Global ETD Search

1	Forensic Computing from a Computer Security perspective / Forensisk granskning av datorer ur ett datasäkerhetsperspektiv Lázaro, Pablo García-Crovetto January 2004 (has links) <p>This work contains a brief study about Forensic Computing problems done from a Computer Security perspective. </p><p>Based on the description and investigation methods of Forensic Computing, a list of common difficulties that forensic examiners have to deal with has been created. After making an analysis about each difficulty in the Forensic Computing field, it can be said that the main reasons are related to the legal restrictions and an incorrect security management. </p><p>Using a Computer Security perspective for analysing why the incorrect security management generates problems in the forensic computing field, we have made a risk analysis of a possible distribution for a correct security management. Later, based on own results, a list on priorities in prevention methods in t he Forensic Computing field has been created. </p><p>Finally it can be said that the difficulties in the Forensic Computing field could be avoided by creating awareness among users about the importance of taking prevention methods for protecting data and consequently for decreasing the number of e-crimes.</p> Informationsteknik Forensic Computing Computer Security Confidentiality Integrity Availability Information Technologies Informationsteknik Information technology Informationsteknik
2	Sumarização Automática de Cenas Forenses Borges, Erick Vagner Cabral de Lima 26 February 2015 (has links) Submitted by Clebson Anjos (clebson.leandro54@gmail.com) on 2016-02-15T18:11:38Z No. of bitstreams: 1 arquivototal.pdf: 2556099 bytes, checksum: 0e449542d04801fd627fb09b7061bdcc (MD5) / Made available in DSpace on 2016-02-15T18:11:38Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 2556099 bytes, checksum: 0e449542d04801fd627fb09b7061bdcc (MD5) Previous issue date: 2015-02-26 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / The growing presence of video recording devices in several areas are providing an increase in use these images mainly to investigative purposes. This makes the use of methods and tools that perform the analysis and the automatic monitoring of environments are increasingly needed to provide technical support and knowledge to investigators, enabling obtain efficient and effective results. This work describe the development of computational vision methods that aim extract some features of scenes. At the end of this extraction, a summarization tool of forensic scenes through the developed methods is proposed. The methods proposed aim to detect and analyze motion in scenes, detect faces classifying them through the gender recognition, recognize people through facial recognition, perform the tracking of human faces and pattern recognition of predominant color in the clothing of individuals. At the end of this work, developed methods presented results comparable to the ones found in the literature and may contribute to the fast extraction of information needed for human analysis, to assist in the interpretation and argumentation of cases and documenting the results. / A presença crescente de dispositivos de gravação de vídeo nas mais diversas áreas vêm proporcionando um aumento no uso destas imagens principalmente para fins investigativos. Isto faz com que a utilização de métodos e ferramentas que realizem a análise e o monitoramento automático de ambientes seja cada vez mais necessária para dar suporte técnico e de conhecimento aos investigadores, possibilitando que os resultados alcançados sejam os mais eficientes e eficazes possíveis. Este trabalho descreve o desenvolvimento de métodos de visão computacional que têm como objetivo extrair aspectos relevantes de cenas – imagens individuais, ou quadros ou sequências de quadros de vídeo - e utilizar a informação obtida com o propósito de sumarização. Os métodos propostos visam a detectar e analisar movimentação, detectar faces classificando-as por gênero, efetuar reconhecimento de faces, realizar o rastreamento de faces humanas e reconhecer a cor predominante no vestuário de indivíduos. O sistema desenvolvido efetua a extração de informações relevantes, o que auxilia na redução do tempo necessário à inspeção por seres humanos, na interpretação e argumentação de casos e na documentação dos casos. Ao fim do trabalho, os métodos desenvolvidos apresentaram resultados compatíveis com os da literatura.
