Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images

Abstract: The ubiquity of modern smartphones means that nearly everyone has easy access to a camera at all times In the event of a crime, the photographic evidence that these cameras leave in a smartphone's memory becomes vital pieces of digital evidence, and forensic investigators are tasked with recovering and analyzing this evidence Unfortunately, few existing forensics tools are capable of systematically recovering and inspecting such in-memory photographic evidence produced by smartphone cameras In this paper, we present VCR, a memory forensics technique which aims to fill this void by enabling the recovery of all photographic evidence produced by an Android device's cameras By leveraging key aspects of the Android framework, VCR extends existing memory forensics techniques to improve vendor-customized Android memory image analysis Based on this, VCR targets application-generic artifacts in an input memory image which allow photographic evidence to be collected no matter which application produced it Further, VCR builds upon the Android framework's existing image decoding logic to both automatically recover and render any located evidence Our evaluation with commercially available smartphones shows that VCR is highly effective at recovering all forms of photographic evidence produced by a variety of applications across several different Android platforms

Do we have full control over integrity in digital evidence life cycle

Abstract: Chain of custody plays an important role in digital forensic investigation. Contact with different variables occurs through a life cycle of digital evidence. To prove chain of custody, investigators must know all details on how the evidence was handled every step of the way. ”Five WS (and one H) “must be applied. Life cycle of digital evidence is very complex, and at each stage there is more impact that can violate a chain of custody. This paper presents a life cycle of digital evidence and problems with implementation of chain of custody in digital investigation. The authors also warn of certain shortcomings in terms of answering specific questions, and give some recommendation for further research. New framework based on Five WS will be presented.

Practical Approaches to Recovering Encrypted Digital Evidence

Abstract: The threat [of encryption] is manifest in four ways: failure to get evidence needed for convictions, failure to get intelligence vital to criminal investigations, failure to avert catastrophic or harmful attacks, and failure to get foreign intelligence vital to national security. Encryption can also delay investigations, increase their costs, and necessitate the use of investigative methods which are more dangerous or invasive of privacy. (Demming, Baugh, 1997a)