Maintaining hard disk integrity with digital legal professional privilege (LPP) data

published_or_final_versio

A dual cube hashing scheme for solving LPP integrity problem

In digital forensics, data stored in a hard disk usually contains valuable evidence. Preserving the integrity of the data in the hard disk is a critical issue. A single hash value for the whole hard disk is not appropriate as the investigation may take a long time and latent sector errors (LSEs) (bad sectors due to media imperfection, for example) which cause a sector suddenly unreadable will make the hash value inconsistent. On the other hand, using a hash per sector may need to store a lot of hash values. Previous research has been conducted to use fewer hash values, but can resist some of LSEs to decrease the number of unverifiable sectors even if there are LSEs. This integrity problem is more complicated in the presence of Legal Professional Privileged (LPP) data inside a seized hard disk in digital forensic as the hard disk has to be cloned once seized and the original hard disk will be sealed after cloning. Hash values need to be computed during this cloning process. However, the cloned copy will be returned to the suspect for the deletion of LPP data before the investigator can work on the sanitized copy. Thus, the integrity of unmodified sectors has to be verified using the hash values computed based on the original hard disk. This paper found that existing schemes are not good enough to solve the integrity problem in the presence of both LSEs and deletion of LPP data. We then propose the idea of a "Dual Cube" hashing scheme to solve the problem. The experiments show the proposed scheme performs better than the previous schemes and fits easily into the digital forensic procedure. © 2011 IEEE.published_or_final_versionThe 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-

Privacy impact assessment in large-scale digital forensic investigations

The large increase in the collection of location, communication, health data etc. from seized digital devices like mobile phones, tablets, IoT devices, laptops etc. often poses serious privacy risks. To measure privacy risks, privacy impact assessments (PIA) are substantially useful tools and the Directive EU 2016/80 (Police Directive) requires their use. While much has been said about PIA methods pursuant to the Regulation EU 2016/679 (GDPR), less has been said about PIA methods pursuant to the Police Directive. Yet, little research has been done to explore and measure privacy risks that are specific to law enforcement activities which necessitate the processing of large amounts of data. This study tries to fill this gap by conducting a PIA on a big data forensic platform as a case study. This study also answers the question how a PIA should be carried out for large-scale digital forensic operations and describes the privacy risks, threats we learned from conducting it. Finally, it articulates concrete privacy measures to demonstrate compliance with the Police Directive

Client legal privilege and federal investigatory bodies: discussion paper

This paper contains 42 proposals aimed at addressing lengthy and costly disputes over client legal privilege in federal investigations

Privilege in perspective: client legal privilege in federal investigations

This report recommends 45 changes to the handling of claims of client legal privilege over material sought by federal investigatory bodies and royal commissions of inquiry. The inquiry found general support for maintaining privilege as a fundamental right of clients, which only should be abrogated or modified in exceptional circumstances. However, privilege must be balanced with the other public interest in ensuring efficient, effective investigations. The central idea behind the ALRC’s recommendations is the need for a single federal statute addressing the application of privilege in all federal investigations. It identified over 40 federal investigatory bodies with coercive information-gathering powers, as well as Royal Commissions. These include: law enforcement agencies, such as the Australian Federal Police; bodies concerned with the collection or administration of public funds—such as the ATO, Medicare and Centrelink; the major corporate regulators, such as ASIC and he ACCC; and a number of smaller, specialised regulators focusing on specific industries, such as the Fisheries Management Authority

Digital evidence bags

This thesis analyses the traditional approach and methodology used to conduct digital forensic information capture, analysis and investigation. The predominant toolsets and utilities that are used and the features that they provide are reviewed. This is used to highlight the difficulties that are encountered due to both technological advances and the methodologies employed. It is suggested that these difficulties are compounded by the archaic methods and proprietary formats that are used. An alternative framework for the capture and storage of information used in digital forensics is defined named the `Digital Evidence Bag' (DEB). A DEB is a universal extensible container for the storage of digital information acquired from any digital source. The format of which can be manipulated to meet the requirements of the particular information that is to be stored. The format definition is extensible thereby allowing it to encompass new sources of data, cryptographic and compression algorithms and protocols as developed, whilst also providing the flexibility for some degree of backwards compatibility as the format develops. The DEB framework utilises terminology to define its various components that are analogous with evidence bags, tags and seals used for traditional physical evidence storage and continuity. This is crucial for ensuring that the functionality provided by each component is comprehensible by the general public, judiciary and law enforcement personnel without detracting or obscuring the evidential information contained within. Furthermore, information can be acquired from a dynamic or more traditional static environment and from a disparate range of digital devices. The flexibility of the DEB framework permits selective and/or intelligent acquisition methods to be employed together with enhanced provenance and continuity audit trails to be recorded. Evidential integrity is assured using accepted cryptographic techniques and algorithms. The DEB framework is implemented in a number of tool demonstrators and applied to a number of typical scenarios that illustrate the flexibility of the DEB framework and format. The DEB framework has also formed the basis of a patent application

