Showing papers on "Digital evidence published in 2018"

Advancing Regulatory Science With Computational Modeling for Medical Devices at the FDA's Office of Science and Engineering Laboratories

Abstract: Protecting and promoting public health is the mission of the U.S. Food and Drug Administration (FDA). FDA's Center for Devices and Radiological Health (CDRH), which regulates medical devices marketed in the U.S., envisions itself as the world's leader in medical device innovation and regulatory science-the development of new methods, standards, and approaches to assess the safety, efficacy, quality, and performance of medical devices. Traditionally, bench testing, animal studies, and clinical trials have been the main sources of evidence for getting medical devices on the market in the U.S. In recent years, however, computational modeling has become an increasingly powerful tool for evaluating medical devices, complementing bench, animal and clinical methods. Moreover, computational modeling methods are increasingly being used within software platforms, serving as clinical decision support tools, and are being embedded in medical devices. Because of its reach and huge potential, computational modeling has been identified as a priority by CDRH, and indeed by FDA's leadership. Therefore, the Office of Science and Engineering Laboratories (OSEL)-the research arm of CDRH-has committed significant resources to transforming computational modeling from a valuable scientific tool to a valuable regulatory tool, and developing mechanisms to rely more on digital evidence in place of other evidence. This article introduces the role of computational modeling for medical devices, describes OSEL's ongoing research, and overviews how evidence from computational modeling (i.e., digital evidence) has been used in regulatory submissions by industry to CDRH in recent years. It concludes by discussing the potential future role for computational modeling and digital evidence in medical devices.

Novel digital forensic readiness technique in the cloud environment

Abstract: This paper examines the design and implementation of a feasible technique for performing Digital Forensic Readiness (DFR) in cloud computing environments. The approach employs a modified obfuscated...

Digital Forensics: Review of Issues in Scientific Validation of Digital Evidence

Abstract: Digital forensics is a vital part of almost every criminal investigation given the amount of information available and the opportunities offered by electronic data to investigate and evidence a crime. However, in criminal justice proceedings, these electronic pieces of evidence are often considered with the utmost suspicion and uncertainty, although, on occasions are justifiable. Presently, the use of scientifically unproven forensic techniques are highly criticized in legal proceedings. Nevertheless, the exceedingly distinct and dynamic characteristics of electronic data, in addition to the current legislation and privacy laws remain as challenging aspects for systematically attesting evidence in a court of law. This article presents a comprehensive study to examine the issues that are considered essential to discuss and resolve, for the proper acceptance of evidence based on scientific grounds. Moreover, the article explains the state of forensics in emerging sub-fields of digital technology such as, cloud computing, social media, and the Internet of Things (IoT), and reviewing the challenges which may complicate the process of systematic validation of electronic evidence. The study further explores various solutions previously proposed, by researchers and academics, regarding their appropriateness based on their experimental evaluation. Additionally, this article suggests open research areas, highlighting many of the issues and problems associated with the empirical evaluation of these solutions for immediate attention by researchers and practitioners. Notably, academics must react to these challenges with appropriate emphasis on methodical verification. Therefore, for this purpose, the issues in the experiential validation of practices currently available are reviewed in this study. The review also discusses the struggle involved in demonstrating the reliability and validity of these approaches with contemporary evaluation methods. Furthermore, the development of best practices, reliable tools and the formulation of formal testing methods for digital forensic techniques are highlighted which could be extremely useful and of immense value to improve the trustworthiness of electronic evidence in legal proceedings.

On digital forensic readiness in the cloud using a distributed agent-based solution : issues and challenges

Abstract: The need to perform digital investigations has, over the years, led to the exponential growth of the field of Digital Forensics (DF). However, quite a number of challenges face the act of proving – for purposes of Digital Forensic Readiness (DFR) – that an electronic event has occurred in cyberspace. The problem that this research addresses involves the challenges faced when an Agent-Based Solution (ABS) is used in the cloud to extract Potential Digital Evidence (PDE) for DFR purposes. Throughout the paper the authors have modified the functionality of an initially malicious botnet to act as a distributed forensic agent to conduct this process. The paper focuses on the general, technical and operational challenges that are encountered when trying to achieve DFR in the cloud environment. The authors finally propose a contribution by assessing the possible solutions from a general, technical and operational point of view.

