Showing papers on "Digital evidence published in 2011"

Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet

Abstract: Digital Evidence and Computer Crime, Third Edition provides the knowledge necessary to uncover and use digital evidence effectively in any kind of investigation. The widely-adopted first and second editions introduced thousands of students to this field and helped them deal with digital evidence. This completely updated edition provides the introductory materials that new students require, and also expands on the material presented in previous editions to help students develop these skills. The textbook teaches how computer networks function, how they can be involved in crimes, and how they can be used as a source of evidence. Additionally, this third edition includes updated chapters dedicated to networked Windows, Unix, and Macintosh computers, and Personal Digital Assistants. Ancillary materials include an Instructor's Manual and PowerPoint slides. * Provides a thorough explanation of how computers & networks function, how they can be involved in crimes, and how they can be used as evidence * Features coverage of the abuse of computer networks and privacy and security issues on computer networks

A New Approach of Digital Forensic Model for Digital Forensic Investigation

Abstract: The research introduces a structured and consistent approach for digital forensic investigation. Digital forensic science provides tools, techniques and scientifically proven methods that can be used to acquire and analyze digital evidence. The digital forensic investigation must be retrieved to obtain the evidence that will be accepted in the court. This research focuses on a structured and consistent approach to digital forensic investigation. This research aims at identifying activities that facilitate and improves digital forensic investigation process. Existing digital forensic framework will be reviewed and then the analysis will be compiled. The result from the evaluation will produce a new model to improve the whole investigation process.

Improving Chain of Custody in Forensic Investigation of Electronic Digital Systems

Abstract: Summary Forensic investigators should acquire and analyze large amount of digital evidence and submit to the court the technical truth about facts in virtual worlds. Since digital evidence is complex, diffuse, volatile and can be accidentally or improperly modified after acquired, the chain of custody must ensure that collected evidence can be accepted as truthful by the court. In this scenario, traditional paper-based chain of custody is inefficient and cannot guarantee that the forensic processes follow legal and technical principles in an electronic society. Computer forensics practitioners use forensic software to acquire copies or images from electronic devices and register associated metadata, like computer hard disk serial number and practitioner name. Usually, chain of custody software and data are insufficient to guarantee to the court the quality of forensic images, or guarantee that only the right person had access to the evidence or even guarantee that copies and analysis only were made by authorized manipulations and in the acceptable addresses. Recent developments in forensic software make possible to collect in multiple locations and analysis in distributed environments. In this work we propose the use of the new network facilities existing in Advanced Forensic Format (AFF), an open and extensible format designed for forensic tolls, to increase the quality of electronic chain of custody.

Live Data Mining Concerning Social Networking Forensics Based on a Facebook Session Through Aggregation of Social Data

Abstract: Social Networking Service (SNS) emerges to be one of the most promising directions of web applications regarding the next generation of Internet technology evolutions. Substantively, innumerable global on-line community members share common interests with each other via the User Generated Content (UGC) platforms. Facebook is one of them and it facilitates the social networking participants to deliver the digital contents to authorized consumers or specific groups. As cybercrimes mushroom in recent years, more and more digital crime investigations have strong relations to Facebook. Unarguably, Facebook has been exploited via global perpetrators. Consequently, we spotlight on live data acquisition within the RAM of the desktop PC with emphasis on some distinct strings that could be found in order to reconstruct the previous Facebook session, which plays an extremely precious role for the associate digital forensics investigators to incubate additional thoughtful decisions concerning the discovery of breadcrumb digital evidences in this unparalleled cybercrime incidents era.

An Ontological Approach to Study and Manage Digital Chain of Custody of Digital Evidence

Abstract: Chain of custody of digital evidence in digital forensic field are today essential part of digital investigation process. In order the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly, when, where, why and how came into contact with evidence in each stage of the digital investigations process. This paper deals with digital evidence and chain of custody of digital evidence. Authors definetaxonomy and use an ontological approach to manage chain of custody of digital evidence. The aim of this paper was to develop ontology to provide a new approach to study and better understand chain of custody of digital evidence . Additionally, developed ontology can be used as a method to further develop a set of standard and procedures for secure management with digital evidence.

