Global ETD Search

111	New and Emerging Mobile Apps Among Teens - Are Forensic Tools Keeping Up? Kelsey Billups (8800973) 06 May 2020 (has links) Mobile applications are an important but fast changing piece of the digital forensics’ world. For mobile forensics researchers and field analysts, it is hard to keep up with the pace of the ever-changing world of the newest and most popular applications teens are using. Mobile forensic tools are quickly becoming more and more supportive of new applications, but with how quickly apps are changing and new ones being released, it is still difficult for the tools to keep up. The research question for this project examines to what extent digital forensic tools support new and emerging applications seen recently in investigations involving teenagers? For this research, a survey was conducted asking digital forensic analysts, and others who investigate digital crimes, what applications they are coming across most frequently during investigations involving teens and whether those applications are being supported by forensic tools. The top three applications from the survey that were not supported by mobile forensic tools, Monkey, Houseparty, and Likee were populated onto a test device and then evaluated and analyzed to see what forensic artifacts were found in those applications. The mobile application artifacts were then compared on two different forensic tools to see which tool obtains the most forensic artifacts from the applications. Through the examination and analysis of the applications and data contained within the apps, it was determined that 61% of the populated forensic artifacts were recovered manually and only 45% were recovered by a forensic tool for the Monkey application. 100% of the populated forensic artifacts were recovered manually and only 29% were recovered by a forensic tool for the Houseparty application. 42% of the populated forensic artifacts were recovered manually and only 3% were recovered by a forensic tool for the Likee application. It was found that the extent of support from digital forensic tools for these types of applications depends greatly on how the application stores the artifacts, but the artifact extraction support was limited for all applications. This research benefits in helping researchers and analysts by understanding the data and artifacts contained within the applications, what forensic artifacts are recoverable, and where to find those important artifacts. This research can help in finding important evidence for future investigations.<br> Computer System Security Mobile Technologies cyber forensics Digital Forensics computer forensics Mobile Forensics mobile applications mobile app Social media use Android forensic toolkits
112	Uppe bland molnen : Tvångsmedlet genomsökning på distans RB 28:10 och utvinning av molndata tillhörande Googletjänster Dahlstrand, Elsa, Dahl, Moa January 2023 (has links) Det sker en kontinuerlig digitalisering i världen vilket innebär en utmaning för samhällets lagstiftning, till följd av att lagstiftning är tids- och resurskrävande. Detta är något som kriminella utnyttjar i och med att deras verksamhet har flyttats alltmer till den digitala världen. Kriminell verksamhet som genomförs med hjälp av molntjänster har varit svårt att bekämpa, då det inte är säkert att den data som skapas i molntjänster också lagras i samma land. Arbetet att samla in denna data har för svenska myndigheter därför varit krångligt, och i vissa fall, omöjligt. Det var först i juni 2022 som en lag trädde i kraft, RB 28:10 genomsökning på distans, som gjorde det möjligt för utredare att gå in i molntjänster och leta efter bevismaterial. I denna uppsats har semi-strukturerade intervjuermed IT-forensiker och åklagare genomförtsoch analyserats.Resultatet visar att upplevelsen av lagen är positiv; att den kom hastigt men att den var behövlig. Däremot har den skapat mer arbete för IT-forensiker som en konsekvens. Kompletterande har ett experiment av molndata tillhörande ett Google-konto undersökts med hjälp av två IT-forensiska verktyg, vilket resulterat i att en skillnad i verktygens identifiering av raderad data uppmärksammats. Slutligen påvisar uppsatsen och dess resultat att lagen,genomsökning på distans, och utvinning av molndata försett brottsbekämpningen med data av högt bevisvärde och möjliggjort utredningar som tidigare inte var möjligt enligt lag. / The constant digitalization of our world poses a challenge to our governments in developing laws correspondingly. This divergence is something cybercriminals exploit. Criminal activity taking place in the cyberspace, specifically through cloud platforms, has been difficult for law enforcement to regulate and prosecute, partially due to the information needed is kept in servers outside of jurisdiction. In Swedish law enforcement this has caused the acquisition of valuable cloud data, in some cases, impossible, consequently leading to unsolved cases. As of June 2022, a new law regarding