• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 162
  • 40
  • 38
  • 22
  • 7
  • 6
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 409
  • 144
  • 129
  • 89
  • 66
  • 61
  • 58
  • 54
  • 44
  • 43
  • 40
  • 39
  • 29
  • 29
  • 28
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
151

DIGITAL TRAILS IN VIRTUAL WORLDS: A FORENSIC INVESTIGATION OF VIRTUAL REALITY SOCIAL COMMUNITY APPLICATIONS ON OCULUS PLATFORMS

Samuel Li Feng Ho (17602290) 12 December 2023 (has links)
<p dir="ltr">Virtual Reality (VR) has become a pivotal element in modern society, transforming interactions with digital content and interpersonal communication. As VR integrates into various sectors, understanding its forensic potential is crucial for legal, investigative, and security purposes. This involves examining the digital footprints and artifacts left by immersive technologies. While previous studies in digital forensics have primarily concentrated on traditional computing devices such as smartphones and computers, research on VR, particularly on specific devices like the Oculus Go, Meta Quest, and Meta Quest 2, has been limited. This thesis explores the digital forensics of VR, focusing on the Oculus Go, Meta Quest and Meta Quest 2, using tools like Magnet AXIOM and Wireshark. The research uncovers specific forensic and network-based artifacts from eight social community applications, revealing user personally identifiable information, application usage history, WiFi network details, and multimedia content. These findings have significant implications for legal proceedings and cybercrime investigations, highlighting the role these artifacts can play in influencing the outcome of cases. This research not only deepens our understanding of VR-related digital forensics but also sets the stage for further investigations in this rapidly evolving domain.</p>
152

Discovering Location Patterns in iOS Users Utilizing Machine Learning Methods For Purposes of Digital Forensics Investigations

Milos Stankovic (9741251) 06 August 2024 (has links)
<p dir="ltr">The proliferation of mobile devices and big data has put digital forensic investigators at a disadvantage. Despite all the technological advances, the tools and methods used during the investigations must catch up. With smartphones becoming integral to crime scenes, often containing multiple instances, courts and law enforcement offices greatly depend on their data. In addition to traditional data on smartphones, such as call logs, text messages, and emails, sensor data can drastically increase the chances of resolving and painting the complete picture of the events required for a successful investigation. While sensor data are collected frequently, it often creates a lot of noise due to the amount of entries over some time. In attempting to decipher the data and link them to the relevant events, digital forensics investigators are prone to missing or simply disregarding the data extracted from smartphones. Interpreting sensor data such as location and various phone activities already collected and extracted can lead to finding two main links required for the investigation: time and location. Knowing an individual's time and location can significantly improve the investigation process and aid in the final outcome. Despite smartphones being capable of collecting sensor data and discovering these two variables, data interpretation and correlation between them still need to be improved. The statement is particularly true for smartphones with newer operating system versions. Due to the special forensic software required to extract the data and the ability to interpret them, digital forensic investigators are either strained for time or are unequipped for processing them.</p><p dir="ltr">In order to mitigate the gap, automation of the process capable of handling large amounts of data while classifying the time and the location appropriate for the investigation is necessary. Reducing investigation times and increasing prediction accuracy will allow faster resolving times while freeing up desperately needed resources for digital forensic investigators. Therefore, this study presents a novel approach to identifying and predicting user locations using machine learning based on various sensor data collected from multiple smartphones. As the first step in achieving the goal, a user study was conducted, collecting real-world data for training and testing of the machine learning models. The process includes engineering the necessary procedures and methodologies required to extract raw data and process them for successful model training. The results showed that the models are capable of differentiating between the three different locations using XGBoost with score test accuracy over 0.88. Additionally, Random Forest Entropy and Random Forest Gini achieved accuracy over 0.85. As for for the results where only two locations were predicted Random Forest Entropy and Random Forest Gini achieved accuracy test score per model over 0.97. </p>
153

Evaluation of cloud hosted digital forensic solutions and challenges : A systematic literature review