On the Construction of a False Digital Alibi on the Android OS

Abstract: Digital evidence can determine either the conviction or acquittal of a suspect. In the latter case, such information constitutes a digital alibi. It has been recently shown how it is possible to set up a common PC in order to produce digital evidence in an automatic and systematic manner. Such traces are indistinguishable post-mortem from those left by human activity, thus being exploitable to forge a digital alibi. Modern smart phones are becoming more and more similar to PCs, due both to their computational power as well as their capacity to produce digital evidence, local or remote, which can assume a probative value. However, smart phones are still substantially different from common PCs, with OS limitations, lack of tools and so on, thus making it difficult to adopt the same techniques proposed for PCs to forge a digital alibi on a mobile device. In this paper novel techniques to create a false digital alibi on a smart phone equipped with the Android OS are presented. In particular, it is possible to simulate human interaction with a mobile device using a software automation, with the produced traces being indistinguishable post-mortem from those left by a real user. Moreover, it will be shown that advanced computer skills are not required to forge a digital alibi on an Android device, since some of the presented techniques can be easily carried out by non-savvy users. This emphasizes how the probative value of digital evidence should always be evaluated together with traditional investigation techniques.

Towards a Digital Forensic Readiness Framework for Public Key Infrastructure systems

Abstract: The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates [18]. PKI systems are today one of the most accepted and used technologies to enable successful implementation of information systems security services such as authentication and confidentiality. Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime [2][3]. A forensic investigation of digital evidence is commonly employed as a post-event response to a serious information security incident. In fact, there are many circumstances where an organization may benefit from an ability to gather and preserve digital evidence before an incident occurs. Digital forensic readiness enables an organization to maximize its potential to use digital evidence whilst minimizing the costs of an investigation [7]. The problem that this paper addresses is that there is no Digital Forensic Readiness Framework for PKI systems, thus not enabling an implementation of Digital Forensic Readiness measures to PKI systems. This paper focuses on defining the basic postulates of a Digital Forensic Readiness Framework for PKI systems. The authors investigate a model that can be proposed to accomplish this and also certain policies, guidelines and procedures which can be followed. When proposing the framework the authors take into account requirements for preserving or improving information security and not to interfere with the existing PKI systems' business processes.

The anti-forensics challenge

Abstract: Computer and Network Forensics has emerged as a new field in IT that is aimed at acquiring and analyzing digital evidence for the purpose of solving cases that involve the use, or more accurately misuse, of computer systems. Many scientific techniques, procedures, and technological tools have been evolved and effectively applied in this field. On the opposite side, Anti-Forensics has recently surfaced as a field that aims at circumventing the efforts and objectives of the field of computer and network forensics. The purpose of this paper is to highlight the challenges introduced by Anti-Forensics, explore the various Anti-Forensics mechanisms, tools and techniques, provide a coherent classification for them, and discuss thoroughly their effectiveness. Moreover, this paper will highlight the challenges seen in implementing effective countermeasures against these techniques. Finally, a set of recommendations are presented with further seen research opportunities.

Evaluation of some tools for extracting e-evidence from mobile devices

Abstract: In a digital world, even illegal behaviour and/or crimes may be termed as digital This world is increasing becoming mobile, where the basic computation and communication entities are Small Scale Digital Devices (SSDDs or S2D2s) such as ordinary mobile phones, personal digital assistants, smart phones and tablets The need to recover data, which might refer to unlawful and unethical activities gave rise to the discipline of mobile forensics, which has become an integral part of digital forensics Consequently, in the last few years there is an abundance of mobile forensics tools, both commercial and open-source ones, whose vendors and developers make various assertions about the capabilities and the performance of their tools The complexity and the diversity of both mobile devices and mobile forensics tools, coupled with the volatile nature of the digital evidence and the legal requirements of admissibility makes it difficult for forensics investigators to select the right tool Hence, we have evaluated UFED Physical Pro 1138 and XRY 50 following “Smartphone Tool Specifications Standard” developed by NIST, in order to start developing a framework for evaluating and referencing the “goodness” of the mobile forensic tools The experiments and the results of the research against the core smart phone tool specifications and their associated test findings are presented in such a way that it should make it easier for the prospective mobile forensic examiner select the most adequate tool for a specific case

