Forensic Computing

2011 ◽  
pp. 291-310
Author(s):  
Bernd Carsten Stahl ◽  
Moira Carroll-Mayer ◽  
Peter Norris
Keyword(s):  
Forensic Science ◽  
Digital Evidence ◽  
Legal Environment ◽  
Digital Crime ◽  
Technical Issues ◽  
High Level ◽  
University Course

In order to be able to address issues of digital crime and forensic science in cyberspace, there is a need for specifically skilled individuals. These need to have a high level of competence in technical matters, but they must also be able to evaluate technical issues with regards to the legal environment. Digital evidence is worth nothing if it is not presented professionally to a court of law. This chapter describes the process of designing a university course (a full undergraduate BSc degree) in forensic computing. The aim of the chapter is to present the underlying rationale and the design of the course. It will emphasise the problem of interdisciplinary agreement on necessary content and the importance of the different aspects. It is hoped that the chapter will stimulate debate between individuals tasked with designing similar academic endeavours and that this debate will help us come to an agreement what the skills requirement for forensic computing professionals should be.

Forensic Analysis of Artifacts of Giant Instant Messaging “WhatsApp” in Android Smartphone

2018 ◽  
Vol 5 (2) ◽  
pp. 73-83
Author(s):  
Hussein Abed Ghannam
Keyword(s):  
Instant Messaging ◽  
Smart Phone ◽  
Forensic Analysis ◽  
Digital Evidence ◽  
Terror Attack ◽  
Left Behind ◽  
Digital Crime ◽  
Internal Storage ◽  
Network Forensic ◽  
Electronic Crime

WhatsApp is a giant mobile instant message IM application with over 1billion users. The huge usage of IM like WhatsApp through giant smart phone “Android” makes the digital forensic researchers to study deeply. The artefacts left behind in the smartphone play very important role in any electronic crime, or any terror attack. “WhatsApp” as a biggest IM in the globe is considered to be very important resource for information gathering about any digital crime. Recently, end-to-end encryption and many other important features were added and no device forensic analysis or network forensic analysis studies have been performed to the time of writing this paper. This paper explains how can we able to extract the Crypt Key of “WhatsApp” to decrypt the databases and extract precious artefacts resides in the android system without rooting the device. Artefacts that extracted from the last version of WhatsApp have been analysed and correlate to give new valuable evidentiary traces that help in investigating. Many hardware and software tools for mobile and forensics are used to collect as much digital evidence as possible from persistent storage on android device. Some of these tools are commercial like UFED Cellebrite and Andriller, and other are open source tools such as autopsy, adb, WhatCrypt. All of these tools that forensically sound accompanied this research to discover a lot of artefacts resides in android internal storage in WhatsApp application.

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

2021 ◽  
Vol 5 (1) ◽  
pp. 45-54
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Irwan Syahib
Keyword(s):  
Extraction Process ◽  
Text Messages ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Digital Crime ◽  
The World ◽  
Instant Messenger ◽  
Negative Impacts ◽  
Forensic Tools ◽  
Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

Cybersecurity and the Handling of Cyber Incidents

2019 ◽  
Vol 10 (2) ◽  
pp. 107-128
Author(s):  
Jerzy Kosiński ◽  
Tomasz Gontarz ◽  
Robert Kośla
Keyword(s):  
Cyber Security ◽  
Good Practice ◽  
International Standards ◽  
Computer Hardware ◽  
Digital Evidence ◽  
Normative Documents ◽  
Simplified Procedure ◽  
High Level ◽  
Ict Security ◽  
Security Incidents

The article presents interpretations of the concepts of cybersecurity and cybercrime as well as the abuse of the term cybernetic. The author refers to information as a new “centre of gravity” of the nation’s power and special attention is paid to activities aimed at ensuring a high level of information security in Poland. The assumptions of the draft Act on the national cybersecurity system are described and particular emphasis is placed on the issues of technical and organisational reporting and the handling of ICT security incidents. The author points out that handling incidents violating cyber security at a strategic level for a country ought to be considered as an intentional action of a definite and repeatable character. Here the reference to the ISO/IEC standards and recommendations can be found. Moreover, behaviours related to securing digital evidence after an incident, including the so-called good practice in relation to the reaction in the event of an incident, are presented. A simplified procedure for securing computer hardware, as a recommended method of action in case of the triage and live data forensics, are suggested in the article. The recommendations of the FORZA methodology and frameworks are also discussed. When summarising, the author underlines that it is essential to prepare appropriate procedures and personnel for the broadly understood handling of incidents violating cybersecurity. This includes protection of digital evidence according to the procedures, good practice and suggestions contained in normative documents, as well as implementing cybersecurity policy, bringing legislation into line with international standards and educating users and the judiciary.

scholarly journals General Theoretical Issues of Improving Private Forensic Methods In The Field Of Combat Against Cybercrime

