Adoption of Chain of Custody Improves Digital Forensic Investigation Process

Chain of custody plays an important role in determine integrity of digital evidence, because the chain of custody works on a proof that evidence has not been altered or changed through all phases, and must include documentation on how evidence is gathered, transported, analyzed and presented. The aims of this work is first to find out how the chain of custody has been applied to a wide range of models of the digital forensic investigation process for more than ten years. Second, a review of the methods on digitally signing an evidence that achieves the successful implementation of chain of custody through answering a few questions "who, when, where, why, what and how", and thus providing digital evidence to be accepted by the court. Based on the defined aims an experimental environment is being setup to outline practically an acceptable method in chain of custody procedure. Therefore, we have adopted SHA512 for hashing and regarding encryption RSA and GnuGP is applied where according to the defined requirement a combination of this algorithms could be adopted as a practical method.

Download Full-text

Digital Forensic Investigation of Social Media, Acquisition and Analysis of Digital Evidence

International Journal of Strategic Engineering ◽

10.4018/ijose.2019010105 ◽

2019 ◽

Vol 2 (1) ◽

pp. 52-60 ◽

Cited By ~ 3

Author(s):

Reza Montasari ◽

Richard Hill ◽

Victoria Carpenter ◽

Farshad Montaseri

Keyword(s):

Social Media ◽

Social Interaction ◽

Social Networking ◽

Social Networking Sites ◽

Instant Messaging ◽

Digital Evidence ◽

Forensic Investigation ◽

Digital Forensic ◽

Photo Sharing ◽

Investigation Process

Various social networking sites (SNSs), widely referred to as social media, provide services such as email, blogging, instant messaging and photo sharing for social and commercial interactions. SNSs are facilitating new forms of social interaction, dialogue, exchange and collaboration. They allow millions of users and organisations worldwide to exchange ideas, post updates and comments or participate in activities and events, while sharing their wider interests. At the same time, such a phenomenon has led to an upsurge in significant criminal activities by perpetrators who are becoming increasingly sophisticated in their attempts to deploy technology to circumvent detection. Digital forensic Examiners (DFEs) often face serious challenges in relation to data acquisition. Therefore, this article aims to analyse the significance of SNSs in DFIs and challenges that DFEs often encounter when acquiring evidence from SNSs. Furthermore, this article describes the steps of the digital forensic investigation process that must be taken to acquire digital evidence that is both authentic and forensically sound.

Download Full-text

A Survey on Digital Forensic Investigation Practitioners Approach and Challenges

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.35544 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 2733-2736

Author(s):

Prof. Sachin Babulal Jadhav

Keyword(s):

Data Collection ◽

Digital Forensics ◽

Electronic Devices ◽

Digital Evidence ◽

Cyber Crime ◽

Forensic Investigation ◽

Digital Forensic ◽

Digital Crime ◽

Entire World ◽

Investigation Process

Digital crimes are taking place over the entire world. For any digital crime which commit at any part of world, computer or any electronic devices are used. The devices which are used to commit the crime are useful evidences which must be identified and protected for further use. The crimes involving electronic devices are called as cyber-crime. To investigate such crimes, a scientific procedures needs to be followed. The data collection, analysis, preservation and presentation of digital evidence is must in order investigate the cybercrime. This paper highlights the practices that are used worldwide in the investigation process of cyber-crime. Keywords: Digital Forensics, Analysis, Investigation, models of investigation.

Download Full-text

Digital Chain of Custody

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v7i7.109 ◽

2017 ◽

Vol 7 (7) ◽

pp. 117

Author(s):

Matthew N.O. Sadiku ◽

Adebowale E. Shadare ◽

Sarhan M. Musa

Keyword(s):

Digital Evidence ◽

Chain Of Custody ◽

Digital Investigation ◽

A Chain ◽

Admissible Evidence ◽

Investigation Process

Digital chain of custody is the record of preservation of digital evidence from collection to presentation in the court of law. This is an essential part of digital investigation process. Its key objective is to ensure that the digital evidence presented to the court remains as originally collected, without tampering. The chain of custody is important for admissible evidence in court. Without a chain of custody, the opposing attorney can challenge or dismiss the evidence presented. The aim of this paper is to provide a brief introduction to the concept of digital chain custody.

