Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

A Study on the Chain of Custody for Securing the Faultlessness of Forensic Data

Abstract: Computer Forensics functions by defending the effects and extracting the evidence of the side effects for production at the court. Has the faultlessness of the digital evidence been compromised during the investigation, a critical evidence may be denied or not even be presented at the trial. The presented monograph will deliberate the faultlessness-establishing chain procedures in disk forensics, system forensics, network forensics, mobile forensics and database forensics. Once the faultlessness is established by the methods proposed, the products of investigation will be adopted as a leading evidence. Moreover, the issues and alternatives in the reality of digital investigation are presented along with the actual computer forensics cases, hopefully contributing to the advances in computer digital forensics and the field research of information security.

Digital Forensics: Principles of digital evidence collection

Abstract: The collection of digital evidence must follow certain basic steps in order to be effective. This article introduces the main principles.

Study on constructing malware attack forensic procedure of digital evidence

Abstract: This study intended to improve two common problems of digital evidences: preservation and ease to modified; during preservation, collection, validation, identification, analysis, interpretation, documentation and presentation processes. We used I-Forensics (LiveDetector & LiveSearch) tools kit to explore digital evidence of malware attack in Windows system to produces a standard operation procedure. The main purpose is to provide forensic operators a reliable and accountable standard and guideline mechanism.

An evidence-based cloud incident handling framework

Abstract: Cloud computing is increasingly adopted by both individual and organisational users; thus, ensuring the security and privacy of data stored in the cloud is a crucial requirement in an organisation‘s business continuity and risk assessment strategies An incident handling strategy is key to mitigating risks to the confidentiality, integrity and availability of information assets, particularly those outsourced to the cloud located in one or more different countries Thus, organisational cloud users may face challenges or be limited in their capability to handle security incidents (eg security breaches) on their sites since the infrastructure on which the data resides belongs to the cloud providers Surveys were conducted with industry practitioners to identify: (1) the implications of emerging technologies and its information security threats on the incident handling practices, and (2) the factors influencing incident handling adoption for organisational cloud users The results indicated that the current landscape of information security threats have impacted on their security strategic planning, resulting in practitioners being more proactive, requiring better tactical tools, and cultivating a culture of information security The factors identified as having a significant influence on the adoption were determined using an integration of Situational Awareness and Protection Motivation Theory Users are more likely to adopt if they are aware of cloud security and privacy related risks, confident in their capability, understand the benefits, and understand the impact due to an ineffective strategy The cloud incident handing framework presented in this thesis draws upon principles and practices from both incident handling and digital forensics The integration of digital forensic principles and practices facilitates the collection of digital evidence, reconstructing of events and establish facts of who, what, when, where, how, and why an incident took place The framework consists of six phases, namely: Preparation (integrated with forensic readiness principles); Identification; Assessment (integrated with forensic collection and analysis practices); Action and Monitoring; Recovery; and Evaluation (integrated with forensic presentation practices) A feasibility study was conducted that simulates private cloud storage (ie ownCloud) in a virtual environment A security information and event management tool was used to demonstrate that each phase is feasible with significant evidence artefacts can be collected

The Current State of Digital Forensic Practitioners in South Africa Examining the Qualifications, Certifications, Training and Experience of South African Digital Forensic Practitioners

Abstract: Recent high profile court trials around the world, including South Africa, have highlighted the importance of forensic science evidence in court. They have also show what can happen when forensic science is handled poorly in court leading to incorrect convictions or acquittals. Most often the problems have been linked to the qualifications, training, competency and experience of the forensic practitioners who examined and analysed the evidence. With digital forensics being recognised as a forensics science and criminal trials such as Casey Anthony and Julia Amero dominated by errors in the digital forensics process attributed to the examiners, it is crucial to understand what the current situation is in South Africa with regards local digital forensic practitioners, so as to identify any strengths or shortcomings which could impact on digital evidence in a court of law. The research focused on understanding the academic qualifications, digital forensics training, competency, and experience of South African digital forensic practitioners. General trends were identified through the research showing that South African digital forensic practitioners often lacked the necessary academic qualifications, training, competency and experience required of a digital forensics practitioner, raising concerns about the quality of digital forensics practice in South Africa. When contrasted against international standards, the research identified areas of improvement, and suggested potential remedial actions to address the situation. Keywords-digital forensics, digital forensic practitioners, digital forensic standards