• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 2
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

A Chain of findings for digital investigations

De Souza, Pedro January 2013 (has links)
Digital Forensic investigations play a vital role in our technologically enhanced world, and it may incorporate a number of different types of evidence — ranging from digital to physical. During a Digital Forensics investigation an investigator may formulate a number of hypotheses, and in order to reason objectively about them, an investigator must take into account such evidence in its entirety, relying on multiple sources. When formulating such objective reasoning an investigator must take into account not only inculpatory evidence but also exculpatory evidence and evidence of tampering. In addition, the investigator must factor in the reliability of the evidence used, the potential for error (tool and human based) and they must factor in the certainty with which they can make various claims. By doing so and creating a detailed audit trail of all actions performed by the investigator they can be better prepared against challenges against their work when it is presented. An investigator must also take into account the dynamic aspects of an investigation, such as certain evidence no longer being admissible, and they must continuously factor these aspects into their reasoning, to ensure that their conclusions still hold. Investigations may draw over a large period of time, and should the relevant information not be captured in detail, it may be lost or forgotten, affecting the reliability of an investigator’s findings and affecting future investigators’ capability to build on and continue an investigator’s work. In this dissertation we investigate whether it is possible to provide a formalised means for capturing and encoding an investigator’s reasoning process, in a detailed and structured manner. By this we mean we would like to capture and encode an investigator’s hypotheses, their arguments, their conclusions and the certainty with which they can make such claims, as well as the various pieces of evidence (digital and physical) that they use as a foundation for their arguments. We also want to capture the steps an investigator took when formulating these arguments and the steps an investigator took in order to get evidence into its intended form. The capturing of such a detailed reasoning process helps to allow for a more thorough reconstruction of an investigator’s finding, further improving the reliability that can be placed in them. By encoding the investigator’s reasoning process, an investigator can more easily receive feedback on the impacts that the various dynamic aspects of an investigation have upon their reasoning. In order to achieve these goals, our dissertation presents a model, called the Chain of Findings, allowing investigators to formulate and capture their reasoning process throughout the investigation, using a combination of goal-driven and data-driven approaches. When formulating their reasoning, the model allows investigators to treat evidence, digital and physical, uniformly as building blocks for their arguments and capture detailed information of how and why they serve their role in an investigator’s reasoning process. In addition, the Chain of Findings offers a number of other uses and benefits including the training of investigators and Digital Forensic Readiness. / Dissertation (MSc)--University of Pretoria, 2013. / gm2014 / Computer Science / unrestricted
2

A concept mapping case domain modeling approach for digital forensic investigations

Tanner, April L 10 December 2010 (has links)
Over the decades, computer forensics has expanded from primarily examining computer evidence found on hard drives into the examination of digital devices with increasing storage capacity, to the identification of crimes and illegal activities involving the use of computers, to addressing standards and practices deficiencies, and to addressing the need to educate and train law enforcement, computer forensic technicians, and investigators. This dissertation presents the concept mapping case domain modeling approach to aid examiners/investigators in searching and identifying digital evidence and analyzing the case domain during the examination and analysis phase of the computer forensic investigation. The examination and analysis phases of a computer forensic process are two of the most important phases of the investigative process because the search for and identification of evidence data is crucial to a case; any data uncovered will help determine the guilt or innocence of a suspect. In addition, these phases can become very time consuming and cumbersome. Therefore, finding a method to reduce the amount of time spent searching and identifying potential evidence and analyzing the case domain would greatly enhance the efficiency of the computer forensic process. The hypothesis of this dissertation is that the concept mapping case domain modeling approach can serve as a method for organizing, examining, and analyzing digital forensic evidence and can enhance the quality of forensic examinations without increasing the time required to examine and analyze forensic evidence by more than 5%. Four experiments were conducted to evaluate the effectiveness of the concept mapping case domain modeling approach. Analysis of the experiments supports the hypothesis that the concept mapping case domain modeling approach can be used to organize, search, identify, and analyze digital evidence in an examination.

Page generated in 0.1072 seconds