Provenance analysis for instagram photos

As a feasible device fingerprint, sensor pattern noise (SPN) has been proven to be effective in the provenance analysis of digital images. However, with the rise of social media, millions of images are being uploaded to and shared through social media sites every day. An image downloaded from social networks may have gone through a series of unknown image manipulations. Consequently, the trustworthiness of SPN has been challenged in the provenance analysis of the images downloaded from social media platforms. In this paper, we intend to investigate the effects of the pre-defined Instagram images filters on the SPN-based image provenance analysis. We identify two groups of filters that affect the SPN in quite different ways, with Group I consisting of the filters that severely attenuate the SPN and Group II consisting of the filters that well preserve the SPN in the images. We further propose a CNN-based classifier to perform filter-oriented image categorization, aiming to exclude the images manipulated by the filters in Group I and thus improve the reliability of the SPN-based provenance analysis. The results on about 20, 000 images and 18 filters are very promising, with an accuracy higher than 96% in differentiating the filters in Group I and Group II

Brooking no excuses: university staff and students are encouraged to develop their engagement

Brooking no excuses: university staff and students are encouraged to develop their engagement This paper will explore the internal and external factors that have prompted the University of East Anglia's decision to give Public Engagement into a more central role within the Universities Corporate Plan. It will illustrate how the SEARCH Action Learning Programme facilitated the design, implementation and delivery of new Staff and Student Development Programmes that aim to provide the confidence, skills and mentorship that will encourage staff to develop their engagement activities. We will use a SWOT analysis to discuss the strengths, weaknesses, opportunities and threats of the Public Engagement Practitioner. As part of this, we will explore how many of the issues we face as Science communicators with the public are similar to issues encountered by Communicators within the Arts and Humanities disciplines. Finally we will outline and detail our future plans, opportunities and vision that will enable us to move this agenda forward

FORENSIC ANALYSIS OF THE GARMIN CONNECT ANDROID APPLICATION

Wearable smart devices are becoming more prevalent in our lives. These tiny devices read various health signals such as heart rate and pulse and also serve as companion devices that store sports activities and even their coordinates. This data is typically sent to the smartphone via a companion application installed. These applications hold a high forensic value because of the users’ private information they store. They can be crucial in a criminal investigation to understand what happened or where that person was during a given period. They also need to guarantee that the data is secure and that the application is not vulnerable to any attack that can lead to data leaks. The present work aims to do a complete forensic analysis of the companion application Garmin Connect for Android devices. We used a Garmin Smartband to generate data and test the application with a rooted Android device. This analysis is split into two parts. The first part will be a traditional Post Mortem analysis where we will present the application, data generation process, acquisition process, tools, and methodologies. Lastly, we analyzed the data extracted and studied what can be considered a forensic artifact. In the second part of this analysis, we performed a dynamic analysis. We used various offensive security techniques and methods to find vulnerabilities in the application code and network protocol to obtain data in transit. Besides completing the Garmin Connect application analysis, we contributed various modules and new features for the tool Android Logs Events And Protobuf Parser (ALEAPP) to help forensic practitioners analyze the application and to improve the open-source digital forensics landscape. We also used this analysis as a blueprint to explore six other fitness applications that can receive data from Garmin Connect. With this work, we could conclude that Garmin Connect stores a large quantity of private data in its device, making it of great importance in case of a forensic investigation. We also studied its robustness and could conclude that the application is not vulnerable to the tested scenarios. Nevertheless, we found a weakness in their communication methods that lets us obtain any data from the user even if it was not stored in the device. This fact increased its forensic importance even more