Automated construction of a false digital alibi

Abstract: Recent legal cases have shown that digital evidence is becoming more widely used in court proceedings (by defense, accusation, public prosecutor, etc.). Digital tracks can be left on computers, phones, digital cameras as well as third party servers belonging to Internet Service Providers (ISPs), telephone providers and companies that provide services via Internet such as YouTube, Facebook and Gmail. This work highlights the possibility to set up a false digital alibi in a fully automatic way without any human intervention. A forensic investigation on the digital evidence produced cannot establish whether such traces have been produced through either human activity or by an automated tool. These considerations stress the difference between digital and physical - namely traditional - evidence. Essentially, digital evidence should be considered relevant only if supported by evidence collected using traditional investigation techniques. The results of this work should be considered by anyone involved in a Digital Forensics investigation, due to it demonstrating that court rulings should not be based only on digital evidence, with it always being correlated to additional information provided by the various disciplines of Forensics Sciences.

Acquisition and Analysis of Digital Evidence in Android Smartphones

Abstract: From an expert's standpoint, an Android phone is a large data repository that can be stored either locally or remotely. Besides, its platform allows analysts to acquire device data and evidence, collecting information about its owner and facts under investigation. This way, by means of exploring and cross referencing that rich data source, one can get information related to unlawful acts and its perpetrator. There are widespread and well documented approaches to forensic examining mobile devices and computers. Nevertheless, they are neither specific nor detailed enough to be conducted on Android cell phones. These approaches are not totally adequate to examine modern smartphones, since these devices have internal memories whose removal or mirroring procedures are considered invasive and complex, due to difficulties in having direct hardware access. The exam and analysis are not supported by forensic tools when having to deal with specific file systems, such as YAFFS2 (Yet Another Flash File System). Furthermore, specific features of each smartphone platform have to be considered prior to acquiring and analyzing its data. In order to deal with those challenges, this paper proposes a method to perform data acquisition and analysis of Android smartphones, regardless of version and manufacturer. The proposed approach takes into account existing techniques of computer and cell phone forensic examination, adapting them to specific Android characteristics, its data storage structure, popular applications and the conditions under which the device was sent to the forensic examiner. The method was defined in a broad manner, not naming specific tools or techniques. Then, it was deployed into the examination of six Android smartphones, which addressed different scenarios that an analyst might face, and was validated to perform an entire evidence acquisition and analysis.

The State of the Science of Digital Evidence Examination

Abstract: This paper examines the state of the science and the level of consensus in the digital forensics community regarding digital evidence examination. The results of this study indicate that elements of science and consensus are lacking in some areas and are present in others. However, the study is small and of limited scientific value. Much more work is required to evaluate the state of the science of digital evidence examination.

Automatic, Selective and Secure Deletion of Digital Evidence

Abstract: The secure deletion of sensitive data can improve user privacy in many contexts and, in some extreme circumstances, keeping some information private can determine the life or death of a person. In fact, there are still several countries where freedom of expression is limited by authoritarian regimes, with dissidents being persecuted by their government. Recently, some countries have begun to make an effort to aid these people to communicate in a secure way, thus helping them to gain freedom. In this context, the present work can be a contribution in spreading the free use of Internet and, in general, digital devices. In countries where freedom of expression is persecuted, a dissident who would like to spread (illegal) information by means of the Internet should take into account the need to avoid as many traces as possible of his activity, in order to mislead eventual forensics investigations. In particular, this work introduces a methodology to delete a predetermined data set from a digital device in a secure and fast way, for example, with a single click of the mouse. All the actions required to remove the unwanted evidence can be performed by means of an automation, which is also able to remove traces about its execution and presence on the system. A post-mortem digital forensics analysis of the system will never reveal any information that may be referable to either the deleted data set or automation process.

