Global ETD Search

21	Validation des logiciels d'expertise judiciaire de preuves informatiques / Validation of digital forensic software Nikooazm, Elina 30 June 2015 (has links) Dans les affaires judiciaires, les juges confrontés à des questions d’ordre techniques en matière informatique, recourent à des experts qui mettent leur savoir-faire au service de la justice. Régulièrement mandatés par les tribunaux, ils ont pour mission d'éclairer le juge en apportant des éléments de preuve utiles à l'enquête.Ils recherchent dans les scellés informatiques les éléments relatifs aux faits incriminés en préservant l’intégrité des données et évitant toute altération des supports originaux. Les éléments de preuve ainsi recueillis sont analysés par l’expert qui déposera ses conclusions au magistrat sous forme d’un rapport d'expertise.les investigations techniques sont effectuées à l'aide des outils très sophistiqués qui permettent de prendre connaissance des informations présentes, effacées, cachées ou chiffrées dans les supports numériques examinés.Ce qui requiert une parfaite maîtrise du matériel déployé et une identification claire des bonnes pratiques de la discipline. Ce projet de recherches vise à mettre en exergue les défis techniques aux quels sont confrontés les experts, la complexité des outils utilisés dans le cadre des investigations techniques et l'importance de la mise en place des tests de validation qui permettent de connaître les capacités et limites de chaque outil. / In criminal cases, judges confronted with questions of technical order in computer technology, designate expert witnesses who put their expertise at the service of justice. Duly appointed by the courts, they help the judge by providing evidence relevant to the investigation.They search the suspect’s seized digital devices for elements of computer related crime, while preserving the integrity of the data and avoiding any alteration of the original media.The evidence thus collected is analyzed by a digital forensic expert who will document their findings to the judge in a report.Technical investigations are conducted by using powerful and sophisticated tools to find the current files and recover deleted, hidden or encrypted data from the digital media device examined.This requires perfect control of the utilized equipment and a clear identification of the methods used during the analysis. This research project aims to highlight the technical challenges which experts face, the complexity of digital forensic tools used for technical investigations, and the importance of their validation to understand the capabilities and limitations of each tool. Expertise judiciare en informatique Investigation technique Preuves numériques Validation Outils d'analyse de preuves Digital forensic Technical investigation Digital evidence Validation Digital forensic tools
22	Comunicações eletrônicas e dados digitais no processo penal / Electronic communications and digital data in criminal procedure Gregório Edoardo Raphael Selingardi Guardia 26 June 2012 (has links) Em tempos correntes, importantes processos de comunicação (escrita ou verbal) e armazenamento de informações aperfeiçoam-se por intermédio dos meios eletrônicos. À medida que o acesso à rede mundial de computadores (internet) se intensifica em progressões geométricas, multiplicam-se também os dados intercambiados por internautas e emergem técnicas cada vez mais avançadas de coleta e processamento de informações. Atividades rotineiras como a navegação e o envio de mensagens eletrônicas realizam-se apenas à custa de imenso trânsito de informações; como pegadas deixadas pelo caminho, os dados comutados nestas atuações permitem reconstituir os caminhos e atividades empreendidos na rede. A salvaguarda destas informações afigura-se imprescindível à vida privada e demanda rígida disciplina normativa. Não se trata apenas de impedir que dados de tráfego ou de conteúdo sejam empregados contrariamente ao Direito, mas de assegurar também que, em situações excepcionais descritas pelo legislador, sirvam para corroborar investigações criminais. Pretende-se neste trabalho um exame sistemático dos principais meios de busca da prova digital, com o escopo de delimitar o regime jurídico das intervenções nas comunicações eletrônicas e das medidas de apreensão de dados automatizados. Neste mister, inafastável analisar a disciplina constitucional do sigilo da comunicação de dados (CF, art. 5o, inciso XII) e investigar o fundamento legal das autorizações judiciais para a obtenção de informações eletrônicas. Sob perspectiva eminentemente interdisciplinar, cumpre discorrer sobre noções de Cibernética, telecomunicações, Informática, liberdade como autonomia recíproca de acesso à informação e comunicações eletrônicas, imprescindíveis à compreensão deste novo espaço do agir humano: o entorno digital. No campo da hermenêutica constitucional, necessário perquirir relevantes aspectos da vida privada e da proteção da intimidade antecedentes históricos, direito à privacy, hodierna projeção como autodeterminação informativa, teoria das três esferas e inviolabilidade das comunicações que permitirão opinar sobre a constitucionalidade das interceptações de dados em processos informacionais. Em sequência, devem ser conceituados os dados digitais e suas respectivas categorias, as técnicas de investigação penal e o resguardo de fontes de provas digitais. Sem deixar de contribuir para o aperfeiçoamento da normativa legal vigente, de rigor