Download Full-text

PENERAPAN FRAMEWORK HARMONISED DIGITAL FORENSIC INVESTIGATION PROCESS (HDFIP) UNTUK MENDAPATKAN ARTIFAK BUKTI DIGITAL PADA SMARTPHONE TIZEN

Cyber Security dan Forensik Digital ◽

10.14421/csecurity.2018.1.2.1352 ◽

2019 ◽

Vol 1 (2) ◽

pp. 67-74

Author(s):

Widodo Widodo ◽

Bambang Sugiantoro

Keyword(s):

Forensic Investigation ◽

Digital Forensic ◽

Investigation Process ◽

Live Forensics

Menurut Tizen Team (2016) smartphone dengan sistem operasi tizen termasuk smartphone yang baru dan memiliki jenis aplikasi Web, Hybrid, Native/asli dengan extensi file berupa file.tpk yang berbeda dengan jenis smartphone lainnya. Dari beberapa review penelitian sebelumnya, dapat diketahui bahwa belum ada penelitian tentang proses penanganan smartphone tizen beserta platform whatsapp yang berada didalamnya. Sebagian besar hasil penelitian hanya meliputi tentang bagaimana ekplorasi bukti digital pada smarphone android dan membahas tizen dari segi keamanan. Berdasarkan review dari penelitian tersebut, terdapat beberapa masalah diantaranya belum adanya metode dan penerapan framework yang cocok untuk proses penanganan smartphone tizen dan platform whatsapp yang berada didalamnya tersebut. Untuk itu, metode live forensics dan model HDFIP dapat dijadikan acuan framework yang cocok untuk mengidentifikasi karakteristik tizen dan platform whatsapp. Dimana metode live forensics akan digunakan untuk melakukan tahapan analisa secara terperinci dan teliti terhadap peangkat barang bukti digital dan dilakukan dalam sebuah perangkat elektronik dalam keadaan power on. Sehingga penelitian ini menghasilkan perbedaan mendasar artifak android dan tizen, mendapatkan karakteristik bukti digital pada Smartphone Tizen, yaitu berbentuk logical dan berupa file dengan ektensi .CSV dan file.db, dimana hasil penelitian ini terfokus pada sistem aplikasi WhatsApp dan SMS.

Download Full-text

Forensic Acquisition Methods for Cloud Computing Environments

Encyclopedia of Information Science and Technology, Fifth Edition - Advances in Information Quality and Management ◽

10.4018/978-1-7998-3479-3.ch033 ◽

2021 ◽

pp. 462-472

Author(s):

Diane Barrett

Keyword(s):

Cloud Computing ◽

Final Section ◽

Forensic Investigation ◽

Digital Forensic ◽

Chain Of Custody ◽

Computing Environments ◽

Acquisition Processes

Cloud computing environments add an inherent layer of complication to a digital forensic investigation. The content of this article explores current forensic acquisition processes, how current processes need to be modified for cloud investigations, and what new acquisition methods can help when it is necessary to garner evidence from a cloud computing-based environment. A section will be included that provides a recommendation on how to acquire evidence from cloud-based environments while maintaining chain of custody. A final section will include recommendations for additional areas of research in the area of investigating cloud computing environments and acquiring cloud computing-based evidence.

Download Full-text

The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa

Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad ◽

10.17159/1727-3781/2019/v22i0a4886 ◽

2019 ◽

Vol 22 ◽

pp. 1-42 ◽

Cited By ~ 1

Author(s):

Jacobus Gerhardus Nortje ◽

Daniel Christoffel Myburgh

Keyword(s):

Information Technology ◽

Police Officers ◽

Digital Forensics ◽

Legal Framework ◽

Legal Aspects ◽

Search And Seizure ◽

Digital Evidence ◽

Digital Forensic ◽

Chain Of Custody ◽

Principles And Standards

The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic. Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition. The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur. To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure. Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics. It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows: Data should not be changed or altered. Original evidence should not be directly examined. Forensically sound duplicates should be created. Digital forensic analyses should be performed by competent persons. Digital forensic analyses should adhere to relevant local legal requirements. Audit trails should exist consisting of all required documents and actions. The chain of custody should be protected. Processes and procedures should be proper, while recognised and accepted by the industry. If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.

