A comparison of forensic evidence recovery techniques for a windows mobile smart phone

<p>Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.</p> <p>A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.</p> <p>This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is conflicting.</p&gt

A comparison of forensic toolkits and mass market data recovery applications

Digital forensic application suites are large, expensive, complex software products, offering a range of functions to assist in the investigation of digital artifacts. Several authors have raised concerns as to the reliability of evidence derived from these products. This is of particular concern, given that many forensic suites are closed source and therefore can only be subject to black box evaluation. In addition, many of the individual functions integrated into forensic suites are available as commercial stand-alone products, typically at a much lower cost, or even free. This paper reports research which compared (rather than individually evaluated) the data recovery function of two forensic suites and three stand alone `non-forensic' commercial applications. The research demonstrates that, for this function at least, the commercial data recovery tools provide comparable performance to that of the forensic software suites. In addition, the research demonstrates that there is some variation in results presented by all of the data recovery tools

A Forensically Sound Adversary Model for Mobile Devices

In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device

Improving forensic software tool performance in detecting fraud for financial statements

The use of computer forensics is important for forensic accounting practice because most accounting information is in digital forms today. The access to evidence is increasingly more complex and in far greater volumes than in previous decades. The effective and efficient means of detecting fraud are required for the public to maintain their confidence in the reliability of accounting audit and the reputation of accounting firms. The software tools used by forensic accounting can be called into question. Many appear inadequate when faced with the complexity of fraud and there needs to be the development of automated and specialist problem-solving forensic software. In this paper we review the context of forensic accounting and the potential to develop improved support tools. The recommendation is for adopting financial ratio analysis as the basis for an improved fraud detection software

Android Anti-forensics: Modifying CyanogenMod

Mobile devices implementing Android operating systems inherently create opportunities to present environments that are conducive to anti-forensic activities. Previous mobile forensics research focused on applications and data hiding anti-forensics solutions. In this work, a set of modifications were developed and implemented on a CyanogenMod community distribution of the Android operating system. The execution of these solutions successfully prevented data extractions, blocked the installation of forensic tools, created extraction delays and presented false data to industry accepted forensic analysis tools without impacting normal use of the device. The research contribution is an initial empirical analysis of the viability of operating system modifications in an anti-forensics context along with providing the foundation for future research.Comment: Karlsson, K.-J. and W.B. Glisson, Android Anti-forensics: Modifying CyanogenMod in Hawaii International Conference on System Sciences (HICSS-47). 2014, IEEE Computer Society Press: Hawai

A Cyber Forensics Needs Analysis Survey: Revisiting the Domain\u27s Needs a Decade Later

The number of successful cyber attacks continues to increase, threatening financial and personal security worldwide. Cyber/digital forensics is undergoing a paradigm shift in which evidence is frequently massive in size, demands live acquisition, and may be insufficient to convict a criminal residing in another legal jurisdiction. This paper presents the findings of the first broad needs analysis survey in cyber forensics in nearly a decade, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently. Results from the 99 respondents gave compelling testimony that the following will be necessary in the future: 1) better education/training/certification (opportunities, standardization, and skill-sets); 2) support for cloud and mobile forensics; 3) backing for and improvement of open-source tools 3) research on encryption, malware, and trail obfuscation; 4) revised laws (specific, up-to-date, and which protect user privacy); 5) better communication, especially between/with law enforcement (including establishing new frameworks to mitigate problematic communication); 6) more personnel and funding

The Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

Conference Foreword This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, and I would like to take this opportunity to thank the conference committee for their tireless efforts in this regard. These efforts have included but not been limited to the reviewing and editing of the conference papers, and helping with the planning, organisation and execution of the conference. Particular thanks go to those international reviewers who took the time to review papers for the conference, irrespective of the fact that they are unable to attend this year. To our sponsors and supporters a vote of thanks for both the financial and moral support provided to the conference. Finally, to the student volunteers and staff of the ECU Security Research Institute, your efforts as always are appreciated and invaluable. Yours sincerely, Conference Chair Professor Craig Valli Director, Security Research Institut

Uncertainty in Forensic Science: Conceptualisation, Evaluation and Communication

This thesis addresses how uncertainty in forensic science can be conceptualised, evaluated, and communicated to lay stakeholders. Traditionally uncertainty has been articulated with vague definitions, while typologies of uncertainty have not been systematically and clearly established. The evaluation of uncertainty has largely been restricted within the confines of the Bayesian theorem and the methods and means of communicating uncertainty have yet to be agreed by the academic community and the criminal justice sector. The first study of the thesis reviews the current narrative within forensic science with regards to the conceptualisation of uncertainty, through an exploration of the definitions, typologies and characteristics recognised and used by academics, policymakers and the courts. An interdisciplinary configurative review was then conducted into three allied neighbouring disciplines of medicine, environmental science and economics, to identify innovative ways to conceptualise, evaluate and communicate uncertainty to lay stakeholders in forensic science. As a result, three toolkits were developed, one each for the three facets of addressing scientific uncertainty. A third study was then carried out, to establish the sources of uncertainty that key stakeholders identified to be priorities for evaluation and communication for the application of science to the justice system. This study thereby tested that the findings from the interdisciplinary systematic review reflected the experiences of stakeholders, and in so doing provided a foundation for optimising the value of the three toolkits. The wider implications of dealing with uncertainty in forensic science in a more consistent, coherent and standardised fashion are then considered with a focus on both the discipline itself, and for different stakeholders within the criminal justice system. There is a clear need to recognise uncertainty as a salient issue in every stage of the forensic science process, and particularly so in the presentation of forensic science evidence in court. The body of work presented here offers a starting point for the development of a more coherent and consistent understanding of scientific uncertainty in forensic science, while also encouraging fruitful conversations regarding ways through which it can be evaluated and communicated to lay stakeholders. This research identifies the key aspects of considering uncertainty as a fundamental and integrated part of forensic science by identifying the nuances, complexities and limitations of forensic science evidence in the context of the delivery and application of science in a multiple stakeholder justice system

Unfitness to Plead. Volume 1: Report.

This has been produced along with Volume 2: Draft Legislation as a combined document Presented to Parliament pursuant to section 3(2) of the Law Commissions Act 1965 Ordered by the House of Commons to be printed on 12 January 201