3	Métodos de visão computacional aplicáveis à ciência forense / Computer vision methods applicable to forensic science Andaló, Fernanda Alcântara, 1981- 11 September 2012 (has links) Orientador: Siome Klein Goldenstein / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-22T01:13:30Z (GMT). No. of bitstreams: 1 Andalo_FernandaAlcantara_D.pdf: 40510814 bytes, checksum: d6c348c91f07e6085e27cec5408c1ab2 (MD5) Previous issue date: 2012 / Resumo: A criminalidade, crescente em termos de volume e sofisticação, vem determinando a necessidade de conhecimento e aplicação de métodos científicos para sua prevenção e investigação. Isso faz com que essas tarefas mereçam significativa atenção de governos e pesquisadores. A investigação forense de um crime é um processo complexo, que tem seu início na cena do evento e continua no laboratório, suprindo o tribunal onde o julgamento _e realizado, de informações e argumentos necessários a materializar a ocorrência do delito e a identificação dos culpados. Os investigadores precisam de suporte técnico e de conhecimento para que os resultados alcançados sejam os mais eficientes e eficazes possíveis. Esta tese apresenta três métodos de visão computacional, que podem ser aplicados no processo de investigação forense: um para fotogrametria, que possibilita medir alturas de objetos em imagens; um framework para reconstrução tridimensional de impressões de calçados (pegadas tridimensionais) em cenas de crime; e um método para a reconstrução de imagens a partir de uma coleção de pequenos fragmentos. Obter medidas de objetos em imagens -fotogrametria - é um requisito consuetudinário em Ciência Forense. Em um sistema confiável, a altura estimada de uma pessoa pode ser usada como evidência corroborativa. No segundo método, utilizam-se técnicas de visão estéreas para a obtenção de um modelo tridimensional, reconstruído a partir de fotografias tiradas de impressões de calçados em cenas de crime. No terceiro método, a necessidade de reconstruir imagens fragmentadas é explorada. Imagens podem ser danificadas a _m de ocultar informações e cabe à Computação Forense explorar metodologias para a reconstrução automática de tais imagens, já que o processo manual é muito laborioso. As contribuições desta tese são: (a) novo e eficaz detector de pontos de fuga, em uma única imagem, que possui maior acurácia do que os presentes na literatura e que foi desenvolvido para facilitar medições de altura em uma única imagem bidimensional; (b) pipeline para reconstrução tridimensional de impressões de calçados, a partir de fotografias tiradas do vestígio em diferentes ângulos, e sua validação em comparação aos métodos utilizados na prática atualmente; (c) novo método determinístico de reconstrução automática de imagens, a partir de uma coleção de pequenos fragmentos retangulares, baseado em programação quadrática e que fornece resultados com maior acurácia do que os propostos na literatura / Abstract: Crimes in our society, increasing in volume and sophistication, have determined the need for knowledge and use of scientific methods to their prevention and investigations, deserving significant attention from governments and researchers. The forensic investigation of a crime is a complex process that starts at the scene of the event and continues on the laboratory, providing the court, where the trial is conducted, with information and arguments needed to confirm the occurrence of the offense and to identify suspects. Investigators need technical support and knowledge to achieve efficient and effective results. This thesis presents three Computer Vision methods that can be applied in forensic investigations: one for photogrammetry, which allows measurement of objects' heights in images; a framework to the recovery of footwear impressions from crime scenes; and a method for image reconstruction from a collection of small unordered fragments. The process of obtaining measurements in images - photogrammetry - is a customary requirement in Forensic Science. In a trusted system, the estimated height of a person can be used to corroborate or refute pieces of evidence. In the second method, multiview stereo techniques are used to obtain a three-dimensional model, reconstructed from photographs taken from footwear impressions at the crime scene. In the third method, the need for reconstructing shredded images is explored. Photographs can be shredded in order to hide information and it is up to the field of Computer Forensics to explore methodologies for the automatic reconstruction of such images, since their manual assembling is very laborious. The contributions of this thesis are: (a) new effective vanishing point detector that achieves better accuracy than the previous methods in the literature and that was designed to facilitate the process of making measurements in single 2D image; (b) a new methodology for the recovery of 3D footwear impression, from images taken from the evidence at different angles, and its validation in comparison to methods currently used in practice (c) new deterministic method, based on quadratic programming, to reconstruct images from a collection of small rectangular fragments, providing more accurate results than other proposed methods in the literature / Doutorado / Ciência da Computação / Doutor em Ciência da Computação Visão por computador Computação forense Processamento de imagens Computer Vision Forensic computing Image processing
