Improving the detection and validation of inland revenue numbers

Forensic analysis commonly involves searching an investigation target for personal identifiable information. An Inland Revenue Department (IRD) number is used for taxation purposes in New Zealand and can provide evidence of perpetrator identity, transaction information or electronic fraud. This research has designed and implemented a bulk_extractor feature scanner to detect and validate IRD numbers (features). The IRD scanner has been tested on a known data set to ensure tool functionality. A large real world data set was then used to determine scanner effectiveness in a realistic investigation scenario. Real world data set testing highlighted a high number of unrelated features detected by the scanner. To combat this, a novel post-processing technique was implemented to identify forensically interesting IRD numbers by performing feature context searching. The post-processing findings proved that feature context searching is an effective data reduction technique that identified a low number of directly relevant IRD numbers

Data visualisation in digital forensics

As digital crimes have risen, so has the need for digital forensics. Numerous state-of-the-art tools have been developed to assist digital investigators conduct proper investigations into digital crimes. However, digital investigations are becoming increasingly complex and time consuming due to the amount of data involved, and digital investigators can find themselves unable to conduct them in an appropriately efficient and effective manner. This situation has prompted the need for new tools capable of handling such large, complex investigations. Data mining is one such potential tool. It is still relatively unexplored from a digital forensics perspective, but the purpose of data mining is to discover new knowledge from data where the dimensionality, complexity or volume of data is prohibitively large for manual analysis. This study assesses the self-organising map (SOM), a neural network model and data mining technique that could potentially offer tremendous benefits to digital forensics. The focus of this study is to demonstrate how the SOM can help digital investigators to make better decisions and conduct the forensic analysis process more efficiently and effectively during a digital investigation. The SOM’s visualisation capabilities can not only be used to reveal interesting patterns, but can also serve as a platform for further, interactive analysis.Dissertation (MSc (Computer Science))--University of Pretoria, 2007.Computer Scienceunrestricte

Forensic analysis of Windows hosts using UNIX-based tools

Many forensic examiners are introduced to UNIXbased forensic utilities when faced with investigating a UNIX-like operating system for the first time. They will use these utilities for this very specific task, because in many cases these tools are the only ones for the given job. For example, at the time of this writing, given a FreeBSD 5.x file system, the author’s only choice is to use The Coroner’s Toolkit running on FreeBSD 5.x! However, many of the same tools examiners use for the occasional UNIX-like system investigation are extremely capable when a Windows system is the target. Indeed, the Linux operating system itself can prove to be an extremely useful forensics platform with very little use of specialized forensics utilities at all. There are many good reasons to employ UNIXbased forensics tools to examine Windows targets. First of all, the level of transparency UNIX-like systems give the examiner is unmatched in the Windows world. Nearly all logging is done via plaintext files, and UNIX-like systems frequently come bundled with powerful administration utilities

Is "e-skilling" deskilling?

This paper takes forward the discussion for the development of a Framework for e-Learning. It briefly describes how the discussion has progressed from the suggested development of a Framework and the findings of a study investigating the use of Blended Learning, to the application of PESTE factors from Sociology and the proposal of new PESTE factors for educational software and e-Learning, asking if the current use of Computer-Mediated Communication (CMC) is leading to the deskilling of professions, by the provision of direct, front-line service applications and the implications for e-Learning