LANGUAGE PRESERVATION, POLICY, AND PLANNING IN A LANGUAGE “HOT SPOT”: AN INTERPRETIVE POLICY ANALYSIS

Native American tribes within the state of Oklahoma are faced with the loss of their heritage language at an alarming rate, much to do with past and present monolingual English language ideologies and policies that have been promoted within schools. However, in recent years, there has been renewed and increasing interest in challenging these monolingual ideologies while utilizing school systems as a medium to preserve and revitalize almost forgotten languages. The tension that exists among and between proponents of monolingual and multilingual ideologies continues to influence educational policy on a national, state, and local stage. Therefore, this dissertation research was a discursive interpretive policy analysis of language and educational policies. The primary goal of the research was to better inform policy actors within the state of Oklahoma. It begins by defining the problem, and then examines the history of language ideology and consequent policy. Next, international and national efforts toward language preservation are detailed, and then the dissertation describes the discursive interpretive policy analysis methodology and specific procedures used in order to collect and analyze primary and secondary sources related to language education policy and language preservation. The results of the dissertation study yield further contributions to the dialogue on Native American language education, and language policy and planning, by highlighting the relationship between language ideology, policy, and educational practices that affect school activities and student outcomes

Surveillance law, data retention and risks to democracy and rights

In Klass and others v Germany, the first surveillance case before the European Court of Human Rights, it was acknowledged that the threat of secret surveillance posed by highlighting its awareness ‘of the danger such a law poses of undermining or even destroying democracy on the ground of defending it.’ This thesis considers a form of surveillance, communications data retention as envisioned in Part 4 of the Investigatory Powers Act 2016 and its compatibility with the European Convention on Human Rights. This thesis highlights that communications data is not only just as, if not more intrusive than intercepting content based on what can be retained. It also reveals that communications data is mass surveillance within surveillance. Additionally, this thesis demonstrates that communications data does not just interference Article 8 of the Convention, but a collection of Convention Rights including Articles 9, 10, 11, 14, Article 2 Protocol 4 and potentially Article 6. Each of these rights are important for democracy and Article 8 and privacy underpins them all. Furthermore, this thesis highlights that obligation to retain communications data can be served on anything that can communicate across any network. Taking all factors highlighted into consideration, when assessed for compatibility with the Convention, communications data retention in Part 4 not only fails to be ‘in accordance with the law’, it fails to establish a legitimate aim, and fails to demonstrate its necessity and proportionality. In establishing that communications data retention as envisaged in Part 4 of the Investigatory Powers Act 2016 is incompatible with the Convention, it demonstrates that it undermines democracy and has sown the seeds for its destruction. Not only would the findings of this thesis create an obstacle to an UK-EU post- Brexit adequacy finding, it would have an impact beyond UK law as many States in Europe and outside seek to cement data retention nationally

Investigating ePortfolios from Teacher Training to the Workplace

This study investigates the transfer of ePortfolio practice from teacher training to the workplace, drawing on three case studies of secondary school teachers from different disciplines (IT, science, maths and foreign languages) who built their ePortfolios during pre-service training. It examines why teachers continue or cease ePortfolio practice, their trainers’ and supervisors’ perceptions of ePortfolio transfer, and the perceived usefulness of continuing ePortfolio practice at work. It also explores the hypothesis that ePortfolio practices, as a process, may be more subject to transfer than ePortfolios themselves, and compares results to other interviews with in-service teachers made during the preparation of this study and to the latest research on ePortfolio practice in teacher training. The study adopts a practical method of enquiry, based on artefacts produced by teachers. The theoretical framework is based on Cultural-Historical Activity Theory (CHAT) and Technology Acceptance Model (TAM) to analyse external and internal causes that may impact on transfer of ePortfolio practice. The main research method was face to face and computer mediated semi-structured interviews, together with post-interview questionnaires and analysis of teachers’ ePortfolio artefacts. The findings reveal that teachers’ ePortfolio practice rapidly fades after they begin work, or in many cases is never transferred. Analysis shows that the main reason for this is the lack of perceived usefulness of the ePortfolio at the workplace, together with the absence of communities of practice within schools where participants were working: social or geographical variables such as provenance, sex or age do not appear to play a role. The conclusion suggests separating the teaching of the use of ePortfolio management systems from the teaching of ePortfolio practices and offers a model for studying the latter which pays particular attention to the impact of the tensions between different elements which CHAT identifies