4	Unsecured sessions with ICQ : applying forensic computing Kling, Martin January 2003 (has links) Digital evidence is becoming more and more frequent and important in investigations carried out by the police. To make the correct judgements, the police force needs to know what one can do with ICQ and in what ways it can be exploited. This thesis aims to point out weaknesses in ICQ that can aid the police in their work. But these weaknesses can not only be used by the police, also crackers can perform malicious acts with them. Therefore, I investigated if the use of ICQ resulted in non-secure sessions. To investigate ICQ’s security, I divided a session into an authentication phase, sending of messages, and the protection of stored messages in a history file. While investigating ICQ, I sniffed its Internet traffic and monitored files on the computer’s hard drive with MD5 checksums. I have investigated the following three ICQ applications: ICQ Pro 2003a, ICQ2Go and the Linux clone Licq. The result of the entire investigation showed that ICQ had a non-secured authentication phase, non-secured messages and no protection for stored messages. From these results the main conclusion was derived: The use of ICQ resulted in non-secure instant messaging sessions. Your ICQ account can be hijacked and another person can impersonate you and send messages that you dislike. Also, your messages can be intercepted on the Internet and their content can be read. If your computer is compromised, all your previous messages on ICQ Pro 2003a and Licq can be read. / Martin Kling Fältv 17 SE-291 39 Kristianstad martinkling@hotmail.com 0733691999 ICQ Instant Messaging Forensic computing Digital evidence Computer Sciences Datavetenskap (datalogi)
5	Forensic Computing from a Computer Security perspective / Forensisk granskning av datorer ur ett datasäkerhetsperspektiv Lázaro, Pablo García-Crovetto January 2004 (has links) This work contains a brief study about Forensic Computing problems done from a Computer Security perspective. Based on the description and investigation methods of Forensic Computing, a list of common difficulties that forensic examiners have to deal with has been created. After making an analysis about each difficulty in the Forensic Computing field, it can be said that the main reasons are related to the legal restrictions and an incorrect security management. Using a Computer Security perspective for analysing why the incorrect security management generates problems in the forensic computing field, we have made a risk analysis of a possible distribution for a correct security management. Later, based on own results, a list on priorities in prevention methods in t he Forensic Computing field has been created. Finally it can be said that the difficulties in the Forensic Computing field could be avoided by creating awareness among users about the importance of taking prevention methods for protecting data and consequently for decreasing the number of e-crimes. Informationsteknik Forensic Computing Computer Security Confidentiality Integrity Availability Information Technologies Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
6	Digital evidence : representation and assurance Schatz, Bradley Lawrence January 2007 (has links) The field of digital forensics is concerned with finding and presenting evidence sourced from digital devices, such as computers and mobile phones. The complexity of such digital evidence is constantly increasing, as is the volume of data which might contain evidence. Current approaches to interpreting and assuring digital evidence rely implicitly on the use of tools and representations made by experts in addressing the concerns of juries and courts. Current forensics tools are best characterised as not easily verifiable, lacking in ease of interoperability, and burdensome on human process. The tool-centric focus of current digital forensics practise impedes access to and transparency of the information represented within digital evidence as much as it assists, by nature of the tight binding between a particular tool and the information that it conveys. We hypothesise that a general and formal representational approach will benefit digital forensics by enabling higher degrees of machine interpretation, facilitating improvements in tool interoperability and validation. Additionally, such an approach will increase human readability. This dissertation summarises research which examines at a fundamental level the nature of digital evidence and digital investigation, in order that improved techniques which address investigation efficiency and assurance of evidence might be identified. The work follows three themes related to this: representation, analysis techniques, and information assurance. The first set of results describes the application of a general purpose representational formalism towards representing diverse information implicit in event based evidence, as well as domain knowledge, and investigator hypotheses. This representational approach is used as the foundation of a novel analysis technique which uses a knowledge based approach to correlate related events into higher level events, which correspond to situations of forensic interest. The second set of results explores how digital forensic acquisition tools scale and interoperate, while assuring evidence quality. An improved architecture is proposed for storing digital evidence, analysis results and investigation documentation in a manner that supports arbitrary composition into a larger corpus of evidence. The final set of results focus on assuring the reliability of evidence. In particular, these results focus on assuring that timestamps, which are pervasive in digital evidence, can be reliably interpreted to a real world time. Empirical results are presented which demonstrate how simple assumptions cannot be made about computer clock behaviour. A novel analysis technique for inferring the temporal behaviour of a computer clock is proposed and evaluated. digital evidence computer based electronic evidence digital forensics computer forensics forensic computing evidence provenance evidence representation knowledge representation
