Topic
Digital evidence
About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.
Papers published on a yearly basis
Papers
More filters
TL;DR: This paper introduces notions of (digital) evidence, characteristic evidence, and (characteristic) counter evidence, as well as the definitions of two fundamental forensic reconstruction problems, and shows the relation of the observability of the different types of evidence to the solvability of those problems.
Abstract: Historically, forensic computing (as digital forensics) developed pragmatically, driven by specific technical needs Indeed, in comparison with other forensic sciences the field still is rather immature and has many deficits, such as the unclear terminology used in court In this paper, we introduce notions of (digital) evidence, characteristic evidence, and (characteristic) counter evidence, as well as the definitions of two fundamental forensic reconstruction problems We show the relation of the observability of the different types of evidence to the solvability of those problems By doing this, we wish to exemplify the usefulness of formalization in the establishment of a precise terminology While this will not replace all terminological shortcomings, it (1) may provide the basis for a better understanding between experts, and (2) helps to understand the significance of different types of digital evidence to answer questions in an investigation
5 citations
04 Jan 2010
TL;DR: The enhancements made to DESK to conduct forensic analyses of QQ, MSN and Foxmail are discussed.
Abstract: When the Digital Evidence Search Kit (DESK) was first used in Mainland China, it was found to be inadequate because it did not support criminal investigations involving popular Internet applications such as QQ, MSN and Foxmail This paper discusses the enhancements made to DESK to conduct forensic analyses of QQ, MSN and Foxmail
5 citations
10 May 2012
TL;DR: A prototype web-based application using the concept of Web 2.0 technologies integrated with the suitable features of KM System to encourage experts in digital forensics share and improve their knowledge.
Abstract: The main goal of digital forensics is the extraction of suspected files from the target devices that can be defined as digital evidence. Nowadays, law enforcement agencies in Malaysia such as The Royal Malaysian Police have extensively varying capabilities to conduct forensics, and sometimes have to enlisting the assist from other agencies or outside consultants to perform digital forensics investigation and analysis. Unfortunately, new forensics discoveries are seldom formally shared among the organization or agency even under the same roof. One main problem needs to be addressed is there is no effective way that allows digital forensics experts to share their expertise and collaborate among them. A web-based Knowledge Management System (KMS) for digital forensics is needed to encourage experts in digital forensics share and improve their knowledge. This paper presents a prototype web-based application using the concept of Web 2.0 technologies integrated with the suitable features of KM System. We had adopted throwaway prototyping methodology and the results show that the system had passed the unit testing.
5 citations
TL;DR: In this article , a case study presented a qualitative assessment of the reliability of digital forensic investigation in criminal cases in Norway, and a reliability validation methodology based on international digital forensic standards was designed to assess to what extent those standards are implemented and followed by law enforcement in their casework.
5 citations
27 May 2013
TL;DR: This paper provides a framework explaining how web principles are applied to represent the chain of custodies and used only by actors in each forensics process, in order to be consumed at the end by the jury in a court of law.
Abstract: Tangible Chain of Custody ( CoC) in cyber forensics ( CF ) is a document accompanying digital evidences. It records all information related to the evidences at each phase of the forensics investigation process in order to improve and prosecute them in a court of law. Because a digital evidence can be easily altered and loses its value, the CoC plays a vital role in the digital investigation by demonstrating the road map of Who exactly, When, Where, Why, What and How came into contact with the digital evidence. With the advent of the digital age, the tangible CoC document needs to undergo a radical transformation from paper to electronic data ( e-CoC ). This e-CoC will be readable, and consumed by computers. The semantic web is a fertile land to represent and manage the tangible CoC because it uses web principles known as Linked Data Principles (LDP), which provide useful information in Resource Description Framework (RDF) upon Unified Resource Identifier (URI) resolution. These principles are used to publish data publicly on the web and provide a standard framework that allows such data to be shared, and consumed in a machine readable format. This paper provides a framework explaining how these principles are applied to represent the chain of custodies and used only by actors in each forensics process, in order to be consumed at the end by the jury in a court of law. This paper also illustrates this idea by giving an example of the authentication phase imported from the Kruse forensics process.
5 citations