Spelling suggestions: "subject:"4digital forensic"" "subject:"deigital forensic""
11 |
Standards and methodologies for evaluating digital forensics tools : Developing and testing a new methodologyAndersson, Victor January 2018 (has links)
Standards play a big role in a lot of professions and when it comes to most aspects of law enforcement and forensic investigation, it’s no different. Despite that, for some reason, there aren’t any for when it comes to evaluating and choosing forensic tools. The lack of an international standard for evaluating forensic tools has a clear negative impact on the digital forensics community as it lowers the value of tool tests and evaluations and hinders both the reproducibility and verification of their results. Most tool evaluations are performed with custom forensic images and measures metrics that are not scientifically motivated, but rather made up based on the evaluator's personal preferences. By examining current standards and related work done in the field, a new methodology is proposed. It builds on scientific principles and the strengths of existing literature. The methodology is then tested in a practical experiment. The result of the paper is a solid foundation for a new standard to be built upon.
|
12 |
Assisting digital forensic analysis via exploratory information visualisationHales, Gavin January 2016 (has links)
Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However, the tools supporting digital forensics investigations have not kept pace with this evolution, often leaving the investigator to analyse large volumes of textual data and rely heavily on their own intuition and experience. Aim: This research proposes that given the ability of information visualisation to provide an end user with an intuitive way to rapidly analyse large volumes of complex data, such approached could be applied to digital forensics datasets. Such methods will be investigated; supported by a review of literature regarding the use of such techniques in other fields. The hypothesis of this research body is that by utilising exploratory information visualisation techniques in the form of a tool to support digital forensic investigations, gains in investigative effectiveness can be realised. Method:To test the hypothesis, this research examines three different case studies which look at different forms of information visualisation and their implementation with a digital forensic dataset. Two of these case studies take the form of prototype tools developed by the researcher, and one case study utilises a tool created by a third party research group. A pilot study by the researcher is conducted on these cases, with the strengths and weaknesses of each being drawn into the next case study. The culmination of these case studies is a prototype tool which was developed to resemble a timeline visualisation of the user behaviour on a device. This tool was subjected to an experiment involving a class of university digital forensics students who were given a number of questions about a synthetic digital forensic dataset. Approximately half were given the prototype tool, named Insight, to use, and the others given a common open-source tool. The assessed metrics included: how long the participants took to complete all tasks, how accurate their answers to the tasks were, and how easy the participants found the tasks to complete. They were also asked for their feedback at multiple points throughout the task. Results:The results showed that there was a statistically significant increase in accuracy for one of the six tasks for the participants using the Insight prototype tool. Participants also found completing two of the six tasks significantly easier when using the prototype tool. There were no statistically significant different difference between the completion times of both participant groups. There were no statistically significant differences in the accuracy of participant answers for five of the six tasks. Conclusions: The results from this body of research show that there is evidence to suggest that there is the potential for gains in investigative effectiveness when information visualisation techniques are applied to a digital forensic dataset. Specifically, in some scenarios, the investigator can draw conclusions which are more accurate than those drawn when using primarily textual tools. There is also evidence so suggest that the investigators found these conclusions to be reached significantly more easily when using a tool with a visual format. None of the scenarios led to the investigators being at a significant disadvantage in terms of accuracy or usability when using the prototype visual tool over the textual tool. It is noted that this research did not show that the use of information visualisation techniques leads to any statistically significant difference in the time taken to complete a digital forensics investigation.
|
13 |
Certifying Computer Forensics SkillsWatson, Michael Charles 14 June 2021 (has links)
Computer forensics is an ever-growing technological field of complexity and depth. Individuals must strive to keep learning and growing their skills as they help combat cybercrime throughout the world. This study attempts to establish a method of evaluating conceptual expertise in computer forensics to help indicate whether or not an individual understands the five basic phases of computer forensics: preparation, seizure of evidence, acquisition of data, analysis of data, and reporting the findings of the analysis. A survey was presented to a university class of 30 students taking a computer forensics course and as well as posted online asking computer forensics professionals to participate in the survey. Results show that novices that were enrolled in a computer forensics course were able to identify the phases of computer forensics more readily than professionals
|
14 |
Reconstruction in Database ForensicsAdedayo, Oluwasola Mary January 2015 (has links)
The increasing usage of databases in the storage of critical and sensitive information in many organizations has led to an increase in the rate at which databases are exploited in computer crimes. Databases are often manipulated to facilitate crimes and as such are usually of interest during many investigations as useful information relevant to the investigation can be found therein.
