Global ETD Search

21	Selecting Keyword Search Terms in Computer Forensics Examinations Using Domain Analysis and Modeling Bogen, Alfred Christopher 09 December 2006 (has links) The motivation for computer forensics research includes the increase in crimes that involve the use of computers, the increasing capacity of digital storage media, a shortage of trained computer forensics technicians, and a lack of computer forensics standard practices. The hypothesis of this dissertation is that domain modeling of the computer forensics case environment can serve as a methodology for selecting keyword search terms and planning forensics examinations. This methodology can increase the quality of forensics examinations without significantly increasing the combined effort of planning and executing keyword searches. The contributions of this dissertation include: ? A computer forensics examination planning method that utilizes the analytical strengths and knowledge sharing abilities of domain modeling in artificial intelligence and software engineering, ? A computer forensics examination planning method that provides investigators and analysts with a tool for deriving keyword search terms from a case domain model, and ? The design and execution of experiments that illustrate the utility of the case domain modeling method. Three experiment trials were conducted to evaluate the effectiveness of case domain modeling, and each experiment trial used a distinct computer forensics case scenario: an identity theft case, a burglary and money laundering case, and a threatening email case. Analysis of the experiments supports the hypothesis that case domain modeling results in more evidence found during an examination with more effective keyword searching. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available. A pilot study and a case study were also performed to evaluate the utility of case domain modeling for typical law enforcement investigators. In these studies the subjects used case domain models in a computer forensics service solicitation activity. The results of these studies indicate that typical law enforcement officers have a moderate comprehension of the case domain modeling method and that they recognize a moderate amount of utility in the method. Case study subjects also indicated that the method would be more useful if supported by a semi-automated tool. Computer Forensics Digital Forensics Computer Forensics Examination Planning Domain Modeling Domain Analysis Digital Forensics Engineering
22	INVESTIGATING ONLINE BANKING ACTIVITIES IN THE US: DIGITAL FORENSICS ANALYSIS ON ANDROID, IOS AND WINDOWS 11 Praveen Medikonda (14228348) 08 December 2022 (has links) <p> Browsers are used as a medium to perform various activities on the Internet and mobile applications are used on mobile devices. They let users connect to the Internet and access different services such as sending emails, watching videos, using banking services, etc. The increase in the usage of the Internet, personal computers, and mobile phones led financial institutions to democratize their services and provide omnipresent and cost-effective services to their customers, in turn attracting a large customer base. Many of these financial institu?tions store and manage sensitive user information such as account numbers and usernames, passwords, Social Security Numbers (SSNs), etc. Due to the nature of the sensitive infor?mation that these institutions manage, it makes a perfect bait for attackers to exploit and perform cyber attacks. Most of the forensic and security research observed in the bank?ing ecosystem focused on foreign financial institutions and mobile banking applications for Android. However, no forensic research has been conducted on the mobile and browser ap?plications of US financial institutions. In this research, I performed a forensic analysis on both browser and mobile applications (both Android and iOS) of US financial institutions. I conducted a forensic investigation on the JP Morgan Chase (Chase), Purdue Federal Credit Union (PFCU), Discover, and CapitalOne banks. This research found what information these banking applications store locally and where they store them to assist digital forensic investigators in investigations. </p> Digital forensics Digital Forensics Banking applications browser forensics mobile forensics iOS applications Android applications
23	Development of Biodynamic Modules for Forensic Applications Tuohy, Brent Travis 06 December 2000 (has links) Work has been done to develop the computer laboratory portion of a course in biodynamic modeling, with particular emphasis towards applications in forensic engineering. Three course modules have been developed which explore the whiplash injury mechanism, pilot ejection and windblast, and gait analysis. These case studies make use of software entitled MADYMO (MAthematical DYnamic MOdeling). Each case study provides the scene, outcome, details, and instructions for setup of the biodynamic model. An "In-House" User's Manual has also been written so that students without previous MADYMO or UNIX experience can become proficient at using the program. Through the case studies presented within this thesis, students will gain insight into injury mechanisms and learn valuable biomechanical modeling tools. / Master of Science Biodynamic Modeling Forensics MADYMO
