Use My Digital Forensics Tool...It’s Shiny!

The tendency to use technologies without fully understanding the potential ramifications extends to all reaches of our lives. Digital forensics is not immune from this phenomenon. This paper discusses some past scenarios in which conclusions were drawn before all of the testing was complete. Digital forensics tools are then discussed including tool capabilities, tool analysis, and associated challenges. It identifies some potential issues and ramifications that may not be given appropriate consideration by digital forensic examiners or those who rely on these tools when weighing evidence. It concludes with some suggestions for future research directions that could answer some important questions about using digital forensics tools effectively

Visual Computing and Machine Learning Techniques for Digital Forensics

It is impressive how fast science has improved day by day in so many different fields. In special, technology advances are shocking so many people bringing to their reality facts that previously were beyond their imagination. Inspired by methods earlier presented in scientific fiction shows, the computer science community has created a new research area named Digital Forensics, which aims at developing and deploying methods for fighting against digital crimes such as digital image forgery.This work presents some of the main concepts associated with Digital Forensics and, complementarily, presents some recent and powerful techniques relying on Computer Graphics, Image Processing, Computer Vision and Machine Learning concepts for detecting forgeries in photographs. Some topics addressed in this work include: sourceattribution, spoofing detection, pornography detection, multimedia phylogeny, and forgery detection. Finally, this work highlights the challenges and open problems in Digital Image Forensics to provide the readers with the myriad opportunities available for research

Public Security & Digital Forensics in the United States: The Continued Need for Expanded Digital Systems for Security

Digital Forensics is one of the latest challenges for the use of forensics in the investigative process in the United States. Some of the challenges are created by conditions and circumstances present for law enforcement around the world. However, many are unique to the United States and created by the standards of evidence within our courts, nature of our law enforcement organizations, and structure of our judicial and prosecutorial systems. It is essential for the preservation of public security and individual safety that competent systems of digital forensics are developed for law enforcement at all levels. The failure to do so will let the guilty avoid responsibility for their criminal actions while possibly subjecting the innocent to unprecedented government intrusion into their private lives

Column: File Cabinet Forensics

Researchers can spend their time reverse engineering, performing reverse analysis, or making substantive contributions to digital forensics science. Although work in all of these areas is important, it is the scientific breakthroughs that are the most critical for addressing the challenges that we face. Reverse Engineering is the traditional bread-and-butter of digital forensics research. Companies like Microsoft and Apple deliver computational artifacts (operating systems, applications and phones) to the commercial market. These artifacts are bought and used by billions. Some have evil intent, and (if society is lucky), the computers end up in the hands of law enforcement. Unfortunately the original vendors rarely provide digital forensics tools that make their systems amenable to analysis by law enforcement. Hence the need for reverse engineering

To Catch A Thief II: Computer Forensics in the Classroom

The subject of computer forensics is still new and both challenging and intriguing for students. Cal Poly Pomona has offered this course since September of 2004. The course involves both the technical and legal aspects of investigative procedures as applied to digital evidence. For the instructor, it can involve challenges not found in other areas of information systems. This paper discusses some of the triumphs and pitfalls of including computer forensics as part of an undergraduate information assurance curriculum

Cryptographic Techniques for Data Privacy in Digital Forensics

The acquisition and analysis of data in digital forensics raise different data privacy challenges. Many existing works on digital forensic readiness discuss what information should be stored and how to collect relevant data to facilitate investigations. However, the cost of this readiness often directly impacts the privacy of innocent third parties and suspects if the collected information is irrelevant. Approaches that have been suggested for privacy-preserving digital forensics focus on the use of policy, non-cryptography-based, and cryptography-based solutions. Cryptographic techniques have been proposed to address issues of data privacy during data analysis. As the utilization of some of these cryptographic techniques continues to increase, it is important to evaluate their applicability and challenges in relation to digital forensics processes. This study provides digital forensics investigators and researchers with a roadmap to understanding the data privacy challenges in digital forensics and examines the various privacy techniques that can be utilized to tackle these challenges. Specifically, we review the cryptographic techniques applied for privacy protection in digital forensics and categorize them within the context of whether they support trusted third parties, multiple investigators, and multi-keyword searches. We highlight some of the drawbacks of utilizing cryptography-based methods in privacy-preserving digital forensics and suggest potential solutions to the identified shortcomings. In addition, we propose a conceptual privacy-preserving digital forensics (PPDF) model that is based on the use of cryptographic techniques and analyze the model within the context of the above-mentioned factors. An evaluation of the model is provided through a consideration of identified factors that may affect an investigation. Lastly, we provide an analysis of how existing principles for preserving privacy in digital forensics are addressed in our PPDF model. Our evaluation shows that the model aligns with many of the existing privacy principles recommended for privacy protection in digital forensics.This work was supported by The University of Winnipeg (Grant ID: 16792)

