Can computer forensic tools be trusted in digital investigations?

2020 ◽  
Author(s):  
Wasim Ahmad Bhat ◽  
Ali AlZahrani ◽  
Mohamad Ahtisham Wani
Keyword(s):  
Forensic Tools ◽  
Computer Forensic

scholarly journals Recovering Evidentiary E-mail for Non-Repudiation Forensics

2019 ◽  
Vol 8 (11S2) ◽  
pp. 551-557
Keyword(s):  
Digital Content ◽  
Digital Evidence ◽  
Proof Of Concept ◽  
Legal Evidence ◽  
Whole Process ◽  
File Formats ◽  
Forensic Tools ◽  
Computer Forensic ◽  
E Mail

Computer Forensic, the upcoming branch of forensic science where acquiring, preserving, retrieving and presenting content processed electronically and stored digitally, is used for legal evidence in computer related crimes or any other unethical practice involving manipulation of digital content. Such digital content can take many forms which are manifested by different file formats and digital artifacts”. This paper concentrates on acquisition of deleted e-mail from mailbox of web servers satisfying two tier, three tier and n-tier technology. A detailed survey of several possibilities are included for non-repudiation forensic. A case study of a particular file type using suitable forensic tool is cited as a proof of concept towards this claimed inference to provide digital evidence in case of non-repudiation by sender and/or by receiver. This is simply conducted by using Encase a proprietary Digital forensic tools. The whole process is captured in step by step fashion to have a better understanding of the mechanism used. Recovery of files/emails have certain kinds of legal hurdles, the paper have addressed them as well. This paper contributes to the extend the recovered email can used as a ready digital evidence in any court of law.

On Creating Digital Evidence in IP Networks With NetTrack

2018 ◽  
pp. 225-245
Author(s):  
Diana Berbecaru
Keyword(s):  
Network Traffic ◽  
High Speed ◽  
Digital Signatures ◽  
Digital Evidence ◽  
Open Court ◽  
Forensic Tools ◽  
Network Forensic ◽  
Ip Packet ◽  
Computer Forensic ◽  
Short Time

Computer forensic is the practice of collecting, analyzing, and reporting digital evidence in a way that is legally admissible in open court. Network forensics, an offset of computer forensic, is mainly concerned with the monitoring and analysis of network traffic, both local and WAN/internet, in order to identify security incidents and to investigate fraud or network misuse. In this chapter, the authors discuss challenges in creating high-speed network forensic tools and propose NetTrack, a tamper-proof device aimed to produce evidences with probative value via digital signatures for the network traffic. Since digitally signing each IP packet is not efficient, the authors used a specific technique exploiting the Merkle trees to create digital signatures for flows and multicasts and implemented it by using an optimized algorithm for Merkle tree traversal to save space and time. Through experiments, the authors show NetTrack signing is fast as it can produce digital evidence within a short time.

scholarly journals Web Browser Artefacts using Cryptographic Examination

2019 ◽  
Vol 8 (4) ◽  
pp. 12641-12644
Keyword(s):  
Third Party ◽  
Security And Privacy ◽  
Hybrid Technique ◽  
Web Browser ◽  
Implementation Framework ◽  
Cryptographic Keys ◽  
Encryption Algorithms ◽  
Forensic Tools ◽  
Computer Forensic ◽  
Private Browsing

Private browsers, in general, offer security and privacy by allowing users to browse the web without leaving usual traces on their computers. However, private browsing has been proven not to deliver the security as they ensure they would. Previous researchers concluded that web browsers often failed to provide the intended privacy protection to their users. Even with third-party PC cleaning tools, web browser data can still be accessed using computer forensic tools. This paper aims to perform research and development of a framework with the help of cryptography that will support high accessibility of evidence until the evidence should be erased, at a point where it will be impossible to recover. Cryptography consolidates innumerable algorithms which are used in building a secured application. This application mainly focusses on the implementation of a system capable of encrypting of browser artefacts using encryption techniques. Advanced Encryption Standard (AES) is one of the best-known and most robust symmetric encryption algorithms. The AES rule is capable of using 128, 192, and 256 bits of cryptographic keys. The proposed system makes use of the advantages of both the methods by presenting a hybrid technique of encoding and encryption, resulting in a much secured and faster alternative of storing web browser artefacts. Regardless of whether the attacker gets access to any of the keys, the attacker won’t be in position to unmask the data in an expected certain amount of time. This system will hopefully contribute to a better web browser over the existing techniques by doing some minor changes in the implementation framework.

