Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Towards verifiable evidence generation in forensic-ready systems

Abstract: With the increasing threat of cybercrime, there is also an increasing need for the forensic investigation of those crimes However, the topic of systematic preparation on the possible forensic investigation during the software development, called forensic readiness, has only been explored since recently Thus, there are still many challenges and open issues One of the obstacles is ensuring the correct implementation Moreover, the growing volume and variety of digital evidence produced by the systems have to be put into consideration It is especially important in the critical information infrastructure domain where potential cyberattacks could impact the safety of people In this paper, we present research towards verification of forensic readiness in software development, with a focus on digital evidence they produce, to assist the advancement of this research domain Furthermore, we formulate a process that serves a template for designing, developing, and refining a verification method for forensic-ready software systems

Simulasi Analisis Bukti Digital Pada Layanan Cloud Computing Menggunakan Metode NIST 800-86

Abstract: Ease and support for cloud-based data storage It has supported an increase in the number of cloud services. The increasing number of uses for cloud services also increases the number of digital-based criminal actions related to the addition of facilities to cloud services. The cloud service feature designed to store data to support the smooth running of business processes can be misused by criminal assistance to store crime data. Accurate digital evidence is one way to prove a digital crime, which can then be used as supporting evidence in the trial. This study discusses the analysis of digital evidence from a cloud service. The analysis process using the NIST 800-86 method is carried out on digital evidence from 5 previously prepared scenarios related to the use of cloud service features that use being misused. Data acquisition techniques use the method of direct acquisition and physical imaging to obtain digital evidence. The experimental results showed that after scenario 1 and scenario 3, information on the file name and directory of the paths downloaded by client 1 and client 2 were obtained with information on the IP address, mac address, user name, password and time stamp. After scenario 2, digital evidence has been obtained that contains information on the name and location of the folder on the cloud server. After scenario 4, information on the name of the file and the shared folder is successfully obtained, equipped with client information that has the right to access the files and folders. After scenario 5, information about the file name and directory of the file path is successfully obtained.

Safeguarding Forensic Integrity of Virtual Environment Evidence

Abstract: Virtual machine technology has emerged with powerful features, offering several benefits and promising revolutionary outcomes. It is one technology that combines into one package several computing concepts like resource management, emulation, time-sharing, isolation and partitioning. These features have made evidence acquisition and preservation difficult and in some cases unfeasible. The aftermath is that conventional approaches to integrity preservation have not yielded the best results required to facilitate acceptability. Subjects around virtualization forensics, its affiliation with digital evidence integrity, and impacts on admissibility have been decisively examined. A part of this discourse dwelt on recognising potential threats to the integrity and reliability of evidence from a virtual environment; specifically using VMware Virtual Machine Monitor as a case study. A theoretical framework for preserving the integrity of digital evidence from such environments is introduced. This structure highlights guidelines, processes and parameters essential for keeping the accuracy, consistency and trustworthiness of digital evidence, made possible via abstractions from eminent integrity principles of well-formed transactions and separation of duties as proposed by Clark and Wilson. Key parameters in the model include; strength of hash functions, number of evidence attributes, and number of evidence cycle covered; all represented conceptually in a mathematical model. This is further consolidated with the introduction of an integrity rating factor/threshold and the definition of an integrity enforcement process in line with globally recommended standards. While still working on practical demonstration of the proposed model, the work done so far is seen to open a path for unification and amplification of trust levels required for the admissibility of virtual environment evidence.

Akuisisi Bukti Digital Aplikasi Viber Menggunakan Metode National Institute of Standards Technology (NIST)

Abstract: The rapid development of mobile technology today is directly proportional to the development of mobile applications in it. Making it easier for people to choose and use the application as they want. This has resulted in misuse of negative things, ranging from human trafficking, drug trafficking, as well as online prostitution business. Viber is an Instant Messenger application that makes it easy for users. This application can be used to send messages, call, send photos, audio and video to others. This application has been used by 260 million people worldwide. This is the basis of research to acquire digital evidence in Viber applications. Data obtained after acquiring based on the work steps of NIST are the accounts of the perpetrators, contacts targeted by the perpetrators, call history, text messages, picture messages and videos.

Digital Evidence and Forensic Readiness (Dagstuhl Seminar 14092)

Abstract: The seminar on Digital Evidence and Forensic Readiness provided the space for interdisciplinary discussions on clearly defined critical aspects of engineering issues, evaluation and processes for secure digital evidence and forensic readiness. A large gap exists between the state-of-the-art in IT security and best-practice procedures for digital evidence. Experts from IT and law used this seminar to develop a common view on what exactly can be considered secure and admissible digital evidence. In addition to sessions with all participants, a separation of participants for discussing was arranged. The outcome of these working sessions was used in the general discussion to work on a common understanding of the topic. The results of the seminar will lead to new technological developments as well as to new legal views to this points and to a change of organizational measures using ICT. Finally, various open issues and research topics have been identified. In addition to this report, open research issues will also be published in the form of a manifesto on digital evidence. One possible definition for Secure Digital Evidence was proposed by Rudolph et al. at the Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics 2012. It states that a data record can be considered secure if it was created authentically by a device for which the following holds: - The device is physically protected to ensure at least tamper-evidence. - The data record is securely bound to the identity and status of the device (including running software and configuration) and to all other relevant parameters (such as time, temperature, location, users involved, etc.) - The data record has not been changed after creation. Digital Evidence according to this definition comprises the measured value and additional information on the state of the measurement device. This additional information on the state of the measurement device aims to document the operation environment providing evidence that can help lay the foundation for admissibility. This definition provided one basis of discussion at the seminar and was compared to other approaches to forensic readiness. Additional relevant aspects occur in the forensic readiness of mobile device, cloud computing and services. Such scenarios are already very frequent but will come to full force in the near future. The interdisciplinary Dagstuhl seminar on digital evidence and forensic readiness has provided valuable input to the discussion on the future of various types of evidence and it has build the basis for acceptable and sound rules for the assessment of digital evidences. Furthermore, it has established new links between experts from four continents and thus has set the foundations for new interdisciplinary and international co-operations.