Calm before the storm: the challenges of cloud computing in digital forensics

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed

A ‘criminal personas’ approach to countering criminal creativity

This paper describes a pilot study of a ‘criminal personas’ approach to countering criminal creativity. The value of the personas approach has been assessed by comparing the identification of criminal opportunity, through ‘traditional’ brainstorming and then through ‘criminal personas’ brainstorming The method involved brainstorm sessions with Computer Forensics Practitioners and with Product Designers, where they were required to generate criminal scenarios, select the most serious criminal opportunities, and propose means of countering them. The findings indicated that there was merit in further research in the development and application of the ‘criminal personas’ approach. The generation of criminal opportunity ideas and proposal of counter criminal solutions were both greater when the brainstorm approach involved the group responding through their given criminal personas

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Google and Facebook Data Retention and Location Tracking through Forensic Cloud Analysis

Mobile devices have hardware and software components that record large amounts of data. Some of the data is apparent to the device owner, some is discarded quickly, and some is hidden from the person using the device. For this study, the researchers used an Android smartphone as a typical user, carrying the device throughout the day, using Facebook and Google applications. Then the smartphone was analyzed using mobile forensic techniques and software. The investigation revealed security and privacy concerns. The researchers were able to retrieve social interactions, pictures, documents, and other personal attributes stored on the device. The most interesting find was location tracking information. This Android phone logged and stored location data when the researcher had location services enabled, but it also continued to collect and store location information after turning location services off. Within Google Maps, the sub-feature called Google Timeline, tracked location, date, and time as long as the phone was powered on. These findings will increase awareness for mobile devices users and may lead to more consumer-centric privacy settings in mobile operating systems

Mobile Handset Forensic Evidence: a challenge for Law Enforcement

Mobile phone proliferation in our societies is on the increase. Advances in semiconductor technologies related to mobile phones and the increase of computing power of mobile phones led to an increase of functionality of mobile phones while keeping the size of such devices small enough to fit in a pocket. This led mobile phones to become portable data carriers. This in turn increased the potential for data stored on mobile phone handsets to be used as evidence in civil or criminal cases. This paper examines the nature of some of the newer pieces of information that can become potential evidence on mobile phones. It also discusses some of the emerging technologies and their potential impact on mobile phone based evidence. The paper will also cover some of the inherent differences between mobile phone forensics and computer forensics. It also highlights some of the weaknesses of mobile forensic toolkits and procedures. Finally, the paper shows the need for more in depth examination of mobile phone evidence