A Policy Examination of Digital Multimedia Evidence in Police Department Standard Operating Procedures (SOPs)

2020 will be a year forever marked by the Covid-19 pandemic. The year will also be remembered for the death of George Floyd at the hands of police officer Derek Chauvin. The death was recorded by a bystander’s cell phone and broadcast all over the world to see. This video proved pivotal in the prosecution and conviction of Chauvin for Floyd’s death. The video provided powerful evidence highlighting the importance of incorporating video evidence into the investigation and prosecution of crime. Today, police use a variety of video evidence to assist in their investigations. In some cases, it may be a small part of the case whereas in others it may provide vital evidence. There has been an explosion in the number of video sources where police can now gather evidence. Cellphone videos, private security cameras on homes or businesses, social media postings, and police body cameras all provide possible evidence that must be collected, extracted and analyzed. In 2019, there were 40 million professionally installed video recording systems and 224 million smartphones in the U.S. alone. Along with the approximately 400,000 body cameras worldwide, there is a numerous amount of video available to investigators. It is important for police departments to acquire this video evidence according to legal requirements and best practices according to industry leaders to avoid any future legal challenges to the evidence. This study will analyze how police departments around the country are handling video evidence through their Standing Operating Procedures (SOPs) using legal requirements and industry best practices as a guideline. The author chose to concentrate on two of the main legal challenges facing law enforcement today while working with digital evidence: authentication and integrity. Despite sometimes being used interchangeably, authentication and integrity present two different challenges when working with digital evidence. Authentication is when the evidence put forth in a trial is what the party admitting it into evidence claims it to be. Integrity is ensuring the evidence has not been changed or altered since its original form. In this study, the author chose to concentrate on the issues of authentication and integrity specifically in relation to Digital Multimedia Evidence (DME). DME is information of probative value stored in binary form including but not limited to tape, film, magnetic, optical media, and/or the information contained therein. The author created a rubric utilizing best practices identified by industry leaders along with legal guidelines set forth by the Federal Rules of Evidence, court cases, and law reviews. The rubric evaluated the Department’s SOPs on three phases: Training, Process, and Documentation

FACIAL IDENTIFICATION FOR DIGITAL FORENSIC

Forensic facial recognition has become an essential requirement in criminal investigations as a result of the emergence of electronic devices, such as mobile phones and computers, and the huge volume of existing content. Forensic facial recognition goes beyond facial recognition in that it deals with facial images under unconstrained and non-ideal conditions, such as low image resolution, varying facial orientation, poor illumination, a wide range of facial expressions, and the presence of accessories. In addition, digital forensic challenges do not only concern identifying an individual but also include understanding the context, acknowledging the relationships between individuals, tracking, and numbers of advanced questions that help reduce the cognitive load placed on the investigator. This thesis proposes a multi-algorithmic fusion approach by using multiple commercial facial recognition systems to overcome particular weaknesses in singular approaches to obtain improved facial identification accuracy. The advantage of focusing on commercial systems is that they release the forensic team from developing and managing their own solutions and, subsequently, also benefit from state-of-the-art updates in underlying recognition performance. A set of experiments was conducted to evaluate these commercial facial recognition systems (Neurotechnology, Microsoft, and Amazon Rekognition) to determine their individual performance using facial images with varied conditions and to determine the benefits of fusion. Two challenging facial datasets were identified for the evaluation; they represent a challenging yet realistic set of digital forensics scenarios collected from publicly available photographs. The experimental results have proven that using the developed fusion approach achieves a better facial vi identification rate as the best evaluated commercial system has achieved an accuracy of 67.23% while the multi-algorithmic fusion system has achieved an accuracy of 71.6%. Building on these results, a novel architecture is proposed to support the forensic investigation concerning the automatic facial recognition called Facial-Forensic Analysis System (F-FAS). The F-FAS is an efficient design that analyses the content of photo evidence to identify a criminal individual. Further, the F-FAS architecture provides a wide range of capabilities that will allow investigators to perform in-depth analysis that can lead to a case solution. Also, it allows investigators to find answers about different questions, such as individual identification, and identify associations between artefacts (facial social network) and presents them in a usable and visual form (geolocation) to draw a wider picture of a crime. This tool has also been designed based on a case management concept that helps to manage the overall system and provide robust authentication, authorisation, and chain of custody. Several experts in the forensic area evaluated the contributions of theses and a novel approach idea and it was unanimously agreed that the selected research problem was one of great validity. In addition, all experts have demonstrated support for experiments’ results and they were impressed by the suggested F-FAS based on the context of its functions.Republic of Iraq / Ministry of Higher Education and Scientific Research – Baghdad Universit

