scispace - formally typeset
Search or ask a question

Showing papers on "Digital evidence published in 2022"


Journal ArticleDOI
TL;DR: In this paper , the current state-of-the-art digital forensics concepts in existing research, sheds light on research gaps, presents a detailed introduction of different computer forensic domains and forensic toolkits used for computer forensics in the current era.
Abstract: With the alarmingly increasing rate of cybercrimes worldwide, there is a dire need to combat cybercrimes timely and effectively. Cyberattacks on computing machines leave certain artifacts on target device storage that can reveal the identity and behavior of cyber-criminals if processed and analyzed intelligently. Forensic agencies and law enforcement departments use several digital forensic toolkits, both commercial and open-source, to examine digital evidence. The proposed research survey focuses on identifying the current state-of-the-art digital forensics concepts in existing research, sheds light on research gaps, presents a detailed introduction of different computer forensic domains and forensic toolkits used for computer forensics in the current era. The proposed survey also presents a comparative analysis based on the tool’s characteristics to facilitate investigators in tool selection during the forensics process. Finally, the proposed survey identifies and derives current challenges and future research directions in computer forensics.

23 citations


Journal ArticleDOI
TL;DR: A conceptual model for smart digital forensic readiness of organizations with shadow IoT devices is developed, which will serve as a prototype for IoT device identification, IoT device monitoring, as well as digital potential evidence capturing and preservation for forensic readiness.
Abstract: Internet of Things (IoT) is the network of physical objects for communication and data sharing. However, these devices can become shadow IoT devices when they connect to an existing network without the knowledge of the organization’s Information Technology team. More often than not, when shadow devices connect to a network, their inherent vulnerabilities are easily exploited by an adversary and all traces are removed after the attack or criminal activity. Hence, shadow connections pose a challenge for both security and forensic investigations. In this respect, a forensic readiness model for shadow device-inclusive networks is sorely needed for the purposes of forensic evidence gathering and preparedness, should a security or privacy breach occur. However, the hidden nature of shadow IoT devices does not facilitate the effective adoption of the most conventional digital and IoT forensic methods for capturing and preserving potential forensic evidence that might emanate from shadow devices in a network. Therefore, this paper aims to develop a conceptual model for smart digital forensic readiness of organizations with shadow IoT devices. This model will serve as a prototype for IoT device identification, IoT device monitoring, as well as digital potential evidence capturing and preservation for forensic readiness.

15 citations


Journal ArticleDOI
TL;DR: In this article , the authors performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensic topics and identified their main challenges, highlighting the European perspective which is traditionally stricter in terms of privacy.
Abstract: Due to its critical role in cybersecurity, digital forensics has received significant attention from researchers and practitioners alike. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of several technologies. To date, researchers have presented many surveys and reviews on the field. However, such articles focused on the advances of each particular domain of digital forensics individually. Therefore, while each of these surveys facilitates researchers and practitioners to keep up with the latest advances in a particular domain of digital forensics, the global perspective is missing. Aiming to fill this gap, we performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensics topics and identified their main challenges. Despite the diversity of topics and methods, there are several common problems that are faced by almost all of them, with most of them residing in evidence acquisition and pre-processing due to counter analysis methods and difficulties of collecting data from devices, the cloud etc. Beyond pure technical issues, our study highlights procedural issues in terms of readiness, reporting and presentation, as well as ethics, highlighting the European perspective which is traditionally stricter in terms of privacy. Our extensive analysis paves the way for closer collaboration among researcher and practitioners among different topics of digital forensics.