means of coercion took effect which enabled the recovery of account specific cloud data. In this work semi-structured interviews, with IT-forensics and prosecutors, were conductedand analyzed. The result shows that the experience of the law is positive, that it came abruptlybut that it was necessary. However, it has created more work for IT-forensics as a consequence. In addition, an experiment involving cloud data belonging to a Google account has been investigated with the help of two IT-forensic tools, which resulted in the observation of a variation in the tools' identification of deleted data. Finally, the paper and its findings demonstrate that the law and cloud data mining have provided law enforcement with high probative value data and enabled investigations previously not lawfully possible. IT-forensics Digital Forensics Means of Coercion Cloud Forensics Magnet AXIOM Cellebrite UFED Cloud Google services Tvångsmedel RB 28:10 Genomsökning på distans Digital forensik Molnforensik Magnet AXIOM Cellebrite UFED Cloud Googletjänster Computer and Information Sciences Data- och informationsvetenskap
113	The Challenges Facing Law Enforcement In Live-Streamed Child Sexual Abuse Cases Daniel Dale Spencer III (16642371) 07 August 2023 (has links) <p>The live streaming of child sexual abuse is a serious problem that demands urgent attention from law enforcement, legislature, and the platforms that it occurs on. While child sexual exploitation and abuse crimes have been occurring for decades, the growing number of internet users combined with the recent Covid-19 outbreak has shifted a lot of these crimes online. Crimes that occur over live streams are particularly difficult to investigate. Previous research has highlighted four main types of challenges associated with these types of cases: legislative, social, technical, and investigative. While studies have been conducted that explored these challenges individually, this study fills a research gap by exploring which of these challenges affect law enforcement personnel that work live-streamed child sexual abuse cases post-Covid-19. For this study, an anonymous online survey was sent out to law enforcement individuals and agencies nationwide. The survey was actively distributed for one month. Out of the 29 responses received, 13 participants qualified to take the survey and were asked about the challenges they faced working these types of cases and about any solutions to these challenges. After collecting the data, descriptive statistics identified the challenges, and a thematic analysis was conducted. Following a grounded theory process, the analysis identified five main themes that encompassed multiple types of challenges and solutions. These themes were: a lack of consensus, education, the role of application service providers and platforms, a need for better technology, and out-of-jurisdiction challenges. These themes explored in-depth the participants’ responses and further identified the challenges facing law enforcement that work live-streamed child sexual abuse cases, as well as any current solutions to these challenges. Two main challenges frequently mentioned by the participants were end-to-end encryption and anonymizing services, and one of the main solutions to many of the challenges was the education of parents, children, and legislators. For future research, the author recommends exploration of the following topics: the investigation of the factors that play strong roles in determining the time it takes to investigate live-streamed child sexual abuse cases, research related to how AI could assist law enforcement working these cases, further exploration of a framework for the education of parents and children about social media usage and the risks of live streaming, how social platforms can be used in many ways, and research that examines how often law enforcement encounters live-streamed child sexual abuse cases/whether these cases are common or not. </p> Causes and prevention of crime Cybercrime Victims Digital forensics Law, science and technology live stream abuse online child sexual abuse online child sexual exploitation live-streamed child sexual abuse law enforcement survey live stream challenges
114	MIXED-METHODS ANALYSIS OF SOCIAL-ENGINEERING INCIDENTS Grusha Ahluwalia (13029936) 29 April 2023 (has links) <p> </p> <p>The following study is a research thesis on the subject matter of Social Engineering (SE) or Social Engineering Information Security Incidents (SEISI). The research evaluates the common features that can be used to cover a social engineering scenario from the perspectives of all stakeholders, at the individual and organizational level in terms of social engineering Tactics, Techniques, and Procedures (TTP). The research utilizes extensive secondary literary sources for understanding the topic of Social Engineering, highlights the issue of inconsistencies in the existing frameworks on social engineering and, addresses the research gap of