Global ETD Search

31	Empirical analysis of disk sector prefixes for digital forensics Necaise, Nathan Joseph 05 May 2007 (has links) Forensic analysis on a media with fragmented and deleted files is a difficult task. There is a lack of tools and techniques that can accurately and quickly detect fragmented suspect files. Fragmented file data that resides in slack space is often overlooked by digital forensic tools. This thesis proposes to use a prefix signature of 4, 8, 16, or 32 bytes instead of either a complete sector comparison or a hash of the complete sector. The experiments show that the 32 byte has as much discrimination as an MD5 or SHA hash in uniquely identifying a sector. It is shown that the false positive rate does not exceed 10% for prefix signature sizes of 32, 16, and 8 bytes. Also the difference in false positive rates for the 32 and 16 byte prefixes does not exceed 25% as compared to MD5 and SHA hashes. sector prefix disk sector digital forensics prefix signature sector prefix disk sector digital forensics prefix signature sector prefix disk sector digital forensics prefix signature prefix signature digital forensics disk sector sector prefix
32	Enhancing the Admissibility of Live Box Data Capture in Digital Forensics: Creation of the Live Box Computer Preservation Response (LBCPR) and Comparative Study Against Dead Box Data Acquisition Emilia Mancilla (14202911) 05 December 2022 (has links) <p>There are several techniques and methods on how to capture data during a Live Box response in computer forensics, but the key towards these acquisitions is to keep the collected data admissible in a judicial court process. Different approaches during a Live Box examination will lead to data changes in the computer, due to the volatile nature of data stored in memory. The inevitable changes of volatile data are what cause the controversy when admitting digital evidence to court room proceedings.</p> <p>The main goal of this dissertation was to create a process model, titled Live Box Computer Preservation Response(LBCPR), that would assist in ensuing validity, reliably and accuracy of evidence in a court of law. This approach maximizes the admissibly of digital data derived from a Live Box response. </p> <p>The LBCPR was created to meet legal and technical requirements in acquiring data from a live computer. With captured Live Box computer data, investigators can further add value to their investigation when processing and analyzing the captured data set, that would have otherwise been permanently unrecoverable upon powering down the machine. By collecting the volatile data prior to conducting Dead Box forensics, there is an increased amount of information that that can be a utilized to understand the state of the machine upon collection when combined with the stored data contents. </p> <p>This study created a comparative analysis on data collection with the LBCPR method versus traditional Dead Box forensics techniques, further proving the expected results of Live Box techniques capturing volatile data. However, due to the structure of the LBCPR, there were enhanced capabilities of obtaining value from the randomization of memory dumps, because of the assistance of the collected logs in the process model. In addition, with the legal admissibility focus, there was incorporation of techniques to keep data admissible in a court of law. </p> Digital forensics digital forensics live box dead box LBCPR process model Incident Response volatile data admissibility of evidence
33	DIGITAL TRAILS IN VIRTUAL WORLDS: A FORENSIC INVESTIGATION OF VIRTUAL REALITY SOCIAL COMMUNITY APPLICATIONS ON OCULUS PLATFORMS Samuel Li Feng Ho (17602290) 12 December 2023 (has links) <p dir="ltr">Virtual Reality (VR) has become a pivotal element in modern society, transforming interactions with digital content and interpersonal communication. As VR integrates into various sectors, understanding its forensic potential is crucial for legal, investigative, and security purposes. This involves examining the digital footprints and artifacts left by immersive technologies. While previous studies in digital forensics have primarily concentrated on traditional computing devices such as smartphones and computers, research on VR, particularly on specific devices like the Oculus Go, Meta Quest, and Meta Quest 2, has been limited. This thesis explores the digital forensics of VR, focusing on the Oculus Go, Meta Quest and Meta Quest 2, using tools like Magnet AXIOM and Wireshark. The research uncovers specific forensic and network-based artifacts from eight social community applications, revealing user personally identifiable information, application usage history, WiFi network details, and multimedia content. These findings have significant implications for legal proceedings and cybercrime investigations, highlighting the role these artifacts can play in influencing the outcome of cases. This research not only deepens our understanding of VR-related digital forensics but also sets the stage for further investigations in this rapidly evolving domain.</p> Data and information privacy Digital forensics Virtual Reality Digital Forensics Social Community Applications Meta Quest Meta Quest 2
