Analysis of Data Remaining on Second Hand ADSL Routers

In theory, an ADSL router can provide an additional layer of security to a wired and wireless network through; access control, wireless encryption, firewall rule sets, and network event logging. An ADSL router may also contain the users’ usage habits and broadband account credentials. However, end-users may be unaware of the intricacies of the security measures available and the potentially confidential information stored on their device. As a result a second hand ADSL router may contain a wealth of user-specific information if not wiped and disposed of in a secure manner. This paper shows the data that was acquired from a selection of second hand ADSL routers purchased during the first quarter of 2011. From the data acquired and analyzed, individuals are not removing their personally identifiable information and are leaving confidential data which may lead to detrimental outcomes if misused. The paper also shows that end-user applied security on these devices was alarmingly low. Thus many consumers may fall victim to new and emergent Internet based crimes if the full security capabilities of their ADSL router are not applie

Analysis of Data Remaining on Second Hand ADSL Routers

In theory, an ADSL router can provide an additional layer of security to a wired and wireless network through; access control, wireless encryption, firewall rule sets, and network event logging. An ADSL router may also contain the users’ usage habits and broadband account credentials. However, end-users may be unaware of the intricacies of the security measures available and the potentially confidential information stored on their device. As a result a second hand ADSL router may contain a wealth of user-specific information if not wiped and disposed of in a secure manner. This paper shows the data that was acquired from a selection of second hand ADSL routers purchased during the first quarter of 2011. From the data acquired and analysed, individuals are not removing their personally identifiable information and are leaving confidential data which may lead to detrimental outcomes if misused. The paper also shows that end-user applied security on these devices was alarmingly low. Thus many consumers may fall victim to new and emergent Internet based crimes if the full security capabilities of their ADSL router are not applie

The Chain of Custody in the Era of Modern Forensics: From the Classic Procedures for Gathering Evidence to the New Challenges Related to Digital Data

The purpose of this work is to renew the interest and attention for the chain of custody in forensic medicine, its establishment and maintenance, protecting the integrity and validity of evidence as well as to analyze how over time the establishment of the chain of custody and the collection of evidence has evolved also in function of the advent of technology and the use of electronic devices connected to the network. The analysis of the various aspects of the chain of custody demonstrates how necessary it is for the professional figures involved in the phases of the investigation (especially those who manage the evidence and who have, therefore, designated the assignment) to know the procedures to follow, trace the movement and the handling of objects subjected to seizure, also for the purposes of toxicological and/or histological investigations. The knowledge of interferences or complications helps to reduce errors and safeguard the validity of the evidence, assuring the proceeding judicial authority that the evidence is authentic and that it is, in other words, the same evidence seized at the scene of the crime. Furthermore, the issue is particularly felt today, with the recent need to guarantee the originality of digital data. Following a careful review and analysis of the literature currently available in this regard, it is worth adding that further efforts are needed to formulate internationally validated guidelines, harmonizing the different reference criteria in forensic science and medical areas, given the current absence of good international practices valid in the field and applicable both in the case of physical evidence and in the case of seizure of digital evidence

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Estudio cualitativo de la relación de las leyes y la pericia informática en el Ecuador

Resumen: El presente trabajo analiza cualitativamente las leyes vigentes en el Ecuador relacionadas a los procesos de la pericia informática. Para aquello, se estudia los pasos empleados por un perito de la Policía Nacional en el desarrollo de los casos de delito informático, suscitados en el periodo 2012-2014, que implican la evidencia digital en: disco duros, cuentas de correo electrónico, redes sociales y motor de base datos. Apartir de los casos analizados, se puede concluir que la ley contempla una mayor cantidad de artículos relacionados a las bases de datos. Sin embargo, se tendría que analizar otros tipos de evidencia digital tales como: documentos de ofimática, imágenes digitales, ficheros de registros de actividad, memoria volátil, entre otros. Palabras Clave: Pericia Informática, evidencia digital, perito informático, Código Orgánico Integral Penal (COIP)