System Maintenance:
There may be intermittent impact on performance while updates are in progress. We apologize for the inconvenience.
By Topic

Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on

Date 7-9 Nov. 2005

Filter Results

Displaying Results 1 - 25 of 28
  • First International Workshop on Systematic Approaches to Digital Forensic Engineering

    Publication Year: 2005
    Save to Project icon | Request Permissions | PDF file iconPDF (841 KB)  
    Freely Available from IEEE
  • First International Workshop on Systematic Approaches to Digital Forensic Engineering - Title Page

    Publication Year: 2005 , Page(s): i - iii
    Save to Project icon | Request Permissions | PDF file iconPDF (135 KB)  
    Freely Available from IEEE
  • First International Workshop on Systematic Approaches to Digital Forensic Engineering - Copyright

    Publication Year: 2005 , Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (117 KB)  
    Freely Available from IEEE
  • First International Workshop on Systematic Approaches to Digital Forensic Engineering - Table of contents

    Publication Year: 2005 , Page(s): v - vi
    Save to Project icon | Request Permissions | PDF file iconPDF (129 KB)  
    Freely Available from IEEE
  • Preface

    Publication Year: 2005 , Page(s): vii
    Save to Project icon | Request Permissions | PDF file iconPDF (116 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Committees

    Publication Year: 2005 , Page(s): ix
    Save to Project icon | Request Permissions | PDF file iconPDF (101 KB)  
    Freely Available from IEEE
  • United States v Gorshkov detailed forensics and case study: expert witness perspective

    Publication Year: 2005 , Page(s): 3 - 24
    Save to Project icon | Request Permissions | PDF file iconPDF (536 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Unifying computer forensics modeling approaches: a software engineering perspective

    Publication Year: 2005 , Page(s): 27 - 39
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (352 KB) |  | HTML iconHTML  

    As an effort to introduce formalism into computer forensics, researchers have presented various modeling techniques for planning, analysis, and documentation of forensics activities. These modeling techniques provide representations of various forensics subjects such as investigative processes, chain of events, and evidence tests. From a software engineering perspective, it seems that several of these computer forensics modeling approaches may be unified to create a more complete, multi-view modeling methodology for examination planning and analysis. This paper proposes a core set of modeling views for a unified computer forensics modeling methodology: investigative process view, case domain view, and, evidence view. An example email threat case scenario is used as the context for a multi-view modeling example. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Standardizing the construction of a digital forensics laboratory

    Publication Year: 2005 , Page(s): 40 - 47
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (208 KB) |  | HTML iconHTML  

    Along with the increasing problems of cybercrime, digital forensics-related issues have become more and more important and serious. Digital forensics often involves the preservation, identification, extraction, documentation and interpretation of digital data. The construction of a forensics laboratory should include the objective of establishment, organization, responsibility, accreditation procedure, personnel qualification, training, equipment, forensics procedure, document management, and so on. Another objective of constructing a forensics laboratory is to provide a trustworthy analysis report for each judicial investigation; however, there is no common criteria for a digital forensics laboratory so far. We present the seven stage lifecycle model of the forensics process, that has to be consistent, as well as in compliance with international standards. We also give suggestions and a model for establishing and standardizing a digital forensics laboratory. We hope our efforts can enhance the quality and accuracy of digital forensics, to solve criminal cases and protect human rights. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Digital forensics: exploring validation, verification & certification

    Publication Year: 2005 , Page(s): 48 - 55
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (200 KB) |  | HTML iconHTML  

    Digital forensic teams and laboratories are now common place within Australia, particularly associated with law enforcement and intelligence agencies. The digital forensics discipline is rapidly evolving to become a scientific practice with domain-specific guideline. These guidelines are still under discussion in an attempt to progress the discipline so as to become as solid and robust in its scientific underpinnings as other forensic disciplines. Influential players, practitioners and observers all agree that rigorous standards need to be adopted to align this science with other forensic sciences. How does one assess the scientific nature of digital forensics with so many independent computing and IT elements combined, and what are the outcomes of each assessment method? Solutions are proposed regularly justifying their use but to date no one international or national standard exists. This paper does not propose a solution but rather explores the concept of Validation and Verification (V&V) with particular respect to digital forensic tools. The paper also explores ISO17025 "General requirements for the competence of testing and calibration laboratories" and develops the testing process to satisfy this standard to allow for Australian digital forensic laboratories to be eligible for certification. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Establishment of the standard operating procedure (SOP) for gathering digital evidence

    Publication Year: 2005 , Page(s): 56 - 65
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (272 KB) |  | HTML iconHTML  