34	<b>EXPLORING FEMTECH: INVESTIGATING CLUE AND PRIVACY CONCERNS AMONG MENSTRUATORS</b> Claire Elyse Rightley (18423219) 22 April 2024 (has links) <p dir="ltr">FemTech is a booming subset of mHealth applications that was worth $51 billion in 2021 (Stewart, 2022b). FemTech largely focuses on menstruation, pregnancy, and fertility tracking. As with any technology, it comes with privacy and security risks for users, but these risks are more acute due to the sensitive nature of the data being collected. While privacy and security shortcomings have been highlighted for years, concerns were discussed widely in the United States after the Supreme Court released its <i>Dobbs v. Jackson</i> decision on June 24, 2022, which overturned <i>Roe v. Wade</i>, a 1973 decision that protected abortion as a constitutional right and limited states’ abilities to place restrictions on abortions. With abortion no longer a constitutional right, many states have outlawed or heavily restricted the procedure, and individuals expressed concern about their digital data being used in investigations as it has been in select previous cases (e.g., <i>State of Indiana v. Purvi Patel</i>, 2015; <i>State of Mississippi v. Latice Fisher</i>, 2018; <i>The State of Nebraska v. Celeste Burgess</i>, 2023; <i>The State of Nebraska v. Jessica Burgess</i>, 2023). While Big Tech has been scrutinized for turning user data over to law enforcement, many have more heavily questioned the protections offered by period tracking app companies due to the abundant amount of health data these companies possess about their users (e.g., Basu, 2022; Bradley et al., 2022; Cole, 2022). These apps have historically fallen short in protections for their user data in general (e.g., Beilinson, 2020; <i>Developer of Popular Women’s Fertility-Tracking App Settles FTC Allegations That It Misled Consumers About the Disclosure of Their Health Data</i>, 2021; Quintin, 2017). Clue is one of the most popular FemTech apps with millions of downloads across the Apple App Store and Google Play Store, and the company has spoken out widely about their privacy protections in the wake of the <i>Dobbs v. Jackson</i> decision (<i>‎Clue Period Tracker & Calendar</i>, n.d.; <i>Clue Period Tracker & Calendar</i>, n.d.; <i>Clue’s Response to Roe vs Wade Decision</i>, 2022). This research presents a forensic analysis of Clue on both iOS and Android after two months of data population, finding that some user-entered data was available in the app cache or .db-wal files on both iOS and Android but was entirely erased after the deletion of the app on the phones. This research also presents results from a survey of 31 menstruators in the United States, finding that online privacy in general is a concern for many users, and most find it unacceptable for period tracking applications to share user health data with advertisers or law enforcement.</p> Digital forensics FemTech digital forensics mobile forensics digital privacy online privacy mHealth applications period tracking apps Clue period tracker
35	Leveraging Personal Internet-of-Things Technology To Facilitate User Identification in Digital Forensics Investigations Shinelle Hutchinson (16642559) 07 August 2023 (has links) <p>Despite the many security and privacy concerns associated with Internet-of-Things (IoT) devices, we continue to be barraged by new IoT devices every day. These devices have infiltrated almost every aspect of our lives, from government and corporations to our homes, and now, on and within our person, in the form of smartphones and wearables. These personal IoT devices can collect some of the most intimate pieces of data about their user. For instance, a smartwatch can record its wearer's heart rate, skin temperature, physical activity, and even GPS location data. At the same time, a smartphone has access to almost every piece of information related to its user, including text messages, social media activity, web browser history, and application-specific data. Due to the quantity and quality of data these personal IoT devices record, these devices have become critical sources of evidence during forensic investigations. However, there are instances in which digital forensic investigators need to make doubly sure that the data obtained from these smart devices, in fact, belong to the alleged owner of the smart device and not someone else. To that end, this dissertation provides the first look at using personal IoT device handling as a user identification technique with machine learning models to aid forensic investigations. The results indicated that this technique is capable of significantly differentiating device owners with performance metrics of .9621, .9618, and .9753, for accuracy, F1, and AUC, respectively, when using a smartwatch with statistical time-domain features. When considering the smartphone performance, the performance was only marginally acceptable with accuracy, F1, and AUC values of .8577, .8560, and .8891, respectively. The results also indicate that female users handled their devices notably differently from male users. This study thus lays the foundation for performing user identification during a forensic investigation to determine whether the smart device owner did, in fact, use the device at the time of the incident.</p> Digital forensics Digital Forensics User Identification Machine learning Android Attribution Internet-of-Things (IoT) Wearables Smartphone
