5,220 research outputs found
Legal Issues about Metadata: Data Privacy vs Information Security
International audienceFor the purposes of our work we use the concept of metadata to implement enterprise digital right management mechanisms in an intelligent document environment. Such metadata allow us to firstly define contextual security rules and secondly to ensure the information traceability. However, its use may have legal implications, especially with regard to metadata that can be stored (see personal data, privacy), how it should be stored (see probative value in case of litigation, digital forensics) or computer processing in which it may be involved. Another topical issue is the storage and the processing of data using a service provider: the cloud. We must ensure, however, that this solution does not lead to a loss of information controllability for the company. This article aims to position our work with respect to these legal issues
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
There is a growing demand for cloud storage services such as Dropbox, Box,
Syncplicity and SugarSync. These public cloud storage services can store
gigabytes of corporate and personal data in remote data centres around the
world, which can then be synchronized to multiple devices. This creates an
environment which is potentially conducive to security incidents, data breaches
and other malicious activities. The forensic investigation of public cloud
environments presents a number of new challenges for the digital forensics
community. However, it is anticipated that end-devices such as smartphones,
will retain data from these cloud storage services. This research investigates
how forensic tools that are currently available to practitioners can be used to
provide a practical solution for the problems related to investigating cloud
storage environments. The research contribution is threefold. First, the
findings from this research support the idea that end-devices which have been
used to access cloud storage services can be used to provide a partial view of
the evidence stored in the cloud service. Second, the research provides a
comparison of the number of files which can be recovered from different
versions of cloud storage applications. In doing so, it also supports the idea
that amalgamating the files recovered from more than one device can result in
the recovery of a more complete dataset. Third, the chapter contributes to the
documentation and evidentiary discussion of the artefacts created from specific
cloud storage applications and different versions of these applications on iOS
and Android smartphones
Using a Goal-Driven Approach in the Investigation of a Questioned Contract
Part 3: FORENSIC TECHNIQUESInternational audienceThis paper presents a systematic process for describing digital forensic investigations. It focuses on forensic goals and anti-forensic obstacles and their operationalization in terms of human and software actions. The paper also demonstrates how the process can be used to capture the various forensic and anti-forensic aspects of a real-world case involving document forgery
The problems and challenges of managing crowd sourced audio-visual evidence
A number of recent incidents, such as the Stanley Cup Riots, the uprisings in the Middle East and the London riots have demonstrated the value of crowd sourced audio-visual evidence wherein citizens submit audio-visual footage captured on mobile phones and other devices to aid governmental institutions, responder agencies and law enforcement authorities to confirm the authenticity of incidents and, in the case of criminal activity, to identify perpetrators. The use of such evidence can present a significant logistical challenge to investigators, particularly because of the potential size of data gathered through such mechanisms and the added problems of time-lining disparate sources of evidence and, subsequently, investigating the incident(s). In this paper we explore this problem and, in particular, outline the pressure points for an investigator. We identify and explore a number of particular problems related to the secure receipt of the evidence, imaging, tagging and then time-lining the evidence, and the problem of identifying duplicate and near duplicate items of audio-visual evidence
Provenance Threat Modeling
Provenance systems are used to capture history metadata, applications include
ownership attribution and determining the quality of a particular data set.
Provenance systems are also used for debugging, process improvement,
understanding data proof of ownership, certification of validity, etc. The
provenance of data includes information about the processes and source data
that leads to the current representation. In this paper we study the security
risks provenance systems might be exposed to and recommend security solutions
to better protect the provenance information.Comment: 4 pages, 1 figure, conferenc
- …