Designing Digital Forensics Challenges for Multinational Cyber Defense Exercises

Töös püütakse kujundada ja hinnata digitaalse kohtuekspertiisi väljakutset, mida kasutada rahvusvahelisel küberkaitse õppusel. Eesmärk on fokusseerida põhioskustele, mida üks riiklik organisatsioon oma digitaalse kohtuekspertiisi ekspertidelt vajab ja disainida ning integreerida tehnilisi ülesandeid, mis adekvaatselt testivad neid oskusi suuremal küberkaitse õppusel. See töö kasutab NATO Locked Shields küberkaitse õppust test-näitena, mille jaoks väitekirja autor liitus digitaalse kohtuekspertiisi disainimeeskonnaga, NATO Cyber Defense Centre of Excellence juures, kui nad kavandasid ja rakendasid kolme-päevast digitaalse kohtuekspertiisi väljakutset. See lõputöö kehtestab rea tehnilisi ja protseduurilisi oskuseid, mida riiklikud organisatsioonid vajavad oma ekspertidelt, määrab viisid, kuidas testida neid oskusi ja arendab stsenaariumipõhist digitaalse kohtuekspertiisi väljakutset. Kasutades vahetult saadud tähelepanekuid, osaleja tagasisidet ja väljakutse tulemusi, et hinnata väljakutse efektiivsust, lõputöös leitakse, et stsenaarium testis piisavalt enamus oskusi õigel raskustasemel ja vajab parendamist ajastuses ning aruandlusstandardites. Lõpetuseks uuritakse erinevaid viise, kuidas parendada valitud meetodeid ja ülesandeid tuleviku õppusteks.This thesis seeks to design and evaluate a digital forensics challenge for inclusion in a multinational cyber defense exercise. The intent is to narrow down the key skills a state-based organization requires of its digital forensics experts and design and integrate technical tasks that adequately test these skills into a larger cyber defense exercise. It uses the NATO Locked Shields cyber defense exercise as a test case, for which the thesis author joined the digital forensics design team at the NATO Cyber Defense Centre of Excellence in designing and implementing a three day digital forensics challenge. This thesis establishes a series of technical and procedural skills state-based organizations require of their experts, determines ways to test these skills, and develops a scenario-based digital forensics challenge. Using first hand observations, participant feedback, and challenge scores to evaluate the effectiveness of the challenge, it finds that the scenario adequately tested a majority of the skills at the appropriate difficulty level and needs improvement in timing and reporting standards. Finally, it explores ways to improve upon the selected methods and tasks for future exercises

Memory Forensics

Memory forensics is rapidly becoming a critical part of all digital forensic investigations. The value of information stored within a computer’s memory is immense; failing to capture it could result in a substantial loss of evidence. However, it is becoming increasingly more common to find situations where standard memory acquisition tools do not work. The paper addresses how an investigator can capture the memory of a locked computer when authentication is not present. The proposed solution is to use a bootable memory acquisition tool, in this case, Passware Bootable Memory Imager. To enhance the findings, three different reboot methods will be tested to help identify what would happen if the recommended warm reboot is not possible. Using a warm reboot and a secure reboot, Passware Bootable Memory Imager was able to successfully acquire the memory of the locked machine, with the resulting captures being highly representative of the populated data. However, the memory samples collected after a cold reboot did not retain any populated data. These findings highlight that to capture the memory of a locked machine, the reboot method is highly successful, providing the correct method is followed.Memory forensics is rapidly becoming a critical part of all digital forensic investigations. The value of information stored within a computer’s memory is immense; failing to capture it could result in a substantial loss of evidence. However, it is becoming increasingly more common to find situations where standard memory acquisition tools do not work. The paper addresses how an investigator can capture the memory of a locked computer when authentication is not present. The proposed solution is to use a bootable memory acquisition tool, in this case, Passware Bootable Memory Imager. To enhance the findings, three different reboot methods will be tested to help identify what would happen if the recommended warm reboot is not possible. Using a warm reboot and a secure reboot, Passware Bootable Memory Imager was able to successfully acquire the memory of the locked machine, with the resulting captures being highly representative of the populated data. However, the memory samples collected after a cold reboot did not retain any populated data. These findings highlight that to capture the memory of a locked machine, the reboot method is highly successful, providing the correct method is followed

