Computer technique for the suitability of digital evidence in attacking an information system: Forensic analysis for the digital custody chain

WhatsApp is a giant mobile instant message IM application with over 1billion users. The huge usage of IM like WhatsApp through giant smart phone “Android” makes the digital forensic researchers to study deeply. The artefacts left behind in the smartphone play very important role in any electronic crime, or any terror attack. “WhatsApp” as a biggest IM in the globe is considered to be very important resource for information gathering about any digital crime. Recently, end-to-end encryption and many other important features were added and no device forensic analysis or network forensic analysis studies have been performed to the time of writing this paper. This paper explains how can we able to extract the Crypt Key of “WhatsApp” to decrypt the databases and extract precious artefacts resides in the android system without rooting the device. Artefacts that extracted from the last version of WhatsApp have been analysed and correlate to give new valuable evidentiary traces that help in investigating. Many hardware and software tools for mobile and forensics are used to collect as much digital evidence as possible from persistent storage on android device. Some of these tools are commercial like UFED Cellebrite and Andriller, and other are open source tools such as autopsy, adb, WhatCrypt. All of these tools that forensically sound accompanied this research to discover a lot of artefacts resides in android internal storage in WhatsApp application.

Download Full-text

A Comparative UAV Forensic Analysis: Static and Live Digital Evidence Traceability Challenges

Drones ◽

10.3390/drones5020042 ◽

2021 ◽

Vol 5 (2) ◽

pp. 42

Author(s):

Fahad E. Salamh ◽

Umit Karabiyik ◽

Marcus K. Rogers ◽

Eric T. Matson

Keyword(s):

High Volume ◽

Forensic Analysis ◽

Digital Evidence ◽

Incident Response ◽

Scientific Contribution ◽

Response Plan ◽

Technical Challenges ◽

And Control ◽

The Impact ◽

Categorization Model

The raising accessibility of Unmanned Aerial Vehicles (UAVs), colloquially known as drones, is rapidly increasing. Recent studies have discussed challenges that may come in tow with the growing use of this technology. These studies note that in-depth examination is required, especially when addressing challenges that carry a high volume of software data between sensors, actuators, and control commands. This work underlines static and live digital evidence traceability challenges to further enhance the UAV incident response plan. To study the live UAV forensic traceability issues, we apply the `purple-teaming’ exercise on small UAVs while conducting UAV forensic examination to determine technical challenges related to data integrity and repeatability. In addition, this research highlights current static technical challenges that could pose more challenges in justifying the discovered digital evidence. Additionally, this study discusses potential drone anti-forensic techniques and their association with the type of use, environment, attack vector, and level of expertise. To this end, we propose the UAV Kill Chain and categorize the impact and complexity of all highlighted challenges based on the conducted examination and the presented scientific contribution in this work. To the best of our knowledge, there has not been any contribution that incorporates `Purple-Teaming’ tactics to evaluate UAV-related research in cybersecurity and digital forensics. This work also proposes a categorization model that classifies the discovered UAV static and live digital evidence challenges based on their complexity and impact levels

Download Full-text

THE VALUE OF DIGITAL EVIDENCE IN CRIMINAL INVESTIGATIONS

RUDN JOURNAL OF LAW ◽

10.22363/2313-2337-2019-23-1-123-140 ◽

2019 ◽

Vol 23 (1) ◽

pp. 123-140

Author(s):

Oleg A Ostrovsky

Keyword(s):

Database Systems ◽

Forensic Analysis ◽

Computer Crime ◽

Digital Evidence ◽

Complex Task ◽

Security Measures ◽

Complex Processes ◽

New Directions ◽

E Learning ◽

Irregular Data

Modern information systems, such as e-learning, e-voting, e-health, etc., are often used inappropriately for irregular data changes (data falsification). These facts force to review security measures and find a way to improve them. Proof of computer crime is accompanied by very complex processes that are based on the collection of digital evidence, forensic analysis and investigation. Forensic analysis of database systems is a very specific and complex task and therefore is the main source of inspiration for research. This article presents the fact that classical methods of collecting digital evidence are not suitable and effective. To improve efficiency, a combination of well-known, world-independent database technologies and their application in the field of forensic science are proposed. It also offers new directions for research in this area.

