Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Digital Evidence for Database Tamper Detection

Abstract: Most secure database is the one you know the most Tamper detection compares the past and present status of the system and produces digital evidence for forensic analysis Our focus is on different methods or identification of different locations in an oracle database for collecting the digital evidence for database tamper detection Starting with the basics of oracle architecture, continuing with the basic steps of forensic analysis the paper elaborates the extraction of suspicious locations in oracle As a forensic examiner, collecting digital evidence in a database is a key factor Planned and a modelled way of examination will lead to a valid detection Based on the literature survey conducted on different aspects of collecting digital evidence for database tamper detection, the paper proposes a block diagram which may guide a database forensic examiner to obtain the evidences

A survey on digital evidence collection and analysis

Abstract: The growth of digital technologies results in the growth of digital crimes. Digital forensics aims to collect crime-related evidence from various digital media and analyze it. This survey reviews several tools and methods in the literature which extract pieces of evidence from the system and analyze them. It also dfscusses the challenges during the collection and analysis of low level data from the compromised system.

Guidelines on Cell Phone Forensics: Recommendations of the National Institute of Standards and Technology

Abstract: (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL's research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. This document provides guidelines for Federal organizations' acquisition and use of security-related Information Technology (IT) products. These guidelines provide advice to agencies for sensitive (i.e., non-national security) unclassified systems. NIST's advice is given in the context of larger recommendations regarding computer systems security. These guidelines are for use by Federal organizations that process sensitive information. 1 They are consistent with the requirements of OMB Circular A-130, Appendix III. The guidelines herein are not mandatory and binding standards. This document may be used voluntarily by non-governmental organizations. It is not subject to copyright. Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding upon Federal agencies by the Secretary of Commerce under his statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, the Director of the Office of Management and Budget, or any other Federal official. 1 The Computer Security Act provides a broad definition of the term " sensitive information, " namely " any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under section 552a of title 5, United States Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense …

Automated inference of past action instances in digital investigations

Abstract: As the amount of digital devices suspected of containing digital evidence increases, case backlogs for digital investigations are also increasing in many organizations. To ensure timely investigation of requests, this work proposes the use of signature-based methods for automated action instance approximation to automatically reconstruct past user activities within a compromised or suspect system. This work specifically explores how multiple instances of a user action may be detected using signature-based methods during a postmortem digital forensic analysis. A system is formally defined as a set of objects, where a subset of objects may be altered on the occurrence of an action. A novel action-trace update time threshold is proposed that enables objects to be categorized by their respective update patterns over time. By integrating time into event reconstruction, the most recent action instance approximation as well as limited past instances of the action may be differentiated and their time values approximated. After the formal theory if signature-based event reconstruction is defined, a case study is given to evaluate the practicality of the proposed method.

Dynamical Network Forensics Based on Immune Agent

Abstract: Current network forensics systems are static and not real-time. In order to overcome the shortages, a dynamical network forensics model based on artificial immune theory and multi-agent theory, referred to as DNF, is introduced here. Comparing with traditional computer forensics methods, the new method provides the capacity that gathering real-time evidence dynamically as soon as network intrusions take place and saving the evidence in a safe way to prepare for the collection and analysis of the original evidence. In this paper, architecture of the model and the definitions of its components inspired by the immunity theory are given out. The experiment shows that it is able to insure the authenticity, integrality and validity of the digital evidence, and it is a new method for dynamic computer forensics.