scholarly journals Memory Based Anti-Forensic Tools and Techniques

2010 ◽  
pp. 184-199
Author(s):  
Hamid Jahankhani ◽  
Elidon Beqiri
Keyword(s):  
Computer Forensics ◽  
Digital Evidence ◽  
The Creation ◽  
Volatile Memory ◽  
Forensic Tools ◽  
Tools And Techniques ◽  
Computer Forensic

Computer forensics is the discipline that deals with the acquisition, investigation, preservation and presentation of digital evidence in the court of law. Whereas anti-forensics is the terminology used to describe malicious activities deployed to delete, alter or hide digital evidence with the main objective of manipulating, destroying and preventing the creation of evidence .Various anti-forensic methodologies and tools can be used to interfere with digital evidence and computer forensic tools. However, memory-based anti-forensic techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence and attack on computer forensic tools. These techniques are mainly performed in volatile memory using advanced data alteration and hiding techniques. For these reasons memory-based anti-forensic techniques are considered to be unbeatable. This chapter aims to present some of the current anti-forensic approaches and in particular reports on memory-based anti-forensic tools and techniques.

APPLICATION FEATURES OF TECHNICAL AND FORENSIC TOOLS BY AN INVESTIGATOR (THE INTERROGATOR) DURING INTERROGATION IN THE PRETRIAL DETENTION CENTER

2020 ◽  
pp. 48-53
Author(s):  
Роман Михайлович Морозов ◽  
Дмитрий Юрьевич Волков
Keyword(s):  
Law Enforcement ◽  
Criminal Law ◽  
Scientific Literature ◽  
Preliminary Investigation ◽  
Preventive Measure ◽  
Criminal Procedure ◽  
Evidence Based ◽  
Detention Center ◽  
Pretrial Detention ◽  
Forensic Tools

Целью статьи было рассмотреть проблемные аспекты тактико-криминалистического применения технических средств при производстве допроса, предложить научно обоснованные рекомендации по их использованию. В статье раскрываются особенности применения технико-криминалистических средств процессуально уполномоченными должностными лицами органов предварительного следствия и дознания при производстве допроса подозреваемых (обвиняемых), в отношении которых избрана мера пресечения в виде заключения под стражу. По результатам проведенных исследований правоприменительной практики и научной литературы авторами раскрываются процессуальные и тактические основания и порядок применения технических средств при производстве допроса на отдельных его этапах, предлагаются решения проблем, связанных с применением технико-криминалистических средств, даются рекомендации по порядку применения отдельных технических средств. Выделяются наиболее целесообразные тактические приемы допроса при применении технических средств фиксации. Авторами предложены изменения в уголовно-процессуальное законодательство по совершенствованию законодательных норм в области применения технических средств при производстве следственных действий. Сформулированные в статье выводы могут быть использованы в правоприменительной практике следователями (дознавателями) при производстве допроса в следственном изоляторе, а также при преподавании отдельных дисциплин: «Уголовный процесс», «Криминалистика», а также специальных курсов (по выбору) уголовно-правового профиля. The purpose of the article was to consider the problematic aspects of the tactical and forensic use of technical means during the interrogation, to offer evidence-based recommendations for their use. The article reveals the features of the use of technical and forensic means by the procedurally authorized officials of the preliminary investigation and inquiry bodies during the interrogation of suspects (accused), in respect of which a preventive measure in the form of detention has been chosen. According to the results of the research of law enforcement practice and scientific literature, the authors reveal the procedural and tactical grounds and the procedure for the use of technical means during the interrogation at its individual stages, offers solutions to problems associated with the use of technical and forensic means, gives some recommendations on the order of application of individual technical means. The most appropriate tactics of interrogation, the use of technical facilities of fixation. The authors propose changes to the criminal procedure legislation to improve the legislative norms in the field of application of technical means in the investigative actions realization. The conclusions formulated in the article can be used in law enforcement practice by investigators (inquirers) during the interrogation in the pretrial detention center, as well as in the teaching of certain disciplines: «Criminal procedure», «Criminalistics», as well as special courses (optional) of criminal law profile.

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Sign in / Sign up

Export Citation Format

Share Document