Comparison of the Data Recovery Function of Forensic Tools

Cybercrime is an activity utilizing electronic devices and network technology as tools or media to commit crimes. One of them uses the Skype application that is installed on the smartphone. In finding evidence from a cybercrime case, a forensic activity known as digital forensic must be carried out. This study aims to recover digital evidence that has been erased using the NIST framework and forensic tools such as Oxygen and Belkasoft. The results of digital evidence recovery from smartphone Samsung J2 in the removal scenario via the application manager, the Oxygen tool cannot recover deleted data and the percentage of success using Belkasoft is 26%. While the results of data recovery with the manual removal method the percentage of success using Oxygen was 63% and Belkasoft was 44%. Digital evidence recovery results from smartphones Andromax A on the erase scenario through the application manager, Oxygen and Belkasoft tools cannot recover deleted data. While manual removal of Oxygen by 61% and Belkasoft cannot restore data. It can be concluded the results of data recovery from both smartphones that are used according to the erasure method through the application manager, Belkasoft has better performance than Oxygen, and data recovery according to the method of erasing manually, Oxygen has better performance than Belkasoft.

Download Full-text

Wireless sensor networks data recovery algorithm based on quadratic programming

Journal of Computer Applications ◽

10.3724/sp.j.1087.2013.00935 ◽

2013 ◽

Vol 33 (4) ◽

pp. 935-938

Author(s):

Guifeng WU ◽

Xuan WANG

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Quadratic Programming ◽

Data Recovery ◽

Wireless Sensor ◽

Recovery Algorithm

Download Full-text

APPLICATION FEATURES OF TECHNICAL AND FORENSIC TOOLS BY AN INVESTIGATOR (THE INTERROGATOR) DURING INTERROGATION IN THE PRETRIAL DETENTION CENTER

Vestnik Samarskogo iuridicheskogo instituta ◽

10.37523/sui.2020.39.3.007 ◽

2020 ◽

pp. 48-53

Author(s):

Роман Михайлович Морозов ◽

Дмитрий Юрьевич Волков

Keyword(s):

Law Enforcement ◽

Criminal Law ◽

Scientific Literature ◽

Preliminary Investigation ◽

Preventive Measure ◽

Criminal Procedure ◽

Evidence Based ◽

Detention Center ◽

Pretrial Detention ◽

Forensic Tools

Целью статьи было рассмотреть проблемные аспекты тактико-криминалистического применения технических средств при производстве допроса, предложить научно обоснованные рекомендации по их использованию. В статье раскрываются особенности применения технико-криминалистических средств процессуально уполномоченными должностными лицами органов предварительного следствия и дознания при производстве допроса подозреваемых (обвиняемых), в отношении которых избрана мера пресечения в виде заключения под стражу. По результатам проведенных исследований правоприменительной практики и научной литературы авторами раскрываются процессуальные и тактические основания и порядок применения технических средств при производстве допроса на отдельных его этапах, предлагаются решения проблем, связанных с применением технико-криминалистических средств, даются рекомендации по порядку применения отдельных технических средств. Выделяются наиболее целесообразные тактические приемы допроса при применении технических средств фиксации. Авторами предложены изменения в уголовно-процессуальное законодательство по совершенствованию законодательных норм в области применения технических средств при производстве следственных действий. Сформулированные в статье выводы могут быть использованы в правоприменительной практике следователями (дознавателями) при производстве допроса в следственном изоляторе, а также при преподавании отдельных дисциплин: «Уголовный процесс», «Криминалистика», а также специальных курсов (по выбору) уголовно-правового профиля. The purpose of the article was to consider the problematic aspects of the tactical and forensic use of technical means during the interrogation, to offer evidence-based recommendations for their use. The article reveals the features of the use of technical and forensic means by the procedurally authorized officials of the preliminary investigation and inquiry bodies during the interrogation of suspects (accused), in respect of which a preventive measure in the form of detention has been chosen. According to the results of the research of law enforcement practice and scientific literature, the authors reveal the procedural and tactical grounds and the procedure for the use of technical means during the interrogation at its individual stages, offers solutions to problems associated with the use of technical and forensic means, gives some recommendations on the order of application of individual technical means. The most appropriate tactics of interrogation, the use of technical facilities of fixation. The authors propose changes to the criminal procedure legislation to improve the legislative norms in the field of application of technical means in the investigative actions realization. The conclusions formulated in the article can be used in law enforcement practice by investigators (inquirers) during the interrogation in the pretrial detention center, as well as in the teaching of certain disciplines: «Criminal procedure», «Criminalistics», as well as special courses (optional) of criminal law profile.

Download Full-text

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

Circulation in Computer Science ◽

10.22632/ccs-2017-252-67 ◽

2017 ◽

Vol 2 (11) ◽

pp. 8-16

Author(s):

Moses Ashawa ◽

Innocent Ogwuche

Keyword(s):

Mobile Phones ◽

Instant Messaging ◽

Data Extraction ◽

Digital Evidence ◽

Cyber Attack ◽

Forensic Evidence ◽

Digital Forensic ◽

Proportional Increase ◽

Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Download Full-text