A Fog-Based Digital Forensics Investigation Framework for IoT Systems

Abstract: The increasing number of IoT devices is prompting the need to investigate digital forensic techniques that can be efficiently applied to solve computer-related crimes involving IoT devices. In digital forensics, it is common for forensic investigators to consider computing hardware and operating systems for forensic data acquisition. However, applying current forensic data acquisition techniques for further digital evidence analysis may not be applicable to some IoT devices. It is becoming increasingly challenging to determine what type of data should be collected from IoT devices and how traces from such devices can be leveraged by forensic investigators. In this paper, we introduce a fog-based IoT forensic framework (FoBI) that attempts to address the key challenges associated with digital IoT forensics. Throughout this paper, we discuss the overall architecture, use cases and implementation details of FoBI. We further use our FoBI framework to provide insights on improving the digital forensics processes involving IoT systems.

CFaaS: bilaterally agreed evidence collection

Abstract: A common cloud forensic model proposed by researchers is `Cloud-Forensic-as-a-Service' where consumers have to access it as a service to collect forensic data from cloud environments. The `Cloud-Forensic-as-a-Service' model raises the question of how it collects digital evidence pertaining to an incident which occurred in the cloud. Currently, types of `Cloud-Forensic-as-a-Service' systems in the literature show that the system is controlled and implemented by the cloud provider, where they unilaterally define the type of evidence that can be collected by the system. A serious limitation of this approach is that it does not offer the consumer sufficient means of performing reasonableness checks to verify that the provider is not accidentally or maliciously contaminating the evidence. To address the problem, the paper proposes a conceptual bilateral Cloud-Forensic-as-a-Service model where both consumers and providers can independently collect, verify the equity of the forensic analysis process and try to resolve potential disputes emerging from the independently collected results. The authors have developed a cloud forensic process model to lead common and significant aspects of a bilateral Cloud-Forensics-as-a-Service model. The paper explicitly discusses the concept of a bilateral Cloud-Forensic-as-a-Service model.

Adding Digital Forensic Readiness as a Security Component to the IoT Domain

Abstract: The unique identities of remote sensing, monitoring, self-actuating, self–adapting and self-configuring “things” in Internet of Things (IoT) has come out as fundamental building blocks for the development of “smart environments”. This experience has begun to be felt across different IoT-based domains like healthcare, surveillance, energy systems, home appliances, industrial machines, smart grids and smart cities. These developments have, however, brought about a more complex and heterogeneous environment which is slowly becoming a home to cyber attackers. Digital Forensic Readiness (DFR) though can be employed as a mechanism for maximizing the potential use of digital evidence while minimizing the cost of conducting a digital forensic investigation process in IoT environments in case of an incidence. The problem addressed in this paper, therefore, is that at the time of writing this paper, there still exist no IoT architectures that have a DFR capability that is able to attain incident preparedness across IoT environments as a mechanism of preparing for post-event response process. It is on this premise, that the authors are proposing an architecture for incorporating DFR to IoT domain for proper planning and preparing in the case of security incidents. It is paramount to note that the DFR mechanism in IoT discussed in this paper complies with ISO/IEC 27043: 2015, 27030:2012 and 27017: 2015 international standards. It is the authors’ opinion that the architecture is holistic and very significant in IoT forensics.

Towards an Integrated Digital Forensic Investigation Framework for an IoT-Based Ecosystem

Abstract: Internet of Things (IoT) is a relatively new wave of technology that is increasingly becoming popular in many different organisations globally In essence, IoT is synonymous to networking technology, which allows individuals to connect to different devices in order to facilitate easy sharing of resources as well as communication However, the one major difference between computer networking technology and IoT is the heterogeneity of data involved and distributed nature of IoT that involves self-actuating devices Furthermore, the heterogeneity and distributed nature of IoT further brings complexity of the IoT ecosystem For this reason, IoT ecosystem presents a big challenge to both Digital Forensic (DF) investigators and Law Enforcement Agencies (LEAs) when trying to implement DF techniques What makes digital forensic investigations even harder in IoT ecosystem is its vastness and the rapidity with which it is expanding globally This paper, thus, proposes an Integrated Digital Forensic Investigation Framework (IDFIF-IoT) for an IoT ecosystem which is an extension of an initially proposed generic Digital Forensic Investigation Framework for Internet of Things (DFIF-IoT) Note that, the main emphasis in this paper is on proposing an integrated framework with acceptable digital forensic techniques that are able to analyse Potential Digital Evidence (PDE) from the IoT-based ecosystem that may be used to prove a fact

