Topic
Digital evidence
About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.
Papers published on a yearly basis
Papers
More filters
••
TL;DR: A comparative evaluation of the suitability of different formats for digital evidence storage and exchange by evaluating them against a set of evaluation criteria is performed.
9 citations
••
01 Jan 2010
TL;DR: This chapter describes the Open Computer Forensics Architecture (OCFA), an automated system that dissects complex file types, extracts metadata from files and ultimately creates indexes on forensic images of seized computers.
Abstract: This chapter describes the Open Computer Forensics Architecture (OCFA), an automated system that dissects complex file types, extracts metadata from files and ultimately creates indexes on forensic images of seized computers. It consists of a set of collaborating processes, called modules. Each module is specialized in processing a certain file type. When it receives a so called ’evidence’, the information that has been extracted so far about the file together with the actual data, it either adds new information about the file or uses the file to derive a new ’evidence’. All evidence, original and derived, is sent to a router after being processed by a particular module. The router decides which module should process the evidence next, based upon the metadata associated with the evidence. Thus the OCFA system can recursively process images until from every compound file the embedded files, if any, are extracted, all information that the system can derive, has been derived and all extracted text is indexed. Compound files include, but are not limited to, archive- and zip-files, disk images, text documents of various formats and, for example, mailboxes. The output of an OCFA run is a repository full of derived files, a database containing all extracted information about the files and an index which can be used when searching. This is presented in a web interface. Moreover, processed data is easily fed to third party software for further analysis or to be used in data mining or text mining-tools. The main advantages of the OCFA system are:
1.
Scalability, it is able to process large amounts of data.
2.
Extendable, it is easy to develop and plug in custom modules.
3.
Open, the output is well suited to be used as input for other systems.
4.
Analysts and tactical investigators may search the evidence without the constant intervention of digital investigators.
9 citations
••
02 Apr 2010TL;DR: The frame model of computer forensics is presented, the source of digital evidence is analyzed, and the key technologies and approaches to ensure the security of digitalevidence respectively are discussed.
Abstract: Computer Forensics is a research hot topic in the field of computer security with the recent increases in illegal accesses to computer system. According to the procedure of computer forensics, this paper presents the frame model of computer forensics, analyses the source of digital evidence. Because of digital feature, it is especially critical to how to secure the protection of digital evidence and make computer forensics have legal recognition of ability. From the computer evidence collection phase, transmission phase and the storage stage, this paper discusses the key technologies and approaches to ensure the security of digital evidence respectively. Through the guidance of the frame model and the security guarantee to each stage of computer forensics, the evidence would eventually be provided to the court.
8 citations
••
TL;DR: The findings revealed a gap between the Judges and issues on computer forensics which if not looked at may create problems in relation to the influx of computer related crimes.
Abstract: era of Technological age also called digital age, most transactions are conducted electronically. This modern-day paradigm makes way for the possibility of harmful unanticipated information security breaches of both civil and criminal nature. However, there is a tremendous knowledge gap in the legal system concerning computer/digital forensics with respect to digital evidence. Courtroom and Legal issues relevant to computer/digital forensics are extensive and differs with respect to procedural evidence rules that ensure reliability of the evidence so produced in the court of law for fair adjudication. Electronic evidence is very fundamental to the successful handling of cases related to such information security breaches. This paper on the impact of awareness and understanding of computer/digital forensics in the Ghana Legal System especially Judges, with regards to the electronic evidence, laws and jurisprudence covered twenty (20) superior Judges. The findings revealed a gap between the Judges and issues on computer forensics which if not looked at may create problems in relation to the influx of computer related crimes.
8 citations
••
TL;DR: Research is performed on the examination ability of two mobile forensic tools that commonly used, Oxygen and MOBILedit, in an examination of digital evidence from LINE messenger application, which has its ability to examine digital evidence and can be used based on the examiner’s needs.
Abstract: During the last decade, the number of Android smartphone users has been increased rapidly. Cybercrime is also increasing since internet was established. Instant messenger is one of internetbased application that become a new media for cybercrime. Attempts to against cybercrime can be seen from the number of forensic tools. The problem is forensic tools for mobile device available today are not completely forensically sound. Examination of digital evidence on the forensic tool is one thing offered by many vendors. However, the forensic tools have various ways of examination. This paper performed research on the examination ability of two mobile forensic tools that commonly used, Oxygen and MOBILedit, in an examination of digital evidence from LINE messenger application. Both forensic tools have its ability to examine digital evidence and can be used based on the examiner’s needs. In this experiment, both forensic tools were assessed qualitatively based on a case study.
8 citations