o exame de duas ordens distintas de incorporação dos dados ao processo: a intervenção no fluxo comunicativo destinada a captar dados e a apreensão física do dispositivo informático que alberga as informações. Como meios de busca de prova, esses procedimentos devem ser estudados de maneira individualizada, a partir de aspectos como conceito, regulação, natureza jurídica, finalidade, condicionantes legais (pressupostos, requisitos e limites), direito de defesa, juízo de proporcionalidade e controle. Por fim, tecidas as necessárias considerações sobre a conservação, eficácia probatória e valoração dos conteúdos automatizados, impõe-se indagar acerca dos efeitos decorrentes de operações ilícitas perpetradas sobre dados digitais. / In these days, important communication process (written or verbal) and information storage improve through electronic means. While the access to the computer worldwide web (internet) grows in geometrical progression, it also increases the number of webusers data and more and more advanced technics of gathering and processing information emerge. Routine activities such as sailing or sending electronic messages only happen due to the vast transit of information; like footprints left on the way, the data commutated in these actions allow to re-establish the ways and activities undertaken in the web. The security of these information figures indispensable to private life and demands a severe normative discipline. It is not only a matter of preventing that traffic or contents data may be used against the law. But also to assure that, in exceptional situation described by the legislator, it can be useful to confirm criminal investigation. This work intends a systematic examination of the main ways of searching digital evidence, with the purpose of delimitate the judiciary system of the intervention in electronic and apprehension extent of automation data. So, it must be analysed the constitutional discipline of communication data secrecy (CF, art. 5º, inciso XII) and even to investigate the legal foundation of judicial authorization to obtain electronic information. Under a strictly multidiscipline perspective, one must consider some notions of Cybernetics, telecommunication, Informatics, freedom as reciprocal autonomy access to electronic information and communication, which are essential to understand this new area of human act; the digital place. In the field of constitutional interpretation of law, it is necessary to scrutinize considerable aspects of private life and intimacy protection historical antecedents, privacy right, actual projection such as informative selfdetermination, three sphere theory and inviolability of communication so that they will permit to express an opinion about the constitutionality of interception data in informative proceedings. Sequentially, conceptualize the digital data and their respective categories, penal investigation technics and the protection of digital evidence sources. There may be a cooperation to a better improvement of the effective legal normative, an accurate examination of two different disposition of data incorporation to the process, the intervention in the communicative flow just to receive data and physical apprehension of the informatic device which contains information. As a quest in resources of proof, these proceedings must be examined in a individual way, starting with the aspects such as concept, regulation, juridical nature, finality, legal conditioning (presupposed, requisite and limits), right of defence, judgement of proportionality and control. At last, taken into everything about the conservation, evidential efficiency and the value of automatize contents still we have to enquire about the results of illicit operations perpetrated on digital data. Dados pessoais Direito a comunicação Domicílio Interceptação telefônica Investigação criminal Inviolabilidade do domicílio Processo penal Criminal procedure Digital evidence Digital place Electronic communications Seizure of data
23	IMPACT OF ANTI-FORENSICS TECHNIQUES ON DIGITAL FORENSICS INVESTIGATION Etow, Tambue Ramine January 2020 (has links) Computer crimes have become very complex in terms of investigation and prosecution. This is mainly because forensic investigations are based on artifacts left oncomputers and other digital devices. In recent times, perpetrators of computer crimesare getting abreast of the digital forensics dynamics hence, capacitated to use someanti-forensics measures and techniques to obfuscate the investigation processes.Incases where such techniques are employed, it becomes extremely difficult, expensive and time consuming to carry out an effective investigation. This might causea digital forensics expert to abandon the investigation in a pessimistic manner.ThisProject work serves to practically demonstrate how numerous anti-forensics can bedeployed by the criminals to derail the smooth processes of digital forensic investigation with main focus on data hiding and encryption techniques, later a comparativestudy of the effectiveness of some selected digital forensics tools in analyzing andreporting shreds of evidence will be conducted. Anti-forensic Anti-forensic Techniques Digital forensics Forensic evidence Digital evidence computer crimes forensic practitioners Lockard’s principle Computer Sciences Datavetenskap (datalogi)