Tysk, Henrik January 2024 (has links)
Everything in modern society is rapidly becoming digitised, which increases both the accessibility and convenience of many services. The downside is that cybercrime is increasing at the same rate. We need digital evidence in order to prosecute cyber-criminals, and in order to capture digital evidence, we need digital forensics. Digital forensics have become increasingly challenging for investigators. The amount of data we generate keeps increasing, which amplifies the workload significantly. More data is being stored in cloud environments, which adds further complexity to investigations. One approach to dealing with these challenges is to move digital forensics to cloud services and utilising their computational power and sharing capabilities to enhance digital investigations. This study examines what types of cloud hosted digital forensic platforms or frameworks exist, and what their differences are. It is also investigated if there are any specific challenges when using cloud services to host digital forensics. The study uses a systematic literature review to gather data, which is analyzed with thematic coding. The results show that there are many different methods for hosting digital forensics in a cloud environment, which vary greatly in both scope and underlying technology. It is found that most frameworks are theoretical and have yet to be used in real world scenarios, and only one is being used by law enforcement. It was also found that there are challenges which are specific to this type of digital forensics, such as insufficient service level agreements by cloud service providers and privacy related challenges.
154

Går det att köpa personuppgifter på bilskroten? : Ett arbete om digital forensik på begagnade bildelar

Börjesson, Holme, Lindskog, Filiph January 2020 (has links)
I moderna bilar lagras ofta data från användaren av bilen då en mobiltelefon eller annan enhet parkopplas genom Bluetooth- eller USB-anslutning. I de fall dessa data innehåller personuppgifter kan de vara intressanta i en utredning samt vara värda att skydda ur ett integritetsperspektiv. Vad händer med dessa data då bilen skrotas? När en bil skrotas monteras den ner och de delar som går att tjäna pengar på säljs av bildemonteringsföretaget. Det kan gälla allt från stötdämpare, hjul och rattar, till elektroniska komponenter och multimediaenheter. I detta arbete utvanns personuppgifter ur tre sådana begagnade multimediaenheter som köpts från bildemonteringar. Den mest framgångsrika metoden var att avlägsna rätt lagringskrets från multimediaenhetens kretskort och utvinna dess data genom direkt anslutning. I samtliga fall har informationen varit strukturerad i ett bekant filsystem vilket kunnat monteras. I alla tre undersöka multimediaenheter utvanns personuppgifter. Resultatet visar att det finns brister i hanteringen av personuppgifter då en bil skrotas. / In modern vehicles, data from the user of the vehicle is often stored when a mobile phone or other device is paired through Bluetooth or USB connection. In cases where this data contains personal data, they may be of interest in an investigation and may be worth protecting from a privacy perspective. What happens to this data when the car is scrapped? When a car is scrapped, it is dismantled and the parts that can be made money from are sold by the scrap company. This can be anything from shock absorbers, wheels and steering wheels, to electronic components and infotainment devices. In this report, personal data was extracted from three such infotainment devices purchased from scrap companies. The most successful method was to remove the correct storage circuit from the infotainment device circuit board and extract its data by direct connection. In all cases, the information has been structured in a familiar file system which could be mounted. In all three investigated infotainment devices, personal data were extracted. The result shows that there are deficiencies in the handling of personal data when a car is scrapped.
155

Uppe bland molnen : Tvångsmedlet genomsökning på distans RB 28:10 och utvinning av molndata tillhörande Googletjänster