Download Full-text

Forensic analysis of digital evidence from Palm Personal Digital Assistants

10.33915/etd.1550 ◽

2004 ◽

Author(s):

Christopher M. McNemar

Keyword(s):

Forensic Analysis ◽

Personal Digital Assistants ◽

Digital Evidence

Download Full-text

- Digital Evidence and Forensic Analysis

The Law of Cybercrimes and Their Investigations ◽

10.1201/b13651-16 ◽

2011 ◽

pp. 342-365

Keyword(s):

Forensic Analysis ◽

Digital Evidence

Download Full-text

PENGGUNAAN METODE STATIS DAN LIVE FORENSIK PADA UAV UNTUK MENDAPATKAN BUKTI DIGITAL

ILKOM Jurnal Ilmiah ◽

10.33096/ilkom.v11i2.444.152-158 ◽

2019 ◽

Vol 11 (2) ◽

pp. 152-158

Author(s):

Ibnu Fajar Arrochman ◽

Dhomas Hatta Fudholi ◽

Yudi Prayudi

Keyword(s):

Unmanned Aerial Vehicle ◽

Forensic Analysis ◽

Digital Evidence ◽

Memory Card ◽

Flight Mode ◽

Aerial Vehicle ◽

Total Sales

In recent years, the use of drones by civilians is increasing rapidly by the presentation of total sales continued to increase rapidly every year. With the increasing possibility of Unmanned Aerial Vehicle (UAV) abuse, crime in the use of UAVs to be larger. Through forensic analysis of data using static forensic and live forensic to obtain data that allows it to be used as digital evidence. To dig up information that could be used as digital evidence in the UAV and controllers, as well as to know the characteristics of digital evidence on a UAV. The results showed that digital evidence on a UAV, the smartphone is used as a controller UAV has a very important role in the investigation. The findings in aircraft has a percentage of 50% and a camera memory card with 16.6%. DJI Phantom 3 Advanced GPS coordinates always store data in flight LOG; the data is always stored even when the flight mode is used does not use GPS signals to stability. Due to DJI Phantom 3 Advanced always use GPS on flights, file, image or video captured by the camera has the best GPS location coordinates to the metadata therein.

Download Full-text

Computer forensic analysis protocols review focused on digital evidence recovery in hard disks devices

Journal of Physics Conference Series ◽

10.1088/1742-6596/1418/1/012008 ◽

2019 ◽

Vol 1418 ◽

pp. 012008 ◽

Cited By ~ 1

Author(s):

H F Villar-Vega ◽

L F Perez-Lopez ◽

J Moreno-Sanchez

Keyword(s):

Forensic Analysis ◽

Digital Evidence ◽

Hard Disks ◽

Computer Forensic

Download Full-text

DIGITAL CYBER FORENSIC EMAIL ANALYSIS AND DETECTION BASED ON INTELLIGENT TECHNIQUESINVESTIGATION

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.3.1.83 ◽

2020 ◽

Vol 3 (1) ◽

pp. 11-25

Author(s):

Sally Dakheel Hamdi ◽

Abdulkareem M. Radhi

Keyword(s):

Learning Algorithm ◽

Forensic Analysis ◽

Support Vector ◽

Digital Evidence ◽

The Internet ◽

Analysis Tool ◽

Data Set ◽

Important Means ◽

Internet Medium ◽

E Mail

The Internet has become open, public and widely used as a source of data transmission and exchanging messages between criminals, terrorists and those who have illegal motivations. Moreover, it can be used for exchanging important data between various military and financial institutions, or even ordinary citizens. One of the important means of exchanging information widely used on the Internet medium is the e-mail. Email messages are digital evidence that has been become one of the important means to adopt by courts in many countries and societies as evidence relied upon in condemnation, that prompts the researchers to work continuously to develop email analysis tool using the latest technologies to find digital evidence from email messages to assist the forensic expertise into to analyze email groups .This work presents a distinct technique for analyzing and classifying emails based on data processing and extraction, trimming, and refinement, clustering, then using the SWARM algorithm to improve the performance and then adapting support vector machine algorithm to classify these emails to obtain practical and accurate results. This framework, also proposes a hybrid English lexical Dictionary (SentiWordNet 3.0) for email forensic analysis, it contains all the sentiwords such as positive and negative and can deal with the Machine Learning algorithm. The proposed system is capable of learning in an environment with large and variable data. To test the proposed system will be select available data which is Enron Data set. A high accuracy rate is 92% was obtained in best case. The experiment is conducted the Enron email dataset corpus (May 7, 2015 Version of the dataset).

