Book Review: The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics

The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics is well-named–it really is very basic. And it should be, as the book’s intended audience includes entry-level digital forensics professionals and complimentary fields such as law enforcement, legal, and general information security. Though the copyright is 2012, some of the data is from 2009, and there is mention of estimates for 2010

Methodology for Evidence Reconstruction in Digital Image Forensics

This paper reveals basics of Digital (Image) Forensics. The paper describes the ways to manipulate image, namely, copy-move forgery (copy region in imag

Methodology for Evidence Reconstruction in Digital Image Forensics

This paper reveals basics of Digital (Image) Forensics. The paper describes the ways to manipulate image, namely, copy-move forgery (copy region in image & paste into another region in same image), image splicing (copy region in image & paste into another image) and image retouching. The paper mainly focuses on copy move forgery detection methods that are classified mainly into two broad approaches- block-based and key-point. Methodology (generalized as well as approach specific) of copy move forgery detection is presented in detail. Copied region is not directly pasted but manipulated (scale, rotation, adding Gaussian noise or combining these transformations) before pasting. The method for detection should robust to these transformations. The paper also presents methodology for reconstruction (if possible) of forged image based on detection result. Keywords: digital forensics, copy-move forgery, keypoint, feature extraction, reconstructio

The Design of an Undergraduate Degree Program in Computer & Digital Forensics

Champlain College formally started an undergraduate degree program in Computer & Digital Forensics in 2003. The underlying goals were that the program be multidisciplinary, bringing together the law, computer technology, and the basics of digital investigations; would be available as on online and oncampus offering; and would have a process-oriented focus. Success of this program has largely been due to working closely with practitioners, maintaining activity in events related to both industry and academia, and flexibility to respond to ever-changing needs. This paper provides an overview of how this program was conceived, developed, and implemented; its evolution over time; and current and planned initiatives

Use of computer forensics in the digital curation of removable media

The purpose of this paper is to encourage the discussion of the potential place and value of digital forensics techniques when dealing with acquisitions on removable media in the field of digital curation. It examines a basic computer forensics process, discusses a typical file system for removable media, and raises questions about necessary processes and incentives for addressing data capture in the field of digital curation

Computer Forensics

84 σ.Το θέμα της διπλωματικής εργασίας είναι η μελέτη της επιστήμης της δικανικής υπολογιστών η οποία είναι κλάδος της ψηφιακής δικανικής. Στην εισαγωγή, αναφέρονται χαρακτηριστικά, εφαρμογές, μεθοδολογίες και κλάδοι της ψηφιακής δικανικής. Στο δεύτερο κεφάλαιο περιγράφονται βασικά χαρακτηριστικά της διαδικασίας απόκτησης ψηφιακών δεδομένων από υπολογιστές. Στο τρίτο κεφάλαιο παρουσιάζονται στοιχεία για τη διαδικασία της ανάλυσης των ψηφιακών δεδομένων ενός σκληρού δίσκου. Συγκεκριμένα παρουσιάζονται σημαντικά αρχεία και τοποθεσίες του λειτουργικού συστήματος Windows με ενδιαφέρον για έναν αναλυτή καθώς και χαρακτηριστικά της ανάλυσης βασικών τύπων αρχείων. Στο τέταρτο κεφάλαιο παρουσιάζονται σημαντικά εργαλεία για τη διεξαγωγή μιας έρευνας στα πλαίσια της δικανικής υπολογιστών. Το τελευταίο κεφάλαιο περιλαμβάνει τρία εργαστήρια όπου φαίνονται στην πράξη τεχνικές της δικανικής υπολογιστών. Στο πρώτο αναλύονται τα βήματα της απόκτησης ψηφιακών δεδομένων σε πλατφόρμα εργασίας Windows και Linux. Στο δεύτερο αναζητούνται ίχνη της δραστηριότητας ενός χρήστη σε σύστημα με Windows, ενώ στο τελευταίο αναζητούνται ίχνη μιας μνήμης usb σε ένα σύστημα Windows.The theme of this diploma thesis is the study of computer forensics science which is branch of digital forensics. Firstly, we refer to characteristics, applications, methods and branches of digital forensics. In chapter 2, details of digital data’s acquisition from computers are being described. In chapter 3, we present elements of the analysis of digital evidence, retrieved from a hard disc. More specifically, not only do we refer to important locations and artifacts of Windows operating systems, but also we present the basics of file types’ analysis. In chapter 4, essential tools for forensic investigations are being involved. The last chapter includes three labs which show computer forensics’ techniques in practice. In the first lab we state detailed steps for a forensic acquisition in Windows and Linux platforms. In the second lab, we trace a user’s activities in a Windows operating system whereas in the last lab we search for the traces of a flash drive in a Windows system.Καρρά Τανισκίδου Ευθυμί

A forensically-enabled IASS cloud computing architecture

Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated by the very nature of the multi-tenanted operating environment. Thus, investigators have no option but to rely on cloud providers to acquire evidence, assuming they would be willing or are required to by law. Furthermore, the evidence collected by the Cloud Service Providers (CSPs) is still questionable as there is no way to verify the validity of this evidence and whether evidence has already been lost. This paper proposes a forensic acquisition and analysis model that fundamentally shifts responsibility of the data back to the data owner rather than relying upon a third party. In this manner, organisations are free to undertaken investigations at will requiring no intervention or cooperation from the cloud provider. The model aims to provide a richer and complete set of admissible evidence than what current CSPs are able to provide

A comparative study of teaching forensics at a university degree level

Computer forensics is a relatively young University discipline which has developed strongly in the United States and the United Kingdom but is still in its infancy in continental Europe. The national programmes and courses offered therefore differ in many ways. We report on two recently established degree programmes from two European countries: Great Britain and Germany. We present and compare the design of both programmes and conclude that they cover two complementary and orthogonal aspects of computer forensics education: (a) rigorous practical skills and (b) competence for fundamental research discoveries

Aligned and Non-Aligned Double JPEG Detection Using Convolutional Neural Networks

Due to the wide diffusion of JPEG coding standard, the image forensic community has devoted significant attention to the development of double JPEG (DJPEG) compression detectors through the years. The ability of detecting whether an image has been compressed twice provides paramount information toward image authenticity assessment. Given the trend recently gained by convolutional neural networks (CNN) in many computer vision tasks, in this paper we propose to use CNNs for aligned and non-aligned double JPEG compression detection. In particular, we explore the capability of CNNs to capture DJPEG artifacts directly from images. Results show that the proposed CNN-based detectors achieve good performance even with small size images (i.e., 64x64), outperforming state-of-the-art solutions, especially in the non-aligned case. Besides, good results are also achieved in the commonly-recognized challenging case in which the first quality factor is larger than the second one.Comment: Submitted to Journal of Visual Communication and Image Representation (first submission: March 20, 2017; second submission: August 2, 2017