11 citations


Journal ArticleDOI
TL;DR: In this article , the authors used the systematic literature review approach and extracted data from 65 publications from the most relevant internet resources to meet research aims, and provided a clear picture of how criminal activity on the dark web is expanding and examined the strengths and weaknesses of existing methods for tracking down criminals.
Abstract: Cyber thieves and terrorists use the dark web as one of the most difficult channels to achieve their nefarious goals. There are many similarities between cyber-crimes and real-world crimes taking place on the dark web. However, the dark web's sheer breadth and anonymity are key to tracing the offenders. The first step in finding effective solutions to cybercrime is to assess the different dark web criminal hazards. The investigation of the dark web includes a review of crimes to minimize crime issues. To assist cyber security specialists, the authors used the systematic literature review approach and extracted data from 65 publications from the most relevant internet resources to meet research aims. As a result of an exhaustive investigation, systematic literature review is able to provide a clear picture of how criminal activity on the dark web is expanding and examine the strengths and weaknesses of existing methods for tracking down criminals. This study has showed, to aid law enforcement in the apprehension of criminals, digital evidence must be analyzed as per established standards.

11 citations


Journal ArticleDOI
TL;DR: In this article , the authors examine the issues with closed-box models; the goals; and methods of explainability/interpretability, and make recommendations for interpretable AI-based digital forensics (DF) investigation.

7 citations


Journal ArticleDOI
TL;DR: A conceptual evidence management framework is proposed in this article examining the future of accident investigation forensics in the era of connected vehicles, where evidence generated from vehicles involved in incident along with supporting evidence from nearby vehicles CCTVs and road users can be collected and managed over blockchain using smart contracts in a vehicle to everything connected environment.

7 citations


Journal ArticleDOI
TL;DR: The Digital Forensic Workflow Model (DFWM) as mentioned in this paper is an approach to the structuring and definition of the procedures and tasks involved in the digital forensic investigation process starting from the initial 'Review of Client Requirements & Planning' stage, right through to the 'Evaluation of Deployed Workflow' stage.

6 citations


Journal ArticleDOI
TL;DR: In this article , a case study presented a qualitative assessment of the reliability of digital forensic investigation in criminal cases in Norway, and a reliability validation methodology based on international digital forensic standards was designed to assess to what extent those standards are implemented and followed by law enforcement in their casework.

5 citations


Journal ArticleDOI
TL;DR: In this paper , the authors present a survey of recent data provenance problems in cloud computing, provenance taxonomy, and security issues, and discuss how volatile data can be captured before being overwritten and then helps identify current provenance limitations and future directions for further study.

5 citations



Journal ArticleDOI
TL;DR: The author will design a framework for Digital Forensic investigations by simulating digital evidence in the form of a non-volatile architecture using the NIST SP 800-86 and ISO 27037:2012 standards to become framework for handling and investigating Digital Forensic science.
Abstract: In the implementation of Digital Forensics, one of the derivatives of practice is the handling of Digital Evidence. Handling Digital Evidence requires important steps and procedures. Digital evidence is a source of artifacts in handling a digital-based crime case, one of which comes from digital storage. In this research, the author will design a framework for Digital Forensic investigations by simulating digital evidence in the form of a non-volatile architecture. The reference commonly used by researchers in previous articles is the National Institute of Justice (NIST). The framework is a reference and steps in the practice of acquiring digital evidence. The purpose of designing this framework is as a legal procedure that is specifically implemented in the practice of acquiring non-volatile digital evidence. In the design, the author conducted a literature study on the NIST SP 800-86 and ISO 27037:2012 standards and then combined them in a hybrid terminology. The output of this research is to combine the two standards to become framework as reference for handling and investigating Digital Forensic science.

Book ChapterDOI
TL;DR: In this article , the authors have analyzed and compared various proposed systems over the past years and identified their pros and cons, which would be beneficial in future to propose a better system for evidence management.
Abstract: With development in technology, the scale of cybercrimes is increasing drastically, which in turn increases the workload to manage the digital evidence. Beside managing the evidence, ensuring the integrity and security of evidence is crucial for delivering correct verdicts. With the traditional system, the evidence is vulnerable to tampering, hence using a chain of custody is beneficial. In this paper, we have analyzed and compared various proposed systems over the past years and identified their pros and cons. This study would be beneficial in future to propose a better system for evidence management.

