Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet with Cdrom

Abstract: From the Publisher: Digital evidence—evidence that is stored on or transmitted by computers—can play a major role in a wide range of crimes, including homicide, rape, abduction, child abuse, solicitation of minors, child pornography, stalking, harassment, fraud, theft, drug trafficking, computer intrusions, espionage, and terrorism. Though an increasing number of criminals are using computers and computer networks, few investigators are well-versed in the evidentiary, technical, and legal issues related to digital evidence. As a result, digital evidence is often overlooked, collected incorrectly, and analyzed ineffectively. The aim of this hands-on resource is to educate students and professionals in the law enforcement, forensic science, computer security, and legal communities about digital evidence and computer crime. This work explains how computers and networks function, how they can be involved in crimes, and how they can be used as a source of evidence. As well as gaining a practical understanding of how computers and networks function and how they can be used as evidence of a crime, readers will learn about relevant legal issues and will be introduced to deductive criminal profiling, a systematic approach to focusing an investigation and understanding criminal motivations. The accompanying CD-ROM contains simulated cases that integrate many of the topics covered in the text, teaching individuals about: * Components of computer networks * Use of computer networks in an investigation * Abuse of computer networks * Privacy and security issues on computer networks * The law as it applies to computer networks "This is the right book for the times." —Lori Fenna, Chair, Electronic Frontier Foundation "I had the enjoyable task of reviewing the galley proofs for Eoghan Casey's fine introductory book: Digital Evidence and Computer Crime recently, and I highly recommend it for anybody who is just entering the field of digital forensics. This book has many fine features, including coverage of the basics of criminal investigation, legal issues in digital forensics, and of course, the technical information you need to get started in the field and understand what the experts are talking about. It covers the who, what, why, when, where, and how of digital evidence, addresses means, motive, and opportunity, and addresses the big picture issues very well. While I wouldn't take it on-scene, I think it is a valuable resource and well suited as a text for a first courses in digital forensics, or as a general reference for the field as it exists today. Regardless of whether your background is in the law, criminal investigation, or computers, this book is a useful resource. I was particularly enamored with the number of examples included in the book. These case studies and situational demonstrations bring the book to life and add meaning that you can't get from a dry academic book, regardless of its coverage of details. The notions of remembering the victim and their link to the crime, the descriptions of complexities associated with Internet crime and globalization, and the concepts of investigation and sleuthing help the reader understand the difference between investigation and academics. But Casey doesn't stop there. He goes on to include an extensive glossary, excellent citations, a useful index, sample printouts, URLs of well known sites, and a multimedia supplement (which was not available at the time of my review). All told, this book does a fine job of introducing the area and provides a useful resource for the active practitioner." —Fred Cohen, Sandia National Laboratories, Livermore, California, U.S.A. "This book addresses a diverse audience: law enforcement people who collect evidence, forensics scientists who perform analyses, lawyers who provide legal counsel, and technical people such as computer security professionals, programmers, and system administrators who can be called upon to produce digital evidence. Digital Evidence gives an introduction to concepts from computer science (computer architecture, protocols, applications), forensics science (recovering, reconstructing and analyzing evidence), and behavioral analysis (modus operandi, motivation, what makes an offender choose a specific victim or target). For those who wish to know more, the book gives references to specialized literature and on-line resources. The sections on legal issues are a bit U.S.-specific, but can still be of interest to non-U.S. readers. To the investigator, the book gives a flavor of what it takes to examine a PC, MAC, NT or UNIX system, or to gather evidence at various layers of network protocols, including wireless networks. With computers, emphasis is on capturing disk information. With computer networks, emphasis is on the application layer: web, mail, news, and irc/icq. The book gives examples of common forgeries with email and usenet postings, and mentions IP spoofing without going into the technicalities. To the legal person, the book gives a flavor of the challenges that one has to face when gathering digital evidence. Especially with information retrieved across networks it can be difficult to prove that data is authentic. And as the email and usenet examples show, it is relatively easy to forge time stamp and/or address information, but the book also shows that it is relatively easy to be found out. Perhaps the most useful sections of the book are the ones with guidelines for how to perform specific investigations." —Wietse Venema, IBM T.J. Watson Research Center, U.S.A.

Using Smartphones as a Proxy for Forensic Evidence Contained in Cloud Storage Services

Abstract: Cloud storage services such as Drop box, Box and Sugar Sync have been embraced by both individuals and organizations This creates an environment that is potentially conducive to security breaches and malicious activities The investigation of these cloud environments presents new challenges for the digital forensics community It is anticipated that smart phone devices will retain data from these storage services Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service The contribution of this paper is twofold First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices This view acts as a proxy for data stored in the cloud Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services

Leveraging Forensic Tools for Virtual Machine Introspection

Abstract: Virtual machine introspection (VMI) has formed the basis of a number of novel approaches to security in recent years. Although the isolation provided by a virtualized environment provides improved security, software that makes use of VMI must overcome the semantic gap, reconstructing high-level state information from low-level data sources such as physical memory. The digital forensics community has likewise grappled with semantic gap problems in the field of forensic memory analysis (FMA), which seeks to extract forensically relevant information from dumps of physical memory. In this paper, we will show that work done by the forensic community is directly applicable to the VMI problem, and that by providing an interface between the two worlds, the difficulty of developing new virtualization security solutions can be significantly reduced.

How to Improve Forensic Science

Abstract: Some institutional structures for inquiry produce better approximations to truth than others. The current institutional structure of police forensics gives each lab a monopoly in the analysis of the police evidence it receives. Forensic workers have inadequate incentives to produce reliable analyses of police evidence. Competition would create such incentives. I outline a system of “competitive self regulation” for police forensics. Each jurisdiction would have several competing forensic labs. Evidence would be divided and sent to one, two, or three separate labs. Chance would determine which labs and how many would receive evidence to analyze. Competitive self regulation improves forensics by creating incentives for error detection and reducing incentives to produce biased analyses.

An improved digital evidence acquisition model for the Internet of Things forensic I: A theoretical framework

Abstract: Digital evidence plays a vital role in determining legal case admissibility in electronic- and cyber-oriented crimes. Considering the complicated level of the Internet of Things (IoT) technology, performing the needed forensic investigation will be definitely faced by a number of challenges and obstacles, especially in digital evidence acquisition and analysis phases. Based on the currently available network forensic methods and tools, the performance of IoT forensic will be producing a deteriorated digital evidence trail due to the sophisticated nature of IoT connectivity and data exchangeability via the “things”. In this paper, a revision of IoT digital evidence acquisition procedure is provided. In addition, an improved theoretical framework for IoT forensic model that copes with evidence acquisition issues is proposed and discussed.