DEEP: Extending the Digital Forensics Process Model for Criminal Investigations

The importance of high quality, reliable forensic analysis –an issue that is central to the delivery of justice– has become a topic for marked debate with scientists, specialists and government bodies calling for improved standards and procedures. At the same time, Law Enforcement agencies are under pressure to cut the cost of criminal investigations. The detrimental impact that this has had on all forensic disciplines has been noted internationally, with the UK’s House of Lords warning that if the trend continues, crimes could go unsolved and miscarriages of justice may increase. The pivotal role that digital forensics plays in investigating and solving modern crimes is widely acknowledged: in Britain, the police estimate it features in 90% of cases. In fact, today’s law enforcement officers play a key part in the recovery, handling and automated processing of digital devices yet they are often poorly trained to do so. They are also left to interpret outputs, with the results being presented in court. This, it is argued, is a dangerous anomaly and points to a significant gap in the current, four-stage digital forensics process model (DFPM). This paper presents an extension to that model, the Digital Evidence Enhanced Process (DEEP), with the aim of fine-tuning the mechanism and ensuring that all digital evidence is scrutinised by a qualified digital forensics analyst. The consequence of adopting DEEP in actual criminal investigations will be to ensure that all digital evidence is analysed and evaluated to the highest professional and technical competency standards, resulting in the enhanced reliability of digital evidence presented in court which will serve the cause of justice in terms of reduced instances of associated unsafe convictions and/or unjustified exculpations

The Information Security Ownership Question in ISO/IEC 27001 – an Implementation

The information security management standard ISO/IEC 27001 is built on the notion that information security is driven by risk assessment and risk treatment. Fundamental to the success of risk assessment and treatment is the decision making process that takes risk assessment output and assigns decisions to this output in terms of risk treatment actions. It is argued that the effectiveness of the management system lies in its ability to make effective, easytoimplement and measurable decisions. One of the key issues in decision making is ownership. In this paper two aspects of information security ownership are considered: ownership of the asset (as per the ISO/IEC 27001 definition) and ownership of the risk treatment actions. This paper discuses how traditional information security risk assessment methodologies confuse the ownership issue and raises the question as to whether this is simply because they are rebadged computer security risk assessment methodologies or because the significance and the complexity of ownership is underestimated in many forms of information security risk assessment. This paper also presents some observations from practical attempts at implementing an organisationwide information security risk assessment methodology. The observations were made as part of ISO/IEC 27001 certification assessment visits

¿Fue Jesús un artista marcial?

Existen diversas expresiones en los evangelios del Nuevo Testamento que describen el comportamiento de Jesús –hijo de José– de Nazaret (Galilea) de un modo que sugiere que pudo estar familiarizado con ciertas técnicas marciales. En este trabajo examinamos detalladamente estas expresiones para considerar seguidamente las tradiciones marciales que pudieron existir en el sudoeste asiático, y más concretamente en Palestina en el siglo I d.C

Quantitative evaluation of the results of digital forensic investigations: a review of progress

Unlike conventional forensics, digital forensics does not at present generally quantify the results of its investigations. It is suggested that digital forensics should aim to catch-up with other forensic disciplines by using Bayesian and other numerical methodologies to quantify its investigations’ results. Assessing the plausibility of alternative hypotheses (or propositions, or claims) which explain how recovered digital evidence came to exist on a device could assist both the prosecution and the defence sides in criminal proceedings: helping the prosecution to decide whether to proceed to trial and helping defence lawyers to advise a defendant how to plead. This paper reviews some numerical approaches to the goal of quantifying the relative weights of individual items of digital evidence and the plausibility of hypotheses based on that evidence. The potential advantages enabling the construction of cost-effective digital forensic triage schemas are also outlined