Topic
Digital evidence
About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.
Papers published on a yearly basis
Papers
More filters
••
28 Sep 2020TL;DR: In this paper, a generic digital evidence framework, called CISMO, is presented to support LEAs in detecting and preventing different type of cyber-crime activities on Online Social Networks (OSNs).
Abstract: Nowadays, Online Social Networks (OSNs) has created a breeding ground for criminals to engage in cyber–crime activities, and the legal enforcement agencies (LEAs) are facing significant challenges since there is no consistent and generalized framework built specifically to analyse users’ misbehaviour and their social activity on these platforms. Data exchanged over these platforms represent an important source of information, even their characteristics such as unstructured nature, high volumes, velocity, and data inter–connectivity, become an obstacle for LEAs to analyse these data using traditional methods in order to provide it to the legal domain. Although numerous researches have been carried out on digital forensics, little focus has been employed on developing appropriate tools to exhaustively meet all the requirements of crime investigation targeting data integration, information sharing, collection and preservation of digital evidences. To bridge this gap, in our preliminary work we presented a generic digital evidence framework, called CISMO as a semantic tool that is able to support LEAs in detecting and preventing different type of crimes happening on OSNs. This paper gives details of the knowledge extraction layer of the framework. Specially, we mainly focus on analyses criminal social graph structures proving the effectiveness of CISMO in a case study with real criminal dataset. Experimental results reveal that applying appropriate Social Network Analyses (SNA), CISMO framework should be able to query and discover the criminal networks, empowering the criminal investigator to see the connections between people.
4 citations
••
04 Jan 2010TL;DR: The AFF4 evidence container format as discussed by the authors provides a general solution to the problem of storing digital evidence, both in terms of copied bitstream images and general information that describes the images and context surrounding a case.
Abstract: It is well acknowledged that there is a pressing need for a general solution to the problem of storing digital evidence, both in terms of copied bitstream images and general information that describes the images and context surrounding a case In a prior paper, we introduced the AFF4 evidence container format, focusing on the description of an efficient, layered bitstream storage architecture, a general approach to representing arbitrary information, and a compositional approach to managing and sharing evidence This paper describes refinements to the representation schemes embodied in AFF4 that address the accurate representation of discontiguous data and the description of the provenance of data and information
4 citations
••
13 Feb 2005
TL;DR: In this paper, the basic issues related to the use of digital evidence in courts are investigated, in particular the basic legal test of authenticity of evidence with respect to an e-mail tool that can be used to manipulate evidence.
Abstract: This paper investigates basic issues related to the use of digital evidence in courts. In particular, it analyzes the basic legal test of authenticity of evidence with respect to an e-mail tool that can be used to manipulate evidence. The paper also examines the experiences and perceptions of U.S. state judicial officers regarding digital evidence, and reviews case law on how such evidence might be tested in the courts. Finally, it considers ethical and social issues raised by digital evidence and the mitigation of problems related to digital evidence.
4 citations
•
4 citations
••
NEC1
TL;DR: A system architecture based on the detection framework and cases in which it is used are described, and the effectiveness and the limitations of the proposed framework are discussed.
Abstract: Insider threats, such as information leakages, are big problems in many organizations. They are difficult to detect and control, because insiders such as employees have legitimate rights to access the organization's resources in order to carry out their responsibilities. For this reason, existing security systems such as firewalls, intrusion detection systems, and access control mechanisms are ineffective countermeasures. Therefore, a framework is being developed for detecting suspicious insiders by triggering monitoring and analysis of suspicious actions done to hide digital evidence. This framework first creates an event (called a "trigger") that will impel malicious members to behave suspiciously, for example, deleting digital data that may be evidence of their malicious behavior. In addition, the framework also monitors and analyzes actions by comparing operational logs before/after the trigger. This work is still in progress. Here, a system architecture based on the detection framework and cases in which it is used are described. Also, the effectiveness and the limitations of the proposed framework are discussed.
4 citations