24	LEIA: The Live Evidence Information Aggregator : A Scalable Distributed Hypervisor‐based Peer‐2‐Peer Aggregator of Information for Cyber‐Law Enforcement I Homem, Irvin January 2013 (has links) The Internet in its most basic form is a complex information sharing organism. There are billions of interconnected elements with varying capabilities that work together supporting numerous activities (services) through this information sharing. In recent times, these elements have become portable, mobile, highly computationally capable and more than ever intertwined with human controllers and their activities. They are also rapidly being embedded into other everyday objects and sharing more and more information in order to facilitate automation, signaling that the rise of the Internet of Things is imminent. In every human society there are always miscreants who prefer to drive against the common good and engage in illicit activity. It is no different within the society interconnected by the Internet (The Internet Society). Law enforcement in every society attempts to curb perpetrators of such activities. However, it is immensely difficult when the Internet is the playing field. The amount of information that investigators must sift through is incredibly massive and prosecution timelines stated by law are prohibitively narrow. The main solution towards this Big Data problem is seen to be the automation of the Digital Investigation process. This encompasses the entire process: From the detection of malevolent activity, seizure/collection of evidence, analysis of the evidentiary data collected and finally to the presentation of valid postulates. This paper focuses mainly on the automation of the evidence capture process in an Internet of Things environment. However, in order to comprehensively achieve this, the subsequent and consequent procedures of detection of malevolent activity and analysis of the evidentiary data collected, respectively, are also touched upon. To this effect we propose the Live Evidence Information Aggregator (LEIA) architecture that aims to be a comprehensive automated digital investigation tool. LEIA is in essence a collaborative framework that hinges upon interactivity and sharing of resources and information among participating devices in order to achieve the necessary efficiency in data collection in the event of a security incident. Its ingenuity makes use of a variety of technologies to achieve its goals. This is seen in the use of crowdsourcing among devices in order to achieve more accurate malicious event detection; Hypervisors with inbuilt intrusion detection capabilities to facilitate efficient data capture; Peer to Peer networks to facilitate rapid transfer of evidentiary data to a centralized data store; Cloud Storage to facilitate storage of massive amounts of data; and the Resource Description Framework from Semantic Web Technologies to facilitate the interoperability of data storage formats among the heterogeneous devices. Within the description of the LEIA architecture, a peer to peer protocol based on the Bittorrent protocol is proposed, corresponding data storage and transfer formats are developed, and network security protocols are also taken into consideration. In order to demonstrate the LEIA architecture developed in this study, a small scale prototype with limited capabilities has been built and tested. The prototype functionality focuses only on the secure, remote acquisition of the hard disk of an embedded Linux device over the Internet and its subsequent storage on a cloud infrastructure. The successful implementation of this prototype goes to show that the architecture is feasible and that the automation of the evidence seizure process makes the otherwise arduous process easy and quick to perform. Digital Investigation Incident Response Digital Evidence Automated Evidence Seizure Collaborative Forensics Live Forensics Big Data P2P Networks Cloud Storage Hypervisors Computer and Information Sciences Data- och informationsvetenskap
25	Molnforensik : En litteraturstudie om tekniska utmaningar och möjligheter inom IT-forensik mot molnet / Cloud forensics : A litterature study about technical challanges and possibilities in digital forensics against the cloud Gustavsson, Daniel January 2020 (has links) Molntjänster används idag över hela världen och ger många fördelar för en användare eller företag. En nackdel med molnet är att det är en miljö som kriminella kan använda sig av för att utföra brott. En anledning till att molnet är en attraktiv plats för kriminella är på grund av bristen på IT-forensiska metoder för att utföra en undersökning mot molnmiljön. När ett brott har anmälts i molnet så kommer en IT-forensiker utföra en undersökning genom att samla in digitala bevis för att avgöra vad som har hänt, dock kan detta vara problematiskt på grund av molnets komplexitet. Det traditionella sättet för att utföra en IT-forensisk undersökning blir en utmaning i molnet på grund av flera anledningar, några av dem är molnets dynamiska miljö och att flera användare delar på samma resurser. Denna studie genomför en systematiskt litteraturstudie för att identifiera tekniska utmaningar och möjligheter vid en IT-forensisk undersökning i molnet. Flera utmaningar och möjligheter identifierades från existerande litteratur som i sin tur kategoriserades och sammanställdes i modeller. Flera utmaningar tas upp som att datan i molnet inte är centraliserad och att virtuella maskiner kan vara i ett volatilt tillstånd. Vid möjligheter så går det exempelvis att hämta ögonblicksbilder från molnet för att utföra en analys