Download Full-text

A New Digital Evidence Retrieval Model For Gambling Machine Forensic Investigation

Jurnal Teknologi ◽

10.11113/jt.v54.91 ◽

2012 ◽

Author(s):

Pritheega Magalingam ◽

Azizah Abdul Manaf ◽

Zuraimi Yahya ◽

Rabiah Ahmad

Keyword(s):

Forensic Analysis ◽

Digital Evidence ◽

Retrieval Model ◽

Forensic Investigation ◽

Forensic Evidence ◽

Retrieval Method ◽

Illegal Gambling ◽

Digital Forensic ◽

Evidence Analysis ◽

Gaming Machine

Analisis forensik perkakasan melibatkan proses menganalisa data yang di perolehi secara elektronik untuk menunjukkan bukti sama ada peralatan elektronik adalah digunakan untuk melakukan jenayah, mengandungi bukti jenayah atau ia adalah satu sasaran jenayah. Penyalahgunaan mesin permainan merupakan sumber utama permainan haram dijalankan. Kerja penyelidikan ini memperkenalkan kaedah mendapatkan maklumat dari satu mesin permainan yang telah dirampas oleh PDRM dan menganalisis data yang diterjemahkan untuk membuktikan bahawa mesin permainan tersebut digunakan secara haram. Prosedur mendapatkan bukti digital ini dibina untuk membantu pihak polis atau penyiasat dalam penganalisaan maklumat digital dan ia boleh dijadikan sebagai satu garis panduan untuk mengenalpasti bukti yang relevan untuk menunjukan aktiviti perjudian haram dijalankan. Kata kunci: Forensik digital, analisis forensik, mesin judi, kaedah pengambilan informasi, penterjemahan, pencarian kata Hardware forensic analysis involves the process of analyzing digital evidence derived from digital sources. The analysis is done to facilitate and prove either the device is used to commit crime, whether it contains evidence of a crime or is the target of a crime. Gambling machines serve as the main source by which illegal games are conducted. This paper presents a method for retrieving information from a seized gaming machine, along with an analysis of the interpreted information to prove that the gaming machine was used illegally. The proposed procedures for the gambling machine forensic process will be important for forensic investigators (e.g., the police or private investigators), as they will assist these individuals in the digital forensic evidence analysis necessary to produce evidence relevant to illegal gambling. Key words: digital forensic, forensic analysis, gambling machine, information retrieval method, interpretation, string search

Download Full-text

PAZIIM DIGITAL EVIDENCE ANALYSIS APPLICATION ON ANDROID SMARTPHONES WITH A LOGICAL ACQUISITION APPROACH

Cyber Security dan Forensik Digital ◽

10.14421/csecurity.2019.2.2.1603 ◽

2019 ◽

Vol 2 (2) ◽

pp. 52-56

Author(s):

Dedy Hariyadi ◽

Hendro Wijayanto ◽

Indah Daila Sari

Keyword(s):

Social Media ◽

Online Social Networks ◽

Personal Data ◽

Forensic Analysis ◽

Digital Evidence ◽

Private Data ◽

Evidence Analysis ◽

Analysis Application ◽

Use Of Social Media ◽

Media Applications

The use of social media in Indonesia has increased very rapidly in 2018 compared to the previous year. This makes a lot of social media made by the children of the nation appear, one of which is Paziim. Socializing on the internet is very easy to leak personal data. There are three aspects that can be utilized on online social networks (OSN) in the disclosure of private data to the public, namely the strength of the relationship (strong or weak), the type of relationship and the characteristics of one's habits. Mobile forensics is needed to analyze digital evidence on social media applications installed on Android smartphones. Indonesia through the National Standardization Agency (BSN) also issued standards related to digital forensics. Standards which are derived from ISO / IEC regulate Security Techniques - Guidelines for the Identification, Collection, Acquisition and Preservation of Digital Evidence. This standardization is known as SNI ISO / IEC 27037: 2014. From the results of cell phone forensic analysis on the Paziim application, the results found the username, coordinates, device models, and operators used by users in SQLite Web_Data and OneSignal.xml files

Download Full-text