Investigating Modern Communication Technologies: The effect of Internet-based Communication Technologies on the Investigation Process

Communication technologies are commonplace in modern society. For many years there were only a handful of communication technologies provided by large companies, namely the Public Switched Telephone Network (PSTN) and mobile telephony; these can be referred to as traditional communication technologies. Over the lifetime of traditional communication technologies has been little technological evolution and as such, law enforcement developed sound methods for investigating targets using them. With the advent of communication technologies that use the Internet – Internet-based or contemporary communication technologies – law enforcement are faced with many challenges. This paper discusses these challenges and their potential impact. It first looks at what defines the two technologies then explores the laws and methods used for their investigation. It then looks at the issues of applying the current methodologies to the newer and fundamentally different technology. The paper concludes that law enforcement will be required to update their methods in order to remain effective against the current technology trends

A hybrid feature selection for network intrusion detection systems: Central points

Network intrusion detection systems are an active area of research to identify threats that face computer networks. Network packets comprise of high dimensions which require huge effort to be examined effectively. As these dimensions contain some irrelevant features, they cause a high False Alarm Rate (FAR). In this paper, we propose a hybrid method as a feature selection, based on the central points of attribute values and an Association Rule Mining algorithm to decrease the FAR. This algorithm is designed to be implemented in a short processing time, due to its dependency on the central points of feature values with partitioning data records into equal parts. This algorithm is applied on the UNSW-NB15 and the NSLKDD data sets to adopt the highest ranked features. Some existing techniques are used to measure the accuracy and FAR. The experimental results show the proposed model is able to improve the accuracy and decrease the FAR. Furthermore, its processing time is extremely short

Identifying Non-Volatile Data Storage Areas: Unique Notebook Identification Information as Digital Evidence

The research reported in this paper introduces new techniques to aid in the identification of recovered notebook computers so they may be returned to the rightful owner. We identify non-volatile data storage areas as a means of facilitating the safe storing of computer identification information. A forensic proof of concept tool has been designed to test the feasibility of several storage locations identified within this work to hold the data needed to uniquely identify a computer. The tool was used to perform the creation and extraction of created information in order to allow the analysis of the non-volatile storage locations as valid storage areas capable of holding and preserving the data created within them. While the format of the information used to identify the machine itself is important, this research only discusses the insertion, storage and ability to retain such information

Voice over IP: Forensic Computing Implications

The issues faced by law enforcement authorities concerning VoIP are very different from that of traditional telephony. VoIP provides strong encryption and a decentralised databased network. Wiretapping is not applicable to VoIP calls and packet capturing is negated by encryption. New methods are required to collect evidence from systems running VoIP software. This paper presents work in progress and, based on a literature review of the field, explores a methodology that may be used to advance this research area

Development of an Ontology Based Forensic Search Mechanism: Proof of Concept

This paper examines the problems faced by Law Enforcement in searching large quantities of electronic evidence. It examines the use of ontologies as the basis for new forensic software filters and provides a proof of concept tool based on an ontological design. It demonstrates that efficient searching is produced through the use of such a design and points to further work that might be carried out to extend this concept