Journal ArticleDOI
TL;DR: In this paper , a new paradigm for maintaining the integrity of digital evidence in order to overcome the challenges of uncertainty generated by error-prone technologies while dealing with chain of custody (CoC) documents was proposed.
Abstract: Cybercrime investigations rely heavily on digital evidence to establish links between suspects and the criminal conduct they are allegedly involved in. As a result, digital evidence must be protected since it is complex, volatile, and susceptible to alteration. In the digital evidence method, the chain of custody (CoC) is essential. As a result of the CoC, it is possible to establish that the evidence was never tampered with. Due to the inherent uncertainty of digital evidence, the trustworthiness of the CoC cannot be judged at this time. It is the duty of forensic examiners to challenge this inclination and publicly admit the inherent ambiguity in whatever evidence they use to make their decisions. This article suggests a new paradigm for maintaining the integrity of digital evidence in order to overcome these challenges. To handle the uncertainty generated by error-prone technologies while dealing with CoC documents, the new paradigm used a fuzzy hash inside the blockchain data structure. Traditional hashing methods are only able to tell whether two inputs are precisely the same or not because they are sensitive to even the smallest input changes. Using fuzzy hash functions, we can figure out how dissimilar two images are by comparing their similarities. As an example of how this paradigm may be applied to computer systems and make digital investigations more successful, we utilize image forensics as the focus of an in-depth look at how it works.

OtherDOI
14 Jan 2022
TL;DR: In this article , it has been shown how cyber criminals are using a sophisticated and progressive approach to target digital and physical infrastructures, people and systems, therefore, the analysis approach faces many problems due to the fact that billions of interconnected devices produce relatively at least small bits of evidence that comprehend the Data Analysis paradigm effortlessly.
Abstract: Traditional Computer Forensics seems to be no longer as trivial as decades ago, with a very restricted set of available electronic components, entering the age of digital formation of hardware and software too. It has recently been shown how cyber criminals are using a sophisticated and progressive approach to target digital and physical infrastructures, people and systems. Therefore, the analysis approach faces many problems due to the fact that billions of interconnected devices produce relatively at least small bits of evidence that comprehend the Data Analysis paradigm effortlessly. As a consequence, the basic methodology of computer forensics requires to adapt major attention to develop smart and fast digital investigation techniques. Digital forensics investigation frameworks are occupied with lots of toolkits and applications according to the need of any criminal incident. Using the Digital Forensics Process's microscope, specific objects are discussed and ana-lysed with respect to which tools are needful. Also, where the scope of attention is required to enhance the feature in it. This research leads to increased awareness, challenges and opportunities for Digital Forensics process with respect to different fields such as networks, IoT, Cloud computing, Database system, Big data, Mobile and handheld devices, Disk and different storage media, and Operating system.

Journal ArticleDOI
06 Feb 2022-Symmetry
TL;DR: A new paradigm for ensuring the integrity of digital evidence (CoC documents) is proposed, which employs fuzzy hash within blockchain data structure to handle uncertainty introduced by error-prone tools when dealing with CoC documents.
Abstract: Digital evidence is critical in cybercrime investigations because it is used to connect individuals to illegal activity. Digital evidence is complicated, diffuse, volatile, and easily altered, and as such, it must be protected. The Chain of Custody (CoC) is a critical component of the digital evidence procedure. The aim of the CoC is to demonstrate that the evidence has not been tampered with at any point throughout the investigation. Because the uncertainty associated with digital evidence is not being assessed at the moment, it is impossible to determine the trustworthiness of CoC. As scientists, forensic examiners have a responsibility to reverse this tendency and officially confront the uncertainty inherent in any evidence upon which they base their judgments. To address these issues, this article proposes a new paradigm for ensuring the integrity of digital evidence (CoC documents). The new paradigm employs fuzzy hash within blockchain data structure to handle uncertainty introduced by error-prone tools when dealing with CoC documents. Traditional hashing techniques are designed to be sensitive to small input modifications and can only determine if the inputs are exactly the same or not. By comparing the similarity of two images, fuzzy hash functions can determine how different they are. With the symmetry idea at its core, the suggested framework effectively deals with random parameter probabilities, as shown in the development of the fuzzy hash segmentation function. We provide a case study for image forensics to illustrate the usefulness of this framework in introducing forensic preparedness to computer systems and enabling a more effective digital investigation procedure.