24	Forensic Analysis of GroupMe on Android and iOS Smartphones Tanvi Milind Gandhi (11205891) 30 July 2021 (has links) The growing popularity of instant messaging has led to the conception of several new applications over the span of the past decade. This has opened up an attack surface for cybercriminals to target susceptible app users. GroupMe is a free IM app widely used by students and so far, no comprehensive forensic analysis has been performed to aid forensic practitioners in recovering evidence from GroupMe on smartphones. This research performs a detailed analysis of the digital artifacts left by the app on Android and iOS devices. This was achieved by installing the app on two mobile phones (Samsung Galaxy S7 Edge and iPhone 6), and identifying each artifact created by performing a series of actions in the app ranging from sending texts, to sharing images and documents, along with their location. Using Cellebrite UFED and Magnet AXIOM, a significant number of artifacts were accurately recovered mainly from the “GroupMe.sqlite” and “GroupMe.sqlite-wal” databases. Out of the 335 artifacts populated on the iPhone, 317 were correctly recovered by both UFED and AXIOM, resulting in an accuracy of 94.62%. No GroupMe related artifacts could be recovered from the Android device. This was due to several physical imaging and rooting limitations imposed by the Samsung SM-935A model, which was used during the study. Uncategorized Digital Forensics Cyber Forensics Mobile Forensics Forensic Analysis GroupMe Android Forensics iOS Forensics UFED Cellebrite Magnet AXIOM
25	TIKTOK FORENSIC SCRAPER TO RETRIEVE USER VIDEO DETAILS Akshata Nirmal Thole (14221547) 06 December 2022 (has links) <p>TIKTOK FORENSIC SCRAPER TO RETRIEVE USER VIDEO DETAILS.</p> <p><br></p> <p>Thesis - Akshata Thole </p> <p><br></p> Digital forensics TikTok Web Scraping Digital Forensics OSINT Security
26	Analysis of WeChat in Mobile and Computer Systems: Forensics Perspective Jiaxuan Zhou (14228318) 08 December 2022 (has links) <p>WeChat is one of the most popular applications in the world. By 2021, there were 1.24 billion users of WeChat. Many people call it the `super app` because it is an application for everything. Besides the basic messaging feature, it also supports online payment, video posts, news feeds, and more. Due to its wide usage, many criminals are using the platforms for illegal activities such as bank fraud, cyberbullying, and stalking. For these reasons, we need to understand WeChat forensically to assist investigators in cases involving WeChat.</p> <p>Previous research was mostly focused on the messaging of the WeChat application. However, artifacts of other features remain on the device undiscovered. These features can provide crucial evidence to a case such as geo-locations or monetary transactions. WeChat keeps updates monthly, and these updates may add new features or modify the data structure. The official website does not provide a detailed description of its features so it is hard for a non-WeChat user to understand the functionalities. Therefore, research is required to analyze the background, structure, and possible artifacts remaining of the WeChat app to assist practitioners who encounter WeChat in an investigation. This study included all platforms that WeChat provides, Windows, MacOS, Android, and iOS.</p> Digital forensics WeChat Analysis Forensic Analysis Digital Forensics
27	On the preservation of media trustworthiness in the social media era Lago, Federica 29 March 2022 (has links) The amount of multimedia content shared everyday online recently underwent a dramatic increase. This, combined with the stunning realism of fake images that can be generated with AI-based technologies, undermines the trustworthiness of online information sources. In this work, we tackle the problem of preserving media trustworthiness online from two different points of view. The first one consists in assessing the human ability to spot fake images, focusing in particular on synthetic faces, which are extremely realistic and can represent a severe threat if used to disseminate fake news. A perception study allowed us to prove for the first time how people are more prone to question the reality of authentic pictures rather than the one of last-generation AI-generated images. Secondly, we focused on social media forensics: our goal is to reconstruct the history of an image shared or re-shared online as typically happens nowadays. We propose a new framework that is able to trace the history of an image over multiple sharings. This framework improves the state of the art and has the advantage of being easily extensible with new methods and thus adapt to new datasets and scenarios. In fact, in this environment of fast-paced technological evolution, being able to adapt is fundamental to preserve our trust in what we see.