Secure Digital Chains of Evidence

Abstract: Computers, mobile phones, embedded devices and other components of IT systems can often be easily manipulated. Therefore, in forensic use of digital evidence it is necessary to carefully check that the probative force of the evidence is sufficient. For applications where critical processes can lead to disputes and resolving disputed relies on digital evidence one open question is how to build the system in a way that secure digital evidence is available. This paper introduces the notion of secure digital chains of evidence and proposes a high-level architecture for systems that can provide such chains of evidence. Finally, possible building blocks are explored for the realisation of a distributed and heterogeneous system with support for secure digital chains of evidence.

Research of Digital Evidence Forensics Standard Operating Procedure with Comparison and Analysis Based on Smart Phone

Abstract: In the recent years, the technologies develop rapidly. Mobile devices have become very important tools in the modern world. They combine many functions like OS, camera, video, internet, Bluetooth, calendar, address book, application. They contain copious personal information, high mobility and powerful hardware, so the crimes of smart phone increase rapidly. There are many kind of modus operandi increasing. Smart phone has become one of the high technical tools to commit a crime. In view of this, our research will discuss Smart-Phone Digital Evidence Forensics Standard Operating Procedure (Smart-Phone DEFSOP) which was proposed by Prof. I-Long, Lin. Our research will compare with the SOP which was proposed by National Institute of Standards and Technology (NIST). Finally, we will use trusted third party forensics tools to collect, analyze and examine digital evidences. In order to assist proof capacity of digital evidences in the court, we have to authenticate the i§integrityi¨, i§consistencyi¨ and i§precisioni¨ of the digital evidences.

Acquisition of digital evidence in android smartphones

Abstract: From an expert's perspective, an Android phone is a large data repository that can be stored either locally or remotely. Besides, its platform allows analysts to acquire device data, collecting information about its owner and facts that are under investigation. This way, by exploring and cross referencing that rich data source, one can get information related to unlawful acts and its perpetrator. There are widespread and well documented approaches to forensic examining mobile devices and computers. Nevertheless, they are not specific nor detailed enough to examine modern smartphones, since these devices have internal memories whose removal or mirroring procedures are considered invasive and complex, due to difficulties in having direct hardware access. Furthermore, specific features of each smartphone platform have to be considered prior to acquiring its data. In order to deal with those challenges, this paper proposes a method to perform data acquisition of Android smartphones, regardless of version and manufacturer. The proposed approach takes into account existing techniques of computer and cell phone forensic examination, adapting them to specific Android characteristics, its data storage structure, popular applications and the conditions under which the device was sent to the forensic examiner. The method was defined in a broad fashion, not naming specific tools or techniques. Then, it was deployed into the examination of six Android smartphones, addressing different scenarios that an analyst might face, and was validated to perform an entire evidence acquisition.

Evaluation of security methods for ensuring the integrity of digital evidence

Abstract: The omnipresence of e-services running on various instances of pervasive e-infrastructures that are fundamental to the contemporary information society generates an abundance of digital evidence. The evidence in a digital form stems from a myriad of sources ranging from stand alone computers and their volatile and non-volatile storages, to mobile small scale digital devices, network traffic, ever-present applications comprising social networks, ISP records, logs, Web pages, databases and both global and local information systems. The acquisition and the analysis of this evidence is crucial to understanding and functioning of the digital world, regardless of the positive or negative implications of the actions and the activities that generated the evidence. In the case of the later, when the evidence comes from illegal, illicit and malicious activities, the protection of digital evidence is of major concern for the law enforcement and legal institutions, namely for investigators and prosecutors. To protect the integrity of the digital evidence, a number of security methods are used. These methods differ in terms of performance, accuracy, security levels, computational complexity, potential errors and the statistical admissibility of the produced results, as well as the vulnerabilities to accidental or malicious modifications. The work presented deals with the evaluation of these security methods in order to study and understand their “goodness” and suitability to protect the integrity of the digital evidence. The immediate outcome of the evaluation is a set of recommendations to be considered for selecting the right algorithm to protect integrity of the digital evidence in general.

