Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

An Analysis of the Digital Forensic Examination of Mobile Phones

Abstract: Digital evidence is proving increasingly pivotal in criminal investigations whether it is an arrest for a minor offence or a more serious activity. As people rely on mobile phones and their many functions, the digital trail of evidence continues to grow. The forensic examination of mobile phones is a relatively new discipline and research activity into the forensic analysis of these types of phones, and the information they may contain, is limited when compared to the exponential increase in ownership of these types of phones. The amount of ubiquitous information stored on mobile phones will continue to grow as their processing power and storage capacity increases and the phones incorporate more functionality and applications. Guidelines, publications and research into the more traditional digital forensic examination of computer hard disks are well documented, whereas for mobile phones, the publications and research are not that established. The aim of this paper is to examine the current methods involved in the forensic examination of mobile phones and to identify those areas of mobile phone examination where the current United Kingdom ACPO guidelines and the United States of America NIST guidelines are unclear or insubstantial.

Acquisition of digital evidence in android smartphones

Abstract: From an expert's perspective, an Android phone is a large data repository that can be stored either locally or remotely. Besides, its platform allows analysts to acquire device data, collecting information about its owner and facts that are under investigation. This way, by exploring and cross referencing that rich data source, one can get information related to unlawful acts and its perpetrator. There are widespread and well documented approaches to forensic examining mobile devices and computers. Nevertheless, they are not specific nor detailed enough to examine modern smartphones, since these devices have internal memories whose removal or mirroring procedures are considered invasive and complex, due to difficulties in having direct hardware access. Furthermore, specific features of each smartphone platform have to be considered prior to acquiring its data. In order to deal with those challenges, this paper proposes a method to perform data acquisition of Android smartphones, regardless of version and manufacturer. The proposed approach takes into account existing techniques of computer and cell phone forensic examination, adapting them to specific Android characteristics, its data storage structure, popular applications and the conditions under which the device was sent to the forensic examiner. The method was defined in a broad fashion, not naming specific tools or techniques. Then, it was deployed into the examination of six Android smartphones, addressing different scenarios that an analyst might face, and was validated to perform an entire evidence acquisition.

Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop

Abstract: The aim of this conference is to bring together state of the art research contributions in the development of tools, protocols and techniques which assist in the investigation of potentially illegal activity associated with electronic communication and electronic devices Investigative practice and requirements for presentation of evidence in court are to be considered key underlying themes This includes discovery, analysis, handling and storage of digital evidence; meeting the legal burden of proof; and the establishment of the forensic chain of evidence

Experimental Analysis of Web Browser Sessions Using Live Forensics Method

Abstract: In today's digital era almost every aspect of life requires the internet, one way to access the internet is through a web browser. For security reasons, one developed is private mode. Unfortunately, some users using this feature do it for cybercrime. The use of this feature is to minimize the discovery of digital evidence. The standard investigative techniques of NIST need to be developed to uncover an ever-varied cybercrime. Live Forensics is an investigative development model for obtaining evidence of computer usage. This research provides a solution in forensic investigation effectively and efficiently by using live forensics. This paper proposes a framework for web browser analysis. Live Forensics allows investigators to obtain data from RAM that contains computer usage sessions.