Dahlstrand, Elsa, Dahl, Moa January 2023 (has links)
Det sker en kontinuerlig digitalisering i världen vilket innebär en utmaning för samhällets lagstiftning, till följd av att lagstiftning är tids- och resurskrävande. Detta är något som kriminella utnyttjar i och med att deras verksamhet har flyttats alltmer till den digitala världen. Kriminell verksamhet som genomförs med hjälp av molntjänster har varit svårt att bekämpa, då det inte är säkert att den data som skapas i molntjänster också lagras i samma land. Arbetet att samla in denna data har för svenska myndigheter därför varit krångligt, och i vissa fall, omöjligt. Det var först i juni 2022 som en lag trädde i kraft, RB 28:10 genomsökning på distans, som gjorde det möjligt för utredare att gå in i molntjänster och leta efter bevismaterial.  I denna uppsats har semi-strukturerade intervjuermed IT-forensiker och åklagare genomförtsoch analyserats.Resultatet visar att upplevelsen av lagen är positiv; att den kom hastigt men att den var behövlig. Däremot har den skapat mer arbete för IT-forensiker som en konsekvens. Kompletterande har ett experiment av molndata tillhörande ett Google-konto undersökts med hjälp av två IT-forensiska verktyg, vilket resulterat i att en skillnad i verktygens identifiering av raderad data uppmärksammats. Slutligen påvisar uppsatsen och dess resultat att lagen,genomsökning på distans, och utvinning av molndata försett brottsbekämpningen med data av högt bevisvärde och möjliggjort utredningar som tidigare inte var möjligt enligt lag. / The constant digitalization of our world poses a challenge to our governments in developing laws correspondingly. This divergence is something cybercriminals exploit. Criminal activity taking place in the cyberspace, specifically through cloud platforms, has been difficult for law enforcement to regulate and prosecute, partially due to the information needed is kept in servers outside of jurisdiction. In Swedish law enforcement this has caused the acquisition of valuable cloud data, in some cases, impossible, consequently leading to unsolved cases. As of June 2022, a new law regarding means of coercion took effect which enabled the recovery of account specific cloud data. In this work semi-structured interviews, with IT-forensics and prosecutors, were conductedand analyzed. The result shows that the experience of the law is positive, that it came abruptlybut that it was necessary. However, it has created more work for IT-forensics as a consequence. In addition, an experiment involving cloud data belonging to a Google account has been investigated with the help of two IT-forensic tools, which resulted in the observation of a variation in the tools' identification of deleted data. Finally, the paper and its findings demonstrate that the law and cloud data mining have provided law enforcement with high probative value data and enabled investigations previously not lawfully possible.
156

Hfs Plus File System Exposition And Forensics

Ware, Scott 01 January 2012 (has links)
The Macintosh Hierarchical File System Plus, HFS +, or as it is commonly referred to as the Mac Operating System, OS, Extended, was introduced in 1998 with Mac OS X 8.1. HFS+ is an update to HFS, Mac OS Standard format that offers more efficient use of disk space, implements international friendly file names, future support for named forks, and facilitates booting on non-Mac OS operating systems through different partition schemes. The HFS+ file system is efficient, yet, complex. It makes use of B-trees to implement key data structures for maintaining meta-data about folders, files, and data. The implementation of what happens within HFS+ at volume format, or when folders, files, and data are created, moved, or deleted is largely a mystery to those who are not programmers. The vast majority of information on this subject is relegated to documentation in books, papers, and online content that direct the reader to C code, libraries, and include files. If one can’t interpret the complex C or Perl code implementations the opportunity to understand the workflow within HFS+ is less than adequate to develop a basic understanding of the internals and how they work. The basic concepts learned from this research will facilitate a better understanding of the HFS+ file system and journal as changes resulting from the adding and deleting files or folders are applied in a controlled, easy to follow, process. The primary tool used to examine the file system changes is a proprietary command line interface, CLI, tool called fileXray. This tool is actually a custom implementation of the HFS+ file system that has the ability to examine file system, meta-data, and data level information that iv isn’t available in other tools. We will also use Apple’s command line interface tool, Terminal, the WinHex graphical user interface, GUI, editor, The Sleuth Kit command line tools and DiffFork 1.1.9 help to document and illustrate the file system changes. The processes used to document the pristine and changed versions of the file system, with each experiment, are very similar such that the output files are identical with the exception of the actual change. Keeping the processes the same enables baseline comparisons using a diff tool like DiffFork. Side by side and line by line comparisons of the allocation, extents overflow, catalog, and attributes files will help identify where the changes occurred. The target device in this experiment is a two-gigabyte Universal Serial Bus, USB, thumb drive formatted with Global Unit Identifier, GUID, and Partition Table. Where practical, HFS+ special files and data structures will be manually parsed; documented, and illustrated.
157

