Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Evaluation of Integrated Digital Forensics Investigation Framework for the Investigation of Smartphones Using Soft System Methodology

Abstract: The handling of digital evidence can become an evidence of a determination that crimes have been committed or may give links between crime and its victims or crime and the culprit. Soft System Methodology (SSM) is a method of evaluation to compare a conceptual model with a process in the real world, so deficiencies of the conceptual model can be revealed thus it can perform corrective action against the conceptual model, thus there is no difference between the conceptual model and the real activity. Evaluation on the IDFIF stage is only done on a reactive and proactive process stages in the process so that the IDFIF model can be more flexible and can be applied on the investigation process of a smartphone.

Using Multimedia Presentations to Enhance the Judiciary's Technical Understanding of Digital Forensic Concepts: An Indonesian Case Study

Abstract: Members of the judiciary and law enforcement agencies need to understand digital forensics in order to determine the admissibility of, and to effectively present, digital evidence in a court. In this paper, we examine the use of multimedia presentations to improve participants' understanding of particular terms and concepts that commonly arise in digital forensic investigations. A questionnaire-based survey was conducted using a convenient sample of judges, investigators, prosecutors and staff from three provinces in Indonesia. We compared the participants' understanding of three technical terms: mobile forensics, time zones, and hashing, before and after watching three educational videos on the respective topics. The results showed that all participants had an increased level of understanding after viewing the educational videos. The participants also provided useful feedback that can be used as a guide for improved design decisions in future multimedia-based training.

Implementing Digital Forensic Readiness: From Reactive to Proactive Process

Abstract: Implementing Digital Forensic Readiness: From Reactive to Proactive Process shows information security and digital forensic professionals how to increase operational efficiencies by implementing a pro-active approach to digital forensics throughout their organization. It demonstrates how digital forensics aligns strategically within an organization's business operations and information security's program. This book illustrates how the proper collection, preservation, and presentation of digital evidence is essential for reducing potential business impact as a result of digital crimes, disputes, and incidents. It also explains how every stage in the digital evidence lifecycle impacts the integrity of data, and how to properly manage digital evidence throughout the entire investigation. Using a digital forensic readiness approach and preparedness as a business goal, the administrative, technical, and physical elements included throughout this book will enhance the relevance and credibility of digital evidence. Learn how to document the available systems and logs as potential digital evidence sources, how gap analysis can be used where digital evidence is not sufficient, and the importance of monitoring data sources in a timely manner. This book offers standard operating procedures to document how an evidence-based presentation should be made, featuring legal resources for reviewing digital evidence.Explores the training needed to ensure competent performance of the handling, collecting, and preservation of digital evidenceDiscusses the importance of how long term data storage must take into consideration confidentiality, integrity, and availability of digital evidenceEmphasizes how incidents identified through proactive monitoring can be reviewed in terms of business riskIncludes learning aids such as chapter introductions, objectives, summaries, and definitions

Addressing the Increasing Volume and Variety of Digital Evidence Using an Ontology

Abstract: The field of digital evidence must contend with an increasing number of devices to be examined paralleled with increasing diversity. Examiners face a battle to understand what artefacts may exist on these devices. Further, many current forensic tools look to comprehensively examine sources of digital evidence which can generate large amounts of, often spurious, data with no easy means of correlation. This paper proposes the use of an ontology - the Digital Evidence Semantic Ontology (DESO) - that allows an examiner to quickly discover what artefacts may be available on a device before time-consuming processes are commenced - preventing the generation of data that may have no practical value for an investigation. The ontology is then used to classify this data so that equivalent artefacts across devices can be compared to make connections. It demonstrates how this ontology can be adapted to keep track of changes in technology and how it can be used in a laboratory environment.