11 |
The impact of culture and religion on digital forensics : the study of the role of digital evidence in the legal process in Saudi ArabiaAlfaize, Najah Abdulaziz January 2015 (has links)
This work contributes to the multi-disciplinary community of researchers in computer science, information technology and computer forensics working together with legal enforcement professionals involved in digital forensic investigations. It is focused on the relationship between scientific approaches underpinning digital forensics and the Islamic law underpinning legal enforcement. Saudi Arabia (KSA) is studied as an example of an Islamic country that has adopted international guidelines, such as ACPO, in its legal enforcement procedures. The relationship between Islamic law and scientific ACPO guidelines is examined in detail through the practices of digital forensic practitioners in the process of discovery, preparation and presentation of digital evidence for use in Islamic courts in KSA. In this context, the influence of religion and culture on the role and status of digital evidence throughout the entire legal process has been the main focus of this research. Similar studies in the literature confirm that culture and religion are significant factors in the relationship between law, legal enforcement procedure and digital evidence. Islamic societies, however, have not been extensively studied from this perspective, and this study aims to address issues that arise at both professional and personal levels. Therefore the research questions that this study aims to answer are: in what way and to what extent Islamic religion and Saudi culture affect the status of digital evidence in the KSA legal process and what principles the practitioners have to observe in the way they treat digital evidence in judicial proceedings. The methodology is based on a mixed-method approach where the pilot questionnaire identified legal professionals who come into contact with digital evidence, their educational and professional profiles. Qualitative methods included case studies, interviews and documentary evidence to discover how their beliefs and attitudes influence their trust in digital evidence. The findings show that a KSA judge would trust witnesses more than digital evidence, due to the influence of tradition, which regards justice and law to arise from the relationship between Man and God. Digital evidence, as it arises from the scientific method, is acceptable, but there is underlying lack of trust in its authenticity, reliability and credibility. In the eyes of the legal enforcement professionals working in all areas of the KSA legal process, acceptance of digital evidence in the KSA judicial system can best be improved if knowledge, education and skills of digital forensics specialists is improved also, so that they can be trusted as expert witnesses. This further shows the significance of KSA laws, regulations and education of digital forensic experts as the primary means for establishing trust in digital evidence. Further research following from this study will be focused on comparative studies of other Islamic non-Islamic legal systems as they adopt and adapt western guidelines such as ACPO to their religion, culture and legal systems.
|
12 |
Finding digital forensic evidence when graphic design applications are used for document counterfeitingMabuto, Enos Kudakwashe January 2013 (has links)
Graphic design applications are often used for the editing and design of digital art. The same applications can be used for creating counterfeit documents such as identity documents (IDs), driver’s licenses or passports, among others. The products of graphic design applications, however, leave behind traces of digital information which can be used during a digital forensic investigation. Although current digital forensic tools are designed to scrutinise systems with the purpose of finding digital evidence, the tools are not designed to examine such systems specifically for the purpose of identifying counterfeit documents.