<strong>TOWARDS A TRANSDISCIPLINARY CYBER FORENSICS GEO-CONTEXTUALIZATION FRAMEWORK</strong>

Mohammad Meraj Mirza (16635918) 04 August 2023 (has links)
<p>Technological advances have a profound impact on people and the world in which they live. People use a wide range of smart devices, such as the Internet of Things (IoT), smartphones, and wearable devices, on a regular basis, all of which store and use location data. With this explosion of technology, these devices have been playing an essential role in digital forensics and crime investigations. Digital forensic professionals have become more able to acquire and assess various types of data and locations; therefore, location data has become essential for responders, practitioners, and digital investigators dealing with digital forensic cases that rely heavily on digital devices that collect data about their users. It is very beneficial and critical when performing any digital/cyber forensic investigation to consider answering the six Ws questions (i.e., who, what, when, where, why, and how) by using location data recovered from digital devices, such as where the suspect was at the time of the crime or the deviant act. Therefore, they could convict a suspect or help prove their innocence. However, many digital forensic standards, guidelines, tools, and even the National Institute of Standards and Technology (NIST) Cyber Security Personnel Framework (NICE) lack full coverage of what location data can be, how to use such data effectively, and how to perform spatial analysis. Although current digital forensic frameworks recognize the importance of location data, only a limited number of data sources (e.g., GPS) are considered sources of location in these digital forensic frameworks. Moreover, most digital forensic frameworks and tools have yet to introduce geo-contextualization techniques and spatial analysis into the digital forensic process, which may aid digital forensic investigations and provide more information for decision-making. As a result, significant gaps in the digital forensics community are still influenced by a lack of understanding of how to properly curate geodata. Therefore, this research was conducted to develop a transdisciplinary framework to deal with the limitations of previous work and explore opportunities to deal with geodata recovered from digital evidence by improving the way of maintaining geodata and getting the best value from them using an iPhone case study. The findings of this study demonstrated the potential value of geodata in digital disciplinary investigations when using the created transdisciplinary framework. Moreover, the findings discuss the implications for digital spatial analytical techniques and multi-intelligence domains, including location intelligence and open-source intelligence, that aid investigators and generate an exceptional understanding of device users' spatial, temporal, and spatial-temporal patterns.</p>
158

Towards a unified fraud management and digital forensic framework for mobile applications

Bopape, Rudy Katlego 06 1900 (has links)
Historically, progress in technology development has continually created new opportunities for criminal activities which, in turn, have triggered the need for the development of new security-sensitive systems. Organisations are now adopting mobile technologies for numerous applications to capitalise on the mobile revolution. They are now able to increase their operational efficiency as well as responsiveness and competitiveness and, most importantly, can now meet new, growing customers’ demands. However, although mobile technologies and applications present many new opportunities, they also present challenges. Threats to mobile phone applications are always on the rise and, therefore, compel organisations to invest money and time, among other technical controls, in an attempt to protect them from incurring losses. The computerisation of core activities (such as mobile banking in the banking industry, for example) has effectively exposed organisations to a host of complex fraud challenges that they have to deal with in addition to their core business of providing services to their end consumers. Fraudsters are able to use mobile devices to remotely access enterprise applications and subsequently perform fraudulent transactions. When this occurs, it is important to effectively investigate and manage the cause and findings, as well as to prevent any future similar attacks. Unfortunately, clients and consumers of these organisations are often ignorant of the risks to their assets and the consequences of the compromises that might occur. Organisations are therefore obliged, at least, to put in place measures that will not only minimise fraud but also be capable of detecting and preventing further similar incidents. The goal of this research was to develop a unified fraud management and digital forensic framework to improve the security of Information Technology (IT) processes and operations in organisations that make available mobile phone applications to their clients for business purposes. The research was motivated not only by the increasing reliance of organisations on mobile applications to service their customers but also by the fact that digital forensics and fraud management are often considered to be separate entities at an organisational level. This study proposes a unified approach to fraud management and digital forensic analysis to simultaneously manage and investigate fraud that occurs through the use of mobile phone applications. The unified Fraud Management and Digital Forensic (FMDF) framework is designed to (a) determine the suspicious degree of fraudulent transactions and (b) at the same time, to feed into a process that facilitates the investigation of incidents. A survey was conducted with subject matter experts in the banking environment. Data was generated through a participatory self-administered online questionnaire. Collected data was then presented, analysed and interpreted quantitatively and qualitatively. The study found that there was a general understanding of the common fraud management methodologies and approaches throughout the banking industry and the use thereof. However, while many of the respondents indicated that fraud detection was an integral part of their processes, they take a rather reactive approach when it comes to fraud management and digital forensics. Part of the reason for the reactive approach is that many investigations are conducted in silos, with no central knowledge repository where previous cases can be retrieved for comparative purposes. Therefore, confidentiality, integrity and availability of data are critical for continued business operations. To mitigate the pending risks, the study proposed a new way of thinking that combines both components of fraud management and digital forensics for an optimised approach to managing security in mobile applications. The research concluded that the unified FMDF approach was considered to be helpful and valuable to professionals who participated in the survey. Although the case study focused on the banking industry, the study appears to be instrumental in informing other types of organisations that make available the use of mobile applications for their clients in fraud risk awareness and risk management in general. / Computing / M. Sc. (Computing)
159