Data acquisition techniques in mobile forensics

Abstract: The use of mobile phones has seen a remarkable increase since the past decade. However with an increase in use, mobile phones have now become a potential source for criminal activities. There is a need to examine these mobile devices in order to acquire evidence and gain meaningful insights from them. Mobile forensics is the branch of digital forensics which aims at investigating the digital evidence recovered from a cell phone that can provide a wealth of information in a forensically sound manner. The market is flooded with open source and proprietary mobile phone operating systems as a result of which the techniques and tools that are currently available fail to gain complete insight from the devices, and finding the appropriate tool is a challenge. This paper explores the logical and physical acquisition techniques that are being used by forensic examiners and hence provide a comparative study of which technique provides a better approach in acquiring the digital evidence on mobile phones. Additionally we perform an experimental study on Samsung Galaxy Grand Duos GT-I9082 android smartphone and try acquiring the evidence based on the best performing technique from the above comparison.

Research on Digital Forensic Readiness Design in a Cloud Computing-Based Smart Work Environment

Abstract: Recently, the work environments of organizations have been in the process of transitioning into smart work environments by applying cloud computing technology in the existing work environment. The smart work environment has the characteristic of being able to access information assets inside the company from outside the company through cloud computing technology, share information without restrictions on location by using mobile terminals, and provide a work environment where work can be conducted effectively in various locations and mobile environments. Thus, in the cloud computing-based smart work environment, changes are occurring in terms of security risks, such as an increase in the leakage risk of an organization’s information assets through mobile terminals which have a high risk of loss and theft and increase the hacking risk of wireless networks in mobile environments. According to these changes in security risk, the reactive digital forensic method, which investigates digital evidence after the occurrence of security incidents, appears to have a limit which has led to a rise in the necessity of proactive digital forensic approaches wherein security incidents can be addressed preemptively. Accordingly, in this research, we design a digital forensic readiness model at the level of preemptive prevention by considering changes in the cloud computing-based smart work environment. Firstly, we investigate previous research related to the cloud computing-based smart work environment and digital forensic readiness and analyze a total of 50 components of digital forensic readiness. In addition, through the analysis of the corresponding preceding research, we design seven detailed areas, namely, outside the organization environment, within the organization guideline, system information, terminal information, user information, usage information, and additional function. Then, we design a draft of the digital forensic readiness model in the cloud computing-based smart work environment by mapping the components of digital forensic readiness to each area. To verify the draft of the designed model, we create a survey targeting digital forensic field-related professionals, analyze their validity, and deduce a digital forensic readiness model of the cloud computing-based smart work environment consisting of seven detailed areas and 44 components. Finally, through an analytic hierarchy process analysis, we deduce the areas that should be emphasized compared to the existing work environment to heighten the forensic readiness in the cloud computing-based smart work environment. As a result, the weightings of the terminal information Universal Subscriber Identity Module(USIM) card, collect/gain virtual machine image, etc.), user information (user account information analysis, analysis of user’s used service, etc.), and usage information (mobile OS artifact timeline analysis, action analysis through timeline, etc.) appear to be higher than those of the existing work environment. This is analyzed for each organization to preemptively prepare for the components of digital forensic readiness in the corresponding areas.

Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method

Abstract: The growth of Android-based smartphone users to access media in communicating using Instagram social media is very fast. Activities are carried out when using Instagram social media in communicating to share information such as sending chat texts and pictures. A large number of Instagram users make this application vulnerable to abuse of Instagram such as pornography crimes from Instagram users. This case can be forensic to get digital evidence in the form of chat text and pictures from Instagram messenger is a feature of Instagram. The investigation in this study uses the National Institute of Standards and Technology (NIST) method which provides several stages of collecting, examining, analyzing, reporting while forensic tools use forensic oxygen and axiom magnets. The results of the recovery and comparison of data result using Oxygen forensics and Axiom Magnets obtained digital evidence in the form of data in the form of images and chat. The data obtained by Magnet Axiom is 100% while forensic oxygen is 84%. These data are the results of the performance of both forensic applications in obtaining digital evidence that has been deleted from the Instagram messenger.