A branch of digital forensics that deals with the identification, preservation, analysis and presentation of digital evidence from databases is known as database forensics. Despite the large amount of information that can be retrieved from databases and the amount of research that has been done on various aspects of databases, database security and digital forensics in general, very little has been done on database forensics. Databases have also been excluded from traditional digital investigations until very recently. This can be attributed to the inherent complexities of databases and the lack of knowledge on how the information contained in the database can be retrieved, especially in cases where such information have been modified or existed in the past.
This thesis addresses one major part of the challenges in database forensics, which is the reconstruction of the information stored in the database at some earlier time. The dimensions involved in a database forensics analysis problem are identified and the thesis focuses on one of these dimensions. Concepts such as the relational algebra log and the inverse relational algebra are introduced as tools in the definition of a theoretical framework that can be used for database forensics.
The thesis provides an algorithm for database reconstruction and outlines the correctness proof of the algorithm. Various techniques for a complete regeneration of deleted or lost data during a database forensics analysis are also described. Due to the importance of having adequate logs in order to use the algorithm, specifications of an ideal log configuration for an effective reconstruction process are given, putting into consideration the various dimensions of the database forensics problem space. Throughout the thesis, practical situations that illustrate the application of the algorithms and techniques described are given.
The thesis provides a scientific approach that can be used for handling database forensics analysis practice and research, particularly in the aspect of reconstructing the data in a database. It also adds to the field of digital forensics by providing insights into the field of database forensics reconstruction. / Thesis (PhD)--University of Pretoria, 2015. / Computer Science / PhD / Unrestricted
|
15 |
Forensic evidence isolation in cloudsDelport, Waldo January 2013 (has links)
Cloud computing is gaining acceptance and also increasing in
popularity. Organisations often rely on cloud resources as an
effective replacement for their `in-house' computer systems. In the
cloud, virtual resources are provided from a larger pool of resources,
these resources being available to multiple different clients.
When something suspicious happens within a digital environment, a
digital forensic investigation may be conducted to gather information
about the event. When conducting such an investigation digital
forensic procedures are followed. These procedures involve the steps
to be followed to aid in the successful completion of the
investigation. One of the possible steps that may be followed involves
isolating possible evidence in order to protect it from contamination
and tampering.
Clouds may provide a multi-tenancy solution across multiple
geographical locations. When conducting an investigation into physical
equipment the equipment may be isolated. This may be done, for
example, by placing a cell phone in a Faraday bag in order to block
signals or unplugging a computer's network cable to stop the computer
from either sending or receiving of network traffic. However, in the
cloud it may not be applicable to isolate the equipment of the cloud
because of the multi-tenancy and geographically separated nature of
the cloud. There is currently little research available on how
isolation can be accomplished inside the cloud environment.
This dissertation aims at addressing the need for isolation on the
cloud by creating new methods and techniques that may be incorporated
into an investigation in order to isolate cloud resources. Isolation
can be achieved by moving the unnecessary evidence to a different
location and retaining the required evidence or by moving the required
evidence in such a manner that the evidence would not be contaminated.
If isolated evidence were to be moved to a digital forensic
laboratory, the question arises as to whether it would be possible to
create such a laboratory on the cloud utilise the benefits of cloud
computing and enable the investigation to be conducted on the cloud
without moving the isolated evidence from the cloud. The dissertation
will develop various models of isolation. These models are then tested
in experimental conditions. The experiments were conducted on Nimbula
Director 1.0.3 and VMware vSphere 5.0.
