Two-Step Injection Method for Collecting Digital Evidence in Digital Forensics

In digital forensic investigations, the investigators take digital evidence from computers, laptops or other electronic goods. There are many complications when a suspect or related person does not want to cooperate or has removed digital evidence. A lot of research has been done with the goal of retrieving data from flash memory or other digital storage media from which the content has been deleted. Unfortunately, such methods cannot guarantee that all data will be recovered. Most data can only be recovered partially and sometimes not perfectly, so that some or all files cannot be opened. This paper proposes the development of a new method for the retrieval of digital evidence called the Two-Step Injection method (TSI). It focuses on the prevention of the loss of digital evidence through the deletion of data by suspects or other parties. The advantage of this method is that the system works in secret and can be combined with other digital evidence applications that already exist, so that the accuracy and completeness of the resulting digital evidence can be improved. An experiment to test the effectiveness of the method was set up. The developed TSI system worked properly and had a 100% success rate

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

PRECEPT: A Framework for Ethical Digital Forensics Investigations.

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability. In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure. The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this. Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced. Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Digital forensics adoption model for Malaysian Law Enforcement Agencies (MLEAs)

The increasing number of digital forensics (DF) cases has resulted in the surge of cybercrimes leading to the need for DF to be used in Malaysian Law Enforcement Agencies (MLEAs). This is to enable the agencies to conduct an efficient digital investigation. In spite of the notable benefits of DF, adoption of this innovation by MLEAs is not widely accepted. Currently, there are limited studies conducted on DF adoption in the context of law enforcement agencies. Hence, in addressing the issue, this study investigated potential factors influencing DF adoption by MLEAs. This study proposed and developed a research model based on the combined Technology Organization and Environment (TOE) framework and Institutional Theory and Human Organization Technology (HOT)-fit model that uses quantitative approach. The research model was developed based on an extensive review of the literature. Twelve hypotheses were developed for the quantitative approach to test the model. A survey method using paper based questionnaire was employed. Based on purposive sampling, questionnaires were distributed to 180 decision makers of the MLEAs and the data were analysed using the Structural Equation Modelling (SEM) with Partial Least Squares (PLS) technique. The findings were used to develop a Digital Forensic Adoption Model that facilitates the understanding of factors affecting DF adoption by MLEAs. The results indicated that Relative Advantage (B=0.210,t=3.526,p0.05). The study has theoretical contributions and practical implications whereby the Digital Forensics Adoption Model serves as a tool for MLEAs to gain insight into the process of DF adoption in their working practice

The Advanced Framework for Evaluating Remote Agents (AFERA): A Framework for Digital Forensic Practitioners

Digital forensics experts need a dependable method for evaluating evidence-gathering tools. Limited research and resources challenge this process and the lack of multi-endpoint data validation hinders reliability in distributed digital forensics. A framework was designed to evaluate distributed agent-based forensic tools while enabling practitioners to self-evaluate and demonstrate evidence reliability as required by the courts. Grounded in Design Science, the framework features guidelines, data, criteria, and checklists. Expert review enhances its quality and practicality