This dissertation reviews the digital evidence relating to the creation of counterfeit documents and gathered from graphic design applications. Digital evidence gathered in this way consists mainly of identifying and corroborating the counterfeiting events that occurred on a particular system. Firstly, such an analysis is accomplished by establishing linkages between the digital forensic information that has been gathered and the specific actions that were performed when the counterfeit documents were created. Such actions comprise scanning, editing, saving, and printing. The researcher is able to compile a dossier of the digital forensic information that is generated by such actions by analysing the files that were generated by making use of a particular graphic design application for document creation. Secondly, the researcher extends the analysis to the actual files created by the application user. These files can be used as evidence to establish linkages between the content of the counterfeit documents that are being investigated and the document editing actions that are necessary for creating such documents. The researcher gathers digital forensic information of this kind by analysing the different file types that are associated with these applications. The researcher then gathers the associated timeline evidence separately by means of a third analysis that identifies timestamps from the application’s system files and evidence files. The researcher is then able to draw a timeline from the timestamps to illustrate the sequence of events that occurred. From the digital evidence gathered in this way it is possible to propose a two-pronged counterfeiting investigation process. This proposed investigation process is application and platform independent. The researcher concludes the study by transforming the model into a working prototype by demonstrating how the prototype is capable of analysing and extracting digital forensic information from certain graphic design application file types and log files. Such a prototype is capable of identifying the system that was utilised for counterfeiting particular documents or identifying whether a specific document is counterfeited or not. / Dissertation (MSc)--University of Pretoria, 2013. / gm2014 / Computer Science / unrestricted
|
13 |
Forenzní analýza webového prohlížeče / Forensic analysis of a web browserBača, Michal January 2015 (has links)
This term project deals with digital forensic analysis of web browsers. The first chapters describe the process of forensic analysis, methodologies and procedures used, and also the issues of analysis of web browsers. In particular, the types of information browser stores and security problems that comes with that. Theoretical and practical procedure for obtaining data from Mozilla Firefox web browser was based on the theoretical foundations described in previous chapters. Common linux tools and application created as part of this thesis are used in process of collecting digital evidence. Digital forensic analysis of web broewser was performed based on suggested procedure.
|
14 |
Digital forensic readiness for IOT devicesKruger, Jaco-Louis January 2019 (has links)
The Internet of Things (IoT) has evolved to be an important part of modern society. IoT devices can be found in several environments such as smart homes, transportation, the health sector, smart cities and even facilitates automation in organisations. The increasing dependence on IoT devices increases the possibility of security incidents in the physical or cyber environment. Traditional methods of digital forensic (DF) investigations are not always applicable to IoT devices due to their limited data processing resources. A possible solution for conducting forensic investigations on IoT devices is to utilise a proactive approach known as digital forensic readiness (DFR).
This dissertation firstly aims to conduct a thorough review of the available literature in the current body of knowledge to identify a clear process that can be followed to implement DFR tailored for IoT devices. This dissertation then formulates requirements for DFR in IoT based on existing forensic techniques. The requirements for DFR in IoT give rise to the development of a model for DFR in IoT, which is then implemented in a prototype for IoT devices. The prototype is subsequently tested and evaluated on IoT devices that conduct proactive DFR in a simulation of a smart home system. Finally, the dissertation illustrates the feasibility of the DFR processes for IoT and serves as a basis for future research with regards to DFR in IoT. This dissertation will impact future research with regards to developing a standard for DFR in IoT. / Dissertation (MSc)--University of Pretoria, 2019. / Computer Science / MSc / Unrestricted
|
15 |
<b>Comparison of Persistence of Deleted Files on Different File Systems and Disk Types</b>Chinmay Amul Chhajed (18403644) 19 April 2024 (has links)
<p dir="ltr">The presence of digital devices in various settings, from workplaces to personal spaces, necessitates reliable and secure data storage solutions. These devices store data on non-volatile media like Solid State Drives (SSDs) and Hard Disk Drives (HDDs), ensuring data preservation even after power loss. Files, fundamental units of data storage, are created, modified, and deleted through user activities like application installations or file management. File systems, acting as the backbone of the system, manage these files on storage devices.</p><p dir="ltr">This research explores how three key factors: (1) different operating systems running various file system types (ext4, NTFS, FAT, etc.), (2) different disk types (SSD and HDD), and (3) common user activities (system shutdowns, reboots, web browsing, downloads, etc.) influence the persistence of deleted files.</p><p dir="ltr">This research aims to fill a gap in the understanding by looking at how these factors influence how quickly new information overwrites deleted files. This is especially important for digital forensics, where investigators need to be sure they can find all the evidence on a device. The research will focus on how operating systems handle deleted files and how everyday activities affect the chances of getting them back. This can ultimately improve data security and make digital forensics more reliable.</p>
|
16 |
Uncovering Signal : Simplifying Forensic Investigations of the Signal Application / Signals Svaghet : Underlättande av forensiska undersökningar av chatapplikationen SignalLiljekvist, Erika, Hedlund, Oscar January 2021 (has links)
The increasing availability of easy-to-use end-to-end encrypted messaging applications has made it possible for more people to conduct their conversations privately. This is something that criminals have taken advantage of and it has proven to make digital forensic investigations more difficult as methods of decrypting the data are needed. In this thesis, data from iOS and Windows devices is extracted and analysed, with focus on the application Signal. Even though other operating systems are compatible with the Signal application, such as Android, it is outside the scope of this thesis. The results of this thesis provide access to data stored in the encrypted application Signalwithout the need for expensive analysis tools. This is done by developing and publishing the first open-source script for decryption and parsing of the Signal database. The script is available for anyone at https://github.com/decryptSignal/decryptSignal.