Book ChapterDOI
Farkhund Iqbal1
01 Jan 2022

Journal ArticleDOI
TL;DR: In this paper , the impact of forgery and tampering in the evidence chain-of-custody (COC) is discussed and a list of popular investigation tools along with the features in terms of distinct prospects is presented.
Abstract: Digital forensics (DF) is the scientific investigation of digital criminal activities, illegal attempts, and cyber-attacks through computer systems. It is becoming a crucial aspect of law enforcement agencies, court law, and business farms to identify, preserve, examine, and analyse digital evidence using proof approve and efficient techniques for eventual demonstration of evidence that help to take further actions. This review paper explores the different methodologies and frameworks related to digital forensics investigation and incident response, and explain the impact of forgery and tampering in the evidence chain-of-custody. Moreover, we highlight a list of popular investigation tools along with the features in terms of distinct prospects. Finally, we have evaluated and examined various applications, implementation research challenges, and limitations. The open research areas and future directions also address which need concern for a better and more efficient digital investigation.

Proceedings ArticleDOI
06 Jun 2022
TL;DR: In this paper , the purpose, types, and specificity of Shellbag entries with the latest version of the Windows 11 operating system and uncover the registry hives that contain Shellbag customization information.
Abstract: Operating systems have various components that produce artifacts. These artifacts are the outcome of a user’s interaction with an application or program and the operating system’s logging capabilities. Thus, these artifacts have great importance in digital forensics investigations. For example, these artifacts can be utilized in a court of law to prove the existence of compromising computer system behaviors. One such component of the Microsoft Windows operating system is Shellbag, which is an enticing source of digital evidence of high forensics interest. The presence of a Shellbag entry means a specific user has visited a particular folder and done some customizations such as accessing, sorting, resizing the window, etc. In this work, we forensically analyze Shellbag as we talk about its purpose, types, and specificity with the latest version of the Windows 11 operating system and uncover the registry hives that contain Shellbag customization information. We also conduct in-depth forensics examinations on Shellbag entries using three tools of three different types, i.e., open-source, freeware, and proprietary tools. Lastly, we compared the capabilities of tools utilized in Shellbag forensics investigations.

Journal ArticleDOI
TL;DR: In this article , a digital forensics process using the Association of Chief Police Officers (ACPO) framework was used to raise evidence of defamation cases on the TikTok application, where the forensic process was carried out in the form of static forensics on cases that were intentionally made by simulating TikTok postings using an android smartphone.
Abstract: TikTok is the most popular social media app that ranks sixth in the world in January 2022 according to We Are Media & Hootsuite. Along with the increasing number of uses of this application, the negative impacts it causes are also increasing, ranging from fraud, cyberbullying, to the spread of fake news (hoax). This study focuses on the negative impact of defamation. The purpose of the research is to plan and implement a digital forensics process using the Association of Chief Police Officers (ACPO) framework to raise evidence of defamation cases on the TikTok application. The forensic process is carried out in the form of static forensics on cases that are intentionally made in the form of simulating TikTok postings using an android smartphone. This research combines the ACPO forensics framework with the Magnet Axiom forensics tools. The combination of the two succeeded in raising 77% of evidence in the form of data messages, videos, and hashtags. Where these data have been previously defined as initial data posted in the simulation process

Journal ArticleDOI
TL;DR: In this paper , the authors investigated how digital forensic practitioners approach examiner objectivity and evidence reliability during DF investigations and found that 45% started the analysis without an innocence hypothesis in mind and 34% applied no techniques to maintain their objectivity during the analysis.

Book ChapterDOI
01 Jan 2022
TL;DR: The need of validating the honesty of digital video content ranges from a person to associations, obstacles and security arrangements to law authorization/organizations as mentioned in this paper . But, the need to investigate viable methods for video falsification.
Abstract: Digital evidence collection and analysis have become an increasing tool to solve crimes and prepare courts’ cases over the last two decades, undergoing major changes in the area of IT. Crime is a major problem every day, so that computer forensics are avoided and protected from crime. More information is created, stored and accessed with increasingly portable and powerful technology. Mobile systems may serve as large personal knowledge archives in a wallet still accessible through a hand or phrase. The advantage is obvious by having ample information in order to obtain judgments, but the collection and admissibility of digital proof should be balanced with the privacy concerns of law enforcement and other parties to criminal law. The need of validating the honesty of digital video content ranges from a person to associations, obstacles and security arrangements to law authorization/organizations’. With video and image changing, the change tools have made it simple to modify media content. Therefore, it is necessary to investigate viable methods for video falsification.