Digital profiling: a computer forensics approach

Abstract: Nowadays investigations have become more difficult than in the past. It is already clear that, in modern crime scene, a vast amount of evidence are in the electronic or digital form and that the computer system or network have a paramount role in researching of indicators and evidence. The correct analysis of log file and the data saved in the system memory, in this new scenario, are crucial for understanding the criminal actions. Moreover, in order to transform these new elements in evidence, it is important, as well, do not lose sight of the goal of the investigative process and namely identify the perpetrator, even in the cases in which the association of the criminal and of the computer, where crime has been committed, is difficult. This paper, under this prospective, aims to recognize an alternative investigation approach to traditional criminal profiling. Starting from digital evidence left on the computer system, this research suggests an analytic methodology useful to draw a compatible user digital profile in conjunctions to the evidence left on the system.

Search Warrants in an Era of Digital Evidence

Abstract: This Article contends that the legal rules regulating the search warrant process must be revised in light of the demands of digital evidence collection. Existing rules are premised on the one-step process of traditional searches and seizures: the police obtain a warrant to enter the place to be searched and retrieve the property named in the warrant. Computer technologies tend to bifurcate the process into two steps: the police first execute a physical search to seize computer hardware, and then later execute a second electronic search to obtain the data from the seized computer storage device. The failure of law to account for the two-stage process of computer searches and seizures has caused a great deal of doctrinal confusion, and makes it difficult (if not impossible) for the law to regulate the warrant process effectively. The Article concludes by offering a series of proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure to update the warrant process for the era of digital evidence.