|
17 |
Privacy and Security of the Windows RegistryAmoruso, Edward L 01 January 2024 (has links) (PDF)
The Windows registry serves as a valuable resource for both digital forensics experts and security researchers. This information is invaluable for reconstructing a user's activity timeline, aiding forensic investigations, and revealing other sensitive information. Furthermore, this data abundance in the Windows registry can be effortlessly tapped into and compiled to form a comprehensive digital profile of the user. Within this dissertation, we've developed specialized applications to streamline the retrieval and presentation of user activities, culminating in the creation of their digital profile. The first application, named "SeeShells," using the Windows registry shellbags, offers investigators an accessible tool for scrutinizing and generating event timelines based on specific criteria like file access patterns and system navigations. It boasts analytical features that can identify potentially suspicious events through a heat mapping system. In the context of our research, we've also crafted another application designed to collect and deduce a user's extensive activities by solely accessing the Windows registry. This program effectively sidesteps security software by utilizing native Windows application programming interface (API) to interact with the registry, granting unrestricted access to valuable information. This trove of data, often referred to as the user's digital footprint, holds the potential to either investigate or compromise both the user's privacy and security. Finally, we propose a custom-developed application that utilizes both software-based encryption and advanced hooking techniques to protect users' personal data within the registry. Our program is designed to create a more secure and discreet environment for users, effectively fortifying it against privacy and security threats while maintaining accessibility to legitimate users and applications.
|
18 |
Digital forensic readiness for wireless sensor network environmentsMouton, Francois 24 January 2012 (has links)
The new and upcoming field of wireless sensor networking is unfortunately still lacking in terms of both digital forensics and security. All communications between different nodes (also known as motes) are sent out in a broadcast fashion. These broadcasts make it quite difficult to capture data packets forensically and, at the same time, retain their integrity and authenticity. The study presents several attacks that can be executed successfully on a wireless sensor network, after which the dissertation delves more deeply into the flooding attack as it is one of the most difficult attacks to address in wireless sensor networks. Furthermore, a set of factors is presented to take into account while attempting to achieve digital forensic readiness in wireless sensor networks. The set of factors is subsequently discussed critically and a model is proposed for implementing digital forensic readiness in a wireless sensor network. The proposed model is next transformed into a working prototype that is able to provide digital forensic readiness to a wireless sensor network. The main contribution of this research is the digital forensic readiness prototype that can be used to add a digital forensics layer to any existing wireless sensor network. The prototype ensures the integrity and authenticity of each of the data packets captured from the existing wireless sensor network by using the number of motes in the network that have seen a data packet to determine its integrity and authenticity in the network. The prototype also works on different types of wireless sensor networks that are in the frequency range of the network on which the prototype is implemented, and does not require any modifications to be made to the existing wireless sensor network. Flooding attacks pose a major problem in wireless sensor networks due to the broadcasting of communication between motes in wireless sensor networks. The prototype is able to address this problem by using a solution proposed in this dissertation to determine a sudden influx of data packets within a wireless sensor network. The prototype is able to detect flooding attacks while they are occurring and can therefore address the flooding attack immediately. Finally, this dissertation critically discusses the advantages of having such a digital forensic readiness system in place in a wireless sensor network environment. Copyright / Dissertation (MSc)--University of Pretoria, 2012. / Computer Science / unrestricted
