STUDI BANDING EMAIL FORENSIC TOOLS

Over the last few decades, email has become a carrier source for transporting spam and malicious content. The Email Network is also a major source of criminal activity on the Internet. Computer Forensics is a systematic process for storing and analyzing email stored on a computer for the purpose of proof in legal proceedings and other civil matters. Email analysis is challenging because it is not only used in various fields that can be done by hackers or malicious users, but also the flexibility of composing, editing, deleting email using offline (eg, MS Outlook) or online email (eg Webmail) applications. To anticipate this, an approach is taken using email forensic tools to understand the extent to which these tools will be useful for detecting and performing appropriate forensic analysis. In this paper, we conducted a comparative study of a set of common features to compare and compare five popular opensource tools forensic email. The study found that all forensic email tools are not similar, offering all types of facilities. Combining these tools allows analysis to get detailed information in the field of forensic email

Comparison of Forensic Tool Results on Android Smartphone Backup Files Using NIST Method

Smartphone technology currently developing not only has a positive impact but can also have a negative impact if it is used to commit crimes which can be called cybercrime. Choosing the right forensic tools is very important when conducting an investigation. So it is necessary to research the results of the comparative analysis of the performance of forensic tools on android smartphone backup files. The National Institute of Standards and Technology (NIST) method was used in this study as a parameter and for the digital evidence obtained. The results of the extraction of the OPPO A37f android smartphone from the MOBILedit tools acquired android backup files and the analysis results from using the Magnet AXIOM tools with a data accuracy rate of 39.3% from the predetermined variables. The Oxygen Forensic Tools obtained a data accuracy rate of 28.6% from the variable that has been determined. The Belkasoft Evidence Center tools can get a data accuracy rate of 35.7% of the predetermined variables. The results of this study can be concluded that the Magnet Axiom tool has a high level of accuracy compared to the Oxygen Forensic and Belkasoft Evidence Center tools in extracting data from android smartphone backup files

A Comparative Study of Email Forensic Tools

Over the last decades, email has been the major carrier for transporting spam and malicious contents over the network. Email is also the primary source of numerous criminal activities on the Internet. Computer Forensics is a systematic process to retain and analyze saved emails for the purpose of legal proceedings and other civil matters. Email analysis is challenging due to not only various fields that can be forged by hackers or malicious users, but also the flexibility of composing, editing, deleting of emails using offline (e.g., MS Outlook) or online (e.g., Web mail) email applications. Towards this direction, a number of open source forensics tools have been widely used by the practitioners. However, these tools have been developed in an isolated manner rather than a collaborative approach. Given that email forensic tool users need to understand to what extent a tool would be useful for his/her circumstances and conducting forensic analysis accordingly. In this paper, we examine a set of common features to compare and contrast five popular open source email forensic tools. The study finds that all email forensic tools are not similar, offer diverse types of facility. By combining analysis tools, it may be possible to gain detailed information in the area of email forensic

A study on the false positive rate of Stegdetect

In this paper we analyse Stegdetect, one of the well-known image steganalysis tools, to study its false positive rate. In doing so, we process more than 40,000 images randomly downloaded from the Internet using Google images, together with 25,000 images from the ASIRRA (Animal Species Image Recognition for Restricting Access) public corpus. The aim of this study is to help digital forensic analysts, aiming to study a large number of image files during an investigation, to better understand the capabilities and the limitations of steganalysis tools like Stegdetect. The results obtained show that the rate of false positives generated by Stegdetect depends highly on the chosen sensitivity value, and it is generally quite high. This should support the forensic expert to have better interpretation in their results, and taking the false positive rates into consideration. Additionally, we have provided a detailed statistical analysis for the obtained results to study the difference in detection between selected groups, close groups and different groups of images. This method can be applied to any steganalysis tool, which gives the analyst a better understanding of the detection results, especially when he has no prior information about the false positive rate of the tool

Forensic Tools in Comparison: An Assessment of Performance Across Different Parameters

Computer forensics is a crucial field that involves the collection, preservation, and analysis of digital evidence. Forensic tools play a vital role in this process, aiding investigators in extracting, analyzing, and interpreting data from diverse digital devices. With the increasing complexity of digital devices and the surge in digital data, selecting the appropriate forensic tool has become paramount. This study evaluates and contrasts different free forensic tools with an emphasis on network examination, data analysis, and password cracking. The evaluation considers variables such platform support, file system support, imaging capabilities, data-driven features, reporting capabilities, hash type support, attack types, resource utilization, and pattern matching capabilities. The results of this comparison research are an informative resource for forensic professionals seeking to choose the best tool for their specific requirements. Notably, the data analysis capabilities of Autopsy, FTK Imager, and ProDiscover Basic displayed unique strengths and limitations for data analysis. Due to its robust hash type support and effective administration of resources, John the Ripper and Hashcat emerged as reasonable options for password cracking. The study also recommends Wireshark for network analysis because of its intuitive user interface, substantial packet analysis tools, and flexible multi-platform compatibility with other protocols. Nevertheless, is acknowledged that the ultimate choice on a forensic tool should be tailored to the distinct requirements and constraints of each investigatory project