    The rapidly evolving age of information network is changing our lives without our awareness. With the development of information communication technology (ICT) and cybercrime (Internet crime) intelligence, modern judicature (including criminal, civil and administrative) must carry out litigation by using technology; especially in dealing with organized and terrible crime. Since digital evidence has often been very effective and important, the legislative and legal authorities in each country have gradually put more credence to digital evidence. As a result, establishing a standard operating procedure (SOP) is important in raising the effectiveness and credibility of digital evidence. Subsequently, the move to create a digital evidence's standard operating procedure (DESOP) is essential to the development of a sophisticated information society. We would like to discuss the establishment of DESOP from law, principle, procedure and software tool. This paper can be used as reference for judicial organizations and civil enterprises in establishing DESOP. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • How to be a digital forensic expert witness

    Publication Year: 2005 , Page(s): 69 - 85
    Save to Project icon | Request Permissions | PDF file iconPDF (456 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • The use of packet inter-arrival times for investigating unsolicited Internet traffic

    Publication Year: 2005 , Page(s): 89 - 104
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (760 KB) |  | HTML iconHTML  

    Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet inter-arrival times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SIMbrush: an open source tool for GSM and UMTS forensics analysis

    Publication Year: 2005 , Page(s): 105 - 119
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (352 KB) |  | HTML iconHTML  

    The aim of this paper is to describe a new open source tool, usable on Windows and Linux platform, for digital evidence extraction from SIMs and USIMs card. Nowadays, closed-source or confidential tools are used for this purpose and this is contrary to Daubert's test, because, it is not possible to gain the high degree of acceptability from scientific community required by the test itself. This tool is being proposed, therefore, as a platform for the exchange of ideas, to constitute, free from the logic of copyright, a wide agreement. Security features of SIMs hamper in many ways the possibility to dump a bit for bit internal memory image. As a consequence, this tool interfaces itself to SIM cards in the standard way. Data is acquired in raw format (binary data) and represents digital evidence; interpretation of these raw data at a higher level of abstraction could be the purpose of an extension of this tool aimed at examination of the digital evidence. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Comparative survey of local honeypot sensors to assist network forensics

    Publication Year: 2005 , Page(s): 120 - 132
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (336 KB) |  | HTML iconHTML  

    This paper intends to illustrate the usefulness of deploying multiple simple honeypot sensors in a large variety of locations. Indeed, a permanent identification of anomalies that occur on a single sensor allows pinpointing abnormal local activities. These can be the manifest of misconfiguration issues or highlight attacks particular to some given environments. Both cases are important for administrators in charge of the networks hosting the sensors. We propose in this paper a comparison of simple parameters that reveal to be an easy way to determine these abnormal and particular activities. On the basis of two identical honeypot sensors that we have deployed for more than 6 months in France and in Taiwan, we detail the analysis of some anomalies that have been found against one unique sensor only. This is a preliminary but useful stage for network forensics and we intend in a near future to deploy the method over a large number of sensors. This is an on-going work and we hope that the illustrations we provide all along the paper a good incentive for partners to join this open project. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer forensics, information security and law: a case study

    Publication Year: 2005 , Page(s): 135 - 141
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (200 KB) |  | HTML iconHTML  

    Providing security and assurance to information systems and communications is one of the highest national priorities. It is our task to prepare computer information system security professionals with current security and assurance information to achieve this objective. To meet this urgent need, the faculty must have the knowledge and skills to be taught in the classroom. For several semesters, we have been developing information system security curriculum with a computer forensics course for the students. Active participation in real life security problems is a great opportunity to learn the subject matter. This paper describes one of our positive experiences. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Legal requirements for the use of keystroke loggers

    Publication Year: 2005 , Page(s): 142 - 150
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (216 KB) |  | HTML iconHTML  

    This paper examines the American federal Wiretap Act and its application to the use of keystroke loggers as forensic tools and by private individuals. The paper concludes that for purposes of the Wiretap Act, a keystroke logger intercepts electronic communications if the keystrokes that the logger records are being transmitted over telephone lines or the Internet. Under the Wiretap Act, law enforcement personnel must obtain a wiretap order in order to use a keystroke logger to intercept any electronic communications. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Technical challenges and directions for digital forensics

    Publication Year: 2005 , Page(s): 155 - 161
    Cited by:  Papers (8)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (192 KB) |  | HTML iconHTML  

    Digital forensics is concerned with the investigation of any suspected crime or misbehaviour that may be manifested by digital evidence. The digital evidence may be manifest in various forms. It may be manifest on digital electronic devices or computers that are simply passive repositories of evidence that documents the activity, or it may consist of information or meta-information resident on the devices or computers that have been used to actually facilitate the activity, or that have been targeted by the activity. In each of these three cases, we have recorded digital evidence of the activity. This paper examines some recent advances in digital forensics and some important emerging challenges. It considers the following topics: tools and their evolution; the implications of large volumes of data; the impact of embedded and special-purpose computer systems; corporate governance and its implications for 'forensic readiness'; and the role of forensics in securing the Internet. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evidence handling in proactive cyberstalking investigations: the PAPA approach

