Global ETD Search

71	Android Memory Capture and Applications for Security and Privacy Sylve, Joseph T 17 December 2011 (has links) The Android operating system is quickly becoming the most popular platform for mobiledevices. As Android’s use increases, so does the need for both forensic and privacy toolsdesigned for the platform. This thesis presents the first methodology and toolset for acquiringfull physical memory images from Android devices, a proposed methodology for forensicallysecuring both volatile and non-volatile storage, and details of a vulnerability discovered by theauthor that allows the bypass of the Android security model and enables applications to acquirearbitrary permissions. Android Digital Forensics Privacy Computer Security Live Forensics Other Computer Sciences
72	A Digital Tool to Improve the Efficiency of IT Forensic Investigations / Translation not available Hansen, Tone January 2019 (has links) The IT forensic process causing bottlenecks in investigations is an identified issue, with multiple underlying causes – one of the main causes being the lack of expertise among those responsible for ordering IT forensic investigations. The focus of the study is to create and evaluate a potential solution for this problem, aiming to answer research questions related to a suitable architecture, structure and design of a digital tool that would assist individuals in creating IT forensic orders. This work evaluates concepts of such a digital tool. This is done using a grounded theory approach, where a series of test sessions together with the answers from a survey have been examined and analyzed in an iterative process. A low-fidelity prototype is used in the process. The resulting conclusion of the study is a set of concepts, ideas and principles for a digital tool that would aid in the IT forensic ordering process, as well improving the efficiency of the IT forensic process itself. Future work could involve developing the concept further to eventually become a finished product, or using it for improving already existing systems and tools, improving the efficiency and quality of the IT forensic process. IT forensics digital forensics IT-forensik digitala hjälpmedel rättsväsende beställarkompetens Information Systems
73	The Comprehensive Digital Forensic Investigation Process Model (CDFIPM) for digital forensic practice Montasari, Reza January 2016 (has links) No description available.
74	Conflating rules, norms, and ethics in intercollegiate forensics / Rules, norms, and ethics Swift, Crystal L. January 2005 (has links) This paper explores the concepts of rules, norms, and ethics as they pertain to intercollegiate forensic competition. The perspective is taken that these concepts tend to be conflated. Definitions of rules and ethics are drawn primarily from the National Forensics Association (NFA). The pertinent literature is reviewed, methods are explained, and results are reported and discussed. The conclusions pertain to the idea that forensics coaches and students alike are hesitant to accept universal rules and ethics, and prefer more contextualized standards. Suggestions for future research are also offered. / Department of Communication Studies Forensics (Public speaking) -- Rules. Social norms.
75	Considerations towards the development of a forensic evidence management system Arthur, Kweku Kwakye 23 July 2010 (has links) The decentralized nature of the Internet forms its very foundation, yet it is this very nature that has opened networks and individual machines to a host of threats and attacks from malicious agents. Consequently, forensic specialists - tasked with the investigation of crimes commissioned through the use of computer systems, where evidence is digital in nature - are often unable to adequately reach convincing conclusions pertaining to their investigations. Some of the challenges within reliable forensic investigations include the lack of a global view of the investigation landscape and the complexity and obfuscated nature of the digital world. A perpetual challenge within the evidence analysis process is the reliability and integrity associated with digital evidence, particularly from disparate sources. Given the ease with which digital evidence (such as metadata) can be created, altered, or destroyed, the integrity attributed to digital evidence is of paramount importance. This dissertation focuses on the challenges relating to the integrity of digital evidence within reliable forensic investigations. These challenges are addressed through the proposal of a model for the construction of a Forensic Evidence Management System (FEMS) to preserve the integrity of digital evidence within forensic investigations. The Biba Integrity Model is utilized to maintain the integrity of digital evidence within the FEMS. Casey's Certainty Scale is then employed as the integrity classifcation scheme for assigning integrity labels to digital evidence within the system. The FEMS model consists of a client layer, a logic layer and a data layer, with eight system components distributed amongst these layers. In addition to describing the FEMS system components, a fnite state automata is utilized to describe the system component interactions. In so doing, we reason about the FEMS's behaviour and demonstrate how rules within the FEMS can be developed to recognize and pro le various cyber crimes. Furthermore, we design fundamental algorithms for processing of information by the FEMS's core system components; this provides further insight into the system component interdependencies and the input and output parameters for the system transitions and decision-points infuencing the value of inferences derived within the FEMS. Lastly, the completeness of the FEMS is assessed by comparing the constructs and operation of the FEMS against the published work of Brian D Carrier. This approach provides a mechanism for critically analyzing the FEMS model, to identify similarities or impactful considerations within the solution approach, and more importantly, to identify shortcomings within the model. Ultimately, the greatest value in the FEMS is in its ability to serve as a decision support or enhancement system for digital forensic investigators. Copyright / Dissertation (MSc)--University of Pretoria, 2010. / Computer Science / unrestricted Investigations Finite state automata Forensic evidence management system Computer forensics Digital forensics UCTD