availability of reliable dataset on past social engineering incidents by information gathered on the common themes of data reported on these. The study annotates salient features which have been identified in several studies in the past to develop a comprehensive dataset of various social engineering attacks which could be used by both computational and social scientists. The resulting codebook or the features of a social engineering are coded and defined based on Pretext Design Maps as well as industry standards and frameworks like MITRE ATT&CK, MITRE CVE, NIST, etc. Lastly, Psychological Theories of Persuasion like Dr. Cialdini’s principles of persuasion, Elaboration Likelihood Model, and Scherer’s Typology of Affective Emotional States guides the psychological TTPs of social engineering evaluated in this study. </p> Digital forensics Information security management Social psychology Social Engineering attacks Threat Modelling Principles of Influence & Persuasion MITRE ATT&CK framework
115	Hfs Plus File System Exposition And Forensics Ware, Scott 01 January 2012 (has links) The Macintosh Hierarchical File System Plus, HFS +, or as it is commonly referred to as the Mac Operating System, OS, Extended, was introduced in 1998 with Mac OS X 8.1. HFS+ is an update to HFS, Mac OS Standard format that offers more efficient use of disk space, implements international friendly file names, future support for named forks, and facilitates booting on non-Mac OS operating systems through different partition schemes. The HFS+ file system is efficient, yet, complex. It makes use of B-trees to implement key data structures for maintaining meta-data about folders, files, and data. The implementation of what happens within HFS+ at volume format, or when folders, files, and data are created, moved, or deleted is largely a mystery to those who are not programmers. The vast majority of information on this subject is relegated to documentation in books, papers, and online content that direct the reader to C code, libraries, and include files. If one can’t interpret the complex C or Perl code implementations the opportunity to understand the workflow within HFS+ is less than adequate to develop a basic understanding of the internals and how they work. The basic concepts learned from this research will facilitate a better understanding of the HFS+ file system and journal as changes resulting from the adding and deleting files or folders are applied in a controlled, easy to follow, process. The primary tool used to examine the file system changes is a proprietary command line interface, CLI, tool called fileXray. This tool is actually a custom implementation of the HFS+ file system that has the ability to examine file system, meta-data, and data level information that iv isn’t available in other tools. We will also use Apple’s command line interface tool, Terminal, the WinHex graphical user interface, GUI, editor, The Sleuth Kit command line tools and DiffFork 1.1.9 help to document and illustrate the file system changes. The processes used to document the pristine and changed versions of the file system, with each experiment, are very similar such that the output files are identical with the exception of the actual change. Keeping the processes the same enables baseline comparisons using a diff tool like DiffFork. Side by side and line by line comparisons of the allocation, extents overflow, catalog, and attributes files will help identify where the changes occurred. The target device in this experiment is a two-gigabyte Universal Serial Bus, USB, thumb drive formatted with Global Unit Identifier, GUID, and Partition Table. Where practical, HFS+ special files and data structures will be manually parsed; documented, and illustrated. Hfs+ digital forensics filexray apple forensics mac forensics guid partition table gpt scheme hfs+ volume winhex apple data structure mac partitions apple partitions hfs+ journal hfs+ format Computer Sciences Engineering Forensic Science and Technology
116	<b>Forensic Analysis of Images and Documents</b> Ruiting Shao (18018187) 23 February 2024 (has links) <p dir="ltr">This thesis involves three topics related to forensic analysis of media data. The first topic is the analysis of images and documents that have been created with a scanner. The goal is to detect and identify scanner model from the scanned images/documents. We propose a deep learning system that can automatically learn the inherent features of the scanned images. This system will produce a scanner model identification and a reliability map for a scanned image. The proposed system has shown promising results in the forensic analysis of scanned images. The second topic is related to forensic integrity of scientific papers. The project is divided into multiple tasks, data collection, image extraction, and manipulation detection. We have constructed a dataset of retracted scientific papers that have been verified to have issues with integrity. We design and maintain a web-based Scientific Integrity System for forensic analysis of the images within scientific publications. The third topic is related to media document analysis. Our goal is to identify the publication style for media document, aiding in the potential document manipulation. We are mainly focusing on image-text consistency check, and synthetic tweets analysis. For image-text inconsistency check, we describe a system that can examine an image in document and the corresponding text caption (or other associated text with the image) to check the image/text consistency. For synthetic tweets analysis, we propose a system to detect and identify the text generation models and paraphrase attack models.