28	An investigation into the identification, reconstruction, and evidential value of thumbnail cache file fragments in unallocated space Morris, Sarah Louise Angela January 2013 (has links) This thesis establishes the evidential value of thumbnail cache file fragments identified in unallocated space. A set of criteria to evaluate the evidential value of thumbnail cache artefacts were created by researching the evidential constraints present in Forensic Computing. The criteria were used to evaluate the evidential value of live system thumbnail caches and thumbnail cache file fragments identified in unallocated space. Thumbnail caches can contain visual thumbnails and associated metadata which may be useful to an analyst during an investigation; the information stored in the cache may provide information on the contents of files and any user or system behaviour which interacted with the file. There is a standard definition of the purpose of a thumbnail cache, but not the structure or implementation; this research has shown that this has led to some thumbnail caches storing a variety of other artefacts such as network place names. The growing interest in privacy and security has led to an increase in user’s attempting to remove evidence of their activities; information removed by the user may still be available in unallocated space. This research adapted popular methods for the identification of contiguous files to enable the identification of single cluster sized fragments in Windows 7, Ubuntu, and Kubuntu. Of the four methods tested, none were able to identify each of the classifications with no false positive results; this result led to the creation of a new approach which improved the identification of thumbnail cache file fragments. After the identification phase, further research was conducted into the reassembly of file fragments; this reassembly was based solely on the potential thumbnail cache file fragments and structural and syntactical information. In both the identification and reassembly phases of this research image only file fragments proved the most challenging resulting in a potential area of continued future research. Finally this research compared the evidential value of live system thumbnail caches with identified and reassembled fragments. It was determined that both types of thumbnail cache artefacts can provide unique information which may assist with a digital investigation. ii This research has produced a set of criteria for determining the evidential value of thumbnail cache artefacts; it has also identified the structure and related user and system behaviour of popular operating system thumbnail cache implementations. This research has also adapted contiguous file identification techniques to single fragment identification and has developed an improved method for thumbnail cache file fragment identification. Finally this research has produced a proof of concept software tool for the automated identification and reassembly of thumbnail cache file fragments.
29	Studies on the synthesis and use of rare earth doped nanophosphors for application on latent fingerprints Reip, Alexander January 2015 (has links) Nanotechnology has been increasingly employed in forensic science for the detection of latent fingerprints, using multiple techniques from new aluminium nanomaterials for dusting to quantum dot dispersions, to try to increase and enhance areas where prints are likely to be found at scenes of crime. Different substrates use a diverse range of methods to develop prints when they are found and each method has its own drawbacks. It is not viable to use many of these techniques in conditions other than in a laboratory due to the harmful environmental effects they can cause over long term use. With this in mind a new easier to use technique that can be used on any substrate from wood to glass to paper was looked into. A range of nano-sized rare earth phosphor precursors were synthesised using homogeneous precipitation and solid state methods which were then converted to phosphors by firing at 980oC. Eu3+ and Tb3+ doped Y2O3, YVO4 and Y2O2S were chosen for their luminescent intensity. Analysis of each of the phosphors was carried out using multiple techniques and a single host lattice chosen for continuation. Y2O3:Eu3+ and Y2O3:Tb3+ were coated using a modified Stöber process to try and decrease the agglomeration of particles as well as allowing for surface modification to take place. Modifications of the surface were prepared and analysed, and these particles were then used in multiple fingerprint examinations to examine the adherence on fingerprints of different ages. The surface modifications manifested great adherence to the fingerprint residue even after two weeks elapsed and showed great promise after a two year period. 620
30	Prototype Digital Forensics Repository Mandelecha, Sonal 10 August 2005 (has links) The explosive growth in technology has led to a new league of a crime involving identity theft, stealing trade secrets, malicious virus attacks, hacking of DVD players, etc. The law enforcement community which has been trained to deal with traditional form of crime, is now being trained in a new realm of Digital Forensics. Forensics investigators have realized that often the most valuable resource available to them is experience and knowledge of fellow investigators. But there is seldom an explicit mechanism for disseminating this knowledge. Hence the same problems and mistakes continue to resurface and the same solutions are re-invented. In this Thesis we design and create a knowledge base, a Digital Forensics Repository, to support the sharing of experiences about the Forensics Investigation Process. It offers capabilities such as submission of lessons, online search and retrieval which will provide a means of querying into an ever increasing knowledge base. Digital Forensics Repository ASP.NET C#

Search results