163 research outputs found

    A Case-Based Reasoning Method for Locating Evidence During Digital Forensic Device Triage

    Get PDF
    The role of triage in digital forensics is disputed, with some practitioners questioning its reliability for identifying evidential data. Although successfully implemented in the field of medicine, triage has not established itself to the same degree in digital forensics. This article presents a novel approach to triage for digital forensics. Case-Based Reasoning Forensic Triager (CBR-FT) is a method for collecting and reusing past digital forensic investigation information in order to highlight likely evidential areas on a suspect operating system, thereby helping an investigator to decide where to search for evidence. The CBR-FT framework is discussed and the results of twenty test triage examinations are presented. CBR-FT has been shown to be a more effective method of triage when compared to a practitioner using a leading commercial application

    A Method to Enhance the Accuracy of Digital Forensic in the Absence of Sufficient Evidence in Saudi Arabia

    Get PDF
    © 2017 World Academy of Science, Engineering and Technology. This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence CC BY 4.0 (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.Digital forensics seeks to achieve the successful investigation of digital crimes through obtaining acceptable evidence from digital devices that can be presented in a court of law. Thus, the digital forensics investigation is normally performed through a number of phases in order to achieve the required level of accuracy in the investigation processes. Since 1984 there have been a number of models and frameworks developed to support the digital investigation processes. In this paper, we review a number of the investigation processes that have been produced throughout the years and introduce a proposed digital forensic model which is based on the scope of the Saudi Arabia investigation process. The proposed model has been integrated with existing models for the investigation processes and produced a new phase to deal with a situation where there is initially insufficient evidence.Peer reviewe

    A Method to Enhance the Accuracy of Digital Forensics in the Absence of Complete Evidence in Saudi Arabia

    Get PDF
    The tremendous increase in the use of digital devices has led to their involvement in the vast majority of current criminal investigations. As a result, digital forensics has increasingly become one of the most important aspects of criminal investigations. The digital forensics process involves consideration of a number of important phases in order to achieve the required level of accuracy and to reach a successful conclusion of the investigation into the digital aspects of crimes; through obtaining acceptable evidence for use in a court of law. There have been a number of models developed and produced since 1984 to support the digital investigation processes. In this submission, I introduce a proposed model for the digital investigation processes which is based on the scope of the Saudi Arabia investigation process, which has been integrated with existing models of digital investigation processes and has produced a new phase to deal with a situation where there is insufficient evidence. In this research, grounded theory has been adopted as a research method to investigate and explore the participant’s perspectives and their opinions regarding the adoption of a method of a digital forensics investigation process in the absence of complete evidence in the Saudi Arabian context. The interaction of investigators with digital forensics processes involves the social aspect of digital investigation which is why it was suitable to adopt a grounded theory approach. A semi-structured data collection approach has been adopted, to enable the participants to express their visions, concerns, opinions and feelings related to factors that impact the adoption of the DF model for use in cases where there is an absence of sufficient evidence in Saudi Arabia. The proposed model emerged after conducting a number of interviews and analysing the data of this research. The researcher developed the proposed model based on the answers of the participant which helped the researcher to find a solution for dealing with cases where there is insufficient evidence, through adding a unique step in the investigation process, the “TraceBack” Phase. This study is the first in Saudi Arabia to be developed to enhance the accuracy of digital forensics in the absence of sufficient evidence, which opens a new method of research. It is also the first time has been employed a grounded theory in a digital forensics study in the Saudi context, where it was used in a digital forensics study, which indicates the possibility of applying this methodology to this field.Saudi cultural bureau in Londo

    CSPCR: Cloud Security, Privacy and Compliance Readiness - A Trustworthy Framework

    Get PDF
    The privacy, handling, management and security of information in a cloud environment are complex and tedious tasks to achieve. With minimum investment and reduced cost of operations an organization can avail and apply the benefits of cloud computing into its business. This computing paradigm is based upon a pay as per your usage model. Moreover, security, privacy, compliance, risk management and service level agreement are critical issues in cloud computing environment. In fact, there is dire need of a model which can tackle and handle all the security and privacy issues. Therefore, we suggest a CSPCR model for evaluating the preparation of an organization to handle or to counter the threats, hazards in cloud computing environment. CSPCR discusses rules and regulations which are considered as pre-requisites in migrating or shifting to cloud computing services

    The Advanced Framework for Evaluating Remote Agents (AFERA): A Framework for Digital Forensic Practitioners

    Get PDF
    Digital forensics experts need a dependable method for evaluating evidence-gathering tools. Limited research and resources challenge this process and the lack of multi-endpoint data validation hinders reliability in distributed digital forensics. A framework was designed to evaluate distributed agent-based forensic tools while enabling practitioners to self-evaluate and demonstrate evidence reliability as required by the courts. Grounded in Design Science, the framework features guidelines, data, criteria, and checklists. Expert review enhances its quality and practicality

    An Empirical Investigation of the Evidence Recovery Process in Digital Forensics

    Get PDF
    The widespread use of the digital media in committing crimes, and the steady increase of their storage capacity has created backlogs at digital forensic labs. The problem is exacerbated especially in high profile crimes. In many such cases the judicial proceedings mandate full analysis of the digital media, when doing so is rarely accomplished or practical. Prior studies have proposed different phases for forensic analysis, to lessen the backlog issues. However, these phases are not distinctly differentiated, and some proposed solutions may not be practical. This study utilized several past police forensic analyses. Each case was chosen for having five distinct forensic phases, complete with documented amount of time spent in each phase, along with the number and type of recovered evidence. Data from these cases were empirically analyzed using common descriptive statistical analyses along with linear regression. By using linear regression, we tested the factors that determine the number of recovered evidentiary artifacts. This study provides models by which future forensic analyses could be assessed. It presents distinctive boundaries for each forensics phase, thus eliminating ambiguity in the examination results, while assisting forensic examiners in determining the necessary depth of analysis

    Digital Forensics in Cyber Security—Recent Trends, Threats, and Opportunities

    Get PDF
    The rapid technological advancement has led the entire world to shift towards digital domain. However, this transition has also result in the emergence of cybercrimes and security breach incidents that threatens the privacy and security of the users. Therefore, this chapter aimed at examining the use of digital forensics in countering cybercrimes, which has been a critical breakthrough in cybersecurity. The chapter has analyzed the most recent trends in digital forensics, which include cloud forensics, social media forensics, and IoT forensics. These technologies are helping the cybersecurity professionals to use the digital traces left by the data storage and processing to keep data safe, while identifying the cybercriminals. However, the research has also observed specific threats to digital forensics, which include technical, operational and personnel-related challenges. The high complexity of these systems, large volume of data, chain of custody, the integrity of personnel, and the validity and accuracy of digital forensics are major threats to its large-scale use. Nevertheless, the chapter has also observed the use of USB forensics, intrusion detection and artificial intelligence as major opportunities for digital forensics that can make the processes easier, efficient, and safe
    • …
    corecore