LEIA: The Live Evidence Information Aggregator : A Scalable Distributed Hypervisor‐based Peer‐2‐Peer Aggregator of Information for Cyber‐Law Enforcement I

Homem, Irvin January 2013 (has links)
The Internet in its most basic form is a complex information sharing organism. There are billions of interconnected elements with varying capabilities that work together supporting numerous activities (services) through this information sharing. In recent times, these elements have become portable, mobile, highly computationally capable and more than ever intertwined with human controllers and their activities. They are also rapidly being embedded into other everyday objects and sharing more and more information in order to facilitate automation, signaling that the rise of the Internet of Things is imminent. In every human society there are always miscreants who prefer to drive against the common good and engage in illicit activity. It is no different within the society interconnected by the Internet (The Internet Society). Law enforcement in every society attempts to curb perpetrators of such activities. However, it is immensely difficult when the Internet is the playing field. The amount of information that investigators must sift through is incredibly massive and prosecution timelines stated by law are prohibitively narrow. The main solution towards this Big Data problem is seen to be the automation of the Digital Investigation process. This encompasses the entire process: From the detection of malevolent activity, seizure/collection of evidence, analysis of the evidentiary data collected and finally to the presentation of valid postulates. This paper focuses mainly on the automation of the evidence capture process in an Internet of Things environment. However, in order to comprehensively achieve this, the subsequent and consequent procedures of detection of malevolent activity and analysis of the evidentiary data collected, respectively, are also touched upon. To this effect we propose the Live Evidence Information Aggregator (LEIA) architecture that aims to be a comprehensive automated digital investigation tool. LEIA is in essence a collaborative framework that hinges upon interactivity and sharing of resources and information among participating devices in order to achieve the necessary efficiency in data collection in the event of a security incident. Its ingenuity makes use of a variety of technologies to achieve its goals. This is seen in the use of crowdsourcing among devices in order to achieve more accurate malicious event detection; Hypervisors with inbuilt intrusion detection capabilities to facilitate efficient data capture; Peer to Peer networks to facilitate rapid transfer of evidentiary data to a centralized data store; Cloud Storage to facilitate storage of massive amounts of data; and the Resource Description Framework from Semantic Web Technologies to facilitate the interoperability of data storage formats among the heterogeneous devices. Within the description of the LEIA architecture, a peer to peer protocol based on the Bittorrent protocol is proposed, corresponding data storage and transfer formats are developed, and network security protocols are also taken into consideration. In order to demonstrate the LEIA architecture developed in this study, a small scale prototype with limited capabilities has been built and tested. The prototype functionality focuses only on the secure, remote acquisition of the hard disk of an embedded Linux device over the Internet and its subsequent storage on a cloud infrastructure. The successful implementation of this prototype goes to show that the architecture is feasible and that the automation of the evidence seizure process makes the otherwise arduous process easy and quick to perform.
160

Success factors and challenges in digital forensics for law enforcement : A Systematic Literature Review

Cervantes, Milagros January 2021 (has links)
Context: The widespread use of communication and digital technology in the society has affected the number of devices requiring analysis in criminal investigations. Additionally, the increase of storage volume, the diversity of digital devices, and the use of cloud environment introduce more complexities to the digital forensic domain. Objective: This work aims to supply a taxonomy of the main challenges and success factors faced in the digital forensic domain in law enforcement. Method: The chosen method for this research is a systematic literature review of studies with topics related to success factors and challenges in digital forensics for law enforcement. The candidate studies were 1,428 peer-reviewed scientific articles published between 2015 and 2021. Those studies were retrieved from five digital databases following a systematic process. From those candidate studies, twenty were selected as primary studies due to their relevance to the topic. After backward searching, eight other studies were also included in the group of primary studies. A total of twentyeight primary studies were analyzed by applying thematic coding. Furthermore, a survey of digital forensic practitioners from the Swedish Police was held to triangulate the results achieved with the systematic literature review.

Page generated in 0.0483 seconds