The Law of Cybercrimes and Their Investigations

Abstract: Section I: Cybercrimes against the Digital Infrastructure and Computer Systems Crimes Involving the Use of Computers Introduction Federal Laws Governing Computer Crimes-Historical Development Federal Laws Governing Computer Crime-18 USC 1030 Case Applications New York's Computer Crime Law Key Words and Phrases Review Problems Weblinks Endnotes Information Warfare and Cyberterrorism What Is Information Warfare? Brown Commission Brian C. Lewis Martin C. Libicki Dorothy Denning What Is Cyberterrorism? Laws Regulating Information Warfare and Cyberterrorism Federal Laws State Laws Key Words or Phrases Review Problems Weblinks Endnotes Section II: Cybercrimes against Individuals Crimes against Morality Introduction Obscenity Crimes 18 USC 1462 18 USC 1465 18 USC 1466 18 USC 1466A 18 USC 1470 Case Law Pertaining to Online Obscenity Crimes Child Pornography Legislation Legislative History Current Child Pornography Laws 18 USC 2251: Sexual Exploitation of Children 18 USC 2252: Certain Activities Relating to Material Involving the Sexual Exploitation of Minors 18 USC 2252A: Certain Activities Relating to Material Constituting or Containing Child Pornography 18 USC 2425: Use of Interstate Facilities to Transmit Case Law Pertaining to Online Child Pornography Online Gambling Federal Law State Gambling Laws Key Words and Phrases Review Problems Weblinks Endnotes Crimes Threatening or Resulting in Physical or Mental Harm Introduction Sexual Predator Crimes 18 USC 2425: Use of Interstate Facilities to Transmit Information about a Minor Cyberstalking and Cyberharassment Legislation Federal Statutes Cases on Cyberstalking and Cyberharassment Judicial Interpretations of Federal Law Key Words and Phrases Review Problems Weblinks Internet Frauds Introduction Auction Fraud Ponzi and Pyramid Schemes Access Device Fraud What Is an Access Device? How Is an Access Device Fraud Committed? Electronic Fund Transfer Fraud Identity Theft and Fraud Identity Theft The Federal Identity Theft Crimes State Identity Theft Laws Cyberlaundering Other Fraudulent Schemes Key Words and Phrases Review Problems Weblinks Endnotes Section III: Crimes against Information Assets, and Data Privacy Data Privacy Crimes Introduction The Fair Credit Reporting Act (FCRA) The Fair and Accurate Credit Transactions Act (FACTA) The Gramm-Leach-Bliley Act (GLBA) The Health Insurance Portability and Accountability Act (HIPAA) After the Breach: Is There a Duty to Notify the Consumer That the Security of Their Data Has Been Compromised? Key Words and Phrases Review Problems Weblinks Endnotes Intellectual Property Fraud Introduction Criminal Copyright Infringement Software Piracy Key Words and Phrases Review Problems Weblinks Section IV: Investigation and Enforcement of Cybercrimes Search and Seizure: Beginning Principles Introduction Constitutional Principles The Fourth Amendment Reasonable Expectation of Privacy Workplace Searches Protection from Government Activity The Mere Evidence Rule Searches with and without a Warrant Consent Plain View Exigent Circumstances Incident to a Lawful Arrest Inventory Search Border Search Administrative Searches Automobile Exception Special Needs Exception Key Words and Phrases Review Problems Weblinks Endnotes Search and Seizure: Electronic Evidence Introduction Conducting the Search or Seizure Searches and Seizures without a Warrant Key Words and Phrases Review Problems Weblinks Wiretapping and Eavesdropping Introduction Statutes and Regulations Case Law Key Words and Phrases Review Problems Weblinks Access to Stored Communications Introduction Case Law Key Words and Phrases Review Problems Weblinks Pen Register, Trap and Trace, and GPS Devices Introduction Pen Register and Trap and Trace Devices Global Positioning Systems (GPSs) RFID Technology Key Words and Phrases Review Problems Weblinks Digital Evidence and Forensic Analysis Introduction Nature of Evidence Admissibility of Evidence Preservation of Evidence Chain of Custody Admissibility of Digital Evidence The Frye Test Frye Plus Daubert Test Expert Opinion Evidence Rules Requiring the Exclusion of Evidence Hearsay Rule Best Evidence Rule Key Words and Phrases Review Problems Weblinks International Issues Involving the Investigation and Prosecution of Cybercrime Introduction Jurisdiction Extraterritorial Application of Criminal Laws International Enforcement and Cooperation Letters Rogatory Mutual Legal Assistance Treaty Extradition Treaty Council of Europe Convention on Cybercrime Key Words and Phrases Review Problems Weblinks References Index

New Model for Cyber Crime Investigation Procedure

Abstract: In this paper, we presented a new model for cyber crime investigation procedure which is as follows: readiness phase, consulting with profiler, cyber crime classification and investigation priority decision, damaged cyber crime scene investigation, analysis by crime profiler, suspects tracking, injurer cyber crime scene investigation, suspect summon, cyber crime logical reconstruction, writing report. Computer forensics emerged in response to the escalation of crimes committed by the use of computer systems either as an object of crime, an instrument used to commit a crime or a repository of evidence related to a crime. Computer forensics can be traced back to as early as 1984 when the FBI laboratory and order law enforcement agencies begun developing programs to examine computer evidence. Digital forensics has been defined as the use of scientifically derived and proven methods towards the preservation, collection, validation, identification, analysis, interpretation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be crime or helping to anticipate the unauthorized actions shown to be disruptive to planned operations. Digital evidence includes computer evidence, digital audio, digital video, cell phones, digital fax machines etc. The U.S. Department of Justice published a process model in the Electronic Crime Scene Investigation: A guide to first responders that consists of four phases: collection, examination, analysis, reporting. The analysis phase of this model is improperly defined and ambiguous. Brian Carrier (5) proposed integrated digital investigation process. It (5) was consisted of 5 phase like readiness phase, deployment phase, physical crime scene investigation phase, cyber crime scene investigation phase, review phase. The Brian Carrier (5) procedure didn't include which classifying cyber crime and deciding investigation priority, psychological profiling investigation method, and so on. In this paper, we presented a new model for cyber crime investigation procedure. The proposed procedure model is as follows readiness phase, consulting with profiler, cyber crime classification and investigation priority decision, damaged cyber crime scene investigation, analysis by crime profiler, suspects tracking, injurer cyber crime scene investigation, suspect summon, cyber crime logical reconstruction, writing report. This paper presented a new methodology of a digital forensic investigation procedure. Section 2 shows previous cyber crime investigation model. We present our method for cyber crime investigation procedure model in section 3.