Forensic Analysis

It is my pleasure to place before you the book ''Forensic Analysis - From Death to Justice'' which presents one of the major portions of the broad specialty of Forensic Science comprising mainly of Thanatology and Criminalistics. This book has been designed to incorporate a wide range of new ideas and unique works from all authors from topics like Forensic Engineering, Forensic Entomology and Crime Scene Investigation. I hope that it will be useful to practitioners of forensic medicine, experts, pathologists, law makers, investigating authorities, undergraduate and postgraduate medical school graduates of medicine

A career in Forensic Odontology:it is not just about teeth

Throughout the world, forensic odontology academic programmes have been designed and permeate discussions about international or local standard operational protocols, principles or guidelines requiring current technical and scientific knowledge. The heterogeneous groups of students who aim to pursue this career might have high educational and occupational aspirations that will be confronted with the labour markets. In this report, the authors briefly present aspects of the education and training that comprise the choice of a career in forensic odontology nowadays. In conclusion, the individual who opts for forensic odontology as a career must be prepared to find the confidence and resilience to practice professional skills in a unique and challenging field to comply with the society’s expectation

Examination of invisible injuries: UV-induced fluorescence as a supplement to physical examination for blunt trauma injury

Die Untersuchung von Gewaltopfern und die Dokumentation von Verletzungen gehört zur Routinetätigkeit in der Klinischen Rechtsmedizin. Am häufigsten werden Folgen stumpfer Gewalteinwirkung festgestellt. Diese Untersuchungen geraten an ihre Grenzen, wenn z.B. Hautunterblutungen (noch) nicht oder bereits nicht mehr sichtbar sind. Die vorliegende Arbeit belegt den Nutzen von ultravioletter (UV) Strahlung zur Sichtbarmachung verblasster und mit bloßem Auge nicht erkennbare Hämatome. Die durch UV-Strahlung hervorgerufene Fluoreszenz von gesundem im Vergleich zu geschädigtem Gewebe kann teils noch bis zu Monate nach einer Verletzung Unterschiede aufweisen. Somit stellt das hier untersuchte Verfahren eine kostengünstige, schnelle und zuverlässige Alternative des Methodenspektrums rechtsmedizinischer Untersuchungstechniken dar.:1. Bibliographische Beschreibung 2. Introduction 3. Background 3.1. Hematoma 3.2. Electromagnetic radiation 3.3. Fluorescence 3.4. UV radiation 3.5. UV-induced fluorescence 3.6. Hematoma fluorescence 3.7. UV-photography 3.8. Alternative non-invasive 4. Motivation & Purpose of this Thesis 5. Publication 6. Summary & Conclusion 6.1. Background 6.2. Aim 6.3. Material and Method 6.4. Results 6.5. Thesis 6.6. Conclusion 7. Appendix 7.1. Bibliography 7.2. Core Data 7.3. Declaration of Independence 7.4. Curriculum vitae 7.5. Publications 7.6. AcknowledgementsIdentification and age determination of hematomas is daily work in forensic medicine. Following blunt trauma, a hematoma may be visible between a few hours and up to three weeks. Patients presenting their injuries outside of that timeframe usually miss visual signs. Various studies indicate that ultraviolet radiation (UVR) can aid the process of hematoma identification, when visible signs are vague or even absent. In this thesis hematoma identification using UV- induced fluorescence is discussed as simple, economic and convenient method.:1. Bibliographische Beschreibung 2. Introduction 3. Background 3.1. Hematoma 3.2. Electromagnetic radiation 3.3. Fluorescence 3.4. UV radiation 3.5. UV-induced fluorescence 3.6. Hematoma fluorescence 3.7. UV-photography 3.8. Alternative non-invasive 4. Motivation & Purpose of this Thesis 5. Publication 6. Summary & Conclusion 6.1. Background 6.2. Aim 6.3. Material and Method 6.4. Results 6.5. Thesis 6.6. Conclusion 7. Appendix 7.1. Bibliography 7.2. Core Data 7.3. Declaration of Independence 7.4. Curriculum vitae 7.5. Publications 7.6. Acknowledgement