Forensic Analysis of the exFAT Artifacts

Although keeping some basic concepts inherited from FAT32, the exFAT file system introduces many differences, such as the new mapping scheme of directory entries. The combination of exFAT mapping scheme with the allocation of bitmap files and the use of FAT leads to new forensic possibilities. The recovery of deleted files, including fragmented ones and carving becomes more accurate compared with former forensic processes. Nowadays, the accurate and sound forensic analysis is more than ever needed, as there is a high risk of erroneous interpretation. Indeed, most of the related work in the literature on exFAT structure and forensics, is mainly based on reverse engineering research, and only few of them cover the forensic interpretation. In this paper, we propose a new methodology using of exFAT file systems features to improve the interpretation of inactive entries by using bitmap file analysis and recover the file system metadata information for carved files. Experimental results show how our approach improves the forensic interpretation accuracy

Introductory Computer Forensics

INTERPOL (International Police) built cybercrime programs to keep up with emerging cyber threats, and aims to coordinate and assist international operations for ?ghting crimes involving computers. Although signi?cant international efforts are being made in dealing with cybercrime and cyber-terrorism, ?nding effective, cooperative, and collaborative ways to deal with complicated cases that span multiple jurisdictions has proven dif?cult in practic

A comparison of open source and proprietary digital forensic software

Scrutiny of the capabilities and accuracy of computer forensic tools is increasing as the number of incidents relying on digital evidence and the weight of that evidence increase. This thesis describes the capabilities of the leading proprietary and open source digital forensic tools. The capabilities of the tools were tested separately on digital media that had been formatted using Windows and Linux. Experiments were carried out with the intention of establishing whether the capabilities of open source computer forensics are similar to those of proprietary computer forensic tools, and whether these tools could complement one another. The tools were tested with regards to their capabilities to make and analyse digital forensic images in a forensically sound manner. The tests were carried out on each media type after deleting data from the media, and then repeated after formatting the media. The results of the experiments performed demonstrate that both proprietary and open source computer forensic tools have superior capabilities in different scenarios, and that the toolsets can be used to validate and complement one another. The implication of these findings is that investigators have an affordable means of validating their findings and are able to more effectively investigate digital media

Archibald Reiss Days : Thematic conference proceedings of international significance : International Scientific Conference, Belgrade, 7-9 November 2017

In front of you is the Thematic Collection of Papers presented at the International Scientific Conference “Archibald Reiss Days”, which was organized by the Academy of Criminalistic and Police Studies in Belgrade, in cooperation with the Ministry of Interior and the Ministry of Education, Science and Technological Development of the Republic of Serbia, School of Criminal Justice, Michigan State University in USA, School of Criminal Justice University of Laussane in Switzerland, National Police Academy in Spain, Police Academy Szczytno in Poland, National Police University of China, Lviv State University of Internal Affairs, Volgograd Academy of the Russian Internal Affairs Ministry, Faculty of Security in Skopje, Faculty of Criminal Justice and Security in Ljubljana, Police Academy “Alexandru Ioan Cuza“ in Bucharest, Academy of Police Force in Bratislava, Faculty of Security Science University of Banja Luka, Faculty for Criminal Justice, Criminology and Security Studies University of Sarajevo, Faculty of Law in Montenegro, Police Academy in Montenegro and held at the Academy of Criminalistic and Police Studies, on 7, 8 and 9 November 2017.The International Scientific Conference “Archibald Reiss Days” is organized for the seventh time in a row, in memory of the founder and director of the first modern higher police school in Serbia, Rodolphe Archibald Reiss, after whom the Conference was named. The Thematic Collection of Papers contains 131 papers written by eminent scholars in the field of law, security, criminalistics, police studies, forensics, informatics, as well as by members of national security system participating in education of the police, army and other security services from Belarus, Bosnia and Herzegovina, Bulgaria, Bangladesh, Abu Dhabi, Greece, Hungary, Macedonia, Romania, Russian Federation, Serbia, Slovakia, Slovenia, Czech Republic, Switzerland, Turkey, Ukraine, Italy, Australia and United Kingdom. Each paper has been double-blind peer reviewed by two reviewers, international experts competent for the field to which the paper is related, and the Thematic Conference Proceedings in whole has been reviewed by five competent international reviewers.The papers published in the Thematic Collection of Papers provide us with the analysis of the criminalistic and criminal justice aspects in solving and proving of criminal offences, police organization, contemporary security studies, social, economic and political flows of crime, forensic linguistics, cybercrime, and forensic engineering. The Collection of Papers represents a significant contribution to the existing fund of scientific and expert knowledge in the field of criminalistic, security, penal and legal theory and practice. Publication of this Collection contributes to improving of mutual cooperation between educational, scientific and expert institutions at national, regional and international level

Contribuciones al análisis forense de evidencias digitales procedentes de aplicaciones de mensajería instantánea