AN OBJECT-BASED MULTIMEDIA FORENSIC ANALYSIS TOOL

With the enormous increase in the use and volume of photographs and videos, multimedia-based digital evidence now plays an increasingly fundamental role in criminal investigations. However, with the increase, it is becoming time-consuming and costly for investigators to analyse content manually. Within the research community, focus on multimedia content has tended to be on highly specialised scenarios such as tattoo identification, number plate recognition, and child exploitation. An investigator’s ability to search multimedia data based on keywords (an approach that already exists within forensic tools for character-based evidence) could provide a simple and effective approach for identifying relevant imagery. This thesis proposes and demonstrates the value of using a multi-algorithmic approach via fusion to achieve the best image annotation performance. The results show that from existing systems, the highest average recall was achieved by Imagga with 53% while the proposed multi-algorithmic system achieved 77% across the select datasets. Subsequently, a novel Object-based Multimedia Forensic Analysis Tool (OM-FAT) architecture was proposed. The OM-FAT automates the identification and extraction of annotation-based evidence from multimedia content. Besides making multimedia data searchable, the OM-FAT system enables investigators to perform various forensic analyses (search using annotations, metadata, object matching, text similarity and geo-tracking) to help investigators understand the relationship between artefacts, thus reducing the time taken to perform an investigation and the investigator’s cognitive load. It will enable investigators to ask higher-level and more abstract questions of the data, then find answers to the essential questions in the investigation: what, who, why, how, when, and where. The research includes a detailed illustration of the architectural requirements, engines, and complete design of the system workflow, which represents a full case management system. To highlight the ease of use and demonstrate the system’s ability to correlate between multimedia, a prototype was developed. The prototype integrates the functionalities of the OM-FAT tool and demonstrates how the system would help digital investigators find pieces of evidence among a large number of images starting from the acquisition stage and ending in the reporting stage with less effort and in less time.The Higher Committee for Education Development in Iraq (HCED

Novel Attacks and Defenses for Enterprise Internet-of-Things (E-IoT) Systems

This doctoral dissertation expands upon the field of Enterprise Internet-of-Things (E-IoT) systems, one of the most ubiquitous and under-researched fields of smart systems. E-IoT systems are specialty smart systems designed for sophisticated automation applications (e.g., multimedia control, security, lighting control). E-IoT systems are often closed source, costly, require certified installers, and are more robust for their specific applications. This dissertation begins with an analysis of the current E-IoT threat landscape and introduces three novel attacks and defenses under-studied software and protocols heavily linked to E-IoT systems. For each layer, we review the literature for the threats, attacks, and countermeasures. Based on the systematic knowledge we obtain from the literature review, we propose three novel attacks and countermeasures to protect E-IoT systems. In the first attack, we present PoisonIvy, several attacks developed to show that malicious E-IoT drivers can be used to compromise E-IoT. In response to PoisonIvy threats, we describe Ivycide, a machine-learning network-based solution designed to defend E-IoT systems against E-IoT driver threats. As multimedia control is a significant application of E-IoT, we introduce is HDMI-Walk, a novel attack vector designed to demonstrate that HDMI\u27s Consumer Electronics Control (CEC) protocol can be used to compromise multiple devices through a single connection. To defend devices from this threat, we introduce HDMI-Watch, a standalone intrusion detection system (IDS) designed to defend HDMI-enabled devices from HDMI-Walk-style attacks. Finally, this dissertation evaluates the security of E-IoT proprietary protocols with LightingStrike, a series of attacks used to demonstrate that popular E-IoT proprietary communication protocols are insecure. To address LightningStrike threats, we introduce LGuard, a complete defense framework designed to defend E-IoT systems from LightingStrike-style attacks using computer vision, traffic obfuscation, and traffic analysis techniques. For each contribution, all of the defense mechanisms proposed are implemented without any modification to the underlying hardware or software. All attacks and defenses in this dissertation were performed with implementations on widely-used E-IoT devices and systems. We believe that the research presented in this dissertation has notable implications on the security of E-IoT systems by exposing novel threat vectors, raising awareness, and motivating future E-IoT system security research

