Topic
Digital evidence
About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.
Papers published on a yearly basis
Papers
More filters
••
TL;DR: The need for DTM research in digital forensics is Championed highlighting the benefits of doing so and the lack of empirical evidence which evaluates the scale of this threat to digital forensic investigations.
8 citations
••
22 Jul 2007
TL;DR: What technical factors might reflect those detecting skills of a detective into the network, leading to solutions that could offset the inefficiencies of current practice are introduced.
Abstract: Forensic investigations on networks are not scalable in terms of time and money [1]. Those investigations that do occur consume months of attention from the very experts who should be investing in more productive activities, like designing and improving network performance [1]. Given these circumstances, organizations often must select which cases to pursue, ignoring many that could be prosecuted, if time allowed. Recognizing the exponential growth in the number of crimes that employ computers and networks that become subject to digital evidence procedures, researchers and practitioners, alike, have called for embedding forensics-essentially integrating the cognitive skills of a detective into the network [2, 3, 4]. The premise is that the level of effort required to document incidents can thus be reduced, significantly. This paper introduces what technical factors might reflect those detecting skills, leading to solutions that could offset the inefficiencies of current practice.
8 citations
••
11 Sep 2017TL;DR: A vector-clock-based timeline for explaining causality in transactional events recorded in audit tables is built in order to build a forensically ready architecture for the proactive generation, collection and preservation of database audit records.
Abstract: During forensic database investigations, audit records become a crucial evidential element; particularly, when certain events can be attributed to insider activity. However, traditional reactive forensic methods may not be suitable, urging the adoption of proactive approaches that can be used to ensure accountability through audit records whilst satisfying Chain of Custody (CoC) requirements for forensic purposes. In this paper, role segregation, evidence provenance, event timeliness and causality are considered as CoC requirements in order to implement a forensically ready architecture for the proactive generation, collection and preservation of database audit records that can be used as digital evidence for the investigation of insider activity. Our proposal implements triggers and stored procedures as forensic routines in order to build a vector-clock-based timeline for explaining causality in transactional events recorded in audit tables. We expect to encourage further work in the field of proactive digital forensics and forensic readiness; in particular, for justifying admissibility of audit records under CoC restrictions.
8 citations
••
07 Sep 2015TL;DR: This work shows how to use the different formats and types of metadata in order to validate the legal argument for relevant evidence in legal cases.
Abstract: Metadata is not visible when viewing data in a number of forms such as a word document or an image. It is, however, an important consideration in the discovery of information for use in digital forensic investigations. Different types of documents and files have a number of formats and types of metadata, which can be used to discover the properties of a file, document or network activity. Moreover, Metadata is useful in many circumstances, where it can provide collaboration evidence of between groups of people, because some of them are not aware of which type of information is stored within their document. Thus, the digital forensics investigator can access to this hidden document information. In legal cases, the identification of relevant digital evidence is crucial for supporting the case, verification and an examination existing legal argument forms. In this work, we show how to use the different formats and types of metadata in order to validate the legal argument for relevant evidence.
8 citations
••
TL;DR: In this paper, the authors argue for the need of legislative intervention and enforcement of standards and validation procedures for digital evidence in order to protect innocent suspects and all parties in the criminal proceedings from the negative consequences of technology-assisted investigations.
8 citations