Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations

Abstract: Most organizations underestimate the demand for digital evidence [1]. Often, when evidence is required to prove fraudulent transactions, not enough or trustworthy evidence is available to link the attacker to the incident. It isessential for organizations to prepare themselves for digital Forensic (DF) investigations and ensure that entireorganizational operating environment is prepared for example for an investigation (criminal or internal) or acompliance tests. The accepted literature on DF readinessconcentrates mainly on evidence identification, handling andstorage, first line incident response and training requirements [2]. It does not consider the proactiveapplication of DF tools to enhance the corporate governancestructures (specifically Information Technology (IT) governance). Pro-active DF (ProDF) as defined in this paperwill enable an organization to take the initiative byimplementing adequate measures to become DF ready,demonstrate due diligence for good corporate Governance,specifically IT Governance and provide a mechanism toassess and improve IT Governance frameworks. The purpose of this paper is to define, identify goals, steps, anddeliverables of ProDF, identify dimensions of DF, and propose a theoretical DF management framework to guidethe implementation of ProDF in an organization.

A Quantitative Approach to Triaging in Mobile Forensics

Abstract: Forensic study of mobile devices is a relatively new field, dating from the early 2000s. The proliferation of phones (particularly smart phones) on the consumer market has caused a growing demand for forensic examination of the devices, which could not be met by existing Computer Forensics techniques. As a matter of fact, Law enforcement are much more likely to encounter a suspect with a mobile device in his possession than a PC or laptop and so the growth of demand for analysis of mobiles has increased exponentially in the last decade. Early investigations, moreover, consisted of live analysis of mobile devices by examining phone contents directly via the screen and photographing it with the risk of modifying the device content, as well as leaving many parts of the proprietary operating system inaccessible. The recent development of Mobile Forensics, a branch of Digital Forensics, is the answer to the demand of forensically sound examination procedures of gathering, retrieving, identifying, storing and documenting evidence of any digital device that has both internal memory and communication ability [1]. Over time commercial tools appeared which allowed analysts to recover phone content with minimal interference and examine it separately. By means of such toolkits, moreover, it is now possible to think of a new approach to Mobile Forensics which takes also advantage of "Data Mining" and "Machine Learning" theory. This paper is the result of study concerning cell phones classification in a real case of pedophilia. Based on Mobile Forensics "Triaging" concept and the adoption of self-knowledge algorithms for classifying mobile devices, we focused our attention on a viable way to predict phone usage's classifications. Based on a set of real sized phones, the research has been extensively discussed with Italian law enforcement cyber crime specialists in order to find a viable methodology to determine the likelihood that a mobile phone has been used to commit the specific crime of pedophilia, which could be very relevant during a forensic investigation.

SugarSync forensic analysis

Abstract: Cloud storage services are popular with both individuals and businesses as they offer cost-effective, large capacity storage and multi-functional services on a wide range of devices such as personal computers (PCs), Mac computers, and smart mobile devices (e.g. iPhones). However, cloud services have also been known to be exploited by criminals, and digital forensics in the cloud remains a challenge, partly due to the diverse range of cloud services and devices that can be used to access such services. Using SugarSync (a popular cloud storage service) as a case study, research was undertaken to determine the types and nature of volatile and non-volatile data that can be recovered from Windows 8, Mac OS X 10.9, Android 4 and iOS 7 devices when a user has carried out different activities such as upload and download of files and folders. We then document the various digital artefacts that could be recovered from the respective devices.

Investigating the Increase in Mobile Phone Evidence in Criminal Activities

Abstract: The magnification of mobile devices in everyday life prompts the idea that these devices will increasingly have evidential value in criminal cases. While this may have been assumed in digital forensics communities, there has been no empirical evidence to support this idea. This research investigates the extent to which mobile phones are being used in criminal proceedings in the United Kingdom thorough the examination of appeal judgments retrieved from the Westlaw, Lexis Nexis and British and Irish Legal Information Institute (BAILII) legal databases. The research identified 537 relevant appeal cases from a dataset of 12,763 criminal cases referring to mobile phones for a period ranging from 1st of January, 2006 to 31st of July, 2011. The empirical analysis indicates that mobile phone evidence is rising over time with some correlations to particular crimes.