Book ChapterDOI
01 Jan 2022
TL;DR: In this paper, a forensic analysis of flight logs, media files, and other important files of UAV and controlling application for identifying digital artifacts was done by a commercial forensic tool that does not require invasive or destructive methods for data acquisition.
Abstract: The unmanned aerial vehicle (UAV) systems are a rapidly evolving and emerging technology with their widespread usage. This rapid growth of usage of UAVs has also augmented associated security issues and criminal activities. UAVs are rich sources of digital evidence and there is a growing need for acquisition and analysis of their stored and transferred data, including all the elements which form unmanned aerial system (UAS). This research paper presents a forensic investigation on an UAV, specifically the DJI Mavic Air, and associated smartphone app DJI GO 4 installed on Android device used as a part of the ground control station (GCS). Forensic analysis of flight logs, media files, and other important files of UAV and controlling application for identifying digital artifacts was done by a commercial forensic tool that does not require invasive or destructive methods for data acquisition. Through a five-step investigation methodology, it was found that the internal and external storage of DJI Mavic Air and associated Android device with installed DJI GO 4 application contain a significant and valuable amount of forensic data. Moreover, those data were classified into segments and provided details of some of the possible evidence in digital investigation.

Journal ArticleDOI
TL;DR: In this article , the authors argue that the target competencies of legal education need to be modernized in line with the digital systems of modern law enforcement, and they identify whether law students possess the digital competencies required in modern Law Enforcement Reality at a high level (the skill of using basic IT technologies designed to optimize legal performance and legal decisions).
Abstract: The challenge of mastering digital competencies in legal profession is determined by the changing digital trends affecting the traditional structure of the classical process of adducing evidence. Nowadays, judicial proceedings and legal activities are based on digital technologies, and digital images of evidence are being actively used. The digitalization of legal practice requires change in a lawyer’s professional skills and their educational qualifications due to the unpredictable development of smart technologies for fixing digital images of legal facts and assurances. The authors argue that the target competencies of legal education need to be modernized in line with the digital systems of modern law enforcement. The broad concept of electronic digital evidence provides the opportunity to train law students’ practical skills in forms, types, and evaluations of both written (alphabetic and graphic), and audio-visual digital evidence. The study focuses on identifying whether law students possess the digital competencies required in modern law enforcement realities at a high level (the skill of using basic IT technologies designed to optimize legal performance and legal decisions). The authors analyze digital competency development processes, the ability to work with information and analytical systems of legally relevant data, legal portals, and specialized expert legal decision-making systems, including the introduction of neural networks in optimal legal decisions.

Journal ArticleDOI
TL;DR: In this article , a model for securely storing digital evidence captured pre- and post-incident to achieve reactive forensics is proposed, which includes integrity checks, environment sandboxing, strong encryption, two-factor authentication, as well as unique random file naming.
Abstract: Securing digital evidence is a key factor that contributes to evidence admissibility during digital forensic investigations, particularly in establishing the chain of custody of digital evidence. However, not enough is done to ensure that the environment and access to the evidence are secure. Attackers can go to extreme lengths to cover up their tracks, which is a serious concern to digital forensics – particularly digital forensic readiness. If an attacker gains access to the location where evidence is stored, they could easily alter the evidence (if not remove it altogether). Even though integrity checks can be performed to ensure that the evidence is sound, the collected evidence may contain sensitive information that an attacker can easily use for other forms of attack. To this end, this paper proposes a model for securely storing digital evidence captured pre- and post-incident to achieve reactive forensics. Various components were considered, such as integrity checks, environment sandboxing, strong encryption, two-factor authentication, as well as unique random file naming. A proof-of-concept tool was developed to realize this model and to prove its validity. A series of tests were conducted to check for system security, performance, and requirements validation, Overall, the results obtained showed that, with minimal effort, securing forensic artefacts is a relatively inexpensive and reliable feat. This paper aims to standardize evidence storage, practice high security standards, as well as remove the need to create new systems that achieve the same purpose.