Evaluation of nucleosome forming potentials (NFPs) of forensically important STRs

Degraded forensic samples have proved difficult to analyze and interpret. New analysis techniques are constantly being discovered and improved but researchers have overlooked the structural properties that could prevent or slow the process of degradation. In theory, DNA that are bound to histones as nucleosomes are less prone to degradation, because nucleosomes prevent DNA from being exposed to degradative enzymes. In this study we determined the probability of 60 forensic DNA markers to be bound to histones based on their base sequence composition. Two web-based tools - NXSensor and nuScore - were used to analyze four hundred base pairs surrounding each DNA marker for properties that inhibit or promote the binding of DNA to histones. Our results showed that the majority of markers analyzed were likely to be bound as nucleosomes. Selection of the markers that are more protected to form a multiplex could increase the chance of obtaining a better balanced, easier to interpret DNA profile from degraded sample

A forensics overview and analysis of USB flash memory devices

Current forensic tools for examination of embedded systems like mobile phones and PDAs mostly perform data extraction on a logical level and do not consider the type of storage media during data analysis. This report suggests different low level approaches for the forensic examination of flash memories and describes three lowlevel data acquisition methods for making full memory copies of flash memory devices. Results of a file system study in which USB memory sticks from 45 different make and models were used are presented. For different mobile phones, this paper shows how full memory copies of their flash memories can be made and which steps are needed to translate the extracted data into a format that can be understood by common forensic media analysis tools. Artefacts, caused by flash specific operations like block erasing and wear levelling, are discussed and directions are given for enhanced data recovery and analysis of data originating from flash memory

THE ROLE OF FORENSIC ACCOUNTING IN MITIGATING AGAINST CYBER CRIMES DURING THE COVID-19 PANDEMIC ERA: ISSUES AND PERSPECTIVES

The advent of covid-19 pandemic not only create health challenges but also created difficulties in the conduct of economic activities across the world. Due to restrictions imposed as a result of the pandemic, the physical movements of individuals were restricted. Hence business transactions were conducted online through Internet services. Logistics services were adopted to move goods from the location where they were produced to where they were consumed. Payments or settlements for the products were conducted through the internet and this led to the astronomical increase in Internet fraud which culminated in the loss of valuable assets. This study was therefore conducted to examine how forensic accounting tools were adopted to investigate, track, and recover the lost assets and restore the victims to their original state prior to the loss, as well, as how the perpetrators were made to face appropriate sanctions. The study used a descriptive research design as the data for the study were obtained from secondary sources. The data were obtained through questionnaires that were administered to the personnel of agencies responsible for the management and control of cybercrimes in Nigeria and were analysed using percentages and correlation. The results of the analysis show that there was a significant effect of forensic accounting mechanisms in the management and control of cybercrimes. It also indicated that the application of forensic accounting tools was effective in obtaining admissible evidence in court. Furthermore, the result also showed a strong effect on the recovery of stolen assets.  The study concluded that increased deployment of forensic accounting tools had an effect in reducing internet fraud, and provided enough evidence for prosecution of criminals and the recovery of stolen assets. The study recommends strict monitoring of Internet transactions as well as the adoption of forensic accounting tools as critical tools for tracking and recovery of stolen assets. The study apart from contributing to expanding knowledge on forensic accounting also addresses the fears of those who intend to carry on transactions through the Internet. Also, the recommendations will provide the roadmap towards addressing the problems of internet fraud

Exploring Digital Evidence with Graph Theory

The analysis phase of the digital forensic process is the most complex. The analysis phase remains very subjective to the views of the forensic practitioner. There are many tools dedicated to assisting the investigator during the analysis process. However, they do not address the challenges. Digital forensics is in need of a consistent approach to procure the most judicious conclusions from the digital evidence. The objective of this paper is to discuss the ability of graph theory, a study of related mathematical structures, to aid in the analysis phase of the digital forensic process. We develop a graph-based representation of digital evidence and evaluate the relations between pieces of evidence. We determine possible techniques investigators will be able to use to examine digital evidence, as well as, explore how graph theory can be used as a basis for further analysis. Lastly, we demonstrate the potential of the application of graph theory through its implementation in a case study