TOWARDS FULLY AUTOMATED DIGITAL ALIBIS WITH SOCIAL INTERACTION

Digital traces found on local hard drives as a result of online activities have become very valuable in reconstructing events in digital forensic investigations. This paper demonstrates that forged alibis can be created for online activities and social interactions. In particular, a novel, automated framework is presented that uses social interactions to create false digital alibis. The framework simulates user activity and supports communications via email as well as instant messaging using a chatbot. The framework is evaluated by extracting forensic artifacts and comparing them with the results obtained from a human user study

SLIM : Scalable Linkage of Mobility Data

We present a scalable solution to link entities across mobility datasets using their spatio-temporal information. This is a fundamental problem in many applications such as linking user identities for security, understanding privacy limitations of location based services, or producing a unified dataset from multiple sources for urban planning. Such integrated datasets are also essential for service providers to optimise their services and improve business intelligence. In this paper, we first propose a mobility based representation and similarity computation for entities. An efficient matching process is then developed to identify the final linked pairs, with an automated mechanism to decide when to stop the linkage. We scale the process with a locality-sensitive hashing (LSH) based approach that significantly reduces candidate pairs for matching. To realize the effectiveness and efficiency of our techniques in practice, we introduce an algorithm called SLIM. In the experimental evaluation, SLIM outperforms the two existing state-of-the-art approaches in terms of precision and recall. Moreover, the LSH-based approach brings two to four orders of magnitude speedup

automated production of predetermined digital evidence

Digital evidence is increasingly used in juridical proceedings. In some recent legal cases, the verdict has been strongly influenced by the digital evidence proffered by the defense. Digital traces can be left on computers, phones, digital cameras, and also on remote machines belonging to ISPs, telephone providers, companies that provide services via Internet such as YouTube, Facebook, Gmail, and so on. This paper presents a methodology for the automated production of predetermined digital evidence, which can be leveraged to forge a digital alibi. It is based on the use of an automation, a program meant to simulate any common user activity. In addition to wanted traces, the automation may produce a number of unwanted traces, which may be disclosed upon a digital forensic analysis. These include data remanence of suspicious files, as well as any kind of logs generated by the operating system modules and services. The proposed methodology describes a process to design, implement, and execute the automation on a target system, and to properly handle both wanted and unwanted evidence. Many experiments with different combinations of automation tools and operating systems are conducted. This paper presents an implementation of the methodology through VBScript on Windows 7. A forensic analysis on the target system is not sufficient to reveal that the alibi is forged by automation. These considerations emphasize the difference between digital and traditional evidence. Digital evidence is always circumstantial, and therefore it should be considered relevant only if supported by stronger evidence collected through traditional investigation techniques. Thus, a Court verdict should not be based solely on digital evidence

On the evolution of digital evidence: novel approaches for cyber investigation

2012-2013Nowadays Internet is the fulcrum of our world, and the World Wide Web is the key to access it. We develop relationships on social networks and entrust sensitive documents to online services. Desktop applications are being replaced by fully-fledged web-applications that can be accessed from any devices. This is possible thanks to new web technologies that are being introduced at a very fast pace. However, these advances come at a price. Today, the web is the principal means used by cyber-criminals to perform attacks against people and organizations. In a context where information is extremely dynamic and volatile, the fight against cyber-crime is becoming more and more difficult. This work is divided in two main parts, both aimed at fueling research against cybercrimes. The first part is more focused on a forensic perspective and exposes serious limitations of current investigation approaches when dealing with modern digital information. In particular, it shows how it is possible to leverage common Internet services in order to forge digital evidence, which can be exploited by a cyber-criminal to claim an alibi. Hereinafter, a novel technique to track cyber-criminal activities on the Internet is proposed, aimed at the acquisition and analysis of information from highly dynamic services such as online social networks. The second part is more concerned about the investigation of criminal activities on the web. Aiming at raising awareness for upcoming threats, novel techniques for the obfuscation of web-based attacks are presented. These attacks leverage the same cuttingedge technology used nowadays to build pleasant and fully-featured web applications. Finally, a comprehensive study of today’s top menaces on the web, namely exploit kits, is presented. The result of this study has been the design of new techniques and tools that can be employed by modern honeyclients to better identify and analyze these menaces in the wild. [edited by author]XII n.s

Digitaalsete tõendite kogumise ja kasutamise perspektiivikus kriminaalmenetluses

http://www.ester.ee/record=b5143799*es

Towards an “algorithm constitutional by design”.

We focus on the Internet constitutional rules linked with the algorithmic decision-making. The reasoning is structured upon two related topics. Firstly, the regulatory model well tailored to the Internet: hard or soft law. Secondly, the constitutional legitimacy arising from each model: at the national and European levels. The algorithms are assumed as test for the resistance or not of the binomial category: fundamental rights/public power. They pose the challenge to design new reasonable paradigms able to take into account the visibility and the intelligibility of algorithms. The Author leaves us with a basic question: a rule suited to draw an “algorithm Constitutional by design”

An Investigation of Factors that Create and Mitigate Confirmation Bias in Judgments of Handwriting Evidence

Over a century of basic cognitive and social psychological research shows that humans naturally seek out, perceive, and interpret evidence in ways that serve to validate their prevailing beliefs (i.e., confirmation bias; Nickerson, 1998). In criminal justice settings, a priori beliefs regarding the guilt or innocence of a suspect can likewise guide the collection, interpretation, and appraisal of evidence in a self-verifying manner (i.e., forensic confirmation bias; Kassin, Dror, & Kukucka, 2013). Recently, confirmation bias has been implicated as a source of forensic science errors in wrongful conviction cases (e.g., National Academy of Sciences, 2009; Risinger, Saks, Rosenthal, & Thompson, 2002). Accordingly, many have suggested procedural reforms to mitigate the detrimental impact of unconscious bias on judgments of forensic evidence. Three studies tested the effects of exposure to case information and evidence lineup use on judgments of handwriting evidence in a mock investigation. In Studies 1 and 2, participants who were aware of a suspect\u27s confession rated non-matching handwriting samples from the suspect and perpetrator as more similar to each other, and were more likely to misjudge them as having been authored by the same individual. The findings of Studies 1 and 2 thus further raise growing concerns over allowing forensic science examiners access to case information that can unwittingly produce confirmation bias and result in erroneous judgments. In Study 2, the use of a simultaneous evidence lineup increased choosing rates relative to an evidence showup, and produced a corresponding decrease in judgment accuracy. In Study 3, sequential evidence lineups dramatically reduced false identifications relative to simultaneous lineups, without causing a significant reduction in correct identifications. By showing parallel effects between forensic evidence lineup identification and eyewitness lineup identification, Studies 2 and 3 suggest the potential value of evidence lineups as a means of protecting against bias and reducing systematic error in judgments of forensic evidence