76	Forensic evidence isolation in clouds Delport, Waldo January 2013 (has links) Cloud computing is gaining acceptance and also increasing in popularity. Organisations often rely on cloud resources as an effective replacement for their `in-house' computer systems. In the cloud, virtual resources are provided from a larger pool of resources, these resources being available to multiple different clients. When something suspicious happens within a digital environment, a digital forensic investigation may be conducted to gather information about the event. When conducting such an investigation digital forensic procedures are followed. These procedures involve the steps to be followed to aid in the successful completion of the investigation. One of the possible steps that may be followed involves isolating possible evidence in order to protect it from contamination and tampering. Clouds may provide a multi-tenancy solution across multiple geographical locations. When conducting an investigation into physical equipment the equipment may be isolated. This may be done, for example, by placing a cell phone in a Faraday bag in order to block signals or unplugging a computer's network cable to stop the computer from either sending or receiving of network traffic. However, in the cloud it may not be applicable to isolate the equipment of the cloud because of the multi-tenancy and geographically separated nature of the cloud. There is currently little research available on how isolation can be accomplished inside the cloud environment. This dissertation aims at addressing the need for isolation on the cloud by creating new methods and techniques that may be incorporated into an investigation in order to isolate cloud resources. Isolation can be achieved by moving the unnecessary evidence to a different location and retaining the required evidence or by moving the required evidence in such a manner that the evidence would not be contaminated. If isolated evidence were to be moved to a digital forensic laboratory, the question arises as to whether it would be possible to create such a laboratory on the cloud utilise the benefits of cloud computing and enable the investigation to be conducted on the cloud without moving the isolated evidence from the cloud. The dissertation will develop various models of isolation. These models are then tested in experimental conditions. The experiments were conducted on Nimbula Director 1.0.3 and VMware vSphere 5.0. The models were successfully applied in the experiments. It was found that investigations could benefit from the use of the proposed models for isolation. However, the experiments also highlighted that some of the models are not applicable or that a combination should be used. The experiments also indicated that the methods to be used would depend on the circumstances of the investigation. A preliminary "cloud laboratory" was designed and described in terms of which a digital forensic laboratory can be created on the cloud resources, thus enabling an investigation to be conducted inside the cloud environment. / Dissertation (MSc)--University of Pretoria, 2013. / Computer Science / unrestricted Digital forensics Cloud computing Digital forensics process Isolation UCTD C14/4/60/gm
77	Differentiating Users Based on Changes in the Underlying Block Space of Their Smartphones Eric D Katz (8802593) 06 May 2020 (has links) With the growing popularity of using smartphones in business environments, it is increasingly likely that phones will be the target of attacks and sources of evidence in cyber forensic investigations. It will often be important to identify who was using the phone at the time an incident occurred. This can be very difficult as phones are easily misplaced, borrowed, or stolen. Previous research has attempted to find ways to identify computer users based on behavioral analysis. Current research into user profiling requires highly invasive examinations of potentially sensitive user data that the user might not be comfortable with people inspecting or could be against company policy to store. This study developed user profiles based on changes in a mobile phone's underlying block structure. By examining where and when changes occur, a user profile can be developed that is comparable to more traditional intrusion detection models, but without the need to use invasive data sets. These profiles can then be used to determine user masquerading efforts or detect when a compromise has occurred. This study included 35 participants that used Samsung Galaxy S3s for three months. The results of the study show that this method has a high accuracy of classifying a phone's actual sessions correctly when using 2-class models. Results from the 1-class models were not as accurate, but the Sigmoid SVM was able to correctly classify actual user sessions from attack sessions. <br> Technology not elsewhere classified Smartphones Computer Security machine Learning Privacy Forensics Cyber Forensics Android
78	A Forensic Examination of Database Slack Joseph W. Balazs (5930528) 23 July 2021 (has links) This research includes an examination and analysis of the phenomenon of database slack.<br>Database forensics is an underexplored subfield of Digital Forensics, and the lack of research is<br>becoming more important with every breach and theft of data. A small amount of research exists<br>in the literature regarding database slack. This exploratory work examined what partial records of<br>forensic significance can be found in database slack. A series of experiments performed update<br>and delete transactions upon data in a PostgreSQL database, which created database slack.<br>Patterns of hexadecimal indicators for database slack in the file system were found and analyzed.<br>Despite limitations in the experiments, the results indicated that partial records of forensic<br>significance are found in database slack. Significantly, partial records found in database slack<br>may aid a forensic investigation of a database breach. The details of the hexadecimal patterns of<br>the database slack fill in gaps in the literature, the impact of log findings on an investigation was<br>shown, and complexity aspects back up existing parts of database forensics research. This<br>research helped to lessen the dearth of work in the area of database forensics as well as database slack.<br> Database Forensics Digital Forensics Databases PostgreSQL
79	Detecting Image Forgery with Color Phenomenology Stanton, Jamie Alyssa 30 May 2019 (has links) No description available. Electrical Engineering Engineering Image Forensics Deep Learning Convolutional Neural Network CNN Chromaticity Multimedia Forensics
80	Digital Forensic Analysis of Snapchat and BeReal : In Search of Artifacts Persson, Philip January 2023 (has links) Snapchat and BeReal are popular social media platforms focused on photo sharing and instant messaging. A tool often used in police investigations is the analysis of communication, this includes different electronic devices and smartphone devices. However, Law enforcement faces challenges when analyzing communication in police investigations due to encryption and privacy protection. The experiment included three phases: artifact production, data acquisition, and data examination & analysis. In the artifact production phase, four devices exchanged chat messages, images, and videos. The data acquisition phase involved using two licensed forensic tools, Magnet Axiom and MOBILedit Forensic PRO. The final phase involved examining and analyzing the extracted data to find artifacts that could serve as supporting evidence in criminal investigations. Several conclusions were drawn from this study. Notably, the experiment revealed diverse types of forensic artifacts. Metadata files that contained information about the applications were the most common. Examples of this were com.snapchat.android.apk and com.bereal.ft.apk for Android, and iTunesMetadata.plist together with other .plist files for iPhone. These files provide valuable data such as user information, activity, and timestamps. Important locations and key factors were also identified. Digital Forensics Snapchat BeReal Social media forensics Computer and Information Sciences Data- och informationsvetenskap

Search results