Digital Forensics and Cyber Crime: Second International ICST Conference ICDF2C 2010 Abu Dhabi, United Arab Emirates, October 4-6, 2010 Revised Selected Papers

This book contains a selection of thoroughly refereed and revised papers from the Second International ICST Conference on Digital Forensics and Cyber Crime, ICDF2C 2010, held October 4-6, 2010 in Abu Dhabi, United Arab Emirates. The field of digital forensics is becoming increasingly important for law enforcement, network security, and information assurance. It is a multidisciplinary area that encompasses a number of fields, including law, computer science, finance, networking, data mining, and criminal justice. The 14 papers in this volume descibe the various applications of this technology and cover a wide range of topics including law enforcement, disaster recovery, accounting frauds, homeland security, and information warfare.https://digitalcommons.newhaven.edu/electricalcomputerengineering-books/1004/thumbnail.jp

Line based hash analysis of source code infringement

Svein Yngvar Willassen provides an insight into the complexities of investigating lines of code for the purposes of establishing the theft of intellectual property rights and proposes a new method of investigation

Methods for Enhancement of Timestamp Evidence in Digital Investigations

This work explores how the evidential value of digital timestamps can be enhanced by taking a hypothesis based approach to the investigation of digital timestamps. It defines the concepts of clock hypotheses, timestamps and causality in digital systems. These concepts are utilized to develop methods that can be used in an investigation to test a clock hypothesis for consistency with timestamps found in an actual investigation, given causality between specific events occurring in the investigated system. Common storage systems are explored for the identification of causality between the events of information storage. By using a logic programming variant of predicate calculus, a formalism for modelling the relationship between events and timestamp updating is defined. This formalism can be used to determine invariants in digital systems. Invariants and causality relations can be used to check a clock hypothesis for consistency with timestamp evidence. These methods can be utilized in software for digital investigation. By checking the large number of timestamps typically occurring on a digital medium, the methods can assist with the justification of a clock hypothesis, and thereby increase the confidence in specific timestamps found during the investigation. Previously, the checking of timestamps has relied upon the existence of timestamps from other evidence sources. With the methods defined in this work, justification of timestamp interpretation can be achieved without having to rely on timestamps from other sources of evidence. The methods developed in this work were implemented in a clock hypothesis consistency checker. This checker was tested in an experiment where subjects were asked to antedate a document. The checker was found to be able to produce evidence supporting a hypothesis that the document was antedated

Forensics and the GSM mobile telephone system Abstract

The GSM system has become the most popular system for mobile communication in the world. Criminals commonly use GSM phones, and it is therefore a need for forensic investigators to understand which evidence can be obtained from the GSM system. This paper briefly explains the basics of the GSM system. Evidence items that can be obtained from the Mobile Equipment, the SIM and the core network are explored. Tools to extract such evidence from the components of the system exist, but there is a need to develop more sound forensic procedures and tools for extracting such evidence. The paper concludes with a short presentation on the future UMTS system, which largely builds on the design of GSM. With GSM, systems for mobile communication reached a global scale. In the western world, it seems everyone has their own mobile phone, and GSM has taken more and more of the market. GSM allows users to roam seamlessly between networks, and separate the user identity from the phone equipment. In addition the GSM system provides the functional basi