på och även hämta bevis från en klients dator. / Cloud services are being used all over the world today and provides several benefits for a user or a company. A downside with the cloud is that it is an environment that criminals can use to conduct a crime. One reason why a criminal uses the cloud to conduct a crime is due to the lack of suitable digital forensic techniques against the cloud environment. When a crime has been reported in the cloud, a digital forensics investigation can occur to gather digital evidence to determine what has happened. Unfortunately, this could be problematic because of the complexity of the cloud environment. The traditional way of conducting a digital forensic investigation becomes a challenge in the cloud because of several reasons. Some of the reasons are the dynamic environment of the cloud and that several users share the same resources. This study will conduct a systematic literature review to identify technical challenges and possibilities in a digital forensic investigation in the cloud. Several challenges and possibilities were identified from existing literature which in turn got categorized and compiled into models. This study presents challenges, for example the data in the cloud is not centralized and virtual machines may be in a volatile state. There are several possibilities for instance, collecting snapshot for analysis and collect evidence from a client’s computer. Digital forensic cloud forensic cloud services digital evidence IT-forensik molnforensik molntjänster digitalt bevis Information Systems, Social aspects
26	Identifying anti-forensics : Attacks on the digital forensic process Siljac, Stjepan January 2022 (has links) The area of digital forensics might be old but the idea that criminals or other organisations are actively working to hide their steps is somewhat new. Roughly a year ago, a company announced that they can actively exploit security flaws in a popular digital forensics suite, thus raising questions of validity of evidence submitted to court. It is not known if this exploit is being used in the wild but the mere thought of security issues existing in tools is a serious issue for law enforcement. This paper sets out to clarify the digital forensic process, what tools are used within the digital forensic process and what anti-forensic techniques are available on the market. Using the digital forensic process as a base, this paper produces a model that classifies anti-forensic techniques into realms and shows which realm affects which stage of the digital forensics process. The digital forensic process, anti-forensic techniques and the model was then tested in a Delphi-inspired study where questions regarding the digital forensic process and anti- forensic techniques was asked to digital forensic specialists as well as information security specialists. The goal of the Delphi-study was to reach a consensus regarding the foundations (process and techniques) and their internal relationships (as described in the model). The first part of this paper’s conclusion is that a digital forensic process should contain the following stages: Planning -> Identification -> Acquisition -> Analysis -> Presentation. The paper also concludes that there are several digital forensic tools available for a practitioner, both open and closed source, and that the practitioner uses a mixture of the two. Apart from the process and the tools used, this paper concludes that there are several anti-forensic techniques available on the market and that these could be used by any malicious user that actively want to disrupt the digital forensic process. A second conclusion is that the proposed model connects the stages of the digital forensic process with anti-forensic techniques though the use of realms. The proposed model can be used to develop anti-anti-forensics methods, processes or techniques. digital forensics digital forensic process digital forensic tools anti-forensics digital evidence Övrig annan teknik
27	IMPLEMENTATION OF DIGITAL FORENSIC TOOLS IN WHITE-COLLAR CYBERCRIMES. : A QUALITATIVE STUDY ABOUT IMPLEMENTATION OF DIGITAL FORENSIC TOOLS IN INVESTIGATION OF WHITE-COLLAR CYBERCRIMES. NDOPE, AISHA January 2024 (has links) Minimal research has been conducted regarding the connection between white collar crime, cybercrime and the effectiveness of digital forensic tools that can assist in combating this new type of crime. The aim of this study is to understand and examine the role that digital forensic tools play during the investigation of white-collar cybercrimes and to evaluate how effective these tools are when implemented in white-collar cybercrime investigations. By conducting in-depth interviews and using a Rational choice theory driven thematic analysis, the findings of this research have revealed how important adaptability of digital forensic tools is to the emerging cybercrime techniques, together with their integration of existing systems, and the adherence to legal and ethical standards. The findings also noted the challenges that are faced by digital investigators when implementing these digital forensic tools in white-collar crimes investigations and the importance of using updated digital forensic tools and skill developed cybersecurity experts to enhance the outcome of investigations. This study concludes by discussing that it is important for digital forensic tools to be continuously updated and skillfully utilized in the investigation of white-collar cybercrimes and that the significant challenges must be addressed for accurate and more reliable investigative outcomes. Various evaluation methodologies should also be developed as different variations of methodological approaches can improve the standards of research and thus provide frameworks that are more reliable for digital forensic studies and white-collar cybercrime investigations. digital evidence digital forensic tools investigation white-collar cybercrimes law enforcement rational choice theory. Social Sciences Samhällsvetenskap Computer and Information Sciences Data- och informationsvetenskap