The models were successfully applied in the experiments. It was found
that investigations could benefit from the use of the proposed models
for isolation. However, the experiments also highlighted that some of
the models are not applicable or that a combination should be used.
The experiments also indicated that the methods to be used would
depend on the circumstances of the investigation. A preliminary "cloud
laboratory" was designed and described in terms of which a digital
forensic laboratory can be created on the cloud resources, thus
enabling an investigation to be conducted inside the cloud
environment. / Dissertation (MSc)--University of Pretoria, 2013. / Computer Science / unrestricted
|
16 |
INVESTIGATING ONLINE BANKING ACTIVITIES IN THE US: DIGITAL FORENSICS ANALYSIS ON ANDROID, IOS AND WINDOWS 11Praveen Medikonda (14228348) 08 December 2022 (has links)
<p> Browsers are used as a medium to perform various activities on the Internet and mobile applications are used on mobile devices. They let users connect to the Internet and access different services such as sending emails, watching videos, using banking services, etc. The increase in the usage of the Internet, personal computers, and mobile phones led financial institutions to democratize their services and provide omnipresent and cost-effective services to their customers, in turn attracting a large customer base. Many of these financial institu?tions store and manage sensitive user information such as account numbers and usernames, passwords, Social Security Numbers (SSNs), etc. Due to the nature of the sensitive infor?mation that these institutions manage, it makes a perfect bait for attackers to exploit and perform cyber attacks. Most of the forensic and security research observed in the bank?ing ecosystem focused on foreign financial institutions and mobile banking applications for Android. However, no forensic research has been conducted on the mobile and browser ap?plications of US financial institutions. In this research, I performed a forensic analysis on both browser and mobile applications (both Android and iOS) of US financial institutions. I conducted a forensic investigation on the JP Morgan Chase (Chase), Purdue Federal Credit Union (PFCU), Discover, and CapitalOne banks. This research found what information these banking applications store locally and where they store them to assist digital forensic investigators in investigations. </p>
|
17 |
Forensic Insights: Analyzing and Visualizing Fitbit Cloud DataPoorvi Umesh Hegde (17635896) 15 December 2023 (has links)
<p dir="ltr">Wearable devices are ubiquitous. There are over 1.1 billion wearable devices in the<br>market today[1]. The market is projected to grow at a rate of 14.6% annually till 2030[2].<br>These devices collect and store a large amount of data[3]. A major amount of this collected<br>data is stored in the cloud. For many years now, law enforcement organizations have been<br>continuously encountering cases that involve a wearable device in some capacity. There have<br>also been examples of how these wearable devices have helped in crime investigations and<br>insurance fraud investigations [4],[5],[6],[7],[8]. The article [4] performs an analysis of 5 case<br>studies and 57 news articles and shows how the framing of wearables in the context of the<br>crimes helped those cases. However, there still isn’t enough awareness and understanding<br>among law enforcement agencies on leveraging the data collected by these devices to solve<br>crimes. Many of the fitness trackers and smartwatches in the market today have more or<br>less similar functionalities of tracking data on an individual’s fitness-related activities, heart<br>rate, sleep, temperature, and stress [9]. One of the major players in the smartwatch space is<br>Fitbit. Fitbit synchronizes the data that it collects, directly to Fitbit Cloud [10]. It provides<br>an Android app and a web dashboard for users to access some of these data, but not all.<br>Application developers on the other hand can make use of Fitbit APIs to use user’s data.<br>These APIs can also be leveraged by law enforcement agencies to aid in digital forensic<br>investigations. There have been previous studies where they have developed tools that make<br>use of Fitbit Web APIs [11],[12], [13] but for various other purposes, not for forensic research.<br>There are a few studies on the topic of using fitness tracker data for forensic investigations<br>[14],[15]. But very few have used the Fitbit developer APIs [16]. Thus this study aims to<br>propose a proof-of-concept platform that can be leveraged by law enforcement agencies to<br>access and view the data stored on the Fitbit cloud on a person of interest. The results<br>display data on 12 categories - activity, body, sleep, breathing, devices, friends, nutrition,<br>heart rate variability, ECG, temperature, oxygen level, and cardio data, in a tabular format<br>that is easily viewable and searchable. This data can be further utilized for various analyses.<br>The tool developed is Open Source and well documented, thus anyone can reproduce the<br>process.<br>12<br></p>