36	Digital Forensics Tool Interface Visualization Altiero, Roberto A. 15 January 2015 (has links) Recent trends show digital devices utilized with increasing frequency in most crimes committed. Investigating crime involving these devices is labor-intensive for the practitioner applying digital forensics tools that present possible evidence with results displayed in tabular lists for manual review. This research investigates how enhanced digital forensics tool interface visualization techniques can be shown to improve the investigator's cognitive capacities to discover criminal evidence more efficiently. This paper presents visualization graphs and contrasts their properties with the outputs of The Sleuth Kit (TSK) digital forensic program. Exhibited is the textual-based interface proving the effectiveness of enhanced data presentation. Further demonstrated is the potential of the computer interface to present to the digital forensic practitioner an abstract, graphic view of an entire dataset of computer files. Enhanced interface design of digital forensic tools means more rapidly linking suspicious evidence to a perpetrator. Introduced in this study is a mixed methodology of ethnography and cognitive load measures. Ethnographically defined tasks developed from the interviews of digital forensics subject matter experts (SME) shape the context for cognitive measures. Cognitive load testing of digital forensics first-responders utilizing both a textual-based and visualized-based application established a quantitative mean of the mental workload during operation of the applications under test. A t-test correlating the dependent samples' mean tested for the null hypothesis of less than a significant value between the applications' comparative workloads of the operators. Results of the study indicate a significant value, affirming the hypothesis that a visualized application would reduce the cognitive workload of the first-responder analyst. With the supported hypothesis, this work contributes to the body of knowledge by validating a method of measurement and by providing empirical evidence that the use of the visualized digital forensics interface will provide a more efficient performance by the analyst, saving labor costs and compressing time required for the discovery phase of a digital investigation. digital forensics Human-Computer Interaction (HCI) visualization Computer Sciences Criminology Graphics and Human Computer Interfaces
37	Digital forensics : an integrated approach for the investigation of cyber/computer related crimes Hewling, Moniphia Orlease January 2013 (has links) Digital forensics has become a predominant field in recent times and courts have had to deal with an influx of related cases over the past decade. As computer/cyber related criminal attacks become more predominant in today’s technologically driven society the need for and use of, digital evidence in courts has increased. There is the urgent need to hold perpetrators of such crimes accountable and successfully prosecuting them. The process used to acquire this digital evidence (to be used in cases in courts) is digital forensics. The procedures currently used in the digital forensic process were developed focusing on particular areas of the digital evidence acquisition process. This has resulted in very little regard being made for the core components of the digital forensics field, for example the legal and ethical along with other integral aspects of investigations as a whole. These core facets are important for a number of reasons including the fact that other forensic sciences have included them, and to survive as a true forensics discipline digital forensics must ensure that they are accounted for. This is because, digital forensics like other forensics disciplines must ensure that the evidence (digital evidence) produced from the process is able to withstand the rigors of a courtroom. Digital forensics is a new and developing field still in its infancy when compared to traditional forensics fields such as botany or anthropology. Over the years development in the field has been tool centered, being driven by commercial developers of the tools used in the digital investigative process. This, along with having no set standards to guide digital forensics practitioners operating in the field has led to issues regarding the reliability, verifiability and consistency of digital evidence when presented in court cases. Additionally some developers have neglected the fact that the mere mention of the word forensics suggests courts of law, and thus legal practitioners will be intimately involved. Such omissions have resulted in the digital evidence being acquired for use in various