Digital forensics: an integrated approach for the investigation of cyber/computer related crimes

A thesis submitted to the University of Bedfordshire in partial fulfilment of the requirements for the degree of Doctor of PhilosophyDigital forensics has become a predominant field in recent times and courts have had to deal with an influx of related cases over the past decade. As computer/cyber related criminal attacks become more predominant in today’s technologically driven society the need for and use of, digital evidence in courts has increased. There is the urgent need to hold perpetrators of such crimes accountable and successfully prosecuting them. The process used to acquire this digital evidence (to be used in cases in courts) is digital forensics. The procedures currently used in the digital forensic process were developed focusing on particular areas of the digital evidence acquisition process. This has resulted in very little regard being made for the core components of the digital forensics field, for example the legal and ethical along with other integral aspects of investigations as a whole. These core facets are important for a number of reasons including the fact that other forensic sciences have included them, and to survive as a true forensics discipline digital forensics must ensure that they are accounted for. This is because, digital forensics like other forensics disciplines must ensure that the evidence (digital evidence) produced from the process is able to withstand the rigors of a courtroom. Digital forensics is a new and developing field still in its infancy when compared to traditional forensics fields such as botany or anthropology. Over the years development in the field has been tool centered, being driven by commercial developers of the tools used in the digital investigative process. This, along with having no set standards to guide digital forensics practitioners operating in the field has led to issues regarding the reliability, verifiability and consistency of digital evidence when presented in court cases. Additionally some developers have neglected the fact that the mere mention of the word forensics suggests courts of law, and thus legal practitioners will be intimately involved. Such omissions have resulted in the digital evidence being acquired for use in various investigations facing major challenges when presented in a number of cases. Mitigation of such issues is possible with the development of a standard set of methodologies flexible enough to accommodate the intricacies of all fields to be considered when dealing with digital evidence. This thesis addresses issues regarding digital forensics frameworks, methods, methodologies and standards for acquiring digital evidence using the grounded theory approach. Data was gathered using literature surveys, questionnaires and interviews electronically. Collecting data using electronic means proved useful when there is need to collect data from different jurisdictions worldwide. Initial surveys indicated that there were no existing standards in place and that the terms models/frameworks and methodologies were used interchangeably to refer to methodologies. A framework and methodology have been developed to address the identified issues and represent the major contribution of this research. The dissertation outlines solutions to the identified issues and presents the 2IR Framework of standards which governs the 2IR Methodology supported by a mobile application and a curriculum of studies. These designs were developed using an integrated approach incorporating all four core facets of the digital forensics field. This research lays the foundation for a single integrated approach to digital forensics and can be further developed to ensure the robustness of process and procedures used by digital forensics practitioners worldwide

DEVELOPMENT OF A DIGITAL FORENSICS LAB TO SUPPORT ACTIVE LEARNING

The curriculum of a program in Information technology must be current and competitive to remain relevant and valuable. The authors of this paper explored the research related to the rationale to supplement higher education theoretical knowledge of digital forensics with opportunities for students in technology related programs to gains some hands-on experience. The paper also used the widely accepted learning theories of active learning and constructivism to assist in the decision to build a hands-on digital forensics lab environment. An explanation of the processes, opportunities, challenges, and outcomes are available in the Lab design section. Finally the paper concludes with implications for students and recommendations for other higher education institutions that are considering enhancing theory with practical hands-on learning opportunities

Chapter 10 Opportunities and challenges for the future

This chapter from 'Policing Digital Crime' explores recent developments in digital forensics, which it notes is at the end of a 'golden age'. Challenges relating to the forensic acquisition and analysis of solid state drives (SSDs) and cloud-based data are discussed. Also covered are the some of the issues with policing the deep web, the rise of anti-forensics and a multitude of factors that undermine expert evidence

Live Memory Forensic Analysis

The live memory image acquired in live forensics is always view in terms of integrity and reliability when presented as evidence. In this work, I describe how evidence like live memory obtained from physical memory image (RAM) and trustworthiness of evidence is studied. The evidence in live memory image can be taken as how accurately the memory image of RAM shows the real memory of the target machine. Based on a live memory analysis, investigator can test memory acquisition tool and after that live memory image is analyzed. Then, I describe the part of live memory analysis in the digital cyber forensics process and its use to address many challenges of the digital forensic investigation. In this work, I provide a method to overcome these problems. I highlight at some of the existing methods to live memory analysis. This work is done using acquisition and analysis tools. DOI: 10.17762/ijritcc2321-8169.15055