28	Computer seizure as technique in forensic investigation Ndara, Vuyani 19 March 2014 (has links) The problem encountered by the researcher was that the South African Police Service Cyber-Crimes Unit is experiencing problems in seizing computer evidence. The following problems were identified by the researcher in practice: evidence is destroyed or lost because of mishandling by investigators; computer evidence is often not obtained or recognised, due to a lack of knowledge and skills on the part of investigators to properly seize computer evidence; difficulties to establish authenticity and initiate a chain of custody for the seized evidence; current training that is offered is unable to cover critical steps in the performance of seizing computer evidence; computer seizure as a technique requires specialised knowledge and continuous training, because the information technology industry is an ever-changing area. An empirical research design, followed by a qualitative research approach, allowed the researcher to also obtain information from practice. A thorough literature study, complemented by interviews, was done to collect the required data for the research. Members of the South African Police Cyber-crime Unit and prosecutors dealing with cyber-crime cases were interviewed to obtain their input into, and experiences on, the topic. The aim of the study was to explore the role of computers in the forensic investigation process, and to determine how computers can be seized without compromising evidence. The study therefore also aimed at creating an understanding and awareness about the slippery nature of computer evidence, and how it can find its way to the court of law without being compromised. The research has revealed that computer crime is different from common law or traditional crimes. It is complicated, and therefore only skilled and qualified forensic experts should be used to seize computer evidence, to ensure that the evidence is not compromised. Training of cyber-crime technicians has to be priority, in order to be successful in seizing computers. / Department of Criminology / M.Tech. (Forensic Investigation) Forensic Digital forensic Computer Digital evidence Investigators Technicians Chain of custody Seizure Cyber-crime Cyber-crime technicians 363.25968 Computer crimes -- Investigation Computer security Forensic sciences -- Data processing Crime scene searches Electronic evidence Computer networks -- Security measures
29	Police Opinions of Digital Evidence Response Handling in the State of Georgia: An Examination from the Viewpoint of Local Agencies’ Patrol Officers MacNeil, Tanya 01 January 2015 (has links) This research examined opinions of local law enforcement agencies’ patrol officers in the State of Georgia regarding preparedness and expectations for handling of digital evidence. The increased criminal use of technology requires that patrol officers be prepared to handle digital evidence in many different situations. The researcher’s goal was to gain insight into how patrol officers view their preparedness to handle digital evidence as well as their opinions on management expectations regarding patrol officers’ abilities to handle digital evidence. The research focused on identifying whether a gap existed between patrol officers’ opinions of digital evidence and the patrol officers’ views on what management expectations are for patrol officers handling digital evidence. Using a Web-based survey, the researcher collected data from 144 departments, 407 individual patrol officers in four strata across the State of Georgia. The analysis of the data found that most patrol officers handle digital evidence in at least some situations. The patrol officers’ opinions stated that most understood management expectations for handling of digital evidence and felt those expectations were realistic based on the officers’ current knowledge and training; therefore no significant gap was found. The patrol officers state that they need additional training in order to stay up to date with the current and future needs for handling existing and new technology. digital evidence handling evidence law enforcement management expectations patrol officer police opinion Criminology Information science Information technology Computer Sciences Criminology Criminology and Criminal Justice Databases and Information Systems Forensic Science and Technology Other Computer Sciences
30	La transformation des enquêtes policières due à l’influence des technologies : perspective d’une unité policière spécialisée en analyse judiciaire informatique Baril, David-Emmanuel 12 1900 (has links) No description available. Analyse judiciaire informatique Criminalité technologique Unité policière spécialisée Innovation Preuve numérique Computer forensic analysis Technological crime Special police unit Digital evidence

Search results