursuit of committing a civil or criminal offence. This research paper critically compares the most downloaded browser, Google Chrome, against an increasingly popular Chromium browser known as Brave, said to offer privacy-by-default. With increasing forensic caseloads, data complexity, and requirements for method validation to satisfy ISO 17025 accreditation, recognising the similarities and differences between the browsers, developed on the same underlying technology is essential. The paper describes a series of conducted experiments and subsequent analysis to identify artefacts created as part of normal user browsing activity. Analysis of the artefacts found that Brave and Chrome share almost identical data structures, with on-disk artefact recovery successful, even for deleted data. The outcome of this research, based upon the results, serves to enrich understanding and provide best practice for practitioners and software developers, respectively responsible for examining Chromium artefacts for use in evidence production and developing new forensic tools and techniques
A Code of Conduct for Computer Forensic Investigators
The amount of electronic data that is held about individuals and their activities is
staggering. Tools enabling data recovery, believed deleted, vary in consistency and
reliability of result. Data under review can be fed into investigative tools which also
vary immensely in reliability, consistency, quality and indeed price.
Conclusions and inferences drawn from the use of these tools can be morally, socially
and commercially damaging for the individuals or entities being investigated. Often not
purely because of the lack of experience of the investigator, but also because of the
simplistic operation of the toolsets.
Whilst prescriptive guidelines exist in the public sector for the proper handling, analysis
and reporting of computer evidence, little commercially independent professional
guidance exists in the private sector. This lack of guidance has led to a position whereby
actors in the field of data forensics have few challenges as to their expertise or
experience. Recent cases of incompetence and crossing ethical and professional
boundaries provide strong support for a National, preferably International certification
and training scheme for data forensic analysts, supported by clear ethical codes.
This research in light of the above challenges, provides examples of failures in
extrapolation, operator understanding and tool use; argues a proposal for a code of
conduct to ensure correct and repeatable process is followed; along with a suggested
outline for the creation of the supervision of conformity to that code in the private
sector. The current forensics community and academic research body of knowledge,
supported by the extensive experience of the researcher have been the major inputs to
the work. The outputs of this work are intended to form a solid base for the furtherance
of the Computer Forensics profession, and as such will represent a significant
contribution to the advancement and knowledge base of that profession
Evidencia digital orientada a unidades de estado sĂłlido (SSD): una revisiĂłn
Nowadays, the massive electronic usage and it's dependance. (Phones, tablets, computers, laptops, among others) it has taken to people in some way the necessity to stay connected permanently on this technology tools; in sinister terms make them really useful such as evidentiary da data. In the academy literature absence, this article checks main topics clarifying from computer forensics concepts to digital evidence, recollections and digital evidence in Argentina, Chile, Colombia and Mexico. During the last decade we use IEEE data base information and organization such as International Telecommunications Union (UIT), the attorney general's office, the Ministry of information and communications (MINTIC) and specializing web sites. Making an interpretative with Cybersecurity resources and their main focus on SSD and the physical information recovery and logically in this type of controlling materials.El uso masivo de dispositivos electrĂłnicos (celulares, tabletas, computadoras, laptops, entre otros) y su dependencia, han llevado a las personas a crear una necesidad de estar conectados permanentemente con estas herramientas tecnolĂłgicas; situaciĂłn que en el caso de siniestros las hace Ăştiles como material probatorio. Ante la ausencia de literatura acadĂ©mica, este artĂculo realiza una revisiĂłn sobre informática forense, recolecciĂłn y manejo de evidencia digital en: Argentina, Chile Colombia y MĂ©xico, durante la Ăşltima dĂ©cada. Para el efecto se usan fuentes emanadas de las bases: IEEE, y organizaciones como la UniĂłn Internacional de telecomunicaciones (UIT), la FiscalĂa General de la NaciĂłn, el Ministerio de TecnologĂas de la InformaciĂłn y Comunicaciones (MINTIC), y páginas web especializadas. Se realiza un estudio interpretativo de las fuentes relacionadas con ciberseguridad y su orientaciĂłn hacia las UES y la recuperaciĂłn de informaciĂłn fĂsica y lĂłgica en este tipo de elementos de control. 
