Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Digital Evidence Object Model for Situation Awareness and Decision Making in Digital Forensics Investigation

Abstract: The aim of a forensic investigation is to provide situation awareness in terms of identification and preservation of digital evidence, extraction of information, and analysis of extracted information to facilitate time-critical decision making. Digital forensic investigation is a process of collecting, examining, and analyzing digital data from various places such as digital devices, networks, and big data in the cloud. Here we propose a novel digital evidence object (DEO) model for the reduction of forensics data in digital forensic investigation and describe its application. The proposed DEO model is based on the synergy of category theory and integration of 5Ws (Who, What, When, Where, and Why) of digital investigation analysis techniques for digital evidence acquisition. We present a real-life case study to demonstrate its suitability for assisting computer forensics experts in the digital evidence investigation. Our results demonstrate that the application of the DEO model can noticeably decrease the number of false positive evidence objects submitted to a forensics expert, thus reducing his/her workload and improving decision making performance in a time-critical setting.

Selective Imaging Revisited

Abstract: The standard procedure for the acquisition of digital evidence in forensic investigations is to produce a bit-wise 1:1 copy of the original data on a digital storage device. This is often called imaging and becoming a bottleneck in modern digital investigations. The notion of selective imaging was introduced by Turner in 2005 and associated with the decision not to acquire all possible information during the evidence capture process. In this paper, we precisely define the term selective imaging, thereby generalizing the concept to allow acquisition of data objects in any combination and from any level of abstraction. We have implemented this approach as a plugin for the open source Digital Forensics Framework (DFF) using a container format based on the Advanced Forensic Framework 4 (AFF4). We present some design and implementation details as well as a performance evaluation.

Systematic Approach for Detection and Assessment of Dark Web Threat Evolution

Abstract: Cyber thieves and terrorists use the dark web as one of the most difficult channels to achieve their nefarious goals. There are many similarities between cyber-crimes and real-world crimes taking place on the dark web. However, the dark web's sheer breadth and anonymity are key to tracing the offenders. The first step in finding effective solutions to cybercrime is to assess the different dark web criminal hazards. The investigation of the dark web includes a review of crimes to minimize crime issues. To assist cyber security specialists, the authors used the systematic literature review approach and extracted data from 65 publications from the most relevant internet resources to meet research aims. As a result of an exhaustive investigation, systematic literature review is able to provide a clear picture of how criminal activity on the dark web is expanding and examine the strengths and weaknesses of existing methods for tracking down criminals. This study has showed, to aid law enforcement in the apprehension of criminals, digital evidence must be analyzed as per established standards.

Managing digital evidence: the governance of digital forensics

Abstract: Governance in general is becoming increasingly important in contemporary management, but specifically the governance of Digital Forensics. In order to manage governance disciplines effectively, closer attention needs to be paid to the technical aspects of specialised fields covered within an organisation. This paper presents a novel, scientific definition of Digital Forensic (DF) governance and a preliminary best practice framework. Similar to other existing organisational governance disciplines, DF governance assists organisations in guiding the management team and stakeholders in setting up mandates and expected actions from the organisation's incident response team. The DF governance framework is designed with a strong input from related governance disciplines, as well as a sound knowledge of the DF discipline. It can support and supplement the role technology and information plays within the business environment. The adoption of this framework by organisations will serve as internal guidance document when addressing digital incidents and attacks.

Digital evidence search kit

Abstract: With the rapid development of electronic commerce and Internet technology, cyber crimes have become more and more common. There is a great need for automated software systems that can assist law enforcement agencies in cyber crime evidence collection. This paper describes a cyber crime evidence collection tool called DESK (digital evidence search kit), which is the product of several years of cumulative efforts of our center together with the Hong Kong Police Force and several other law enforcement agencies of the Hong Kong Special Administrative Region. We use DESK to illustrate some of the desirable features of an effective cyber crime evidence collection tool.