    Publication Year: 2005 , Page(s): 165 - 176
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (296 KB) |  | HTML iconHTML  

    Stalking is the malicious, unsolicited intrusion on another's personal space, and cyber-stalking extends this to cyberspace via Internet technology. All fifty U.S. states criminalized stalking in the 1990's, and many have passed cyberstalking statutes as well. The anonymity and reach of the Internet, and the difficulties in capturing, recording, and verifying digital evidence combine to create new challenges to law enforcement agencies trying to prevent and detect the crime and apprehend the criminals. In particular, the "expectation of privacy" afforded to all participants of live-wire communication makes it difficult to bind the actual perpetrator with his or her online persona. The PAPA system is a comprehensive toolkit that captures all relevant cyberstalking data with the potential for admissibility in a court of law. To this end, and as far as possible under existing federal, state, and international statutes, it captures data with the goal of producing evidence that is admissible, authoritative, reliable, complete, and believable. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The law of possession of digital objects: dominion and control issues for digital forensics investigations and prosecutions

    Publication Year: 2005 , Page(s): 177 - 183
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (200 KB) |  | HTML iconHTML  

    The possession of digital objects defines rights and liabilities of the possessor. The nature of digital data, networked systems and data security suggest review of the fundamental concept as applied to digital objects. Possession of digital objects may be separate and distinct from physical possession of storage media and systems. Failure to address this risks error based on misleading evidence as to possession. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Digital evidence search kit

    Publication Year: 2005 , Page(s): 187 - 194
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (288 KB) |  | HTML iconHTML  

    With the rapid development of electronic commerce and Internet technology, cyber crimes have become more and more common. There is a great need for automated software systems that can assist law enforcement agencies in cyber crime evidence collection. This paper describes a cyber crime evidence collection tool called DESK (digital evidence search kit), which is the product of several years of cumulative efforts of our center together with the Hong Kong Police Force and several other law enforcement agencies of the Hong Kong Special Administrative Region. We use DESK to illustrate some of the desirable features of an effective cyber crime evidence collection tool. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Anti-cyberstalking: the Predator and Prey Alert (PAPA) system

    Publication Year: 2005 , Page(s): 195 - 205
    Cited by:  Papers (2)  |  Patents (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1192 KB) |  | HTML iconHTML  

    Stalking is a crime typified by repeated harassment of another person and intrusion upon his or her privacy. Cyberstalking extends stalking into the realm of cyberspace wherein a predator stalks a victim or prey through Internet technologies such as emails, chat rooms, and instant messaging. This paper describes the Predator and Prey Alert (PAPA) system. PAPA consists of a set of integrated software and hardware modules and tools designed to support law enforcement in helping victims of cyberstalking, facilitate the investigation of such crimes, and maintain evidence for the potential prosecution of the cyberstalker. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Challenges of automating the detection of paedophile activity on the Internet

    Publication Year: 2005 , Page(s): 206 - 220
    Cited by:  Papers (1)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (344 KB) |  | HTML iconHTML  

    This review paper outlines the need for research into the process of automating the detection of paedophile activities on the Internet and identifies the associated challenges of the research area. The paper overviews and analyses technologies associated with the use of the Internet by paedophiles in terms of event information that each technology potentially provides. It also reviews the anonymity challenges presented by these technologies. The paper presents methods for currently uncharted research that would aid in the process of automating the detection of paedophile activities on the Internet. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A DCT quantization-based image authentication system for digital forensics

    Publication Year: 2005 , Page(s): 223 - 235
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (848 KB) |  | HTML iconHTML  

    With the advent of digital times, the digital data has gradually taken the place of the original analog data. However, the authenticity of digital data faces a great challenge due to the fact that the digital edit software is ubiquitous. It has aroused the suspicion on the reliability of digital data especially when the digital data renders to the court as the digital evidence. We propose an integrated image authentication system for digital forensics and improve the detection problems of a DCT quantization-based image authentication scheme. The improved detection schemes effectively solve the detection problems and, at the same time, take into account the reliability, the security, and the practicability of the system. It is expected to reduce the wrong detection probability of the digital evidence. Finally, the improved image authentication schemes are implemented. If the digital evidence presented to the court is under suspicions, the system is expected to provide accurate information to help the judiciary to make the verdict right and objective. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Digital evidence collection process in integrity and memory information gathering

    Publication Year: 2005 , Page(s): 236 - 247
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (536 KB) |  | HTML iconHTML  

    In this paper, we inspect general digital evidence collection process which is according to RFC3227 document, and establish specific steps for guaranteeing integrity of digital evidence and memory information collection. EnCase™ which was used globally has a weakness that MDC value of digital evidence can be modified, hence we propose MDC public system, MAC system and public authentication system with PKI as a countermeasure. And we explain detail of each system. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.