Journal ArticleDOI
01 Feb 2022-Sensors
TL;DR: This study introduces a multi-layer automation approach that addresses the automation issues from collection to evidence analysis in online social network forensics and proposes a set of analysis operators based on domain correlations to help investigators draw realistic conclusions.
Abstract: Currently, law enforcement and legal consultants are heavily utilizing social media platforms to easily access data associated with the preparators of illegitimate events. However, accessing this publicly available information for legal use is technically challenging and legally intricate due to heterogeneous and unstructured data and privacy laws, thus generating massive workloads of cognitively demanding cases for investigators. Therefore, it is critical to develop solutions and tools that can assist investigators in their work and decision making. Automating digital forensics is not exclusively a technical problem; the technical issues are always coupled with privacy and legal matters. Here, we introduce a multi-layer automation approach that addresses the automation issues from collection to evidence analysis in online social network forensics. Finally, we propose a set of analysis operators based on domain correlations. These operators can be embedded in software tools to help the investigators draw realistic conclusions. These operators are implemented using Twitter ontology and tested through a case study. This study describes a proof-of-concept approach for forensic automation on online social networks.

Journal ArticleDOI
TL;DR: It was determined that the SSD forensic gathering approach which raises problems about data integrity has not been addressed, allowing the policy framework to keep pace with the most recent emerging technologies in the same time frame.
Abstract: Background/Purpose: To get evidence from suspect computers running on Windows Operating System, law enforcement agencies and corporations follow many standard procedures relevant to Digital Forensics and Incident Response processes. The primary contrast between forensics and incident response is that forensics is evidence-driven and is often more closely connected with criminal activity, while incident response is more focused on discovering, containing, and recovering from breach of security incidents. A guideline is often intended to simplify certain procedures in accordance with a predefined routine or good practice. As data storage technology progresses from hard disc drives (HDDs) to solid-state drives (SSDs), it has become more difficult for Digital Forensics Analysts to perform evidence acquisition tasks from suspicious systems due to file integrity issues. Existing forensic principles and methods were created mostly on the basis of hard disc drive technology. This literature survey analyses several guidelines to identify gaps in SSD Forensic challenges and makes recommendations for improvement. Objective: To survey leading Digital Forensics and Incident Response guidelines on how SSD forensic acquisition procedures are outlined and to find the gaps and suggest enhancements that might be made. Design/Methodology/Approach: Data from academic papers, web articles, and other sources is analysed and presented using ABCD analysis. Findings/Results: Cyber Security Framework is a vital aspect of an organisations strategy to safeguard its IT assets from cyber assaults and other form of damages. Most organisation use NIST framework since it is being generally acknowledged. However, owing to quick improvement in new technologies CSF’s need to be kept up to date in order to confront emerging cyber security threats. After verifying the policy framework of NIST 800-61, it was determined that the SSD forensic gathering approach which raises problems about data integrity has not been addressed. Originality/Value: A study comparing and contrasting different CSFs in the field of Digital Forensics and Incident Response with the most recent emerging technologies will draw more attention to this area from a wider range of stakeholders, allowing the policy framework to keep pace with the most recent emerging technologies in the same time frame. Paper Type: Literature Review Paper.