Forensic applications of analog memory: the digital evidence bag

Digital evidence is electronic data that \has the potential to make the factual account of either party more probable or less probable than it would be without the evidence" [1]. We consider digital evidence stored on a physical memory device, collected in the fi eld and transported to a lab where the digital content is stored and analyzed. Digital Forensics is the area of study that deals with the science behind this process, as well as establishing best practices and legal requirements. The core aspects of digital forensics are preserving evidence integrity and the chain of custody during the handling and storage of the evidence [2]. In this thesis, we look specifi cally at digital evidence where only digital data is collected (such as forensic photography), as opposed to digital evidence that also includes the storage medium (such as seized mobile phones). We review the existing procedures used for collecting and transporting evidence and explore how these processes could be improved to better suit this kind of digital evidence. The fi eld of Information Security deals with providing con fidentiality and integrity of data, along with authentication and non-repudiation of both data and entities [3]. This is a widely researched and well developed area with many commercial applications, the most well known being internet security. We review and categorize the existing technologies used in information security into four avenues of approach based upon the fundamental security concepts of each: cryptography, widely witnessed, hardware security and exploitation of manufacturing defects. Many information security systems incorporate several of these approaches which leads to the overall security of the system being improved. The aims of Digital Forensics and Information Security are similar, however the processes and systems used are very different. This partly reflects that digital forensics is usually subject to a greater level of legal scrutiny, but it also highlights that there are potentially opportunities to improve the processes and systems used. Hence we develop the concept of a \digital evidence bag" (DEB), a device for the secure transport of digital evidence that has the same requirements as physical evidence bags: tamper-evident, unforgeable and clean. To achieve these requirements through technological solutions, we look at technology used in Information Security along with traditional forensic processes and explore how they can be adapted to create a DEB. Given the nature of digital data, it is easy to produce exact copies and edit the data with- out loss of quality. From a forensics point of view, this strips out a lot of the imperfections that are usually exploited in the traditional forensic processes. However the technology used to build digital memory is still inherently analog and has non-ideal characteristics, which are usually obfuscated in the digital application space. We show how these characteristics can be exploited to achieve the DEB requirements. We explore how a digital fi ngerprint for conventional digital memory could be used to meet the requirements of the DEB. We also propose a DEB based on analog memory cells which offers a novel method to meet the requirements.Thesis (MPhil) -- University of Adelaide, School of Electrical and Electronic Engineering, 202

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Copyright protection of scalar and multimedia sensor network data using digital watermarking

This thesis records the research on watermarking techniques to address the issue of copyright protection of the scalar data in WSNs and image data in WMSNs, in order to ensure that the proprietary information remains safe between the sensor nodes in both. The first objective is to develop LKR watermarking technique for the copyright protection of scalar data in WSNs. The second objective is to develop GPKR watermarking technique for copyright protection of image data in WMSN

Forensic Tracking and Surveillance

Digital forensics is an emerging field that has uniquely brought together academics, practitioners and law enforcement. Research in this area was inspired by the numerous challenges posed by the increased sophistication of criminal tools. Traditionally, digital forensics has been confined to the extraction of digital evidence from electronic devices. This direct extraction of digital evidence, however, no longer suffices. Indeed, extracting completely raw data without further processing and/or filtering is, in some cases, useless. These problems can be tackled by the so-called ``computational forensics" where the reconstructs evidence are undertaken further processing. One important application of computational forensics is criminal tracking, which we collectively call ``forensic tracking" and is the main subject of this thesis. This thesis adopts an algorithmic approach to investigate the feasibility of conducting forensic tracking in various environments and settings. Unlike conventional tracking, forensic tracking has to be passive such that the target (who is usually a suspect) should not be aware of the tracking process. We begin by adopting pedestrian setting and propose several online (real-time) forensic tracking algorithms to track a single or multiple targets passively. Beside the core tracking algorithms, we also propose other auxiliary algorithms to improve the robustness and resilience of tracking. We then extend the scope and consider vehicular forensic tracking, where we investigate both online and offline tracking. In online vehicular tracking, we also propose algorithms for motion prediction to estimate the near future movement of target vehicles. Offline vehicular tracking, on the other hand, entails the post-hoc extraction and probabilistic reconstruction of vehicular traces, which we adopt Bayesian approach for. Finally, the contributions of the thesis concludes with building an algorithmic solution for multi-modal tracking, which is a mixed environment combining both pedestrian and vehicular settings