|
18 |
Selecting Keyword Search Terms in Computer Forensics Examinations Using Domain Analysis and ModelingBogen, Alfred Christopher 09 December 2006 (has links)
The motivation for computer forensics research includes the increase in crimes that involve the use of computers, the increasing capacity of digital storage media, a shortage of trained computer forensics technicians, and a lack of computer forensics standard practices. The hypothesis of this dissertation is that domain modeling of the computer forensics case environment can serve as a methodology for selecting keyword search terms and planning forensics examinations. This methodology can increase the quality of forensics examinations without significantly increasing the combined effort of planning and executing keyword searches. The contributions of this dissertation include: ? A computer forensics examination planning method that utilizes the analytical strengths and knowledge sharing abilities of domain modeling in artificial intelligence and software engineering, ? A computer forensics examination planning method that provides investigators and analysts with a tool for deriving keyword search terms from a case domain model, and ? The design and execution of experiments that illustrate the utility of the case domain modeling method. Three experiment trials were conducted to evaluate the effectiveness of case domain modeling, and each experiment trial used a distinct computer forensics case scenario: an identity theft case, a burglary and money laundering case, and a threatening email case. Analysis of the experiments supports the hypothesis that case domain modeling results in more evidence found during an examination with more effective keyword searching. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available. A pilot study and a case study were also performed to evaluate the utility of case domain modeling for typical law enforcement investigators. In these studies the subjects used case domain models in a computer forensics service solicitation activity. The results of these studies indicate that typical law enforcement officers have a moderate comprehension of the case domain modeling method and that they recognize a moderate amount of utility in the method. Case study subjects also indicated that the method would be more useful if supported by a semi-automated tool.
|
19 |
<b>Comparison of Persistence of Deleted Files on Different File Systems and Disk Types</b>Chinmay Amul Chhajed (18403644) 19 April 2024 (has links)
<p dir="ltr">The presence of digital devices in various settings, from workplaces to personal spaces, necessitates reliable and secure data storage solutions. These devices store data on non-volatile media like Solid State Drives (SSDs) and Hard Disk Drives (HDDs), ensuring data preservation even after power loss. Files, fundamental units of data storage, are created, modified, and deleted through user activities like application installations or file management. File systems, acting as the backbone of the system, manage these files on storage devices.</p><p dir="ltr">This research explores how three key factors: (1) different operating systems running various file system types (ext4, NTFS, FAT, etc.), (2) different disk types (SSD and HDD), and (3) common user activities (system shutdowns, reboots, web browsing, downloads, etc.) influence the persistence of deleted files.</p><p dir="ltr">This research aims to fill a gap in the understanding by looking at how these factors influence how quickly new information overwrites deleted files. This is especially important for digital forensics, where investigators need to be sure they can find all the evidence on a device. The research will focus on how operating systems handle deleted files and how everyday activities affect the chances of getting them back. This can ultimately improve data security and make digital forensics more reliable.</p>
|
20 |
Automated Timeline Anomaly DetectionBarone, Joshua M 17 May 2013 (has links)
Digital forensics is the practice of trained investigators gathering and analyzing evidence from digital devices such as computers and smart phones. On these digital devices, it is possible to change the time on the device for a purpose other than what is intended. Currently there are no documented techniques to determine when this occurs. This research seeks to prove out a technique for determining when the time has been changed on forensic disk image by analyzing the log files found on the image. Out of this research a tool is created to perform this analysis in automated fashion. This tool is TADpole, a command line program that analyzes the log files on a disk image and determines if a timeline anomaly has occurred.
|
Page generated in 0.0704 seconds