Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

An Ontology-Based Forensic Analysis Tool

Abstract: The analysis of forensic investigation results has generally been identified as the most complex phase of a digital forensic investigation. This phase becomes more complicated and time consuming as the storage capacity of digital devices is increasing, while at the same time the prices of those devices are decreasing. Although there are some tools and techniques that assist the investigator in the analysis of digital evidence, they do not adequately address some of the serious challenges, particularly with the time and effort required to conduct such tasks. In this paper, we consider the use of semantic web technologies and in particular the ontologies, to assist the investigator in analyzing digital evidence. A novel ontology-based framework is proposed for forensic analysis tools, which we believe has the potential to influence the development of such tools. The framework utilizes a set of ontologies to model the environment under investigation. The evidence extracted from the environment is initially annotated using the Resource Description Framework (RDF). The evidence is then merged from various sources to identify new and implicit information with the help of inference engines and classification mechanisms. In addition, we present the ongoing development of a forensic analysis tool to analyze content retrieved from Android smart phones. For this purpose, several ontologies have been created to model some concepts of the smart phone environment.

Protecting Digital Evidence Integrity and Preserving Chain of Custody

Abstract: Evidence is the key to solve any crime. Evidence integrity needs to be protected in order to make it admissible in the court of law. Digital evidence is more revealing, but it is fragile; it can easily be tampered with or modified. There are different techniques available to protect the integrity of digital evidence. Different automated digital evidence acquisition tools are available in the market. In this paper, we have analyzed two automated tools (EnCase and FTK Imager) that are used for disk imaging. These tools claim to protect the integrity of digital evidence. The techniques used by these tools are analyzed in this paper. Problems with their approaches are discussed and a solution is proposed to address the problems. A prototype of an automated tool is developed with an implementation of the proposed solution.

Search Warrants in an Era of Digital Evidence

Abstract: This Article contends that the legal rules regulating the search warrant process must be revised in light of the demands of digital evidence collection. Existing rules are premised on the one-step process of traditional searches and seizures: the police obtain a warrant to enter the place to be searched and retrieve the property named in the warrant. Computer technologies tend to bifurcate the process into two steps: the police first execute a physical search to seize computer hardware, and then later execute a second electronic search to obtain the data from the seized computer storage device. The failure of law to account for the two-stage process of computer searches and seizures has caused a great deal of doctrinal confusion, and makes it difficult (if not impossible) for the law to regulate the warrant process effectively. The Article concludes by offering a series of proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure to update the warrant process for the era of digital evidence.