Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Animating Evidence: Computer Game Technology in the Courtroom

Abstract: 1. Introduction Inevitably the future will be increasingly digital. The continuing digital revolution has had an enormous impact on the way forensic evidence is collected, analysed and interpreted and has even led to the defining of new types of digital evidence (for example, digital imagery and video, hard drives and digital storage devices). Much of this digital media will end up needing to be admitted into courtrooms as evidence. In most jurisdictions around the world technology can be slow to become legally accepted. It is fair to say that, in general, legislation for the admissibility of digital media usually lags behind the technological development (Schofield and Goodwin, 2007). In a modern courtroom, the presentation of forensic evidence by an expert witness can bring about the need for arduous descriptions by lawyers and experts to get across the specifics of complicated scientific, spatial and temporal data. These technological advances have also meant that experts have had to develop new ways to present such complex evidence in court. Digital visual evidence presentation systems (including digital displays, computer-generated graphical presentations and three-dimension simulations) have already been used in many jurisdictions. These visual tools can be used to present evidence and illustrate hypotheses based on scientific data, or they may be used to depict the perception of a witness, such as what may have occurred (seen from a specific viewpoint) during a particular incident. Digital reconstruction technology may also be applied in a courtroom to explore and illustrate 'what if' scenarios and questions, testing competing hypotheses and possibly exposing any inconsistencies and discrepancies within the evidence (Burton et al, 2005). It is important to realise that the use of such computer-generated presentations in a courtroom is only the current manifestation of evidence illustration and visualisation in a long history of evidential graphics used in litigation (Schofield and Goodwin, 2007). However, computer animations and interactive virtual simulations are unparalleled in their capabilities for presenting complex evidence. The use of such enabling visualisation technology can affect the manner in which evidence is assimilated and correlated by the viewer; in many instances, it can potentially help make the evidence more relevant and easier to understand (Tufte, 1985; Burton et al, 2005; Mervis, 1999). At this point, it is perhaps worth defining and describing the technologies under discussion in this paper. Over the past ten years, visual evidence displays and digital courtroom presentation systems have developed to cover a wide variety of technologies (O'Flaherty, 1996; Schofield and Goodwin, 2007). This paper focuses on the evidential use of computer-generated imagery, particularly computer graphics. Computer graphics in this context refers to a suite of software applications that can be used to produce outputs such as rendered images and animations(2). Computer graphics systems can utilise numerical three-dimensional models of real world objects to create artificial virtual environments. Based on scene survey data, objects such as equipment, vehicles, human figures, environment details, landscape features and other relevant evidence items can be accurately positioned and precisely scaled within the artificial three-dimensional environment. The scene objects can then be texture mapped with relevant photographic images to produce a credible lifelike appearance (Watt, 1999; Foley et al, 1995). Computer technology can be employed to build an animation from one these virtual environments, this is usually rendered frame-by-frame (as a series of still images). These frames, when played back in quick succession, create an experience of space, motion and time. Popular cultural examples of this technique include animated films and movies such as Shrek by Dreamworks Animation

Intrusion Investigations with Data-Hiding for Computer Log-File Forensics

Abstract: In most of companies or organizations, logs play important role in information security. However, the common security mechanism only backup logs, it is not able to find out traces of intruders because the hacker who is able to intrudes the security mechanism of organization would try to alter logs or destroy important intrusion evidences making it impossible to preserve evidence using traditional log security strategies. Thus, logs are not considered as evidence to prove the damage. In that case, digital evidence lacks in terms of completeness which makes it difficult to perform computer forensics operations. In order to maintain the completeness and reliability of evidence for later forensic procedures and intrusion detection, the study applies concepts of steganography to logs forensics, for which even intrusion altered records will be kept as well. Comparing to traditional security strategies, this study proposes a better logging mechanism to ensure the completeness of logs. Furthermore, the study will assist in intrusion detection through alteration behavior, and help in forensic operations.

