Spelling suggestions: "subject:" forensic""
51 |
Cheetah: An Economical Distributed RAM DriveTingstrom, Daniel 20 January 2006 (has links)
Current hard drive technology shows a widening gap between the ability to store vast amounts of data and the ability to process. To overcome the problems of this secular trend, we explore the use of available distributed RAM resources to effectively replace a mechanical hard drive. The essential approach is a distributed Linux block device that spreads its blocks throughout spare RAM on a cluster and transfers blocks using network capacity. The presented solution is LAN-scalable, easy to deploy, and faster than a commodity hard drive. The specific driving problem is I/O intensive applications, particularly digital forensics. The prototype implementation is a Linux 2.4 kernel module, and connects to Unix based clients. It features an adaptive prefetching scheme that seizes future data blocks for each read request. We present experimental results based on generic benchmarks as well as digital forensic applications that demonstrate significant performance gains over commodity hard drives.
|
52 |
Analysis of Windows 8 Registry ArtifactsStormo, Jeremy M 20 December 2013 (has links)
Microsoft’s series of Windows operating systems represents some of the most commonly encountered technologies in the field of digital forensics. It is then fair to say that Microsoft’s design decisions greatly affect forensic efforts. Because of this, it is exceptionally important for the forensics community to keep abreast of new developments in the Windows product line. With each new release, the Windows operating system may present investigators with significant new artifacts to explore. Described by some as the heart of the Windows operating system, the Windows registry has been proven to contain many of these forensically interesting artifacts. Given the weight of Microsoft’s influence on digital forensics and the role of the registry within Windows operating systems, this thesis delves into the Windows 8 registry in the hopes of developing new Windows forensics utilities.
|
53 |
WhatsApp Forensics: Locating Artifacts in Web and Desktop ClientsNicolas Villacis Vukadinovic (6623858) 14 May 2019 (has links)
WhatsApp is the most popular instant messaging application worldwide. Since 2016, users can send and receive messages through desktop clients, either through the WhatsApp desktop application or the web client accessible from supported web browsers. The author identified a gap in the literature in terms of WhatsApp forensics for desktop and web clients. The aim of the study was to locate forensic artifacts on WhatsApp clients. These clients included the desktop application on both Windows and Mac operating systems. Chrome and Firefox web clients were also analyzed for the Windows operating system, as well as Chrome and Safari web clients on the Mac operating system. A WhatsApp log file was identified as the main artifact providing information throughout all clients analyzed. Cached profile pictures were also found, as well as history information about visited websites and ran applications.
|
54 |
A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi ArabiaAlanazi, Fahad Mosalm January 2017 (has links)
The tremendous increase in the use of digital devices has led to their involvement in the vast majority of current criminal investigations. As a result, digital forensics has increasingly become one of the most important aspects of criminal investigations. The digital forensics process involves consideration of a number of important phases in order to achieve the required level of accuracy and to reach a successful conclusion of the investigation into the digital aspects of crimes; through obtaining acceptable evidence for use in a court of law. There have been a number of models developed and produced since 1984 to support the digital investigation processes. In this submission, I introduce a proposed model for the digital investigation processes which is based on the scope of the Saudi Arabia investigation process, which has been integrated with existing models of digital investigation processes and has produced a new phase to deal with a situation where there is insufficient evidence. In this research, grounded theory has been adopted as a research method to investigate and explore the participant’s perspectives and their opinions regarding the adoption of a method of a digital forensics investigation process in the absence of complete evidence in the Saudi Arabian context. The interaction of investigators with digital forensics processes involves the social aspect of digital investigation which is why it was suitable to adopt a grounded theory approach. A semi-structured data collection approach has been adopted, to enable the participants to express their visions, concerns, opinions and feelings related to factors that impact the adoption of the DF model for use in cases where there is an absence of sufficient evidence in Saudi Arabia. The proposed model emerged after conducting a number of interviews and analysing the data of this research. The researcher developed the proposed model based on the answers of the participant which helped the researcher to find a solution for dealing with cases where there is insufficient evidence, through adding a unique step in the investigation process, the “TraceBack” Phase. This study is the first in Saudi Arabia to be developed to enhance the accuracy of digital forensics in the absence of sufficient evidence, which opens a new method of research. It is also the first time has been employed a grounded theory in a digital forensics study in the Saudi context, where it was used in a digital forensics study, which indicates the possibility of applying this methodology to this field.
|
55 |
X-10 reactor forensic analysis and evaluation using a suite of neutron transport codesRedd, Evan M. 21 September 2015 (has links)
X-10, the genesis production reactor for the U.S. paved the way for all weapons material production. This feat offers a unique fundamental opportunity of nuclear forensic analysis and popular neutron code package evaluation. Production reactor nuclear forensic signatures and characteristics are emphasized throughout this work. These underlying production characteristics are reported and analyzed for potential in-core zone provenance and axial slug location coupled with how the nuclear data uncertainties affect these conclusions. Material attribution with respect to commercial versus military reactor applications is also featured in this study. Three nuclear code packages are examined including Scale 6.1 (Scale 6.2 beta-3 for nuclear data uncertainty reporting and evaluation), Monte Carlo N-Particle (MCNP) and Parallel Environment Neutral-particle TRANsport (PENTRAN). Each of these code packages employs different neutron transport methods and cross-section evaluation. These code results are compared and contrasted for the researcher to gain perspective into if and how nuclear forensic analysis is affected by these relative outcomes from the neutronics packages. Notably, Scale 6.2 beta-3 offers perspective on the nuclear data uncertainty and how it affects final conclusions on isotopic reporting and material provenance.
|
56 |
Design of a Forensic Overlay Model for Application DevelopmentKe, LinLin January 2011 (has links)
Forensics capability is becoming increasingly important for the enterprise/network environment. Therefore, businesses need to find an optimised forensics solution that suits the high level business/forensics requirements. However, most businesses are still staying with the conventional method of digital investigation, which means using forensics tools to retrieve evidential data from the target system. Many businesses lack a comprehensive model to help understand the forensics requirements on different levels. Also, businesses lack a method to integrate and manage forensics knowledge into daily operation.