Download Full-text

Analisis Forensik Metadata Kamera CCTV Sebagai Alat Bukti Digital

Digital Zone Jurnal Teknologi Informasi dan Komunikasi ◽

10.31849/digitalzone.v11i2.5174 ◽

2020 ◽

Vol 11 (2) ◽

pp. 257-267

Author(s):

Desti Mualfah ◽

Rizdqi Akbar Ramadhan

Keyword(s):

Reference Data ◽

Computer Forensics ◽

Closed Circuit ◽

Digital Evidence ◽

Management Information ◽

Digital Forensic ◽

Video Recordings ◽

Chain Of Custody ◽

Digital Forensic Investigations ◽

Cctv Camera

Kejahatan konvensial yang terekam kamera CCTV (Closed Circuit Televison) semakin banyak ditemukan di masyarakat, setiap pelaku kejahatan yang terbukti melakukan tindak pidana tertentu akan dihukum sesuai dengan peraturan perundang-undangan. Kamera CCTV memiliki peran penting dalam keamanan, banyak diantaranya hasil tangkapan rekaman kamera CCTV dijadikan sebagai alat bukti digital. Tantangannya adalah bagaimana teknik yang diperlukan untuk penanganan khusus investigasi digital forensik dalam mencari bukti ditgital rekaman kamera CCTV menggunakan metode live forensik, yaitu ketika barang bukti dalam keadan aktif berdasarkan pedoman SNI 27037:2014 sesuai acuan kerangka kerja Common Phases of Computer Forensics Investigation Models untuk di implementasikan ke dalam dokumen Chain of Custody. Hasil penelitian ini berupa hasil analisis video rekaman kamera CCTV tentang karakteristik bukti digital dan informasi metadata yang digunakan untuk memberikan penjelasan komprehensif secara terstruktur serta acuan pengelolaan informasi data yang didapat dari hasil investigasi digital forensik yang dapat dipertanggungjawabkan dalam persidangan. Kata kunci: Bukti Digital, Live Forensik, Metadata, Kamera CCTV, Chain of Custody. Abstract Conventional crimes that are recorded on CCTV (Closed Circuit Television) cameras are increasingly being found in society, every crime that commits certain crimes will be in accordance with statutory regulations. CCTV cameras have an important role in security, many of which are recorded by CCTV cameras used as digital evidence. The challenge is how the techniques required for special handling, digital forensics in searching for digital evidence of CCTV camera footage using the live forensic method, namely when the evidence is in an active state based on the latest SNI 27037: 2014 according to the framework reference Common Phases of Computer Forensics Investigation Models for in implement it into the Chain of Custody document. These results of this research are in the form of analysis of CCTV camera video recordings about the characteristics of digital evidence and metadata information used to provide a structured comprehensive explanation and reference data management information obtained from the results of digital forensic investigations that can be accounted for in court. Keywords: Digital Evidence, Live Forensic, Metadata, CCTV Camera, Chain of Custady.

Download Full-text

Holistic Analytics of Digital Artifacts

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.20210901.oa5 ◽

2021 ◽

Vol 13 (5) ◽

pp. 78-100

Author(s):

Ashok Kumar Mohan ◽

Sethumadhavan Madathil ◽

Lakshmy K. V.

