Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools

2011 ◽  
pp. 78-95 ◽  
Author(s):  
Hamda Bariki ◽  
Mariam Hashmi ◽  
Ibrahim Baggili
Keyword(s):  
Digital Evidence ◽  
Forensic Tools ◽  
Computer Forensic

scholarly journals Recovering Evidentiary E-mail for Non-Repudiation Forensics

2019 ◽  
Vol 8 (11S2) ◽  
pp. 551-557
Keyword(s):  
Digital Content ◽  
Digital Evidence ◽  
Proof Of Concept ◽  
Legal Evidence ◽  
Whole Process ◽  
File Formats ◽  
Forensic Tools ◽  
Computer Forensic ◽  
E Mail

Computer Forensic, the upcoming branch of forensic science where acquiring, preserving, retrieving and presenting content processed electronically and stored digitally, is used for legal evidence in computer related crimes or any other unethical practice involving manipulation of digital content. Such digital content can take many forms which are manifested by different file formats and digital artifacts”. This paper concentrates on acquisition of deleted e-mail from mailbox of web servers satisfying two tier, three tier and n-tier technology. A detailed survey of several possibilities are included for non-repudiation forensic. A case study of a particular file type using suitable forensic tool is cited as a proof of concept towards this claimed inference to provide digital evidence in case of non-repudiation by sender and/or by receiver. This is simply conducted by using Encase a proprietary Digital forensic tools. The whole process is captured in step by step fashion to have a better understanding of the mechanism used. Recovery of files/emails have certain kinds of legal hurdles, the paper have addressed them as well. This paper contributes to the extend the recovered email can used as a ready digital evidence in any court of law.

On Creating Digital Evidence in IP Networks With NetTrack

2018 ◽  
pp. 225-245
Author(s):  
Diana Berbecaru
Keyword(s):  
Network Traffic ◽  
High Speed ◽  
Digital Signatures ◽  
Digital Evidence ◽  
Open Court ◽  
Forensic Tools ◽  
Network Forensic ◽  
Ip Packet ◽  
Computer Forensic ◽  
Short Time

Computer forensic is the practice of collecting, analyzing, and reporting digital evidence in a way that is legally admissible in open court. Network forensics, an offset of computer forensic, is mainly concerned with the monitoring and analysis of network traffic, both local and WAN/internet, in order to identify security incidents and to investigate fraud or network misuse. In this chapter, the authors discuss challenges in creating high-speed network forensic tools and propose NetTrack, a tamper-proof device aimed to produce evidences with probative value via digital signatures for the network traffic. Since digitally signing each IP packet is not efficient, the authors used a specific technique exploiting the Merkle trees to create digital signatures for flows and multicasts and implemented it by using an optimized algorithm for Merkle tree traversal to save space and time. Through experiments, the authors show NetTrack signing is fast as it can produce digital evidence within a short time.

scholarly journals Memory Based Anti-Forensic Tools and Techniques

2010 ◽  
pp. 184-199
Author(s):  
Hamid Jahankhani ◽  
Elidon Beqiri
Keyword(s):  
Computer Forensics ◽  
Digital Evidence ◽  
The Creation ◽  
Volatile Memory ◽  
Forensic Tools ◽  
Tools And Techniques ◽  
Computer Forensic

Computer forensics is the discipline that deals with the acquisition, investigation, preservation and presentation of digital evidence in the court of law. Whereas anti-forensics is the terminology used to describe malicious activities deployed to delete, alter or hide digital evidence with the main objective of manipulating, destroying and preventing the creation of evidence .Various anti-forensic methodologies and tools can be used to interfere with digital evidence and computer forensic tools. However, memory-based anti-forensic techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence and attack on computer forensic tools. These techniques are mainly performed in volatile memory using advanced data alteration and hiding techniques. For these reasons memory-based anti-forensic techniques are considered to be unbeatable. This chapter aims to present some of the current anti-forensic approaches and in particular reports on memory-based anti-forensic tools and techniques.

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

2021 ◽  
Vol 5 (1) ◽  
pp. 45-54
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Irwan Syahib
Keyword(s):  
Extraction Process ◽  
Text Messages ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Digital Crime ◽  
The World ◽  
Instant Messenger ◽  
Negative Impacts ◽  
Forensic Tools ◽  
Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

scholarly journals Live Forensics Analysis of Line App on Proprietary Operating System

2019 ◽  
pp. 305-314
Author(s):  
Imam Riadi ◽  
Sunardi Sunardi ◽  
Muhamad Ermansyah Rauli
Keyword(s):  
Operating System ◽  
Random Access ◽  
Digital Evidence ◽  
Negative Effects ◽  
Access Memory ◽  
Digital Forensic ◽  
Instant Messenger ◽  
Forensic Tools ◽  
Live Forensics ◽  
Analyze Data

 The development of computer technology is increasing rapidly. This has positive and negative effects. One of the negative effects that occurred was the use of Line applications to conduct online shop fraud. Line is one of the instant messenger applications that can be used on computers, especially on Windows 8.1 operating system computers. Applications that run on the computer leave traces of data on Random Access Memory (RAM). Data left in RAM can be obtained using digital forensic techniques, namely live forensics which is used when the computer is running and connected to the internet. This study aims to find digital evidence regarding cases of online shop fraud using the National Institute of Standards and Technology (NIST) method. Digital evidence can be obtained using forensic tools, namely RamCapturer, FTK Imager and Winhex. RamCapturer is used to acquire data in RAM, FTK Imager is used for imaging and Winhex is used to analyze data that has been taken. The results obtained in this study were conversational recordings consisting of conversation time, conversation content and conversation status which could be digital evidence in uncovering the online shop fraud crime that occurred.

scholarly journals IDENTIFICATION OF DIGITAL EVIDENCE FACEBOOK MESSENGER ON MOBILE PHONE WITH NATIONAL INSTITUTE OF STANDARDS TECHNOLOGY (NIST) METHOD

Kursor ◽  
2019 ◽  
Vol 9 (3) ◽  
Author(s):  
Anton Yudhana ◽  
Imam Riadi ◽  
Ikhwan Anshori
Keyword(s):  
Social Media ◽  
Performance Evaluation ◽  
Mobile Phone ◽  
Digital Forensics ◽  
Negative Impact ◽  
Digital Evidence ◽  
Negative Effects ◽  
Acquisition Process ◽  
Digital Crime ◽  
Forensic Tools

Facebook Messenger is a popular social media. The increasing number of Facebook Messenger users certainly has a positive and negative impact, one of the negative effects is being used for digital crime. One of the sciences to get digital evidence is to do Digital forensics. Digital forensics can be done on a smartphone used by criminals. This research will carry out as much evidence of digital crime as possible from Facebook Messenger. In this study the forensic devices, Magnet AXIOM and Oxygen Forensics Suite 2014 were used using the National Institute of Standards Technology (NIST) method. NIST has work guidelines for both policies and standards to ensure that each examiner follows the same workflow so that their work is documented and the results can be repeated and maintained. The results of the research in the Magnet AXIOM and Oxygen Forensics Suite 2014 get digital evidence in the form of accounts, conversation texts, and images. This study successfully demonstrated the results of an analysis of forensic devices and digital evidence on Facebook Messenger. The results of the performance evaluation of forensic tools in the acquisition process using AXIOM Magnets are considered the best compared to Oxygen Forensics Suite 2014.

Sign in / Sign up

Export Citation Format

Share Document