Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Law Enforcement Authorities' Legal Digital Evidence Gathering: Legal, Integrity and Chain-of-Custody Requirement

Abstract: When carrying out criminal investigations, Law Enforcement Agencies (LEAs) apply new technology in very effective ways. However at worst, LEAs must perform many stages twice with the help of different technical tools. When investigating the identity of criminals LEAs may apply totally different technical tools than when gathering evidences for charge, because the data provided by investigating may not be valid in court. For that reason, a new monitoring system that goes beyond state of the art is needed. Three organizational layers need attentions: 1) LEA, the people that actually retrieve and store the information. 2) Prosecutors and their offices, how they get access to the information. 3) Courts, the final destination of the retrieved information. Until now, the information gathering tools for LEAs have been engineered focusing only on the best way to retrieve the information from the target. The attention paid to the legal, integrity and chain-of-custody requirements as well as social acceptance and legal oversight in connection with retrieving information has been inadequate and guidance on the matters has existed only in manuals written by legal departments.

Organizational Handling of Digital Evidence

Abstract: There are a number of factors that impact a digital forensics investigation. These factors include: the digital media in question, implemented processes and methodologies, the legal aspects, and the individuals involved in the investigation. This paper presents the initial idea that Digital Forensic Practice (DFP) recommendations can potentially improve how organizations handle digital evidence. The recommendations are derived from an in-depth survey conducted with practitioners in both commercial organizations and law enforcement along with supporting literature. The recommendations presented in this paper can be used to assess an organization’s existing digital forensics practices and a guide to Digital Forensics Improvement Initiatives.

Applying a Digital forensic readiness framework: Three case studies

Abstract: A digital forensic investigation primarily attempts to reactively respond to an information security incident. While the predominant goal of an investigation is the maintenance of digital evidence of forensic value, little academic research has been conducted on an organization's proactive forensic capability. This capability is referred to as digital forensic readiness and aims to maximize the forensic credibility of digital evidence, while minimizing its post-incident forensic investigation. In this paper, we classify forensic investigation frameworks to expose gaps in proactive forensics research and we review three prominent information security incidents with regard to proactive forensics planning. The applicability of a proactive forensic plan into each incident is then discussed and put into context.

iPod Forensics Update

Abstract: From student to business worker, the popularity and ubiquity of mobile devices is exploding. As these devices saturate modern culture, they continue to grow in functionality. Such devices can now play music, store photos, contacts, and files or even play full-length movies. Apple’s iPod has taken mobile entertainment to the next level by incorporating all of this into a single device. In fact, the iPod has become so popular that sales have topped nearly sixty seven million units (Apple, 2006). With increased popularity however, criminals have found ways to exploit an otherwise altruistic device. The challenge that lies before law enforcement now becomes identifying the evidence an iPod may contain. Since there has been minimal research in portable music players within the digital forensics community, law enforcement may be fighting blind during their investigations. This paper is an update to previous research by Marsico and Rogers (2005) that presents new procedures and methodologies for law enforcement to obtain digital evidence from the new generations of iPods. As software and hardware revisions have changed, this research analyzes what effect this has on the extraction of evidence.

A Heuristic Model for Performing Digital Forensics in Cloud Computing Environment

Abstract: Cloud computing is a relatively new model in the computing world after several computing paradigms like personal, ubiquitous, grid, mobile, and utility computing. Cloud computing is synonymous with virtualization which is about creating virtual versions of the hardware platform, the Operating System or the storage devices. Virtualization poses challenges to implementation of security as well as cybercrime investigation in the cloud. Although several researchers have contributed in identifying digital forensic challenges and methods of performing digital forensic analysis in the cloud computing environment, we feel that the requirement of finding the most appropriate methods to evaluate the uncertainty in the digital evidence is a must. This paper emphasizes on the methods of finding and analyzing digital evidence in cloud computing environment with respect to the cloud user as well as the provider. We propose a heuristic model for performing digital forensics in the cloud environment.