Lightweight and Manageable Digital Evidence Preservation System on Bitcoin

Abstract: An effective and secure system used for evidence preservation is essential to possess the properties of anti-loss, anti-forgery, anti-tamper and perfect verifiability. Traditional architecture which relies on centralized cloud storage is depressingly beset by the security problems such as incomplete confidence and unreliable regulation. Moreover, an expensive, inefficient and incompatible design impedes the effort of evidence preservation. In contrast, the decentralized blockchain network is qualified as a perfect replacement for its secure anonymity, irrevocable commitment, and transparent traceability. Combining with subliminal channels in blockchain, we have weaved the transaction network with newly designed evidence audit network. In this paper, we have presented and implemented a lightweight digital evidence-preservation architecture which possesses the features of privacy-anonymity, audit-transparency, function-scalability and operation-lightweight. The anonymity is naturally formed from the cryptographic design, since the cipher evidence under encrypted cryptosystem and hash-based functions leakages nothing to the public. Covert channels are efficiently excavated to optimize the cost, connectivity and security of the framework, transforming the great computation power of Bitcoin network to the value of credit. The transparency used for audit, which relates to the proof of existence, comes from instant timestamps and irreversible hash functions in mature blockchain network. The scalability is represented by the evidence chain interacted with the original blockchain, and the extended chains on top of mainchain will cover the most of auditors in different institutions. And the lightweight, which is equal to low-cost, is derived from our fine-grained hierarchical services. At last, analyses of efficiency, security, and availability have shown the complete accomplishment of our system.

Experimental Analysis of Web Browser Sessions Using Live Forensics Method

Abstract: In today's digital era almost every aspect of life requires the internet, one way to access the internet is through a web browser. For security reasons, one developed is private mode. Unfortunately, some users using this feature do it for cybercrime. The use of this feature is to minimize the discovery of digital evidence. The standard investigative techniques of NIST need to be developed to uncover an ever-varied cybercrime. Live Forensics is an investigative development model for obtaining evidence of computer usage. This research provides a solution in forensic investigation effectively and efficiently by using live forensics. This paper proposes a framework for web browser analysis. Live Forensics allows investigators to obtain data from RAM that contains computer usage sessions.

Weighted Forensics Evidence Using Blockchain

Abstract: When digital evidence is presented in front of a court of law, it is seldom associated with a scientific evaluation of its relevance, or significance. When experts are challenged about the validity of the digital evidence, the general answer is "yes, to a reasonable degree of scientific certainty". Which means all and nothing at the same time, since no scientific metric is volunteered. In this paper we aim at providing courts of law with weighted digital evidence. Each digital evidence is assigned with a confidence rating that eventually helps juries and magistrates in their endeavor. This paper presents a novel methodology in order to: -Provide digital forensics experts with the ability to form a digital evidence chain, the Digital Evidence Inventory (DEI), in a way similar to an evidence "block chain", in order to capture evidence; -Give experts the ability to rate the level of confidence for each evidence in a Forensics Confidence Rating (FCR) structure; -Provide experts with a Global Digital Timeline (GDT) to order evidence through time. As a result, this methodology provides courts of law with sound digital evidences, having a confidence level expressed in metrics and ordered through a timeline. The objective of this work is to add a reliable pinch of scientific certainty when dealing with digital evidence.

Electromagnetic side-channel attacks: potential for progressing hindered digital forensic analysis

Abstract: Digital forensics is fast-growing field involving the discovery and analysis of digital evidence acquired from electronic devices to assist investigations for law enforcement Traditional digital forensic investigative approaches are often hampered by the data contained on these devices being encrypted Furthermore, the increasing use of IoT devices with limited standardisation makes it difficult to analyse them with traditional techniques This paper argues that electromagnetic side-channel analysis has significant potential to progress investigations obstructed by data encryption Several potential avenues towards this goal are discussed

Digital Evidence and War Crimes Prosecutions: The Impact of Digital Technologies on International Criminal Investigations and Trials