</p> Natural language processing Computer vision Image processing Multimodal analysis and synthesis Digital forensics Deep learning scanner detection synthetic text analysis media forensics natural language generation (NLG) author attribution image-text consistency social media misinformations scientific integrity Person of Interest
117	<strong>TOWARDS A TRANSDISCIPLINARY CYBER FORENSICS GEO-CONTEXTUALIZATION FRAMEWORK</strong> Mohammad Meraj Mirza (16635918) 04 August 2023 (has links) <p>Technological advances have a profound impact on people and the world in which they live. People use a wide range of smart devices, such as the Internet of Things (IoT), smartphones, and wearable devices, on a regular basis, all of which store and use location data. With this explosion of technology, these devices have been playing an essential role in digital forensics and crime investigations. Digital forensic professionals have become more able to acquire and assess various types of data and locations; therefore, location data has become essential for responders, practitioners, and digital investigators dealing with digital forensic cases that rely heavily on digital devices that collect data about their users. It is very beneficial and critical when performing any digital/cyber forensic investigation to consider answering the six Ws questions (i.e., who, what, when, where, why, and how) by using location data recovered from digital devices, such as where the suspect was at the time of the crime or the deviant act. Therefore, they could convict a suspect or help prove their innocence. However, many digital forensic standards, guidelines, tools, and even the National Institute of Standards and Technology (NIST) Cyber Security Personnel Framework (NICE) lack full coverage of what location data can be, how to use such data effectively, and how to perform spatial analysis. Although current digital forensic frameworks recognize the importance of location data, only a limited number of data sources (e.g., GPS) are considered sources of location in these digital forensic frameworks. Moreover, most digital forensic frameworks and tools have yet to introduce geo-contextualization techniques and spatial analysis into the digital forensic process, which may aid digital forensic investigations and provide more information for decision-making. As a result, significant gaps in the digital forensics community are still influenced by a lack of understanding of how to properly curate geodata. Therefore, this research was conducted to develop a transdisciplinary framework to deal with the limitations of previous work and explore opportunities to deal with geodata recovered from digital evidence by improving the way of maintaining geodata and getting the best value from them using an iPhone case study. The findings of this study demonstrated the potential value of geodata in digital disciplinary investigations when using the created transdisciplinary framework. Moreover, the findings discuss the implications for digital spatial analytical techniques and multi-intelligence domains, including location intelligence and open-source intelligence, that aid investigators and generate an exceptional understanding of device users' spatial, temporal, and spatial-temporal patterns.</p> Spatial data and applications Knowledge representation and reasoning Digital forensics Data engineering and data science Knowledge and information management Digital curation and preservation Cyber Crime Cybersecurity Cyber Forensics DFIR Digital Forensics Incident Response Threat Intelligence Networking Mobile Forensics iOS Forensics Intelligence Open-source Intelligence (OSINT) Location Intelligence GIS Spatial Analysis Spatiotemporal Analysis UAV Forensics GeoDatabase Geodata
