scispace - formally typeset
Search or ask a question
Topic

Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.


Papers
More filters
Patent
29 Aug 2012
TL;DR: In this article, an OOXML (office open extensible markup language)-based electronic document digital evidence collecting method and a device thereof is described. But the method does not detect the confidential information and does not alter any content of the electronic file.
Abstract: The invention relates to an OOXML (office open extensible markup language)-based electronic document digital evidence collecting method and a device thereof. The Office Open XML (OOXML) file format is a new file format adopted by Microsoft office 2007 and later versions. The method disclosed by the invention can collect relevant evidences from a suspected electronic file, such as author information, tampering time information, hidden secret file information and the like, so as to judge the copyright attribution of the electronic file and detect the confidential information and the like. The process of electronic file digital evidence collection does not alter any content of the electronic file, and the collected characteristics have strong robustness. Moreover, the method can resist attacks such as Save As, Delete, Edit, Copy and the like, and can be used for safety control of confidential information covering national defense, politics and commerce.

5 citations

Journal ArticleDOI
TL;DR: This paper has focused on scene actions that need to be considered when staff, specifically first responders are confronted with a device, that could contain evidence that could be lost if the device is shut down.
Abstract: Everyday law enforcement officers are executing search warrants and encounter digital devices that form part of the evidence. Agencies are now training first responders to handle upper level searches for relevance, prior to seizure. However problems exist, that this may not locate evidence in a cloud, a container or even a virtual machine. This evidence is essentially volatile in that once the device is turned off, connectivity with the cloud will be lost, encrypted containers will close, virtual machines will cease to operate and drive encryption will be invoked. The once accessible data may now become beyond reach of digital forensic staff, when the credentials to access the data are unknown or not available. This paper has focused on scene actions that need to be considered when staff, specifically first responders are confronted with a device, that could contain evidence that could be lost if the device is shut down.

5 citations

Patent
21 Sep 2016
TL;DR: In this paper, the authors proposed an evidence graph and vulnerability reasoning combined network evidence collection method and system, which comprises the steps of collecting original data from heterogeneous data sources; storing the original data, thereby obtaining first storage data; separating evidence from the first data by use of a classification and recognition algorithm; marking the evidence, and establishing an evidence library according to the first storage dataset, the evidence and the event vectors; establishing a evidence graph according to evidence library and an effective time sequence; and reasoning suspicious attack nodes through a VERA algorithm.
Abstract: The invention relates to the field of digital evidence collection, and specifically relates to an evidence graph and vulnerability reasoning combined network evidence collection method and system. The method comprises the steps of collecting original data from heterogeneous data sources; storing the original data, thereby obtaining first storage data; separating evidence from the first storage data by use of a classification and recognition algorithm; marking the evidence, thereby obtaining event vectors of the evidence; establishing an evidence library according to the first storage data, the evidence and the event vectors; establishing an evidence graph according to the evidence library and an effective time sequence; and reasoning suspicious attack nodes through a VERA algorithm according to the evidence graph and simulating attack paths. Through adoption of the heterogeneous data sources, the comprehensiveness and integrity of the data sources can be ensured. The obtained evidence can be visually reflected by the VERA. According to the method, the problems that in the evidence collection process at the present stage, integrity and authenticity are poor and the obtained evidence cannot be reflected visually can be solved.

5 citations

Journal ArticleDOI
TL;DR: This book attempts to link research in these two communities by providing a wide-ranging and up-to-date reference for both researchers and practitioners by exploring all phases of the forensics workflow and detailing several tools of interest.
Abstract: The recovery and analysis of digital information has become a major component of many criminal investigations today. Given the ever-increasing number of personal digital devices, such as notebooks, tablets, and smartphones, as well as the development of communication infrastructures, we all gather, store, and generate huge amounts of data. Some of this information may be precious evidence for investigation and may be used in courts. During the last several decades, increasing research efforts have therefore been dedicated toward defining tools and protocols for the analysis of evidence coming from digital sources. This book attempts to link research in these two communities by providing a wide-ranging and up-to-date reference for both researchers and practitioners. The digital forensics ecosystem is surveyed with the necessary breadth in the first half of the book, by exploring all phases of the forensics workflow and detailing several tools of interest. Gaining insight into these aspects is of paramount importance for practitioners, but also for academic researchers who are often not aware of the standard practices and processes required to preserve digital evidence, e.g., for legal purposes. Similarly, practitioners have the opportunity to discover the state of the art in forensics research in the second half of the book, which is written from a signal processing perspective. This balanced mix is a major asset of this book, making it suitable for readers of diverse background.

5 citations

Proceedings ArticleDOI
09 Sep 2020
TL;DR: This paper reviews major research works that present challenges in the acquirement and analysis of android forensic data and proposes techniques for overcoming these challenges.
Abstract: Mobile devices are widely used. Although most of mobile devices are legally used, criminals may use mobile devices during crime commitment. Therefore, these mobile devices become important since the information stored in these devices can be used as a digital evidence which is an essential part of investigations conducted by mobile forensics investigators. Nevertheless, investigators may face several challenges in the acquirement and analysis of android forensic data. In this paper, we review major research works that present these challenges and propose techniques for overcoming these challenges.

5 citations


Network Information
Related Topics (5)
Information privacy
25.4K papers, 579.6K citations
78% related
Cloud computing security
27.1K papers, 511.8K citations
77% related
Authentication
74.7K papers, 867.1K citations
77% related
Intrusion detection system
28.4K papers, 509.5K citations
76% related
Public-key cryptography
27.2K papers, 547.7K citations
75% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20241
202387
2022206
202187
2020116
2019111