scispace - formally typeset
Search or ask a question
Topic

Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.


Papers
More filters
Proceedings ArticleDOI
29 Aug 2017
TL;DR: This paper argues that besides traditional digital forensics practices it is important to have application-specific forensics in place to ensure collection of evidence in context of specific IoT applications and introduces a model which deals with not just traditional forensics but is applicable in digital as well as application- specific forensics process.
Abstract: Besides its enormous benefits to the industry and community the Internet of Things (IoT) has introduced unique security challenges to its enablers and adopters. As the trend in cybersecurity threats continue to grow, it is likely to influence IoT deployments. Therefore it is eminent that besides strengthening the security of IoT systems we develop effective digital forensics techniques that when breaches occur we can track the sources of attacks and bring perpetrators to the due process with reliable digital evidence. The biggest challenge in this regard is the heterogeneous nature of devices in IoT systems and lack of unified standards. In this paper we investigate digital forensics from IoT perspectives. We argue that besides traditional digital forensics practices it is important to have application-specific forensics in place to ensure collection of evidence in context of specific IoT applications. We consider top three IoT applications and introduce a model which deals with not just traditional forensics but is applicable in digital as well as application-specific forensics process. We believe that the proposed model will enable collection, examination, analysis and reporting of forensically sound evidence in an IoT application-specific digital forensics investigation.

59 citations

Posted Content
TL;DR: A normative framework for applying the Fourth Amendment to searches of computer data is offered and an exposure theory of Fourth Amendment searches is proposed: any exposure of data to an output device such as a monitor should be a search of that data, and only that data.
Abstract: The new frontier of the Fourth Amendment is the search and seizure of computer data. Created to regulate entering homes and seizing physical evidence, the Fourth Amendment's prohibition on unreasonable searches and seizures is now called on to regulate a very different process: retrieval of digital evidence from electronic storage devices. While obvious analogies exist between searching computers and searching physical spaces, important differences between them will force courts to rethink the basic meaning of the Fourth Amendment's key concepts. What does it mean to search computer data? When is computer data seized? When is a computer search or seizure reasonable? This article offers a normative framework for applying the Fourth Amendment to searches of computer data. It begins by exploring the basic differences between physical searches of physical property and electronic searches of digital evidence. It then proposes an exposure theory of Fourth Amendment searches: any exposure of data to an output device such as a monitor should be a search of that data, and only that data. The exposure approach is then matched with a rule for computer seizures: while copying data should not be deemed a seizure of that data, searches of copies should be treated the same as searches of the original. In the final section, the article proposes a rethinking of the plain view exception in computer searches to reflect the new dynamic of digital evidence investigations. The plain view exception should be narrowed or even eliminated in digital evidence cases to ensure that digital warrants that are narrow in theory do not devolve into general warrants in practice. Tailoring the doctrine in light of the new realities of computer investigations will protect the function of existing Fourth Amendment rules in the new world of digital evidence.

59 citations

Book ChapterDOI
28 Jan 2013
TL;DR: The study employs a mix of informal conversational and standardized open-ended interview styles conducted with industry experts over a variety of communication media to design and implement digital forensic readiness plans aimed at maximizing the use of digital evidence in organizations.
Abstract: This paper focuses on the use of cognitive approaches for digital forensic readiness planning. Research has revealed that a well-thought-out and legally contextualized digital forensic readiness strategy can provide organizations with an increased ability to respond to security incidents while maintaining the integrity of the evidence gathered and keeping investigative costs low. This paper contributes to the body of knowledge in digital forensics related to the design and implementation of digital forensic readiness plans aimed at maximizing the use of digital evidence in organizations. The study uses interviews as part of a mixed-methods approach. In particular, it employs a mix of informal conversational and standardized open-ended interview styles conducted with industry experts over a variety of communication media.

59 citations

Journal ArticleDOI
Philip Turner1
TL;DR: The 'ultimate test' for an intelligent and selective imager approach is defined, and the types of selective imaging that can be performed are defined.

59 citations

01 Jan 2002
TL;DR: In the case of as mentioned in this paper, a Postal Inspector submitted a computer to examine for the presence of specific evidence he had enumerated in the letter of request and the evidence technician logged in the computer, assigned it a case number, and brought the request to me, inquiring “What should we do with this?” That was the beginning of an odyssey that I still pursue.
Abstract: Author’s Comments During my tenure as director of the Postal Inspection Headquarters Laboratory (1988-1992), a Postal Inspector submitted a computer to examine for the presence of specific evidence he had enumerated in the letter of request. The evidence technician logged in the computer, assigned it a case number, and brought the request to me, inquiring “What should we do with this?” That was the beginning of an odyssey that I still pursue. The Inspection Service Laboratory had a Questioned Document Section. Since a computer seemed to be an obvious evolution of paper documents, I called the manager of that section, Drew Somerford, and asked him to take the case. He was reluctant to sign for the evidence. Even though there might have been “documents” on the hard drive, it was outside his expertise. How do you secure and preserve the evidence? How do you collect it without changing it? What are the accepted practices related to computer evidence that would stand the scrutiny of court? What are the examination protocols? It was technology that we did not know how to handle in the crime laboratory. We submitted the computer evidence to the Federal Bureau of Investigation (FBI). The FBI Laboratory had a unit for computer evidence, and they worked the case. The Postal Inspection Service had a team of inspectors who were trained to work computer crime cases, but the laboratory was not equipped to assist them in processing evidence at that time.

58 citations


Network Information
Related Topics (5)
Information privacy
25.4K papers, 579.6K citations
78% related
Cloud computing security
27.1K papers, 511.8K citations
77% related
Authentication
74.7K papers, 867.1K citations
77% related
Intrusion detection system
28.4K papers, 509.5K citations
76% related
Public-key cryptography
27.2K papers, 547.7K citations
75% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20241
202387
2022206
202187
2020116
2019111