Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Microsoft Vista: Serious Challenges for Digital Investigations

Abstract: Microsoft’s Vista (“Vista”) can be seen as a dramatic departure from previous versions of the vendor’s operating systems, in terms of security and file systems. This vendor’s technical advances in security have created problems for law enforcement and other computer forensics investigators. This paper will illustrate how changes to Vista’s file systems will impede the retrieval of inculpatory evidence by prosecutors; the discovery of digital evidence on a system is more problematic in a Vista environment. The successful conviction of a defendant is reliant upon a prosecutor effectively demonstrating control, ownership and intent relating to the data found on the perpetrator’s computer. However, a machine running Vista is likely to negatively impact these findings. This paper will seek to guide the forensics investigator through the plethora of Vista operating system changes and provide suggestions for alternative methods of data discovery.

A Systematic Literature Review On Digital Evidence Admissibility: Methodologies, Challenges and Research Directions

Abstract: Admissibility of Evidence is the eligibility of particular pieces of evidence for inception as part of the evidence in a case. Admissibility means the character or quality to be accepted and allowed to be presented or introduced as evidence in court. To be admissible means capable of being legally admitted or allowable or permissible as evidence or worthy of gaining entry or being admitted. This study focus on carrying out a systematic literature review and meta-analysis on Digital Evidence Admissibility. The methodology employed in this study was the querying of four academic database resources systematically and fundamentally identifying kinds of literature related to digital evidence admissibility through identification, screening, eligibility and inclusion criteria. The advantage of this study is revealing the gap and trends in digital evidence admissibility as the article published between the period of 2015 through 2018 are relative with the following variation 64%, 21% 7%, for the following respectively, IEEE, Science Direct, ACM Digital library, as well as Research Gate. While at the period under review, 2019 is yet to record publication in the field of research in Digital Evidence Admissibility. The period under review witnessed a low academic publication in the field of Digital Evidence admissibility. This research will aid in projecting future research in the aforementioned research field.

'Dearest Property': Digital Evidence and the History of Private 'Papers' as Special Objects of Search and Seizure

Abstract: Why does the Fourth Amendment distinctly mention “papers” as well as “effects”? Why should we care? This Article suggests that we should care because modern doctrine’s equation of “papers” with other “effects” produces increasingly disturbing results in an age of dense concentrations of intimate personal information stored on small, portable devices like cell phones and flash drives. The Fourth Amendment says “papers” because the founders perceived the seizure of papers as a grave abuse distinct from the abuse of general warrants or writs of assistance. The evidence for this claim is traced from the 1760’s through the famous but largely unstudied Supreme Court decision in Boyd v. United States in 1884. The evidence suggests that the modern equation of “papers” with “effects” conflicts with both the text and original understanding of the text. The Article also suggests that Boyd’s per se prohibition of seizing papers solely for use as evidence, while not historically implausible, is not historically inevitable either. History has left the door open to the imposition of structural safeguards on the collection of documentary evidence, including digital evidence, so long as those safeguards prevent the indiscriminate, expropriating, unregulated and inquisitorial seizures that were justly condemned at the founding.

Automated identification of digital evidence across heterogeneous data resources

Abstract: the major challenges with big data examination and analysis are volume, complex interdependence across content, and heterogeneity. The examination and analysis phases are considered essential to a digital forensics process. However, traditional techniques for the forensic investigation use one or more forensic tools to examine and analyse each resource. In addition, when multiple resources are included in one case, there is an inability to cross-correlate findings which often leads to inefficiencies in processing and identifying evidence. Furthermore, most current forensics tools cannot cope with large volumes of data. This paper develops a novel framework for digital forensic analysis of heterogeneous big data. The framework mainly focuses upon the investigations of three core issues: data volume, heterogeneous data and the investigators cognitive load in understanding the relationships between artefacts. The proposed approach focuses upon the use of metadata to solve the data volume problem, semantic web ontologies to solve the heterogeneous data sources and artificial intelligence models to support the automated identification and correlation of artefacts to reduce the burden placed upon the investigator to understand the nature and relationship of the artefacts.

An integrated open forensic environment for digital evidence investigation

Abstract: Nowadays, the capability of traditional digital forensic tools fails to meet the demand of ever increasing of criminal or civil cases. One of the challenges is that digital devices and applications are multifarious and changing quickly. Here, we propose a new mode for digital forensic tools utilization via integrating open-source single tools into a platform and setting up into Live DVD/USB. The platform, an Integrated Open Forensic Environment (named IOFE), takes full advantage of these tools and, at the same time, elevates its power and interoperability via standardized input/output data. The IOFE features conducting live and dead investigation and covers three consecutive major phases of digital forensics: acquisition, analysis, and presentation. Our experiments prove that IOFE can carry out manifold acquisition, interpretation, analysis, and presentation task of evidentiary data in an efficient and effective manner.