Abstract: As technology develops, new tools are continually being introduced that alter the nature and availability of courtroom evidence. The proliferation, connectivity, and capabilities of camera- embedded and internet-enabled mobile devices, which record far more information about people’s activities and communications than ever before, are transforming the way criminal investigators and prosecutors collect, evaluate, and present evidence at trial. This is particularly true in international criminal trials, where prosecutors must present a voluminous and varied body of evidence to prove multiple charges related to complex conflicts. It is the prosecutor’s job to present evidence in a way that assists the fact-finder in evaluating its significance and understanding how it fits into the greater narrative. In cases involving war crimes, crimes against humanity, and genocide, a large quantity and diversity of evidence is necessary to explain the context of the conflict and to prove the requisite elements of crimes and modes of liability. By examining the evidence and presentation techniques used in recent cases before international criminal courts, this article illustrates how war crimes prosecutions are evolving to meet the challenges and advantages of modern times. Part II explains the applicable law and describes how the use of emerging types of evidence in international criminal cases has expanded and been refined over the years. Part III analyzes three exceptional, yet emblematic cases from 2016, which call attention to an important trend that is predictive of the future use of digital evidence in war crimes prosecutions. Part IV discusses cases on the horizon and what these technological developments mean for members of the international justice community.

Identifikasi Bukti Digital WhatsApp pada Sistem Operasi Proprietary Menggunakan Live Forensics

Abstract: R apid development of computer technology is also accompanied with increasing of cybercrime. One of the most common crimes is fraud case in the online shop. This crime abuses Whatapps, one of the most popular Instant Messenger (IM) applications. WhatsApp is one of the IM applications that can be used on computers, especially on windows 8.1 operating system. All applications running on the computer leave data and information on Random Access Memory (RAM). The data and information that exist in RAM can be obtained using digital forensic technique called Live Forensics. Live forensics can be used when the computer is running and connected to the network. This research aims to find digital evidence related to online shop fraud case. The digital evidence can be obtained using one of the forensic tools FTK Imager. FTK Imager can retrieve and analyze data and information on RAM. The results obtained in this research is the content of WhatsApp conversations that can be used as digital evidence to reveal a fraud in the online shop.

Deduplicated Disk Image Evidence Acquisition and Forensically-Sound Reconstruction

Abstract: The ever-growing backlog of digital evidence waiting for analysis has become a significant issue for law enforcement agencies throughout the world. This is due to an increase in the number of cases requiring digital forensic analysis coupled with the increasing volume of data to process per case. This has created a demand for a paradigm shift in the method that evidence is acquired, stored, and analyzed. The ultimate goal of the research presented in this paper is to revolutionize the current digital forensic process through the leveraging of centralized deduplicated acquisition and processing approach. Focusing on this first step in digital evidence processing, acquisition, a system is presented enabling deduplicated evidence acquisition with the capability of automated, forensically-sound complete disk image reconstruction. As the number of cases acquired by the proposed system increases, the more duplicate artifacts will be encountered, and the more efficient the processing of each new case will become. This results in a time saving for digital investigators, and provides a platform to enable non-expert evidence processing, alongside the benefits of reduced storage and bandwidth requirements.

Digital Evidence Analytics Applied in Cybercrime Investigations

Abstract: With the increase in the number of computer crimes, law enforcement agencies in the field of digital forensics are expected to investigate more cases than before. Due to the complexity of digital forensic tasks, various investigation models have been developed to provide different points of view in abstract processes, specific activities, or practical tools. However, the integration of these points of view is rarely discussed. Hence, this study proposes a four-phase open-source fusion framework to address these issues. Furthermore, this work also evaluates the state-of-the-art open-source forensic tools and suggests the appropriate ones that are efficient in the investigation in each corresponding phase. The toolkits are considered in the context of digital evidence analytics, and help LEAs reconstruct the cybercrime scenario.

Digital Stratigraphy: Contextual Analysis of File System Traces in Forensic Science

Abstract: This work introduces novel methods for conducting forensic analysis of file allocation traces, collectively called digital stratigraphy. These in-depth forensic analysis methods can provide insight into the origin, composition, distribution, and time frame of strata within storage media. Using case examples and empirical studies, this paper illuminates the successes, challenges, and limitations of digital stratigraphy. This study also shows how understanding file allocation methods can provide insight into concealment activities and how real-world computer usage can complicate digital stratigraphy. Furthermore, this work explains how forensic analysts have misinterpreted traces of normal file system behavior as indications of concealment activities. This work raises awareness of the value of taking the overall context into account when analyzing file system traces. This work calls for further research in this area and for forensic tools to provide necessary information for such contextual analysis, such as highlighting mass deletion, mass copying, and potential backdating.