Journal ArticleDOI
12 May 2022
TL;DR: In this article , the authors present three critical instruments necessary for the development of sound machine-driven digital forensics methodologies in this paper and describe several applications of these instruments, emphasizing their strengths and weaknesses that may be critical to the methods' admissibility in a judicial process.
Abstract: Abstract The impact of AI on numerous sectors of our society and its successes over the years indicate that it can assist in resolving a variety of complex digital forensics investigative problems. Forensics analysis can make use of machine learning models’ pattern detection and recognition capabilities to uncover hidden evidence in digital artifacts that would have been missed if conducted manually. Numerous works have proposed ways for applying AI to digital forensics; nevertheless, scepticism regarding the opacity of AI has impeded the domain’s adequate formalization and standardization. We present three critical instruments necessary for the development of sound machine-driven digital forensics methodologies in this paper. We cover various methods for evaluating, standardizing, and optimizing techniques applicable to artificial intelligence models used in digital forensics. Additionally, we describe several applications of these instruments in digital forensics, emphasizing their strengths and weaknesses that may be critical to the methods’ admissibility in a judicial process.

Journal ArticleDOI
31 Mar 2022
TL;DR: In this publication waggled issue linked with define of cybercrime, computer crimes, synonymity those phrases, cybercrime and computer crimes divisions and techniques their committing about cryptocurrency in cyberspace in the context of a criminality committed on this plain.
Abstract: Constituting to exist of a Central Bureau Against Cybercrime should be treated as an increase – as a part of criminal politics – efforts directed to fight with escalating cybercrime in last years. By the way this event it is justified to concern in this publication for a number of aspects criminal law, criminalistic and criminology nature correlated with this specialized type of a crime. In this publication waggled issue linked with define of cybercrime, computer crimes, synonymity those phrases, cybercrime and computer crimes divisions and techniques their committing. There was mentioned too about problems methodological nature in matters of preparatory cases concerning phishing attacks, access denied Dos type. It was stressed also role of a contemporary computer forensics in studying digital trace treated as a competent criminal trace. In the end mentioned about cryptocurrency in cyberspace in the context of a criminality committed on this plain.

Journal ArticleDOI
TL;DR: This work proposes the “Order of Data Acquisition” which defines 10 digital data acquisition methods that are available to practitioners as a part of a forensic examination, derived from a review of existing literature and best practice acquisition approaches, and arranged by their “invasiveness.”
Abstract: Data acquisition is a fundamental stage of the digital forensic workflow, where without it, it may not be possible to conduct many criminal inquiries effectively. While any investigative team may want access to all digital data available, it is no longer an approach that is considered justifiable or proportionate in all cases. There is now an increasing narrative highlighting the invasiveness of digital data acquisition processes and their impact upon privacy, with calls to ensure greater scrutiny is placed upon their use. This work proposes the “Order of Data Acquisition” which defines 10 digital data acquisition methods that are available to practitioners as a part of a forensic examination, derived from a review of existing literature and best practice acquisition approaches, and arranged by their “invasiveness.” Each method is discussed with examples provided in order to clarify and formalize the process of determining a suitable acquisition method in every case while acknowledging privacy invasion concerns. Finally, conclusions are drawn.

Journal ArticleDOI
TL;DR: This work presents the design and development of a solution that catalogs crowdsourced knowledge of digital forensic artifacts in a well‐structured, easily searchable form to support efficient and automated extraction of pertinent information, improving availability and reliability of interpretation of artifacts (general acceptance).
Abstract: The increasing volume, variety, velocity, distribution, structural intricacy, and complexity of use of digital evidence can make it difficult for practitioners to find and understand the most forensically useful information (Casey E. Digital evidence and computer crime: Forensic science, computers, and the Internet. Academic Press; 2011. p. 31; Pollitt M. The hermeneutics of the hard drive: Using narratology, natural language processing, and knowledge management to improve the effectiveness of the digital forensic process [PhD dissertation]. University of Central Florida; 2011). Digital forensic practitioners currently search for information and solutions in an ad hoc manner, leading to results that are unstructured, unverified, and sometimes incomplete. As a result, certain digital evidence is being missed or misinterpreted. To mitigate risks of knowledge gaps, there is a pressing need for a systematic mechanism that practitioners can use to codify and combine their collective knowledge. This work presents the design and development of a solution that catalogs crowdsourced knowledge of digital forensic artifacts in a well‐structured, easily searchable form to support efficient and automated extraction of pertinent information, improving availability and reliability of interpretation of artifacts (general acceptance). Technical implementation and artifact curation are discussed with illustrative examples and recommendations for future work.