56 research outputs found
Maintaining hard disk integrity with digital legal professional privilege (LPP) data
published_or_final_versio
A dual cube hashing scheme for solving LPP integrity problem
In digital forensics, data stored in a hard disk usually contains valuable evidence. Preserving the integrity of the data in the hard disk is a critical issue. A single hash value for the whole hard disk is not appropriate as the investigation may take a long time and latent sector errors (LSEs) (bad sectors due to media imperfection, for example) which cause a sector suddenly unreadable will make the hash value inconsistent. On the other hand, using a hash per sector may need to store a lot of hash values. Previous research has been conducted to use fewer hash values, but can resist some of LSEs to decrease the number of unverifiable sectors even if there are LSEs. This integrity problem is more complicated in the presence of Legal Professional Privileged (LPP) data inside a seized hard disk in digital forensic as the hard disk has to be cloned once seized and the original hard disk will be sealed after cloning. Hash values need to be computed during this cloning process. However, the cloned copy will be returned to the suspect for the deletion of LPP data before the investigator can work on the sanitized copy. Thus, the integrity of unmodified sectors has to be verified using the hash values computed based on the original hard disk. This paper found that existing schemes are not good enough to solve the integrity problem in the presence of both LSEs and deletion of LPP data. We then propose the idea of a "Dual Cube" hashing scheme to solve the problem. The experiments show the proposed scheme performs better than the previous schemes and fits easily into the digital forensic procedure. Ā© 2011 IEEE.published_or_final_versionThe 6th International Workshop on Systematic Approaches to Digital Forensic Engineering In conjunction with the IEEE Security and Privacy Symposium (IEEE/SADFE 2011), Oakland, CA., 26 May 2011. In IEEE/SADFE Proceedings, 2011, p. 1-
Privacy impact assessment in large-scale digital forensic investigations
The large increase in the collection of location, communication, health data etc. from seized digital devices like mobile phones, tablets, IoT devices, laptops etc. often poses serious privacy risks. To measure privacy risks, privacy impact assessments (PIA) are substantially useful tools and the Directive EU 2016/80 (Police Directive) requires their use. While much has been said about PIA methods pursuant to the Regulation EU 2016/679 (GDPR), less has been said about PIA methods pursuant to the Police Directive. Yet, little research has been done to explore and measure privacy risks that are specific to law enforcement activities which necessitate the processing of large amounts of data. This study tries to fill this gap by conducting a PIA on a big data forensic platform as a case study. This study also answers the question how a PIA should be carried out for large-scale digital forensic operations and describes the privacy risks, threats we learned from conducting it. Finally, it articulates concrete privacy measures to demonstrate compliance with the Police Directive
Client legal privilege and federal investigatory bodies: discussion paper
This paper contains 42 proposals aimed at addressing lengthy and costly disputes over client legal privilege in federal investigations
Privilege in perspective: client legal privilege in federal investigations
This report recommends 45 changes to the handling of claims of client legal privilege over material sought by federal investigatory bodies and royal commissions of inquiry. The inquiry found general support for maintaining privilege as a fundamental right of clients, which only should be abrogated or modified in exceptional circumstances. However, privilege must be balanced with the other public interest in ensuring efficient, effective investigations.
The central idea behind the ALRCās recommendations is the need for a single federal statute addressing the application of privilege in all federal investigations. It identified over 40 federal investigatory bodies with coercive information-gathering powers, as well as Royal Commissions. These include: law enforcement agencies, such as the Australian Federal Police; bodies concerned with the collection or administration of public fundsāsuch as the ATO, Medicare and Centrelink; the major corporate regulators, such as ASIC and he ACCC; and a number of smaller, specialised regulators focusing on specific industries, such as the Fisheries Management Authority
Digital evidence bags
This thesis analyses the traditional approach and methodology used to conduct
digital forensic information capture, analysis and investigation. The predominant
toolsets and utilities that are used and the features that they provide are reviewed.
This is used to highlight the difficulties that are encountered due to both
technological advances and the methodologies employed. It is suggested that these
difficulties are compounded by the archaic methods and proprietary formats that are
used.
An alternative framework for the capture and storage of information used in digital
forensics is defined named the `Digital Evidence Bag' (DEB). A DEB is a universal
extensible container for the storage of digital information acquired from any digital
source. The format of which can be manipulated to meet the requirements of the
particular information that is to be stored. The format definition is extensible thereby
allowing it to encompass new sources of data, cryptographic and compression
algorithms and protocols as developed, whilst also providing the flexibility for some
degree of backwards compatibility as the format develops.
The DEB framework utilises terminology to define its various components that are
analogous with evidence bags, tags and seals used for traditional physical evidence
storage and continuity. This is crucial for ensuring that the functionality provided by
each component is comprehensible by the general public, judiciary and law
enforcement personnel without detracting or obscuring the evidential information
contained within.
