Applying the ACPO Principles in Public Cloud Forensic Investigations

The numerous advantages offered by cloud computing has fuelled its growth and has made it one of the most significant of current computing trends. The same advantages have created complex issues for those conducting digital forensic investigations. Digital forensic investigators rely on the ACPO (Association of Chief Police Officers) or similar guidelines when conducting an investigation, however the guidelines make no reference to some of the issues presented by cloud investigations. This study investigates the impact of cloud computing on ACPO’s core principles and asks whether these principles can still be applied in a cloud investigation and the challenges presented thereof. We conclude that the ACPO principles can generally be upheld but that additional precautions must be taken throughout the investigation

Digital Forensics Investigation Frameworks for Cloud Computing and Internet of Things

Rapid growth in Cloud computing and Internet of Things (IoT) introduces new vulnerabilities that can be exploited to mount cyber-attacks. Digital forensics investigation is commonly used to find the culprit and help expose the vulnerabilities. Traditional digital forensics tools and methods are unsuitable for use in these technologies. Therefore, new digital forensics investigation frameworks and methodologies are required. This research develops frameworks and methods for digital forensics investigations in cloud and IoT platforms

A new digital forensics model of smart city automated vehicles

In the modern world, cyber societies are full of complications. The Internet has brought so many convenient services to our society but Internet is also a mine field. Mass surveillance from smart phone to PC, from automated car to smart television, any online device seems could be turn to privacy breach toolkit. In order to follow the GDPR (General Data Protection Regulation), protect privacy data, including PII (Personally Identifiable Information), against Cyberstalking and many other cybercrime challenges, a novel Digital Forensics Model served for Smart City Automated Vehicles has been developed working on investigating AAV (Autonomous Automated Vehicle) cases. The proposed development is reported to Big Data 2017. Here, we report the update for discussion

Digital forensics model of smart city automated vehicles challenges

The current cyber society is full of complications. Internet has brought so many convenient services to our society but Internet is also a mine field. Mass surveillance from smart phone to PC, from automated car to smart television, any online device seems could be turn to privacy breach toolkit. In order to protect privacy data, including PII, against Cyberstalking and other cybercrimes, a Digital Forensics Model is in progress served for Smart City Automated Vehicles. The proposed development is still on going. Here, an update is reported for discussions

From Digital Forensics to Intelligent Forensics

In this paper we posit that current investigative techniques—particularly as deployed by law enforcement, are becoming unsuitable for most types of crime investigation. The growth in cybercrime and the complexities of the types of the cybercrime coupled with the limitations in time and resources, both computational and human, in addressing cybercrime put an increasing strain on the ability of digital investigators to apply the processes of digital forensics and digital investigations to obtain timely results. In order to combat the problems, there is a need to enhance the use of the resources available and move beyond the capabilities and constraints of the forensic tools that are in current use. We argue that more intelligent techniques are necessary and should be used proactively. The paper makes the case for the need for such tools and techniques, and investigates and discusses the opportunities afforded by applying principles and procedures of artificial intelligence to digital forensics intelligence and to intelligent forensics and suggests that by applying new techniques to digital investigations there is the opportunity to address the challenges of the larger and more complex domains in which cybercrimes are taking place

A Study on Tools And Techniques Used For Network Forensic In A Cloud Environment: An Investigation Perspective

The modern computer environment has moved past the local data center with a single entry and exit point to a global network comprising many data centers and hundreds of entry and exit points, commonly referred as Cloud Computing, used by all possible devices with numerous entry and exit point for transactions, online processing, request and responses traveling across the network, making the ever complex networks even more complex, making traversing, monitoring and detecting threats over such an environment a big challenge for Network forensic and investigation for cybercrimes. It has demanded in depth analysis using network tools and techniques to determine how best information can be extracted pertinent to an investigation. Data mining technique providing great aid in finding relevant clusters for predicting unusual activities, pattern matching and fraud detection in an environment, capable to deal with huge amount of data. The concept of network forensics in cloud computing requires a new mindset where some data will not be available, some data will be suspect, and some data will be court ready and can fit into the traditional network forensics model. From a network security viewpoint, all data traversing the cloud network backplane is visible and accessible by the cloud service provider. It is not possible to think now that one physical device will only have one operating system that needs to be taken down for investigation. Without the network forensics investigator, understanding the architecture of the cloud environment systems and possible compromises will be overlooked or missed. In this paper, we focus on the role of Network Forensic in a cloud environment, its mapping few of the available tools and contribution of Data Mining in making analysis, and also to bring out the challenges in this field

Effective resource management in digital forensics: an exploratory analysis of triage practices in four English constabularies

This is the author accepted manuscript. The final version is available from Emerald via the DOI in this recordPurpose: Building on the findings of a British Academy-funded project on the development of digital forensics in England and Wales, this article explores how triage, a process that helps prioritise digital devices for in-depth forensic analysis is experienced by digital forensic examiners and police officers in four English police forces. It is argued that while as a strategy triage can address the increasing demand in the examination of digital exhibits, careful consideration needs to be paid to the ways in which its set-up, undertaking and outcomes impact on the ability of law enforcement agencies to solve cases. Design/methodology/approach: The findings presented are the result of ethnographic observations and semi-structured interviews. They emphasise the challenges in the triage of digital exhibits as they are encountered in everyday practice. The discussion focuses on the tensions between the delivery of timely and accurate investigation results and current gaps in the infrastructural arrangements. It also emphasises the need to provide police officers with a baseline understanding of the role of digital forensics and the importance of clearly defined strategies in the examination of digital devices. Originality/value:This article aims to bridge policy and practice through an analysis of the ways in which digital forensic practitioners and police officers in four English constabularies reflect on the uses of triage in digital forensics to address backlogs and investigative demands. Highlighting the importance of digital awareness beyond the technical remit of digital forensic units, it offers new insights into the ways in which police forces seek to improve the evidential trail with limited resources.British AcademyEconomic and Social Research Council (ESRC

Digital Forensics Practices: A Road Map for Building Digital Forensics Capability

Identifying the needs for building and managing Digital Forensics Capability (DFC) are important because these can help organisations to stay abreast of criminal’s activities and challenging pace of technological advancement. The field of Digital Forensics (DF) is witnessing rapid development in investigation procedures, tools used, and the types of digital evidence. However, several research publications confirm that a unified standard for building and managing DF capability does not exit. Therefore, this thesis identifies, documents, and analyses existing DF frameworks and the attitudes of organisations for establishing the DF team, staffing and training, acquiring and employing effective tools in practice and establishing effective procedures. First, this thesis looks into the existing practices in the DF community for carrying out digital investigations and more importantly the precise steps taken for setting up the laboratories. Second, the thesis focuses on research data collected from organisations in the United Kingdom and the United Arab Emirates and based on this collection a framework has been developed to understand better the building and managing the capabilities of the DFOs (DFOs). This framework has been developed by applying Grounded Theory as a systematic and comprehensive qualitative methodology in the emerging field of DF research. This thesis, furthermore, provides a systematic guideline to describe the procedures and techniques of using grounded theory in DF research by applying three Grounded Theory coding methods (open, axial, and selective coding) which have been used in this thesis. Also the techniques presented in this thesis provide a thorough critique, making it a valuable contribution to the discussion of methods of analysis in the field of DF. Finally, the thesis proposes a framework in the form of an equation for analysing the capability of DFOs. The proposed framework, called the Digital Forensics Organisation Core Capability Framework, offers an explanation of the factors involved in establishing the capability for a digital forensics organisation. Also software was developed for applying the framework in real lif