investigations facing major challenges when presented in a number of cases. Mitigation of such issues is possible with the development of a standard set of methodologies flexible enough to accommodate the intricacies of all fields to be considered when dealing with digital evidence. This thesis addresses issues regarding digital forensics frameworks, methods, methodologies and standards for acquiring digital evidence using the grounded theory approach. Data was gathered using literature surveys, questionnaires and interviews electronically. Collecting data using electronic means proved useful when there is need to collect data from different jurisdictions worldwide. Initial surveys indicated that there were no existing standards in place and that the terms models/frameworks and methodologies were used interchangeably to refer to methodologies. A framework and methodology have been developed to address the identified issues and represent the major contribution of this research. The dissertation outlines solutions to the identified issues and presents the 2IR Framework of standards which governs the 2IR Methodology supported by a mobile application and a curriculum of studies. These designs were developed using an integrated approach incorporating all four core facets of the digital forensics field. This research lays the foundation for a single integrated approach to digital forensics and can be further developed to ensure the robustness of process and procedures used by digital forensics practitioners worldwide. 005.8
38	Towards Real-Time Volatile Memory Forensics: Frameworks, Methods, and Analysis Sylve, Joseph T 19 May 2017 (has links) Memory forensics (or memory analysis) is a relatively new approach to digital forensics that deals exclusively with the acquisition and analysis of volatile system memory. Because each function performed by an operating system must utilize system memory, analysis of this memory can often lead to a treasure trove of useful information for forensic analysts and incident responders. Today’s forensic investigators are often subject to large case backlogs, and incident responders must be able to quickly identify the source and cause of security breaches. In both these cases time is a critical factor. Unfortunately, today’s memory analysis tools can take many minutes or even hours to perform even simple analysis tasks. This problem will only become more prevalent as RAM prices continue to drop and systems with very large amounts of RAM become more common. Due to the volatile nature of data resident in system RAM it is also desirable for investigators to be able to access non-volatile copies of system RAM that may exist on a device’s hard drive. Such copies are often created by operating systems when a system is being suspended and placed into a power safe mode. This dissertation presents work on improving the speed of memory analysis and the access to non-volatile copies of system RAM. Specifically, we propose a novel memory analysis framework that can provide access to valuable artifacts orders of magnitude faster than existing tools. We also propose two new analysis techniques that can provide faster and more resilient access to important forensic artifacts. Further, we present the first analysis of the hibernation file format used in modern versions of Windows. This work allows access to evidence in non-volatile copies of system RAM that were not previously able to be analyzed. Finally, we propose future enhancements to our memory analysis framework that should address limitations with the current design. Taken together, this dissertation represents substantial work towards advancing the field of memory forensics. Information Security
39	Development of Peer Instruction Material for a Cybersecurity Curriculum Johnson, William 19 May 2017 (has links) Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses. Information Security
40	Reconstructing Textual File Fragments Using Unsupervised Machine Learning Techniques Roux, Brian 19 December 2008 (has links) This work is an investigation into reconstructing fragmented ASCII files based on content analysis motivated by a desire to demonstrate machine learning's applicability to Digital Forensics. Using a categorized corpus of Usenet, Bulletin Board Systems, and other assorted documents a series of experiments are conducted using machine learning techniques to train classifiers which are able to identify fragments belonging to the same original file. The primary machine learning method used is the Support Vector Machine with a variety of feature extractions to train from. Additional work is done in training committees of SVMs to boost the classification power over the individual SVMs, as well as the development of a method to tune SVM kernel parameters using a genetic algorithm. Attention is given to the applicability of Information Retrieval techniques to file fragments, as well as an analysis of textual artifacts which are not present in standard dictionaries. Machine Learning File Carving Fragmented Files Support Vector Machines SVM Digital Forensics Information Retrieval

Search results