Analysis of digital evidence in identity theft investigations
Identity Theft could be currently considered as a significant problem in the modern
internet driven era. This type of computer crime can be achieved in a number of
different ways; various statistical figures suggest it is on the increase. It intimidates
individual privacy and self assurance, while efforts for increased security and
protection measures appear inadequate to prevent it. A forensic analysis of the digital
evidence should be able to provide precise findings after the investigation of Identity
Theft incidents. At present, the investigation of Internet based Identity Theft is
performed on an ad hoc and unstructured basis, in relation to the digital evidence.
This research work aims to construct a formalised and structured approach to digital
Identity Theft investigations that would improve the current computer forensic
investigative practice. The research hypothesis is to create an analytical framework to
facilitate the investigation of Internet Identity Theft cases and the processing of the
related digital evidence.
This research work makes two key contributions to the subject: a) proposing the
approach of examining different computer crimes using a process specifically based
on their nature and b) to differentiate the examination procedure between the victim’s and the fraudster’s side, depending on the ownership of the digital media. The
background research on the existing investigation methods supports the need of
moving towards an individual framework that supports Identity Theft investigations.
The presented investigation framework is designed based on the structure of the
existing computer forensic frameworks. It is a flexible, conceptual tool that will assist
the investigator’s work and analyse incidents related to this type of crime. The
research outcome has been presented in detail, with supporting relevant material for
the investigator. The intention is to offer a coherent tool that could be used by
computer forensics investigators. Therefore, the research outcome will not only be
evaluated from a laboratory experiment, but also strengthened and improved based on
an evaluation feedback by experts from law enforcement.
While personal identities are increasingly being stored and shared on digital media,
the threat of personal and private information that is used fraudulently cannot be
eliminated. However, when such incidents are precisely examined, then the nature of
the problem can be more clearly understood
The sources and characteristics of electronic evidence and artificial intelligence
In this updated edition of the well-established practitioner text, Stephen Mason and Daniel Seng have brought together a team of experts in the field to provide an exhaustive treatment of electronic evidence and electronic signatures. This fifth edition continues to follow the tradition in English evidence text books by basing the text on the law of England and Wales, with appropriate citations of relevant case law and legislation from other jurisdictions
Video forensics in cloud computing: the challenges & recommendations
Forensic analysis of large video surveillance datasets requires computationally demanding processing and significant storage space. The current standalone and often dedicated computing infrastructure used for the purpose is rather limited due to practical limits of hardware scalability and the associated cost. Recently Cloud Computing has emerged as a viable solution to computing resource limitations, taking full advantage of virtualisation capabilities and distributed computing technologies. Consequently the opportunities provided by cloud computing service to support the requirements of forensic video surveillance systems have been recently studied in literature. However such studies have been limited to very simple video analytic tasks carried out within a cloud based architecture. The requirements of a larger scale video forensic system are significantly more and demand an in-depth study. Especially there is a need to balance the benefits of cloud computing with the potential risks of security and privacy breaches of the video data. Understanding different legal issues involved in deploying video surveillance in cloud computing will help making the proposed security architecture affective against potential threats and hence lawful. In this work we conduct a literature review to understand the current regulations and guidelines behind establishing a trustworthy, cloud based video surveillance system. In particular we discuss the requirements of a legally acceptable video forensic system, study the current security and privacy challenges of cloud based computing systems and make recommendations for the design of a cloud based video forensic system
Video Forensics in Cloud Computing: The Challenges & Recommendations
Forensic analysis of large video surveillance datasets requires computationally demanding processing and significant storage space. The current standalone and often dedicated computing infrastructure used for the purpose is rather limited due to practical limits of hardware scalability and the associated cost. Recently Cloud Computing has emerged as a viable solution to computing resource limitations, taking full advantage of virtualisation capabilities and distributed computing technologies. Consequently the opportunities provided by cloud computing service to support the requirements of forensic video surveillance systems have been recently studied in literature. However such studies have been limited to very simple video analytic tasks carried out within a cloud based architecture. The requirements of a larger scale video forensic system are significantly more and demand an in-depth study. Especially there is a need to balance the benefits of cloud computing with the potential risks of security and privacy breaches of the video data. Understanding different legal issues involved in deploying video surveillance in cloud computing will help making the proposed security architecture affective against potential threats and hence lawful. In this work we conduct a literature review to understand the current regulations and guidelines behind establishing a trustworthy, cloud based video surveillance system. In particular we discuss the requirements of a legally acceptable video forensic system, study the current security and privacy challenges of cloud based computing systems and make recommendations for the design of a cloud based video forensic system
- …