2021 ◽  
Vol 58 (1) ◽  
pp. 2705-2712
Author(s):  
Khamidov Bakhtiyor Khamidovich Et al.
Keyword(s):  
Law Enforcement ◽  
Forensic Science ◽  
International Standards ◽  
Digital Evidence ◽  
National Legislation ◽  
Electronic Evidence ◽  
Judicial Practice ◽  
Practical Research ◽  
Technical Features ◽  
Theoretical Issues

This article critically examines the problems and gaps that arise in national legislation and law enforcement practice in the fight against cybercrime. Scientifically grounded ways and means of their overcoming are theoretically analyzed. In this regard, proposals and recommendations were developed for the development of private criminology methodologies for the development of the theory of forensic science. The article was prepared with the views of theorists and practitioners, as well as technical research which were based on scientific and practical research in the field of countering cybercrime. The study analyzes a number of proprietary forensic methods that serve to improve the effectiveness of investigative actions in the fight against cybercrime. National legislation, investigative and judicial practice, international prominent practices were studied, and their achievements and drawbacks were substantiated on the basis of the author's conclusions. Based on this, the most favorable directions for combating these crimes in Uzbekistan were selected. The article provides a systematic, legal, scientific and methodological analysis of problems in this area and the author's conclusions on this matter. At the same time, the role and importance of advanced foreign experience and international standards in improving national legislation and ensuring the implementation of the tasks set in the State Program are emphasized. In addition, the concepts of "electronic evidence" and "digital evidence" were scientifically analyzed. Their content and technical features are scientifically and theoretically substantiated.

scholarly journals Application of Static Forensics Method for Extracting Steganographic Files on Digital Evidence Using the DFRWS Framework

2020 ◽  
Vol 4 (3) ◽  
pp. 576-583
Author(s):  
Sunardi ◽  
Imam Riadi ◽  
Muh. Hajar Akbar
Keyword(s):  
Digital Forensics ◽  
Digital Evidence ◽  
Hide Information ◽  
Research Workshop ◽  
Digital Crime ◽  
The Right ◽  
Original Information

Steganography is one of the anti-forensic techniques that allow criminals to hide information in other messages so that during the investigation, the investigator will experience problems and difficulty in getting evidence of original information on the crime. Therefore an investigator is required to have the ability to be able to find and extract (decoding) using the right tools when opening messages that have been inserted by steganography techniques. The purpose of this study is to analyze digital evidence using the static forensics method by applying the six stages to the Digital Forensics Research Workshop (DFRWS) framework and extracting steganography on files that have been compromised based on case scenarios involving digital crime. The tools used are FTK Imager, Autopsy, WinHex, Hiderman, and StegSpy. The results of extraction of 9 out of 10 files that were scanned by steganography files had 90% success and 10% of steganography files were not found, so it can be concluded that the extraction files in steganographic messages can be used as legal digital proofs according to law.  

“Carrying the organ” – the thing on the portative, Part 1

2019 ◽  
Vol 2 (12) ◽  
pp. 45-60 ◽  
Author(s):  
Piotr Dziewiecki
Keyword(s):  
Vocal Music ◽  
Pipe Organ ◽  
Full Size ◽  
12Th Century ◽  
The Family ◽  
Important Discrepancy ◽  
Technical Issues ◽  
Portable Instruments ◽  
High Level ◽  
Organ Builders

The present article is aimed at outlining the history and form of instruments known as portatives. Its continuation will be a paper devoted to discussing technical issues connected with designing and constructing Opus 1 Portative built by the author. The portative is an instrument belonging to the family of keyboard aerophones. It is the smallest representative of the pipe organ family – both in terms of its sound range and size. As there are not many historical instruments preserved to this day, we draw information on their form and use from how they are depicted in art. It is a testament of the evolution of portatives and their popularity – from the first mentions about them from the beginning of the 12th century to the16th century when their significance lessened. This drop in popularity of these instruments was probably connected with their technical limitations noticed at that time, the fact that they were unable to meet the requirements of the evolving music and they became ousted by other portable instruments. The construction of the portative is similar to the construction of the full-size pipe organ. We can notice the occurrence of similar components, only in a simplified and smaller form. An important discrepancy is a different treatment of air system – the portative usually has only one wedge bellow operated by the player, which allows to very precisely control the air pressure, and that is connected with the dynamics and tone colour of sound produced by the pipes. This results in playing music characteristic of portatives, i.e., similar to vocal music having greater phrasing capacities as compared to playing the full-size pipe organ. Despite the decline of interest in portatives, which could be noticed in the 16th century, nowadays portatives have been regaining popularity with musicians and organ builders. They all want to build instruments with a high level of historical accuracy as well as create portatives with modern features. Examples of the first trend can be found in Marcus Stahl’s workshop, whereas the instrument built by me follows the second trend. A great model of a portative combining both ideas is one constructed by Bartosz Żłóbiński.

Sign in / Sign up

Export Citation Format

Share Document