Behavioural Evidence Analysis Applied to Digital Forensics: An Empirical Analysis of Child Pornography Cases using P2P Networks

The utility of Behavioural Evidence Analysis (BEA) has gained attention in the field of Digital Forensics in recent years. It has been recognized that, along with technical examination of digital evidence, it is important to learn as much as possible about the individuals behind an offence, the victim(s) and the dynamics of a crime. This can assist the investigator in producing a more accurate and complete reconstruction of the crime, in interpreting associated digital evidence, and with the description of investigative findings. Despite these potential benefits, the literature shows limited use of BEA for the investigation of cases of the possession and dissemination of Sexually Exploitative Imagery of Children (SEIC). This paper represents a step towards filling this gap. It reports on the forensic analysis of 15 SEIC cases involving P2P filesharing networks, obtained from the Dubai Police. Results confirmed the predicted benefits and indicate that BEA can assist digital forensic practitioners and prosecutors

Automated Firearms Identification System (AFIDS), phase 1

Items critical to the future development of an automated firearms identification system (AFIDS) have been examined, with the following specific results: (1) Types of objective data, that can be utilized to help establish a more factual basis for determining identity and nonidentity between pairs of fired bullets, have been identified. (2) A simulation study has indicated that randomly produced lines, similar in nature to the individual striations on a fired bullet, can be modeled and that random sequences, when compared to each other, have predictable relationships. (3) A schematic diagram of the general concept for AFIDS has been developed and individual elements of this system have been briefly tested for feasibility. Future implementation of such a proposed system will depend on such factors as speed, utility, projected total cost and user requirements for growth. The success of the proposed system, when operational, would depend heavily on existing firearms examiners

Paper Session IV: Toward Understanding Digital Forensics as a Profession: Defining Curricular Needs (***Research in Process ***)

This research paper presents research in process which attempts to define the common body of knowledge (CBK) of digital forensics. Digital forensics is not well defined not does it have a generally accepted CBK. The first three phases of completed research, in a four-phase research process are discussed. The early results have created a preliminary CBK, and final validation is underway

Pseudo-operational trials of Lumicyano solution and Lumicyano powder for the detection of latent fingermarks on various substrates

This study presents pseudo-operational trials comparing a one-step fluorescent cyanoacrylate process with a number of other enhancement techniques on a variety of substrates. This one-step process involves a product, 4% Lumicyano, which is a solution consisting of 4% by weight of a powdered dye (Lumicyano powder) dissolved in a cyanoacrylate-based solution (Lumicyano solution). The cyanoacrylate in the Lumicyano solution may be of a higher quality than that used in the two-step products.One hundred items were collected from the place of work for each trial. Trial 1 involved a comparison of 4% Lumicyano with the conventional two-step cyanoacrylate fuming-dye staining for the detection of latent fingermarks on plastic carrier bags. Trial 2 assessed the quality of the Lumicyano solution (with no powdered dye) but used in a two-step process with basic yellow 40 (BY40). Trial 1, using 4% Lumicyano powder and traditional cyanoacrylate → BY40 detected a similar amount of fingermarks (~295); however, sequential BY40 treatment (i.e., after 4% Lumicyano) detected an additional 30% marks. Trial 2 resulted in the detection of 565 marks after Lumicyano solution → BY40 in comparison to 489 marks after traditional cyanoacrylate fuming and BY40 staining. Trials 3 through 5 compared 4% Lumicyano, 1,2-indanedione-zinc, and ninhydrin on junk mail, magazines, and cardboard used for food or cosmetic packaging; the detection rate was low for all techniques and substrates. Trial 6 on cardboard packaging using 4% Lumicyano, black iron-oxide powder suspension, and magnetic powder also provided a low detection rate. Trial 7, using 4% Lumicyano → BY40, solvent black 3, and iron-oxide powder suspensions on cardboard packaging from a fast food chain, indicated that 4% Lumicyano → BY40 might be a suitable alternative to solvent black 3 and iron-oxide powder suspensions for suspected greasy marks

Calm before the storm: the challenges of cloud computing in digital forensics

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed

SiMPLE - Rethinking the Monolithic Approach to Digital Forensic Software

This paper outlines a collaborative project nearing completion between the sec.au Security Research Group at Edith Cowan University and Western Australian Police Computer Crime Squad. The primary goal of this project is to create a software tool for use by non-technical law enforcement officers during the initial investigation and assessment of an electronic crime scene. This tool will be designed as an initial response tool, to quickly and easily find, view and export any relevant files stored on a computer, establishing if further expert investigation of that computer is warranted. When fully developed, the tool will allow investigators unprecedented real time, on site access to electronic evidence whilst maintaining complete forensic soundness. Keywords forensic, triage, images, project, police, case stud