Showing papers in "Digital Investigation in 2005"

TL;DR: A multi-tier, hierarchical framework to guide digital investigations that includes objectives-based phases and sub-phases that are applicable to various layers of abstraction, and to which additional layers of detail can easily be added as needed.

TL;DR: The Windows Registry contains a wealth of information that can prove to be very valuable to the forensic investigator, but the key to accessing this information is to know where the information exists within not only the file system, but also within the structure of the Registry itself.

TL;DR: An accurate profile of an inside cyber criminal may help in identification both prospectively and retrospectively, especially for companies attempting to do away with cyber criminals inside their own walls.

TL;DR: A blind classification algorithm that uses hyper-dimensional geometric methods to model steganography-free jpeg images and provides superior anomaly detection compared to previous research, which increases Jsteg detection accuracy to 95%.

TL;DR: The OSI model's layered approach to networking can be used to help bring these two branches of network evidence together, organizing and reducing the complexity found in live network acquisition.

TL;DR: When a USB storage device, such as a thumb drive, is connected to a Windows system, several identifiers are created on the system that persist even after the system has been shut down.

TL;DR: A case study of an intrusion is outlined in which the victim organization worked with law enforcement agencies to apprehend the perpetrator and how effective case management and methodical reconstruction of events can help create a more complete picture of the crime.

TL;DR: This paper reviews the announcement that a group of cryptographers successfully generated two files with different contents that had the same MD5 hash and discusses the impact this discovery may have on the use ofMD5 hash functions for evidence authentication in the field of computer forensics.

TL;DR: It is shown how provenance can be corroborated by artefacts which indicate how a computer system was connected to the outside world and the capabilities that it provided to a user.

TL;DR: An overview of forensic software tools for Personal Digital Assistants (PDA) is given, giving a snapshot of the capabilities and limitations of present day tools, and also provides background information on PDA hardware and software.

TL;DR: The theory that digital forensics will become more like the traditional forensic community in the future, with analysts specialising in subsets of the media and file structures encountered is put forward.

TL;DR: This two-part article investigates the fascinating area of Trojan & network forensics and puts forward a set of processes to aid forensic practitioners in this complex and difficult area.

TL;DR: An investigation into the restoration of forensically acquired digital data to virtual hardware was undertaken to devise a methodology by which a subject operating system could be booted in a virtual environment to enable the investigator to experience the subject system in a controlled environment.

TL;DR: A prominent banking institution in the United States has submitted an application to have its Computer Forensics unit inspected as the first step towards attaining accreditation.

TL;DR: Windows administrators are using freeware tools and techniques to analyze the files and develop their own prevention and detection mechanisms for malware protection.

TL;DR: The purpose of this short essay is to provide a brief outline of 'trusted computing', and to illustrate some of the problems that may occur in the future.

TL;DR: Although the evidence resulting from more modern systems is more complex, and that analysts require more in-depth training to understand them, the rewards in terms of evidential probity can be considerable, enabling the analyst to produce evidence which in earlier systems was simply not there to be found.

TL;DR: The results of a survey of IT managers in New Zealand examining the state of awareness of IT management in NZ regarding the field of digital forensics in general and their state of preparation for protection of forensic data in the case of an event requiring forensic analysis are presented.

TL;DR: This paper looks at the basic concepts of disk spanning and it is looked at three Windows and Linux implementations.

TL;DR: Cyber forensic investigations occur in varying degrees throughout the fields of computer security and incident response, network forensics, and law enforcement investigations, yet in all contexts involve the recognition, recovery and reconstruction of investigatory leads and evidence.

TL;DR: The corporate world is slowly realising the importance and implications of computer based or digitally based evidence but many organisations believe that the challenges surrounding the can have a profound impact on business welfare.

TL;DR: The issues and challenges involved in the forensic acquisition and analysis of magnetic tapes are discussed and a basic methodology for determining the contents of a tape, acquiring tape files, and preparing them for forensic analysis is suggested.

TL;DR: Some of the issues that prevent the easy detection of Host Protected Areas on IDE drives are explained and a variety of methods which may enable examiners to reveal what may be overlooked evidence are discussed.

TL;DR: A controversy is brewing in the United States as to whether the magistrate who issues a computer search warrant can require the officer seeking the warrant to provide a protocol to be used in executing the search.

TL;DR: This case is remarkable for what it does not say: procedurally, how NOT to conduct a digital investigation, and substantively, what are the underlying lessons it offers forensic practitioners and society in general.

TL;DR: A number of techniques that are available to the forensic examiner are detailed, including the use of open Firmware to determine the date and time of the internal computer clock.

TL;DR: The Reality Mining project at MIT’s Media lab could enable others to predict your behaviour with almost perfect accuracy, thus destroying the shreds that remain of your personal privacy.