Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

A Virtual Digital Forensics Laboratory

Abstract: This paper discusses the concept of a virtual digital forensic laboratory, which incorporates networked examination and storage machines, secure communications, multi-factor authentication, role-based access control, and case management and digital asset management systems. Laboratory activities such as the examination, storage and presentation of digital evidence can be geographically distributed and accessed over a network by users with the appropriate credentials. The advantages of such a facility include reduced costs through shared resources and the availability of advanced expertise for specialized cases.

Risk-Oriented Design Approach For Forensic-Ready Software Systems

Abstract: Digital forensic investigation is a complex and time-consuming activity in response to a cybersecurity incident or cybercrime to answer questions related to it. These typically are what happened, when, where, how, and who is responsible. However, answering them is often very laborious and sometimes outright impossible due to a lack of useable data. The forensic-ready software systems are designed to produce valuable on-point data for use in the investigation with potentially high evidence value. Still, the particular ways to develop these systems are currently not explored. This paper proposes consideration of forensic readiness within security risk management to refine specific requirements on forensic-ready software systems. The idea is to re-evaluate the taken security risk decisions with the aim to provide trustable data when the security measures fail. Additionally, it also considers possible disputes, which the digital evidence can solve. Our proposed approach, risk-oriented forensic-ready design, composes of two parts: (1) process guiding the identification of the requirements in the form of potential evidence sources, and (2) supporting BPMN notation capturing the potential evidence sources and their relationship. Together they are aimed to provide a high-level overview of the forensic-ready requirements within the system. Finally, the approach is demonstrated on an automated valet parking scenario, followed by a discussion regarding its impact and usefulness within the forensic readiness effort.

Digital Endpoints: Definition, Benefits, and Current Barriers in Accelerating Development and Adoption.

Abstract: The assessment of health and disease requires a set of criteria to define health status and progression. These health measures are referred to as "endpoints." A "digital endpoint" is defined by its use of sensor-generated data often collected outside of a clinical setting such as in a patient's free-living environment. Applicable sensors exist in an array of devices and can be applied in a diverse set of contexts. For example, a smartphone's microphone might be used to diagnose or predict mild cognitive impairment due to Alzheimer's disease or a wrist-worn activity monitor (such as those found in smartwatches) may be used to measure a drug's effect on the nocturnal activity of patients with sickle cell disease. Digital endpoints are generating considerable excitement because they permit a more authentic assessment of the patient's experience, reveal formerly untold realities of disease burden, and can cut drug discovery costs in half. However, before these benefits can be realized, effort must be applied not only to the technical creation of digital endpoints but also to the environment that allows for their development and application. The future of digital endpoints rests on meaningful interdisciplinary collaboration, sufficient evidence that digital endpoints can realize their promise, and the development of an ecosystem in which the vast quantities of data that digital endpoints generate can be analyzed. The fundamental nature of health care is changing. With coronavirus disease 2019 serving as a catalyst, there has been a rapid expansion of home care models, telehealth, and remote patient monitoring. The increasing adoption of these health-care innovations will expedite the requirement for a digital characterization of clinical status as current assessment tools often rely upon direct interaction with patients and thus are not fit for purpose to be administered remotely. With the ubiquity of relatively inexpensive sensors, digital endpoints are positioned to drive this consequential change. It is therefore not surprising that regulators, physicians, researchers, and consultants have each offered their assessment of these novel tools. However, as we further describe later, the broad adoption of digital endpoints will require a cooperative effort. In this article, we present an analysis of the current state of digital endpoints. We also attempt to unify the perspectives of the parties involved in the development and deployment of these tools. We conclude with an interdependent list of challenges that must be collaboratively addressed before these endpoints are widely adopted.

Tools and Technology for Computer Forensics: Research and Development in Hong Kong (Invited Paper)

Abstract: With the increased use of Internet and information technol- ogy all over the world, there is an increased amount of criminal activities that involve computing and digital data. These digital crimes (e-crimes) impose new challenges on prevention, detection, investigation, and pros- ecution of the corresponding offences. Computer forensics (also known as cyberforensics) is an emerging research area that applies computer in- vestigation and analysis techniques to help detection of these crimes and gathering of digital evidence suitable for presentation in courts. This new area combines the knowledge of information technology, forensics science, and law and gives rise to a number of interesting and challeng- ing problems related to computer security and cryptography that are yet to be solved. In this paper, we present and discuss some of these prob- lems together with two successful cases of computer forensics technology developed in Hong Kong that enable the law enforcement departments to detect and investigate digital crimes more efficiently and effectively. We believe that computer forensics research is an important area in ap- plying security and computer knowledge to build a better society.

Using a Local Search Warrant to Acquire Evidence Stored Overseas via the Internet

Abstract: This paper argues that a search warrant issued by a local court does not have the power to search and seize digital evidence stored overseas but accessible via the Internet. Based on the fact that digital evidence can be altered or erased in a very short time, two scenarios are presented to illustrate the lack of power of a local search warrant to acquire digital evidence overseas. Two solutions are presented to overcome the shortcomings of a local search warrant. These solutions can assist law enforcement agencies around the world in searching and seizing digital evidence stored overseas with speed and accuracy, and in addressing court challenges regarding the admissibility and potential illegality of this evidence.