Traceability in digital forensic investigation process

Abstract: Digital forensic is part of forensic science that implicitly covers crime that is related to computer technology. In a cyber crime, digital evidence investigation requires a special procedures and techniques in order to be used and be accepted in court of law. Generally, the goals of these special processes are to identify the origin of the incident reported as well as maintaining the chain of custody so that the legal process can take its option. Subsequently, the traceability process has become a key or an important element of the digital investigation process, as it is capable to map the events of an incident from difference sources in obtaining evidence of an incident to be used for other auxiliary investigation aspects. Hence, this paper introduces a trace map model to illustrate the relationship in the digital forensic investigation process by adapting and integrating the traceability features. The objective of this integration is to provide the capability of trace and map the evidence to the sources and shows the link between the evidence, the entities and the sources involved in the process, particularly in the collection phase of digital forensic investigation framework. Additionally, the proposed model is expected to help the forensic investigator in obtaining accurate and complete evidence that can be further used in a court of law.

Towards machine-assisted formal procedures for the collection of digital evidence

Abstract: The nature of computer crimes has systematically evolved with the progress of computer technologies. Due to the complexity of forensic investigations, the design of new techniques and tools for speeding up and automating tasks required by digital forensic processes has become a challenging task. In particular, the collection of (live) digital evidence is a delicate work that requires special care and proved investigator skills. This work presents a framework for the specification of collection procedures based on an extension of the OVAL language and describes a tool that has been implemented to automate the execution of those procedures.

Guidelines for the digital forensic processing of smartphones

Abstract: Today Smartphone devices are widespread and they hold a number of types of information about the owner and their activities As a result of the widespread adoption of these devices into every aspect of our lives they can be involved in almost any crime The aim of digital forensics of Smartphone devices is to recover the digital evidence in a forensically sound manner so that the digital evidence can be presented and accepted in court The digital forensic process consists of four phases which are preservation, acquisition, examination/analysis and finally presentation In this paper we look at various types of crime and their associated digital evidence The digital forensics process of the Smartphone devices is discussed and, this paper also contains recommended guidelines and procedures for how to perform the phases of the digital forensics process on Smartphone devices Finally, a description of some challenges that may be faced in this field is given

A Discussion of Visualization Techniques for the Analysis of Digital Evidence

Abstract: Digital crimes are increasing, so is the need for improvements in digital forensics. With the growth of storage capacity these digital forensic investigations are getting more difficult. Visualization allows for displaying big amounts of data at once, so a foresic investigator is able to maintain an overlook about the whole case. Through zooming it is possible to analyze interesting parts of evidence without losing the general view. This paper gives an overview of data classification, data sources and a classification of available techniques. Different state of the art tools for visualization of frequency, timelines, e-mails and logging data are discussed. Further details on how these tools support the digital forensics progress through visualization are given. Finally a comparison between conventional approaches and visualization techniques is presented. The benefit for the reader is to get a quick overview of the state-of-the-art of visualization techniques for processing digital evidence.