Digital Forensics Challenges to Big Data in the Cloud

Abstract: As a new research area, Digital Forensics is a subject in a rapidly developing society. Cyber Security for Big Data in the Cloud is getting more attention than ever. A computing breach requires digital forensics to seize digital evidence to determine who is responsible and what has been done maliciously and the possible further consequences. In particular, for Big Data attack cases, Digital Forensics is facing even more challenge for earlier digital breach investigations. For the PPI (Protection of Personal Information) a GDPR (General Data Protection Regulation) law has been launched to be implemented from the 25th May 2018. This compulsory regulation will have an important impact on healthcare PPI in the cloud (ICO, 2017, Deloitte, 2014). Nowadays, Big Data with the characteristics of three “V”s (Volume, Velocity, and Variety), are either synchronized with the Cloud, or stored in the Cloud, in order to solve the storage capacity and so on problems, which made Digital Forensics investigation even more difficult. The Big Data Digital Forensics issue for the Cloud is difficult. One of them is the need to identify which physical devices have been compromised. Data are distributed in the Cloud, so the customer or digital forensics practitioner cannot have full access control like the traditional investigation does. Smart City are making use of ICT (information communications technology) to collect, detect, analyze and integrate the key information data of core systems in running the cities. Meanwhile, the Control Centre is making intelligent responses to different requirements that include daily livelihood, PPI security, environmental protection, public safety, industrial and commercial activities and city services. The Smart City healthcare Big Data are collected and gathered by the IoT (Internet of Things) (Liu, 2014, Qi, 2016) and applying GDPR prevent Cyberstalking and Cybercrimes. This paper summerises our review on the trends of Digital Forensics used for Big Data. The evidence acquisition challenge is discussed. A case study of a Smart City project with IoT services collecting Big Data which are stored in the Cloud computing environment is represented. The techniques can be generalised to other Big Data in the Cloud environment.

Traceability in digital forensic investigation process

Abstract: Digital forensic is part of forensic science that implicitly covers crime that is related to computer technology. In a cyber crime, digital evidence investigation requires a special procedures and techniques in order to be used and be accepted in court of law. Generally, the goals of these special processes are to identify the origin of the incident reported as well as maintaining the chain of custody so that the legal process can take its option. Subsequently, the traceability process has become a key or an important element of the digital investigation process, as it is capable to map the events of an incident from difference sources in obtaining evidence of an incident to be used for other auxiliary investigation aspects. Hence, this paper introduces a trace map model to illustrate the relationship in the digital forensic investigation process by adapting and integrating the traceability features. The objective of this integration is to provide the capability of trace and map the evidence to the sources and shows the link between the evidence, the entities and the sources involved in the process, particularly in the collection phase of digital forensic investigation framework. Additionally, the proposed model is expected to help the forensic investigator in obtaining accurate and complete evidence that can be further used in a court of law.

A workflow to support forensic database analysis

Abstract: Governments and private organisations are increasingly aware that vital information stored in their databases is no longer safe behind perimeter firewalls, intrusion prevention systems and other edge protections. Databases store a broad range of private and important information, making them a prime target for exploitation by wrongdoers wishing to breach confidentiality, damage the integrity of the data or make it unavailable to its users. The intricate nature and the non-stoppable critical services running in databases makes forensic examination of database difficult and challenges the forensics recovery and examination processes. The research presented in this thesis discusses the feasibility of developing an enhanced workflow that provides insight into the challenging complexities of examining and using database evidence. It lays the foundation for the development and establishment of standards in database forensic analysis and forensic case management. The major contribution of this research is a literature review that summarises the state-of-the-art in database forensics. It argues for the need for more in-depth research in this field and highlights limited availability of forensic data. To improve this, the research presents the design of a generic workflow of database forensic examination. This is evaluated using a qualitative and case study based evaluation and highlights the various limitations and drawback of the workflow. In summary, the research in this thesis proposes a system that allows a forensic examiner to focus on what is relevant to a case in a systematic way that can be proved in court. The workflow also acts as a case management tool by aiding the forensic examiner to apply established standards and procedures to identify best-case result by systematically, thoroughly and efficiently collecting and validating digital evidence.