PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

PRECEPT: A Framework for Ethical Digital Forensics Investigations.

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability. In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure. The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this. Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced. Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Technical and legal perspectives on forensics scenario

The dissertation concerns digital forensic. The expression digital forensic (sometimes called digital forensic science) is the science that studies the identification, storage, protection, retrieval, documentation, use, and every other form of computer data processing in order to be evaluated in a legal trial. Digital forensic is a branch of forensic science. First of all, digital forensic represents the extension of theories, principles and procedures that are typical and important elements of the forensic science, computer science and new technologies. From this conceptual viewpoint, the logical consideration concerns the fact that the forensic science studies the legal value of specific events in order to contrive possible sources of evidence. The branches of forensic science are: physiological sciences, social sciences, forensic criminalistics and digital forensics. Moreover, digital forensic includes few categories relating to the investigation of various types of devices, media or artefacts. These categories are: - computer forensic: the aim is to explain the current state of a digital artefact; such as a computer system, storage medium or electronic document; - mobile device forensic: the aim is to recover digital evidence or data from mobile device, such as image, log call, log sms and so on; - network forensic: the aim is related to the monitoring and analysis of network traffic (local, WAN/Internet, UMTS, etc.) to detect intrusion more in general to find network evidence; - forensic data analysis: the aim is examine structured data to discover evidence usually related to financial crime; - database forensic: the aim is related to databases and their metadata. The origin and historical development of the discipline of study and research of digital forensic are closely related to progress in information and communication technology in the modern era. In parallel with the changes in society due to new technologies and, in particular, the advent of the computer and electronic networks, there has been a change in the mode of collection, management and analysis of evidence. Indeed, in addition to the more traditional, natural and physical elements, the procedures have included further evidence that although equally capable of identifying an occurrence, they are inextricably related to a computer or a computer network or electronic means. The birth of computer forensics can be traced back to 1984, when the FBI and other American investigative agencies have began to use software for the extraction and analysis of data on a personal computer. At the beginning of the 80s, the CART(Computer Analysis and Response Team) was created within the FBI, with the express purpose of seeking the so-called digital evidence. This term is used to denote all the information stored or transmitted in digital form that may have some probative value. While the term evidence, more precisely, constitutes the judicial nature of digital data, the term forensic emphasizes the procedural nature of matter, literally, "to be presented to the Court". Digital forensic have a huge variety of applications. The most common applications are related to crime or cybercrime. Cybercrime is a growing problem for government, business and private. - Government: security of the country (terrorism, espionage, etc.) or social problems (child pornography, child trafficking and so on). - Business: purely economic problems, for example industrial espionage. - Private: personal safety and possessions, for example phishing, identity theft. Often many techniques, used in digital forensics, are not formally defined and the relation between the technical procedure and the law is not frequently taken into consideration. From this conceptual perspective, the research work intends to define and optimize the procedures and methodologies of digital forensic in relation to Italian regulation, testing, analysing and defining the best practice, if they are not defined, concerning common software. The research questions are: 1. The problem of cybercrime is becoming increasingly significant for governments, businesses and citizens. - In relation to governments, cybercrime involves problems concerning national security, such as terrorism and espionage, and social questions, such as trafficking in children and child pornography. - In relation to businesses, cybercrime entails problems concerning mainly economic issues, such as industrial espionage. - In relation to citizens, cybercrime involves problems concerning personal security, such as identity thefts and fraud. 2. Many techniques, used within the digital forensic, are not formally defined. 3. The relation between procedures and legislation are not always applied and taken into consideratio

cryptoRAN: A review on cryptojacking and ransomware attacks w.r.t. banking industry -- threats, challenges, & problems

In the banking industry, ransomware is a well-known threat, but since the beginning of 2022, cryptojacking, an emerging threat is posing a considerable challenge to the banking industry. Ransomware has variants, and the attackers keep changing the nature of these variants. This review paper studies the complex background of these two threats and scrutinizes the actual challenges, and problems that the banking industry and financial institutions face. These threats, though distinct in nature, share commonalities, such as financial motivations and sophisticated techniques. We focus on examining the newly emerged variants of ransomware while we provide a comprehensive idea of cryptojacking and its nature. This paper involves a detailed breakdown of the specific threats posed by cryptojacking and ransomware. It explores the techniques cybercriminals use, the variabilities they look for, and the potential consequences for financial institutions and their customers. This paper also finds out how cybercriminals change their techniques following the security upgrades, and why financial firms including banks need to be proactive about cyber threats. Additionally, this paper reviews the background study of some existing papers, finds the research gaps that need to be addressed, and provides suggestions including a conclusion and future scope on those disputes. Lastly, we introduce a Digital Forensics and Incident Response (DFIR) approach for up-to-date cyber threat hunting processes for minimizing both cryptojacking and ransomware attacks in the banking industry.Comment: 6 pages, 4 figure

Cybercrime and Digital Forensics: Bridging the gap in Legislation, Investigation and Prosecution of Cybercrime in Nigeria

The advancement of Information and Communication Technologies (ICT) opens new avenues and ways for cybercriminals to commit crime. The primary goal of this paper is to raise awareness regarding gaps that exist with regards to Nigeria’s capabilities to adequately legislate, investigate and prosecute cases of cybercrimes. The major source of cybercrime legislation in Nigeria is an act of the National Assembly which is majorly a symbolic legislation rather than a full and active legislation. In perusing these avenues of inquiry, the authors seek to identify systemic impediments which hinder law enforcement agencies, prosecutors, and investigators from properly carrying out their duties as expected

Cybersecurity Awareness and Training Programs for Racial and Sexual Minority Populations: An Examination of Effectiveness and Best Practices

The purpose of this research study was to examine the barriers of cybersecurity awareness and training programs for racial and sexual minority populations. The findings suggest that lack of representation is a significant barrier to the effectiveness of cybersecurity awareness and training programs. Many programs are designed by and for people from dominant racial and gender groups, which makes it difficult for minority populations to relate to the information presented. As a result, it is crucial to incorporate diverse perspectives into the development of materials to improve engagement and effectiveness. The study also found that language and cultural barriers pose challenges to minority populations' participation in cybersecurity awareness and training programs. Minority populations may speak languages other than English, making it challenging to access information and training materials. Additionally, cultural differences may lead to different understandings of cybersecurity risks and how to mitigate them. To overcome these barriers, training programs should provide resources in multiple languages and build cultural competence into the curriculum. Access to resources was also identified as a barrier to participation in cybersecurity awareness and training programs. Minority populations may have limited access to technology and the internet, preventing them from participating in training programs and protecting themselves from cyber threats. This barrier can be addressed by partnering with community organizations to increase access to resources and providing training programs in a variety of formats that can be accessed through different mediums. The study also found that fear of discrimination is a significant barrier to participation in cybersecurity awareness and training programs. Minority populations may be hesitant to participate in these programs due to fear of discrimination or mistreatment based on their race or sexual orientation. Therefore, it is essential to create a safe and inclusive environment in cybersecurity training programs that promotes diversity, equity, and inclusion. The study found that lack of trust is a critical barrier to participation in cybersecurity awareness and training programs. Minority populations may have less trust in institutions and government agencies due to past experiences of discrimination, leading to lower engagement in cybersecurity awareness and training programs. Thus, building trust through transparent and inclusive communication strategies can promote increased participation and engagement in these programs