La continua evolución de las Tecnologías de la Información y Comunicaciones está propiciando que cada vez más, nos encontremos ante una sociedad más interconectada, permitiendo el intercambio inmediato de información digital desde casi cualquier lugar del planeta. Desde el punto de vista de las ciencias forenses, como ciencia que estudia los elementos recolectados en la escena de un crimen, el nacimiento y la rápida evolución de las TICs implica que las ciencias forenses deban adaptarse continuamente a esta evolución, investigando nuevos métodos científicos de análisis que permitan la resolución de los hechos delictivos a través de medios digitales. El uso que se realiza en concreto de las aplicaciones de intercambio de información en la comisión de hechos delictivos implica que éstas deban ser objeto de un análisis forense minucioso, a partir del cual identificar, recuperar y extraer toda aquella información relativa con el hecho investigado, manteniendo en todo momento el valor probatorio de la misma. La Tesis con el título La Tesis con el título CONTRIBUCIONES AL ANÁLISIS FORENSE DE EVIDENCIAS DIGITALES PROCEDENTES DE APLICACIONES DE MENSAJERÍA INSTANTÁNEA lleva a cabo la investigación de la evolución de las aplicaciones de mensajería instantánea y su impacto en el ámbito de las ciencias forenses. La investigación realizada pretende reseñar la transformación de este tipo de aplicaciones en cuando a los diferentes métodos de acceso e infinidad de funcionalidades ofrecidas a sus usuarios. Así mismo se persigue contribuir de forma directa en los métodos científicos utilizados en el análisis forense que se vienen realizando sobre las aplicaciones de mensajería instantánea, medio de prueba principal en multitud de procesos judiciales. Esta Tesis expondrá el estado actual de los procesos utilizados tanto en el proceso de adquisición como en el proceso de análisis de las aplicaciones de mensajería instantánea, así como las diferentes problemáticas a las que se enfrenta el especialista forense digital en el análisis forense de este tipo de aplicaciones. Se desarrollará una metodología específica para el análisis forense de las aplicaciones de mensajería instantánea, suma de diversos métodos de estudios, la cual permitirá identificar, decodificar e interpretar la información generada por este tipo de aplicaciones con independencia del dispositivo electrónico, sistema operativo o aplicación analizada. A partir de los tres métodos de estudio incluidos en la metodología propuesta, se pretende verificar y validar la integridad de la información extraída más allá del uso generalizado de soluciones forenses comerciales. Por último, se expondrán los resultados y conclusiones obtenidas de aplicar la metodología de análisis forense propuesta en esta investigación sobre alguno de los clientes de las principales aplicaciones de mensajería instantánea que existen en la actualidad

Open Source Law, Policy and Practice

This book examines various policies, including the legal and commercial aspects of the Open Source phenomenon. Here, ‘Open Source’ is adopted as convenient shorthand for a collection of diverse users and communities, whose differences can be as great as their similarities. The common thread is their reliance on, and use of, law and legal mechanisms to govern the source code they write, use, and distribute. The central fact of open source is that maintaining control over source code relies on the existence and efficacy of intellectual property (‘IP’) laws, particularly copyright law. Copyright law is the primary statutory tool that achieves the end of openness, although implemented through private law arrangements at varying points within the software supply chain. This dependent relationship is itself a cause of concern for some philosophically in favour of ‘open’, with some predicting (or hoping) that the free software movement will bring about the end of copyright as a means for protecting software

Open Source Law, Policy and Practice

This book examines various policies, including the legal and commercial aspects of the Open Source phenomenon. Here, ‘Open Source’ is adopted as convenient shorthand for a collection of diverse users and communities, whose differences can be as great as their similarities. The common thread is their reliance on, and use of, law and legal mechanisms to govern the source code they write, use, and distribute. The central fact of open source is that maintaining control over source code relies on the existence and efficacy of intellectual property (‘IP’) laws, particularly copyright law. Copyright law is the primary statutory tool that achieves the end of openness, although implemented through private law arrangements at varying points within the software supply chain. This dependent relationship is itself a cause of concern for some philosophically in favour of ‘open’, with some predicting (or hoping) that the free software movement will bring about the end of copyright as a means for protecting software

Proposta de preservació de dades científiques en accés obert mitjançant tècniques d’anàlisi forense digital

[cat][eng] It has long been that funding agencies for research require researchers to facilitate the sharing of research data produced in funded projects which must be open-access available, generally through a repository. Therefore, digital preservation centres are facing the challenge of preservation and long-term storage of research data. The purpose of this thesis is to prove that digital forensics techniques are valid to preserve effectively research data in the social sciences and humanities. To prove this hypothesis, a preservation workflow has been created to provide a technical solution to centres without the means to use data repositories, since the model uses the DSpace open source software. The methodology has involved, firstly, analysing of the bibliography on open research data, on funding agencies for research, on digital forensics use cases in libraries and archives and on organizations specialized on deposit of data. Secondly, a series of interviews to responsible people for DSpace repositories have been conducted to know their opinions regarding the application of the model. Lastly, a series of tests have been done to develop the proposal. Once these tests have been completed, the workflow of the preservation model was defined in which the OAIS terminology was used. The theoretical basis of the model was the study of diverse use cases of digital forensics, of which different methods were adapted. The last step was the study of the DSpace software, in which some tests on a local repository were done. The final conclusions are that the preservation model meets the different requirements of research funding agencies regarding open access, while digital forensic analysis techniques allow to safeguard the integrity of the data, perform diverse data analyses and identify and block personally identifiable information. DSpace software allows the intake of large volumes of data, but it is necessary to enable the FTP ingest function