A Forensic Enabled Data Provenance Model for Public Cloud

Abstract: Cloud computing is a newly emerging technology where storage, computation and services are extensively shared among a large number of users through virtualization and distributed computing. This technology makes the process of detecting the physical location or ownership of a particular piece of data even more complicated. As a result, improvements in data provenance techniques became necessary. Provenance refers to the record describing the origin and other historical information about a piece of data. An advanced data provenance system will give forensic investigators a transparent idea about the data’s lineage, and help to resolve disputes over controversial pieces of data by providing digital evidence. In this paper, the challenges of cloud architecture are identified, how this affects the existing forensic analysis and provenance techniques is discussed, and a model for efficient provenance collection and forensic analysis is proposed.

Advances in Forensic Data Acquisition

Abstract: Editor’s note: You all know this from watching CSI: When a crime is committed, usually some form of digital evidence is left on devices such as computers, mobile phones, or the navigation system of a car a suspect has used. Indeed, law enforcement agencies are regularly interested in data from personal devices to find evidence, guide investigations, or even act as proof in a court of law. This tutorial article by Felix Freiling et al. mentions the San Bernadino case as a prominent example. But how do police investigators go about accessing this evidence? Is what is shown on TV realistic? Whereas, in times of classical hard disks, accessing data was quite easy due to the non- volatility of the memory device. However, this is getting increasingly difficult because of developing technologies like SSDs, other forms of flash storage, and, in particular, for volatile memory such as RAM, with the major problem being to read out data while guarding “authenticity.” In the past ten years, there has been some substantial development in the area of forensic data acquisition, which is summarized by the article. It gives clear indications of what currently can be technically done and what cannot be done by police investigators. So, if you watch CSI again and the cops need to access some digital evidence, you can tell truth from fiction. —Jurgen Teich, Friedrich-Alexander-Universitat Erlangen-Nurnberg

Comparative Evaluation of Mobile Forensic Tools

Abstract: The rapid rise in the technology today has brought to limelight mobile devices which are now being used as a tool to commit crime. Therefore, proper steps need to be ensured for Confidentiality, Integrity, Authenticity and legal acquisition of any form of digital evidence from the mobile devices. This study evaluates some mobile forensic tools that were developed mainly for mobile devices memory and SIM cards. An experiment was designed with five android phones with different Operating System. Four tools were used to find out the capability and efficiency of the tools when used on the sampled phones. This would help the forensic investigator to know the type of tools that will be suitable for each phone to be investigated for acquiring digital evidence. The evaluation result showed that AccessData FTK imager and Paraben device seizure performs better than Encase and Mobiledit. The experimental result shows that, Encase could detect the unallocated space on the mobile deice but could retrieve an deleted data.

A Strategic Model for Forensic Readiness

Abstract: Forensic readiness has been defined as: ‘…the capability of an organisation to use digital evidence in a forensic investigation’. For businesses, especially medium or small enterprises, gaining this capability can seem time consuming and expensive: it may involve a number of processes, it may require new hardware and software and people with specialised skill sets may need to be hired in order to implement any plan. Yet developing and maintaining a forensic readiness capability is vital in the digital age. Fraud and cybercrime cost almost £11bn in the UK alone last year. Across the European Union, the national annual cost of cybercrime now accounts for 0.41% of GDP. Recent figures have also shown that up to 62% of digital incidents are caused by insiders, either accidentally or knowingly. An astonishing 91% of cybersecurity attacks begin with a single email. This research proposes a structured, strategic approach to forensic readiness for businesses that is economic to implement and run. It is based on people and processes rather than complex electronic systems. Key to this approach is a firm’s best asset - its own staff. It is theorised that the foundation stone of forensic readiness is a strong internal security culture. In order to achieve this aim, a unique, scalable model for efficient and inclusive planning is put forward with a reporting construct which aims to assure company-wide involvement.