In this research, a forensics overlay is being developed on an existing business framework – SABSA model. The overlay helps different business roles to understand and apply forensics knowledge into their daily tasks. With help of the overlay, businesses are able to reduce the overreliance on the third party forensics tools through developing their own forensically sound applications. To test the theory of forensically sound application development, and evaluate the usability of the overlay, a forensically sound email client is designed and developed accordingly.
|
57 |
The effects of a course in argumentation on critical thinking abilityBrembeck, Winston L. January 1947 (has links)
Thesis (Ph. D.)--University of Wisconsin--Madison, 1947. / Typescript. Vita. eContent provider-neutral record in process. Description based on print version record. Includes bibliographical references (leaves 205-210).
|
58 |
Lowering levels of heritage crime via novel chemical proceduresWilson, Richard S. January 2017 (has links)
The work reported here focused on developing innovative ways of addressing heritage crime, and by doing so, protecting and preserving the historical assets found nationwide. The interdisciplinary focus, linking chemistry and criminology was imperative, and this connection is a novel way in which the issue of heritage crime can be addressed. A survey was completed noting the key issues faced, and helped develop and report an understanding of the general attitudes towards heritage sites across the country. The results obtained here facilitated the chemistry research from this point, channelling the investigations in the appropriate pathway, as well as justifying the work done from that point onwards. A large focus during the course of the research was that of metal theft. With this in mind, there were subsequent attempts to develop a novel and non-invasive technique, which could help lower levels of such crime at heritage sites. Early work concentrated on detecting trace levels of metals commonly found at heritage sites such as copper and lead, and their interaction with the surface of the skin. The metals were shown to form characteristically coloured complexes when reacting with components of the skin itself, thus confirming an individuals recent contact with the relevant metal. This work progressed further via analysis of the metal itself post contact with a human finger. Again, remaining non-invasive was imperative, and a technique focusing on the development of fingerprints from the surface of copper and its alloys, via utilization of gelatine lifters, was studied extensively. Optimizing this technique via a study on the effects of the environment a piece of metal was stored in prior to development via rubeanic acid solution further developed the understanding of this method. Desiccation and the resultant reduction in humidity proved to be effective in enhancing the quality of fingerprint produced. This also had potential impact outside of the heritage crime focus, with fingerprint development from surfaces such as bullet casings being a particularly noteworthy example. Studies relating to why a change in environment enhanced the quality of fingerprint developed were conducted, with several fingermark constituents being shown to react with rubeanate solution. 2 Because of high theft levels highlighted within the survey, efforts were made to produce information regarding stone samples found in a range of different environments. Laser induced breakdown spectroscopy (LIBS) was used as a method of non-invasively analysing loose material from several gravestones removed via the gelatine lifters. As well as producing information unique to each piece of stone analysed, this also highlighted a novel use of the analytical equipment itself.
|
59 |
Enhancing Mobile Forensics on iOSJanuary 2015 (has links)
abstract: Due to the shortcomings of modern Mobile Device Management solutions, businesses
have begun to incorporate forensics to analyze their mobile devices and respond
to any incidents of malicious activity in order to protect their sensitive data. Current
forensic tools, however, can only look a static image of the device being examined,
making it difficult for a forensic analyst to produce conclusive results regarding the
integrity of any sensitive data on the device. This research thesis expands on the
use of forensics to secure data by implementing an agent on a mobile device that can
continually collect information regarding the state of the device. This information is
then sent to a separate server in the form of log files to be analyzed using a specialized
tool. The analysis tool is able to look at the data collected from the device over time
and perform specific calculations, according to the user's specifications, highlighting
any correlations or anomalies among the data which might be considered suspicious
to a forensic analyst. The contribution of this paper is both an in-depth explanation
on the implementation of an iOS application to be used to improve the mobile forensics
process as well as a proof-of-concept experiment showing how evidence collected
over time can be used to improve the accuracy of a forensic analysis. / Dissertation/Thesis / Masters Thesis Computer Science 2015
|
60 |
Standards and methodologies for evaluating digital forensics tools : Developing and testing a new methodologyAndersson, Victor January 2018 (has links)
Standards play a big role in a lot of professions and when it comes to most aspects of law enforcement and forensic investigation, it’s no different. Despite that, for some reason, there aren’t any for when it comes to evaluating and choosing forensic tools. The lack of an international standard for evaluating forensic tools has a clear negative impact on the digital forensics community as it lowers the value of tool tests and evaluations and hinders both the reproducibility and verification of their results. Most tool evaluations are performed with custom forensic images and measures metrics that are not scientifically motivated, but rather made up based on the evaluator's personal preferences. By examining current standards and related work done in the field, a new methodology is proposed. It builds on scientific principles and the strengths of existing literature. The methodology is then tested in a practical experiment. The result of the paper is a solid foundation for a new standard to be built upon.
|
Page generated in 0.0676 seconds