118	An Adversarial Approach to Spliced Forgery Detection and Localization in Satellite Imagery Emily R Bartusiak (6630773) 11 June 2019 (has links) The widespread availability of image editing tools and improvements in image processing techniques make image manipulation feasible for the general population. Oftentimes, easy-to-use yet sophisticated image editing tools produce results that contain modifications imperceptible to the human observer. Distribution of forged images can have drastic ramifications, especially when coupled with the speed and vastness of the Internet. Therefore, verifying image integrity poses an immense and important challenge to the digital forensic community. Satellite images specifically can be modified in a number of ways, such as inserting objects into an image to hide existing scenes and structures. In this thesis, we describe the use of a Conditional Generative Adversarial Network (cGAN) to identify the presence of such spliced forgeries within satellite images. Additionally, we identify their locations and shapes. Trained on pristine and falsified images, our method achieves high success on these detection and localization objectives. Image Processing Image Processing Machine Learning Electrical Engineering Computer Engineering Electrical and Computer Engineering ECE Satellite Imagery cGAN Media Forensics Digital Forensics Image Forensic Analysis Spliced Forgery Spliced Objects Splicing Doctored Images Image Manipulation Image Editing Falsified Imagery Forged Images Forgery Localization Forgery Detection
119	Forensiska Artefakter hos Mobila Applikationer : Utvinning och Analys av Applikationen Snapchat Nordin, Anton, Liffner, Felix January 2019 (has links) Today's smartphones and tablets use different applications and software for all sorts of purposes: communication, entertainment, fitness, to share images with each other, to keep up to date with the news and lots of different daily tasks. With the heavy usage of all these apps, it is no wonder that it comes with a few issues. Private data is stored in large quantities both on the local device and on the app-creators' servers. It is no wonder that applications advertising user secrecy and transient storage of user data. One of these applications is Snapchat, with over 500 million downloads on Google Play store, at the time of writing. Snapchat is a communication application with the niched feature that the images and messages sent, disappear once opened or after 24 hours have passed. With the illusion of privacy behind Snapchats niche it has become a breeding ground for criminal activity. The niche itself translates to a troublesome hurdle for law enforcement trying to retrieve evidence from devices of Snapchat users. This paper is aimed to investigate these issues and perform a methodology to retrieve potential evidence on a device using Snapchat to send images and messages. By performing a physical acquisition on a test device and analyzing to find artifacts pertaining to Snapchat and the test-data that was created. The method is performed on a Samsung Galaxy S4 with Android 5.0.1 running Snapchat version 10.52.3.0. Test data such as different images and messages were created and attempted to be retrieved at three points in time. First one being right after data creation. Second one after a restart and 24 hours after the data was created. And the third with 48 hours passed and the Snapchat user logged out at the time of acquisition. The acquisition resulted in the extraction of several sent images and a full text conversation between the experimental device and another party. A full video which was uploaded by the receiving user was able to be extracted even though the experimental device never actually viewed the video. The second acquisition which was made when 24h had passed gave the same results as the first one. This meant that time at least up to a day after the initial creation of the data did not have any effect on the evidence. However, when the Snapchat user was logged out from the application, the data was then unobtainable and had disappeared. Presumably Snapchat has a function which deletes personal data about the user when logged out from the application. This function might become a hurdle in law enforcement investigations where the application Snapchat is involved. Forensics Mobile forensics DFIR Snapchat Magnet Axiom Extraction Snapchat analysis Forensic investigation Snapchat artifacts forensic artifacts digital forensics Forensik Digitalforensik Mobilforensik Snapchat Artefakter Magnet Axiom Utvinning Samsung Galaxy S4 Applikationer Mobilutvinning Övrig annan teknik Computer and Information Sciences Data- och informationsvetenskap
120	Distribuovaný repositář digitálních forenzních dat / Distributed Forensic Digital Data Repository Josefík, Martin January 2018 (has links) This work deals with the design of distributed repository aimed at storing digital forensic data. The theoretical part of the thesis describes digital forensics and what is its purpose. There are also explained Big data, suitable storages, their properties, advantages and disadvantages, in this part. The main part of the thesis deals with the design and implementation of distributed storage for digital forensic data. The design is also focused in suitable indexing of stored data, and supporting new types of digital forensic data. The performance of implemented system was evaluated for chosen type of digital forensic data PCAP files.

Search results