Furthermore, information can be acquired from a dynamic or more traditional static
environment and from a disparate range of digital devices. The flexibility of the DEB
framework permits selective and/or intelligent acquisition methods to be employed
together with enhanced provenance and continuity audit trails to be recorded.
Evidential integrity is assured using accepted cryptographic techniques and
algorithms.
The DEB framework is implemented in a number of tool demonstrators and applied
to a number of typical scenarios that illustrate the flexibility of the DEB framework
and format.
The DEB framework has also formed the basis of a patent application
LANGUAGE PRESERVATION, POLICY, AND PLANNING IN A LANGUAGE āHOT SPOTā: AN INTERPRETIVE POLICY ANALYSIS
Native American tribes within the state of Oklahoma are faced with the loss of their heritage language at an alarming rate, much to do with past and present monolingual English language ideologies and policies that have been promoted within schools. However, in recent years, there has been renewed and increasing interest in challenging these monolingual ideologies while utilizing school systems as a medium to preserve and revitalize almost forgotten languages. The tension that exists among and between proponents of monolingual and multilingual ideologies continues to influence educational policy on a national, state, and local stage. Therefore, this dissertation research was a discursive interpretive policy analysis of language and educational policies. The primary goal of the research was to better inform policy actors within the state of Oklahoma. It begins by defining the problem, and then examines the history of language ideology and consequent policy. Next, international and national efforts toward language preservation are detailed, and then the dissertation describes the discursive interpretive policy analysis methodology and specific procedures used in order to collect and analyze primary and secondary sources related to language education policy and language preservation. The results of the dissertation study yield further contributions to the dialogue on Native American language education, and language policy and planning, by highlighting the relationship between language ideology, policy, and educational practices that affect school activities and student outcomes
Surveillance law, data retention and risks to democracy and rights
In Klass and others v Germany, the first surveillance case before the European Court of
Human Rights, it was acknowledged that the threat of secret surveillance posed by
highlighting its awareness āof the danger such a law poses of undermining or even destroying
democracy on the ground of defending it.ā This thesis considers a form of surveillance,
communications data retention as envisioned in Part 4 of the Investigatory Powers Act 2016
and its compatibility with the European Convention on Human Rights. This thesis highlights
that communications data is not only just as, if not more intrusive than intercepting content
based on what can be retained. It also reveals that communications data is mass surveillance
within surveillance. Additionally, this thesis demonstrates that communications data does not
just interference Article 8 of the Convention, but a collection of Convention Rights including
Articles 9, 10, 11, 14, Article 2 Protocol 4 and potentially Article 6. Each of these rights are
important for democracy and Article 8 and privacy underpins them all. Furthermore, this
thesis highlights that obligation to retain communications data can be served on anything that
can communicate across any network. Taking all factors highlighted into consideration, when
assessed for compatibility with the Convention, communications data retention in Part 4 not
only fails to be āin accordance with the lawā, it fails to establish a legitimate aim, and fails to
demonstrate its necessity and proportionality. In establishing that communications data
retention as envisaged in Part 4 of the Investigatory Powers Act 2016 is incompatible with
the Convention, it demonstrates that it undermines democracy and has sown the seeds for its
destruction. Not only would the findings of this thesis create an obstacle to an UK-EU post-
Brexit adequacy finding, it would have an impact beyond UK law as many States in Europe
and outside seek to cement data retention nationally
Recommended from our members
Investigating ePortfolios from Teacher Training to the Workplace
This study investigates the transfer of ePortfolio practice from teacher training to the workplace, drawing on three case studies of secondary school teachers from different disciplines (IT, science, maths and foreign languages) who built their ePortfolios during pre-service training. It examines why teachers continue or cease ePortfolio practice, their trainersā and supervisorsā perceptions of ePortfolio transfer, and the perceived usefulness of continuing ePortfolio practice at work. It also explores the hypothesis that ePortfolio practices, as a process, may be more subject to transfer than ePortfolios themselves, and compares results to other interviews with in-service teachers made during the preparation of this study and to the latest research on ePortfolio practice in teacher training.
The study adopts a practical method of enquiry, based on artefacts produced by teachers. The theoretical framework is based on Cultural-Historical Activity Theory (CHAT) and Technology Acceptance Model (TAM) to analyse external and internal causes that may impact on transfer of ePortfolio practice. The main research method was face to face and computer mediated semi-structured interviews, together with post-interview questionnaires and analysis of teachersā ePortfolio artefacts.
The findings reveal that teachersā ePortfolio practice rapidly fades after they begin work, or in many cases is never transferred. Analysis shows that the main reason for this is the lack of perceived usefulness of the ePortfolio at the workplace, together with the absence of communities of practice within schools where participants were working: social or geographical variables such as provenance, sex or age do not appear to play a role.
The conclusion suggests separating the teaching of the use of ePortfolio management systems from the teaching of ePortfolio practices and offers a model for studying the latter which pays particular attention to the impact of the tensions between different elements which CHAT identifies
- ā¦