Keyword(s):

Digital Evidence ◽

Forensic Investigation ◽

Association Model ◽

Digital Devices ◽

Digital Forensic ◽

Unique Mapping ◽

Metadata Association ◽

Almost All ◽

Mapping Models ◽

Unique Association

Investigation of every crime scene with digital evidence is predominantly required in identifying almost all atomic files behind the scenes that have been intentionally scrubbed out. Apart from the data generated across digital devices and the use of diverse technology that slows down the traditional digital forensic investigation strategies. Dynamically scrutinizing the concealed or sparse metadata matches from the less frequent archives of evidence spread across heterogeneous sources and finding their association with other artifacts across the collection is still a horrendous task for the investigators. The effort of this article via unique pockets (UP), unique groups (UG), and unique association (UA) model is to address the exclusive challenges mixed up in identifying incoherent associations that are buried well within the meager metadata field-value pairs. Both the existing similarity models and proposed unique mapping models are verified by the unique metadata association model.

Download Full-text

A DESIGN OF DIGITAL CHAIN CUSTODY FOR REPUBLIC OF IRAQ

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.3.3.108 ◽

2020 ◽

Vol 3 (3) ◽

pp. 24-32

Author(s):

Shireen M. Abed Zaid ◽

Bayan M. Sabbar

Keyword(s):

Conventional Method ◽

Digital Evidence ◽

Application Software ◽

Physical Evidence ◽

Chain Of Custody ◽

Problematic Issue ◽

A Chain ◽

Investigation Process ◽

Application Design

Chain of custody (COC) is a concept and process designed to ensure the integrity of evidence including digital evidence (DE). Also, it defines a set of procedures to document files according to its chronological [1]. In this paper, the authors design a Chain of custody application software in order to document all digital evidence in order to ensure its integrity. Thus, a chain of custody application design to document the digital evidence from the time it collected to the time where the evidence actually presented at the court to ensure the digital evidence integrity and authenticity. It can help the investigator to follow clear documentation during the investigation process because of the conventional method considered a problematic issue when it used for digital evidence. In addition to physical evidence and digital evidence have different features and characteristics.The Chain of Custody application for digital evidence is designed using the SQL and XML [3] schema approach to save case information and compute DE hash value. then compare it with its value stores in the COC tab. This solution comes as one of the solutions to enrich the existing solution of the digital chain of custody.

Download Full-text

RPAS Forensic Validation Analysis Towards a Technical Investigation Process: A Case Study of Yuneec Typhoon H

Sensors ◽

10.3390/s19153246 ◽

2019 ◽

Vol 19 (15) ◽

pp. 3246

Author(s):

Fahad E. Salamh ◽

Umit Karabiyik ◽

Marcus K. Rogers

Keyword(s):

Digital Evidence ◽

Digital Forensic ◽

Forensic Validation ◽

Aerial Vehicle ◽

Rapid Pace ◽

Forensic Artifacts ◽

Aerial Systems ◽

Admissible Evidence ◽

Investigation Process

The rapid pace of invention in technology and the evolution of network communication has produced a new lifestyle with variety of opportunities and challenges. Remotely Piloted Aerial Systems (RPAS) technology, which includes drones, is one example of a recently invented technology that requires the collection of a solid body of defensible and admissible evidence to help eliminate potential real-world threats posed by their use. With the advent of smartphones, there has been an increase in digital forensic investigation processes developed to assist specialized digital forensic investigators in presenting forensically sound evidence in the courts of law. Therefore, it is necessary to apply digital forensic techniques and procedures to different types of RPASs in order to create a line of defense against new challenges, such as aerial-related incidents, introduced by the use of these technologies. Drone operations by bad actors are rapidly increasing and these actors are constantly developing new approaches. These criminal operations include invasion of privacy, drug smuggling, and terrorist activities. Additionally, drone crashes and incidents raise significant concerns. In this paper, we propose a technical forensic process consisting of ten technical phases for the analysis of RPAS forensic artifacts, which can reduce the complexity of the identification and investigation of drones. Using the proposed technical process, we analyze drone images using the Computer Forensics Reference Datasets (CFReDS) and present results for the Typhoon H aerial vehicle manufactured by Yuneec, Inc. Furthermore, this paper explores the availability and value of digital evidence that would allow a more practical digital investigation to be able to build an evidence-based experience. Therefore, we particularly focus on developing a technical drone investigation process that can be applied to various types of drones.

Download Full-text