|
19 |
Molnforensik : En litteraturstudie om tekniska utmaningar och möjligheter inom IT-forensik mot molnet / Cloud forensics : A litterature study about technical challanges and possibilities in digital forensics against the cloudGustavsson, Daniel January 2020 (has links)
Molntjänster används idag över hela världen och ger många fördelar för en användare eller företag. En nackdel med molnet är att det är en miljö som kriminella kan använda sig av för att utföra brott. En anledning till att molnet är en attraktiv plats för kriminella är på grund av bristen på IT-forensiska metoder för att utföra en undersökning mot molnmiljön. När ett brott har anmälts i molnet så kommer en IT-forensiker utföra en undersökning genom att samla in digitala bevis för att avgöra vad som har hänt, dock kan detta vara problematiskt på grund av molnets komplexitet. Det traditionella sättet för att utföra en IT-forensisk undersökning blir en utmaning i molnet på grund av flera anledningar, några av dem är molnets dynamiska miljö och att flera användare delar på samma resurser. Denna studie genomför en systematiskt litteraturstudie för att identifiera tekniska utmaningar och möjligheter vid en IT-forensisk undersökning i molnet. Flera utmaningar och möjligheter identifierades från existerande litteratur som i sin tur kategoriserades och sammanställdes i modeller. Flera utmaningar tas upp som att datan i molnet inte är centraliserad och att virtuella maskiner kan vara i ett volatilt tillstånd. Vid möjligheter så går det exempelvis att hämta ögonblicksbilder från molnet för att utföra en analys på och även hämta bevis från en klients dator. / Cloud services are being used all over the world today and provides several benefits for a user or a company. A downside with the cloud is that it is an environment that criminals can use to conduct a crime. One reason why a criminal uses the cloud to conduct a crime is due to the lack of suitable digital forensic techniques against the cloud environment. When a crime has been reported in the cloud, a digital forensics investigation can occur to gather digital evidence to determine what has happened. Unfortunately, this could be problematic because of the complexity of the cloud environment. The traditional way of conducting a digital forensic investigation becomes a challenge in the cloud because of several reasons. Some of the reasons are the dynamic environment of the cloud and that several users share the same resources. This study will conduct a systematic literature review to identify technical challenges and possibilities in a digital forensic investigation in the cloud. Several challenges and possibilities were identified from existing literature which in turn got categorized and compiled into models. This study presents challenges, for example the data in the cloud is not centralized and virtual machines may be in a volatile state. There are several possibilities for instance, collecting snapshot for analysis and collect evidence from a client’s computer.
|
20 |
Automated Cross-Border Mutual Legal Assistance in Digital Forensics (AUTOMLA) : A global realized Enterprise Architecture / Automatiserad gränsöverskridande ömsesidig rättshjälp inom digital forensik (AUTOMLA) : En globalt realiserad IT arkitekturHenriksson, Jonas January 2021 (has links)
Organized cybercrime has no borders in cyberspace. This paper suggests a state-of-the-art architected solution for a global Automated cross-border mutual legal assistance system within Digital Forensic (AUTOMLA). The Enterprise framework with technical viewpoint enables international collaboration between sovereign countries Fusion Centers. The evaluation concludes a user interface built in React, middleware Apollo with schema support linked to graph database Neo4j. GraphQL is the preferred application protocol over REST. Fusion Centers API is deployed as federated gateways, and business functions are implemented as PaaS serverless services. Its intuitive modeling Forensics in graphs, semantic networks enables causality and inference. All suggested elements in AUTOMLA are forming an internationally agreed collaborative platform; the solution for fast cross-border crime investigations. AUTOMLA deployed on the Internet is a subject for threats. Risks are mitigated in design guided by security frameworks. The recommended development method is agile, distributed in between autonomous teams.
|
Page generated in 0.0829 seconds