Cloud Forensics Investigation: Tracing Infringing Sharing of Copyrighted Content in Cloud

Cloud Computing is becoming a significant technology trend nowadays, but its abrupt rise also creates a brand new front for cybercrime investigation with various challenges. One of the challenges is to track down infringing sharing of copyrighted content in cloud. To solve this problem, we study a typical type of content sharing technologies in cloud computing, analyze the challenges that the new technologies bring to forensics, formalize a procedure to get digital evidences and obtain analytical results based on the evidences to track down illegal uploader. Furthermore, we propose a reasoning model based on the probability distribution in a Bayesian Network to evaluate the analytical result of forensics examinations. The proposed method can accurately and scientifically track down the origin infringing content uploader and owner. Keywords: cloud forensics, peer to peer, file sharing, tracking, CloudFron

Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies

The scalable, low overhead attributes of Peer-to-Peer (P2P) Internet protocols and networks lend themselves well to being exploited by criminals to execute a large range of cybercrimes. The types of crimes aided by P2P technology include copyright infringement, sharing of illicit images of children, fraud, hacking/cracking, denial of service attacks and virus/malware propagation through the use of a variety of worms, botnets, malware, viruses and P2P file sharing. This project is focused on study of active P2P nodes along with the analysis of the undocumented communication methods employed in many of these large unstructured networks. This is achieved through the design and implementation of an efficient P2P monitoring and crawling toolset. The requirement for investigating P2P based systems is not limited to the more obvious cybercrimes listed above, as many legitimate P2P based applications may also be pertinent to a digital forensic investigation, e.g, voice over IP, instant messaging, etc. Investigating these networks has become increasingly difficult due to the broad range of network topologies and the ever increasing and evolving range of P2P based applications. In this work we introduce the Universal P2P Network Investigation Framework (UP2PNIF), a framework which enables significantly faster and less labour intensive investigation of newly discovered P2P networks through the exploitation of the commonalities in P2P network functionality. In combination with a reference database of known network characteristics, it is envisioned that any known P2P network can be instantly investigated using the framework, which can intelligently determine the best investigation methodology and greatly expedite the evidence gathering process. A proof of concept tool was developed for conducting investigations on the BitTorrent network.Comment: This is a thesis submitted in fulfilment of a PhD in Digital Forensics and Cybercrime Investigation in the School of Computer Science, University College Dublin in October 201

A Policy Examination of Digital Multimedia Evidence in Police Department Standard Operating Procedures (SOPs)

2020 will be a year forever marked by the Covid-19 pandemic. The year will also be remembered for the death of George Floyd at the hands of police officer Derek Chauvin. The death was recorded by a bystander’s cell phone and broadcast all over the world to see. This video proved pivotal in the prosecution and conviction of Chauvin for Floyd’s death. The video provided powerful evidence highlighting the importance of incorporating video evidence into the investigation and prosecution of crime. Today, police use a variety of video evidence to assist in their investigations. In some cases, it may be a small part of the case whereas in others it may provide vital evidence. There has been an explosion in the number of video sources where police can now gather evidence. Cellphone videos, private security cameras on homes or businesses, social media postings, and police body cameras all provide possible evidence that must be collected, extracted and analyzed. In 2019, there were 40 million professionally installed video recording systems and 224 million smartphones in the U.S. alone. Along with the approximately 400,000 body cameras worldwide, there is a numerous amount of video available to investigators. It is important for police departments to acquire this video evidence according to legal requirements and best practices according to industry leaders to avoid any future legal challenges to the evidence. This study will analyze how police departments around the country are handling video evidence through their Standing Operating Procedures (SOPs) using legal requirements and industry best practices as a guideline. The author chose to concentrate on two of the main legal challenges facing law enforcement today while working with digital evidence: authentication and integrity. Despite sometimes being used interchangeably, authentication and integrity present two different challenges when working with digital evidence. Authentication is when the evidence put forth in a trial is what the party admitting it into evidence claims it to be. Integrity is ensuring the evidence has not been changed or altered since its original form. In this study, the author chose to concentrate on the issues of authentication and integrity specifically in relation to Digital Multimedia Evidence (DME). DME is information of probative value stored in binary form including but not limited to tape, film, magnetic, optical media, and/or the information contained therein. The author created a rubric utilizing best practices identified by industry leaders along with legal guidelines set forth by the Federal Rules of Evidence, court cases, and law reviews. The rubric evaluated the Department’s SOPs on three phases: Training, Process, and Documentation