Dealing with temporal inconsistency in automated computer forensic profiling

Computer profiling is the automated forensic examination of a computer system in order to provide a human investigator with a characterisation of the activities that have taken place on that system. As part of this process, the logical components of the computer system – components such as users, files and applications - are enumerated and the relationships between them discovered and reported. This information is enriched with traces of historical activity drawn from system logs and from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work examines the impact of temporal inconsistency in such information and discusses two types of temporal inconsistency that may arise – inconsistency arising out of the normal errant behaviour of a computer system, and inconsistency arising out of deliberate tampering by a suspect – and techniques for dealing with inconsistencies of the latter kind. We examine the impact of deliberate tampering through experiments conducted with prototype computer profiling software. Based on the results of these experiments, we discuss techniques which can be employed in computer profiling to deal with such temporal inconsistencies

The promise and perils of wearable technologies

Wearable technology collectively describes some of the most exciting emerging technologies, encompassing smart gadgets, garments, jewelry, and other devices worn on the user\u27s body. In recent years, high profile wearable devices such as the Google Glass, Apple Watch, and FitBit have captured both the public imagination and headlines. Wearable technology has the potential to change the world even more profoundly than other mobile technologies. The appearance of such high profile wearable devices in the end-consumer market has also lead to serious consideration of the implications of such technologies, previously limited to the pages of science fiction. The implications for security and privacy of individuals and organizations, and the potential dangers to both society and the economy, must be considered and addressed in order for wearable technology to successfully deliver upon its many promises. Through addressing such concerns, the pathway to a wearable future can be unlocked, and users can adopt wearable technology with confidence

The promise and perils of wearable technologies

Wearable technology collectively describes some of the most exciting emerging technologies, encompassing smart gadgets, garments, jewelry, and other devices worn on the user\u27s body. In recent years, high profile wearable devices such as the Google Glass, Apple Watch, and FitBit have captured both the public imagination and headlines. Wearable technology has the potential to change the world even more profoundly than other mobile technologies. The appearance of such high profile wearable devices in the end-consumer market has also lead to serious consideration of the implications of such technologies, previously limited to the pages of science fiction. The implications for security and privacy of individuals and organizations, and the potential dangers to both society and the economy, must be considered and addressed in order for wearable technology to successfully deliver upon its many promises. Through addressing such concerns, the pathway to a wearable future can be unlocked, and users can adopt wearable technology with confidence

Behavioural Evidence Analysis Applied to Digital Forensics: An Empirical Analysis of Child Pornography Cases using P2P Networks

The utility of Behavioural Evidence Analysis (BEA) has gained attention in the field of Digital Forensics in recent years. It has been recognized that, along with technical examination of digital evidence, it is important to learn as much as possible about the individuals behind an offence, the victim(s) and the dynamics of a crime. This can assist the investigator in producing a more accurate and complete reconstruction of the crime, in interpreting associated digital evidence, and with the description of investigative findings. Despite these potential benefits, the literature shows limited use of BEA for the investigation of cases of the possession and dissemination of Sexually Exploitative Imagery of Children (SEIC). This paper represents a step towards filling this gap. It reports on the forensic analysis of 15 SEIC cases involving P2P filesharing networks, obtained from the Dubai Police. Results confirmed the predicted benefits and indicate that BEA can assist digital forensic practitioners and prosecutors

Managing Security Issues and the Hidden Dangers of Wearable Technologies

© 2017 by IGI Global. All rights reserved. Advances in mobile computing have provided numerous innovations that make people\u27s daily lives easier and more convenient. However, as technology becomes more ubiquitous, corresponding risks increase as well. Managing Security Issues and the Hidden Dangers of Wearable Technologies examines the positive and negative ramifications of emerging wearable devices and their potential threats to individuals, as well as organizations. Highlighting socio-ethical issues, policy implementation, and appropriate usage, this book is a pivotal reference source for professionals, policy makers, academics, managers, and students interested in the security and privacy implications of wearable digital devices

Forensic analysis of social networking applications on mobile devices

The increased use of social networking applications on smartphones makes these devices a goldmine for forensic investigators. Potential evidence can be held on these devices and recovered with the right tools and examination methods. This paper focuses on conducting forensic analyses on three widely used social networking applications on smartphones: Facebook, Twitter, and MySpace. The tests were conducted on three popular smartphones: BlackBerrys, iPhones, and Android phones. The tests consisted of installing the social networking applications on each device, conducting common user activities through each application, acquiring a forensically sound logical image of each device, and performing manual forensic analysis on each acquired logical image. The forensic analyses were aimed at determining whether activities conducted through these applications were stored on the device\u27s internal memory. If so, the extent, significance, and location of the data that could be found and retrieved from the logical image of each device were determined. The results show that no traces could be recovered from BlackBerry devices. However, iPhones and Android phones store a significant amount of valuable data that could be recovered and used by forensic investigators

Forensic artifacts of the ChatON Instant Messaging application

© 2013 IEEE. Instant Messaging (IM) is one of the most used types of applications across all digital devices, and is an especially popular feature on smartphones. This research is about the artifacts left by Samsung\u27s ChatON IM application, which is a multi-platform IM application. In this work, we acquired forensic images of a Samsung Galaxy Note device running Android 4.1 and an iPhone running iOS 6. The acquired images were analyzed and the data relevant to the ChatON application were identified. This research resulted is a map of the digital evidence left by ChatON on these mobile devices which assists digital forensics practitioners and researchers in the process of locating and recovering digital evidence from ChatON

BlackBerry PlayBook backup forensic analysis

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2013. Due to the numerous complicating factors in the field of small scale digital device forensics, physical acquisition of the storage of such devices is often not possible (at least not without destroying the device). As an alternative, forensic examiners often gather digital evidence from small scale digital devices through logical acquisition. This paper focuses on analyzing the backup file generated for the BlackBerry PlayBook device, using the BlackBerry Desktop Management software to perform the logical acquisition. Our work involved analyzing the generated “.bbb” file looking for traces and artifacts of user activity on the device. Our results identified key files that can assist in creating a profile of the device’s usage. Information about BlackBerry smart phone devices connected to the tablet was also recovered

The forensic investigation of android private browsing sessions using orweb

The continued increase in the usage of Small Scale Digital Devices (SSDDs) to browse the web has made mobile devices a rich potential for digital evidence. Issues may arise when suspects attempt to hide their browsing habits using applications like Orweb - which intends to anonymize network traffic as well as ensure that no browsing history is saved on the device. In this work, the researchers conducted experiments to examine if digital evidence could be reconstructed when the Orweb browser is used as a tool to hide web browsing activates on an Android smartphone. Examinations were performed on both a non-rooted and a rooted Samsung Galaxy S2 smartphone running Android 2.3.3. The results show that without rooting the device, no private web browsing traces through Orweb were found. However, after rooting the device, the researchers were able to locate Orweb browser history, and important corroborative digital evidence was found. © 2013 IEEE