Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Enhancing the reliability of digital signatures as non-repudiation evidence under a holistic threat model

Abstract: Traditional sensitive operations, like banking transactions, purchase processes, contract agreements etc. need to tie down the involved parties respecting the commitments made, avoiding a further repudiation of the responsibilities taken. Depending on the context, the commitment is made in one way or another, being handwritten signatures possibly the most common mechanism ever used. With the shift to digital communications, the same guarantees that exist in real world transactions are expected from electronic ones as well. Non-repudiation is thus a desired property of current electronic transactions, like those carried out in Internet banking, e-commerce or, in general, any electronic data interchange scenario. Digital evidence is generated, collected, maintained, made available and verified by non-repudiation services in order to resolve disputes about the occurrence of a certain event, protecting the parties involved in a transaction against the other's false denial about such an event. In particular, a digital signature is considered as non-repudiation evidence which can be used subsequently, by disputing parties or by an adjudicator, to arbitrate in disputes. The reliability of a digital signature should determine its capability to be used as valid evidence. The reliability depends on the trustworthiness of the whole life cycle of the signature, including the generation, transfer, verification and storage phases. Any vulnerability in it would undermine the reliability of the digital signature, making its applicability as non-repudiation evidence difficult to achieve. Unfortunately, technology is subject to vulnerabilities, always with the risk of an occurrence of security threats. Despite that, no rigorous mechanism addressing the reliability of digital signatures technology has been proposed so far. The main goal of this doctoral thesis is to enhance the reliability of digital signatures in order to enforce their non-repudiation property when acting as evidence. In the first instance, we have determined that current technology does not provide an acceptable level of trustworthiness to produce reliable non-repudiation evidence that is based on digital signatures. The security threats suffered by current technology are suffice to prevent the applicability of digital signatures as non-repudiation evidence. This finding is also aggravated by the fact that digital signatures are granted legal effectiveness under current legislation, acting as evidence in legal proceedings regarding the commitment made by a signatory in the signed document. In our opinion, the security threats that subvert the reliability of digital signatures had to be formalized and categorized. For that purpose, a holistic taxonomy of potential attacks on digital signatures has been devised, allowing their systematic and rigorous classification. In addition, and assuming a realistic security risk, we have built a new approach more robust and trustworthy than the predecessors to enhance the reliability of digital signatures, enforcing their non-repudiation property. This new approach is supported by two novel mechanisms presented in this thesis: the signature environment division paradigm and the extended electronic signature policies. Finally, we have designed a new fair exchange protocol that makes use of our proposal, demonstrating the applicability in a concrete scenario.

The intersection between social media, crime, and digital forensics: #WhoDunIt?

Abstract: This chapter opens with a discussion on the prevalence and different types of social media, such as social networking sites, blogs, virtual social worlds, collaborative projects, content communities, and virtual game worlds. Next, the authors review the potential evidentiary value that social media may have in criminal cases. Specifically, social media may yield digital evidence of the planning, commission, or aftermath of a crime. Finally, this chapter provides an overview on the location of social media evidence on the network and physical device, as well as the most common digital forensic tools that extract and analyze social media artifacts. Overall, not only are almost all criminal investigations involving at least one form of digital evidence, it is plausible that the majority of them will also involve a form of social media as well. Thus, it is necessary for law enforcement to stay up-to-date on the latest social media trends in order to identify the most effective tool for extracting and analyzing social media evidence.

Establishing the Validity of Md5 and Sha-1 Hashing in Digital Forensic Practice in Light of Recent Research Demonstrating Cryptographic Weaknesses in these Algorithms

Abstract: and SHA-1 cryptographic hash algorithms are a standard practice in digital forensics that is used in the preservation of digital evidence and ensuring the integrity of the digital evidence. Recent studies have shown that both MD5 and SHA-1 have vulnerabilities and collisions. Based on this, the use of MD5 and SHA-1 hash algorithms in the practice of digital forensics to preserve and ensure the integrity of digital evidence has been questioned in certain instances. Using experimentation, the researcher proves the validity of using either MD5 or SHA-1 hashing algorithms to ensure the integrity of seized digital evidence, from the moment of seizure of the evidence, through to eventual presentation and use of the evidence in court; thus demonstrating that the use of hashing remains a valid forensic methodology to ensure the integrity of digital evidence. Keywordsforensics, integrity of digital evidence, hash collisions,

Automated Production of Predetermined Digital Evidence

Abstract: Digital evidence is increasingly used in juridical proceedings. In some recent legal cases, the verdict has been strongly influenced by the digital evidence proffered by the defense. Digital traces can be left on computers, phones, digital cameras, and also on remote machines belonging to ISPs, telephone providers, companies that provide services via Internet such as YouTube, Facebook, Gmail, and so on. This paper presents a methodology for the automated production of predetermined digital evidence, which can be leveraged to forge a digital alibi. It is based on the use of an automation, a program meant to simulate any common user activity. In addition to wanted traces, the automation may produce a number of unwanted traces, which may be disclosed upon a digital forensic analysis. These include data remanence of suspicious files, as well as any kind of logs generated by the operating system modules and services. The proposed methodology describes a process to design, implement, and execute the automation on a target system, and to properly handle both wanted and unwanted evidence. Many experiments with different combinations of automation tools and operating systems are conducted. This paper presents an implementation of the methodology through VBScript on Windows 7. A forensic analysis on the target system is not sufficient to reveal that the alibi is forged by automation. These considerations emphasize the difference between digital and traditional evidence. Digital evidence is always circumstantial, and therefore it should be considered relevant only if supported by stronger evidence collected through traditional investigation techniques. Thus, a Court verdict should not be based solely on digital evidence.