7	Atribuição de fonte em imagens provenientes de câmeras digitais / Image source camera attribution Costa, Filipe de Oliveira, 1987- 07 June 2012 (has links) Orientador: Anderson de Rezende Rocha / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-21T01:46:22Z (GMT). No. of bitstreams: 1 Costa_FilipedeOliveira_M.pdf: 4756629 bytes, checksum: db25cfc98fbdb67c2eee785a37969909 (MD5) Previous issue date: 2012 / Resumo: Verificar a integridade e a autenticidade de imagens digitais é de fundamental importância quando estas podem ser apresentadas como evidência em uma corte de justiça. Uma maneira de se realizar esta verificação é identificar a câmera digital que capturou tais imagens. Neste trabalho, nós discutimos abordagens que permitem identificar se uma imagem sob investigação foi ou não capturada por uma determinada câmera digital. A pesquisa foi realizada segundo duas óticas: (1) verificação, em que o objetivo é verificar se uma determinada câmera, de fato, capturou uma dada imagem; e (2) reconhecimento, em que o foco é verificar se uma determinada imagem foi obtida por alguma câmera (se alguma) dentro de um conjunto limitado de câmeras e identificar, em caso afirmativo, o dispositivo específico que efetuou a captura. O estudo destas abordagens foi realizado considerando um cenário aberto (open-set), no qual nem sempre temos acesso a alguns dos dispositivos em questão. Neste trabalho, tratamos, também, do problema de correspondência entre dispositivos, em que o objetivo é verificar se um par de imagens foi gerado por uma mesma câmera. Isto pode ser útil para agrupar conjuntos de imagens de acordo com sua fonte quando não se possui qualquer informação sobre possíveis dispositivos de origem. As abordagens propostas apresentaram bons resultados, mostrando-se capazes de identificar o dispositivo específico utilizado na captura de uma imagem, e não somente sua marca / Abstract: Image's integrity and authenticity verification is paramount when it comes to a court of law. Just like we do in ballistics tests when we match a gun to its bullets, we can identify a given digital camera that acquired an image under investigation. In this work, we discussed approaches for identifying whether or not a given image under investigation was captured by a specific digital camera. We carried out the research under two vantage points: (1) verification, in which we are interested in verifying whether or not a given camera captured an image under investigation; and (2) recognition, in which we want to verify if an image was captured by a given camera (if any) from a pool of devices, and to point out such a camera. We performed this investigation considering an open set scenario, under which we can not rely on the assumption of full access to all of the investigated devices. We also tried to solve the device linking problem, where we aim at verifying if an image pair was generated by the same camera, without any information about the source of images. Our approaches reported good results, in terms of being capable of identifying the specific device that captured a given image including its model, brand, and even serial number / Mestrado / Ciência da Computação / Mestre em Ciência da Computação Processamento de imagens Computação forense Mineração de dados (Computação) Inteligência artificial Image processing Forensic computing Data mining Artificial intelligence
8	Forensic computing : a deterministic model for validation and verification through an ontological examination of forensic functions and processes Beckett, Jason January 2010 (has links) This dissertation contextualises the forensic computing domain in terms of validation of tools and processes. It explores the current state of forensic computing comparing it to the traditional forensic sciences. The research then develops a classification system for the disciplines functions to establish the extensible base for which a validation system is developed. / Thesis (PhD)--University of South Australia, 2010 Computer security Electronic evidence forensic computing digital evidence 280505 Data Security validation verification forensic science
9	Forensic computing : a deterministic model for validation and verification through an ontological examination of forensic functions and processes Beckett, Jason January 2010 (has links) This dissertation contextualises the forensic computing domain in terms of validation of tools and processes. It explores the current state of forensic computing comparing it to the traditional forensic sciences. The research then develops a classification system for the disciplines functions to establish the extensible base for which a validation system is developed. / Thesis (PhD)--University of South Australia, 2010 Computer security Electronic evidence forensic computing digital evidence 280505 Data Security validation verification forensic science
10	Assessing the reliability of digital evidence from live investigations involving encryption Hargreaves, Christopher James January 2009 (has links) The traditional approach to a digital investigation when a computer system is encountered in a running state is to remove the power, image the machine using a write blocker and then analyse the acquired image. This has the advantage of preserving the contents of the computer’s hard disk at that point in time. However, the disadvantage of this approach is that the preservation of the disk is at the expense of volatile data such as that stored in memory, which does not remain once the power is disconnected. There are an increasing number of situations where this traditional approach of ‘pulling the plug’ is not ideal since volatile data is relevant to the investigation; one of these situations is when the machine under investigation is using encryption. If encrypted data is encountered on a live machine, a live investigation can be performed to preserve this evidence in a form that can be later analysed. However, there are a number of difficulties with using evidence obtained from live investigations that may cause the reliability of such evidence to be questioned. This research investigates whether digital evidence obtained from live investigations involving encryption can be considered to be reliable. To determine this, a means of assessing reliability is established, which involves evaluating digital evidence against a set of criteria; evidence should be authentic, accurate and complete. This research considers how traditional digital investigations satisfy these requirements and then determines the extent to which evidence from live investigations involving encryption can satisfy the same criteria. This research concludes that it is possible for live digital evidence to be considered to be reliable, but that reliability of digital evidence ultimately depends on the specific investigation and the importance of the decision being made. However, the research provides structured criteria that allow the reliability of digital evidence to be assessed, demonstrates the use of these criteria in the context of live digital investigations involving encryption, and shows the extent to which each can currently be met. 004

Search results