Development, Delivery and Dynamics of a Digital Forensics Subject

Digital forensics is a newly developed subject offered at Charles Sturt University (CSU). This subject serves as one of the core subjects for Master of Information Systems Security (Digital Forensics stream) course. The subject covers the legislative, regulatory, and technical aspects of digital forensics. The modules provide students detailed knowledge on digital forensics legislations, digital crime, forensics processes and procedures, data acquisition and validation, e-discovery tools, e-evidence collection and preservation, investigating operating systems and file systems, network forensics, email and web forensics, presenting reports and testimony as an expert witness. This paper summarises the process of subject development, delivery, assessments, teaching critique, and provides results from online subject evaluation survey. The dynamics and reflection on subject delivery is particularly important to determine if the subject has met its objectives. Results from the subject critique and student evaluation survey are presented and a reflection on how to improve the subject is provided

Electronic Discovery: A Fool’s Errand Where Angels Fear to Tread?

Electronic discovery has transformed the discovery phase of civil litigation in recent years. The expectations of lawyers and parties were initially established in the Rowe and Zubulake cases that led to a complete revision of the electronic discovery rules contained in the Federal Rules of Civil Procedure. Subsequent cases have underscored the importance of document search methodologies and implications for attorneys, IT professionals, and digital forensics professionals. The authors review how electronic discovery has evolved thus far and offer recommendations regarding the electronic discovery process. Keywords: Electronic discovery, e-discovery, keyword search, concept search

Visual analysis of e-mail communication to support digital forensics & e-discovery investigation in organisations

The main aim of the research is to design and develop interactive visual solutions to explore the information in E-mail communication data to support E-discovery compliance in an organisation. The solutions intent to assist the world of digital forensics and investigations, which will enable users/analysts to explore, identify/find/discover interesting communication behaviour and characterise information of interest. In this research, we designed & developed software prototypes through a structured process of abstraction, design and testing, by using a well-known methodology called Design Study Methodology (DSM). We describe our analysis/approach through examples applied within the context of a real-world application domain. Doing so is intended to explore and answer a series of research questions in ways that will improve the role of visualisation in Digital Forensics and E-discovery investigations. The work identified the knowledge gap, challenges, requirements and tasks in Digital Forensics and E-discovery involving the analysis of E-mail communication data from the unstructured interviews with the organisation domain experts and from the literature. We employed user-centered design (UCD) which involved iterative design process for 3 years and built several visual solutions based on the requirements and tasks. We evaluated the solutions by conducting an empirical study with the experts to understand E-discovery tasks, visual solutions and the interface that can help analyst, to investigate and navigate within communication data, to identify/find/discover various patterns, trends, anomalies and information that might be interesting/relevant to investigation. The solutions were deployed in the collaborator's E-mail platform

A forensically-enabled IASS cloud computing architecture

Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated by the very nature of the multi-tenanted operating environment. Thus, investigators have no option but to rely on cloud providers to acquire evidence, assuming they would be willing or are required to by law. Furthermore, the evidence collected by the Cloud Service Providers (CSPs) is still questionable as there is no way to verify the validity of this evidence and whether evidence has already been lost. This paper proposes a forensic acquisition and analysis model that fundamentally shifts responsibility of the data back to the data owner rather than relying upon a third party. In this manner, organisations are free to undertaken investigations at will requiring no intervention or cooperation from the cloud provider. The model aims to provide a richer and complete set of admissible evidence than what current CSPs are able to provide

Use of KAOS in operational digital forensic investigations

Abstract. This paper focuses on the operations involved in the digital forensic process using the requirements engineering framework KAOS. The idea is to enforce the claim that a requirements engineering approach to digital forensics produces reusable patterns for future incidents. Our patterns here will be opera-tion-focused, rather than requirement-focused, which is simpler because the op-erations can potentially be exhaustively enumerated and evaluated. Thus, for example, given the complexity of the Ceglia versus Zuckerberg Facebook case involving alleged document forgery, we can show that one of the benefits com-ing out of the modelling exercise was the set of operations needed. This will give an estimate for the future of what kind of capabilities and resources are needed for other complex document-forgery cases involving computers. It may also help to plan investigations and prioritise the use of resources more widely within the case workload of investigators.

A framework for the forensic investigation of unstructured email relationship data

Our continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. Moreover, email investigations may involve many hundreds of actors and thousands of messages. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation

Using a Goal-Driven Approach in the Investigation of a Questioned Contract

Part 3: FORENSIC TECHNIQUESInternational audienceThis paper presents a systematic process for describing digital forensic investigations. It focuses on forensic goals and anti-forensic obstacles and their operationalization in terms of human and software actions. The paper also demonstrates how the process can be used to capture the various forensic and anti-forensic aspects of a real-world case involving document forgery

On the complexity of collaborative cyber crime investigations

This article considers the challenges faced by digital evidence specialists when collaborating with other specialists and agencies in other jurisdictions when investigating cyber crime. The opportunities, operational environment and modus operandi of a cyber criminal are considered, with a view to developing the skills and procedural support that investigators might usefully consider in order to respond more effectively to the investigation of cyber crimes across State boundaries