scholarly journals Memory Based Anti-Forensic Tools and Techniques

2010 ◽  
pp. 184-199
Author(s):  
Hamid Jahankhani ◽  
Elidon Beqiri
Keyword(s):  
Computer Forensics ◽  
Digital Evidence ◽  
The Creation ◽  
Volatile Memory ◽  
Forensic Tools ◽  
Tools And Techniques ◽  
Computer Forensic

Computer forensics is the discipline that deals with the acquisition, investigation, preservation and presentation of digital evidence in the court of law. Whereas anti-forensics is the terminology used to describe malicious activities deployed to delete, alter or hide digital evidence with the main objective of manipulating, destroying and preventing the creation of evidence .Various anti-forensic methodologies and tools can be used to interfere with digital evidence and computer forensic tools. However, memory-based anti-forensic techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence and attack on computer forensic tools. These techniques are mainly performed in volatile memory using advanced data alteration and hiding techniques. For these reasons memory-based anti-forensic techniques are considered to be unbeatable. This chapter aims to present some of the current anti-forensic approaches and in particular reports on memory-based anti-forensic tools and techniques.

scholarly journals MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON

2020 ◽  
Vol 5 (2) ◽  
pp. 90-95
Author(s):  
Mital Parekh ◽  
Snehal Jani
Keyword(s):  
Data Collection ◽  
Research Paper ◽  
Cyber Crime ◽  
Forensic Investigation ◽  
Short Period ◽  
Cryptographic Keys ◽  
Volatile Memory ◽  
Forensic Tools ◽  
Tools And Techniques ◽  
Complete Investigation

The enhancement of technology has led to a considerable amount of growth in number of cases pertaining to cyber-crime and has raised an enormous challenge to tackle it effectively.  There are various cyber forensic techniques and tools used to recover data from the devices to tackle cyber-crime. Present research paper focuses on performing memory forensic and analyzes the memory which contains many pieces of information relevant to forensic investigation, such as username, password, cryptographic keys, deleted files, deleted logs, running processes; that can be helpful to investigate the cyber-crime pining down the accused. The three main steps followed in memory forensic are acquiring, analyzing and recovering. Recovery of the evidences of crime from the volatile memory can be possible with the knowledge of different tools and techniques used in memory forensic.  However, it is always tough to analyze volatile memory as it stays for a very short period. Not all tools can be used for memory forensic in every situation and therefore, it is important to have the knowledge of tools before applying to solve a particular cyber-crime. It is yet to establish on using a single tool for complete investigation, however, most of the tools used are successful in providing reasonable evidences. The present research paper provides an insight on analyzing the memory that stores relevant data, collection of evidences from the device(s), extraction of essential data using different memory forensic tools, tools useful for various purposes and the best suited tool for a particular situation.                                      

scholarly journals Recovering Evidentiary E-mail for Non-Repudiation Forensics

2019 ◽  
Vol 8 (11S2) ◽  
pp. 551-557
Keyword(s):  
Digital Content ◽  
Digital Evidence ◽  
Proof Of Concept ◽  
Legal Evidence ◽  
Whole Process ◽  
File Formats ◽  
Forensic Tools ◽  
Computer Forensic ◽  
E Mail

Computer Forensic, the upcoming branch of forensic science where acquiring, preserving, retrieving and presenting content processed electronically and stored digitally, is used for legal evidence in computer related crimes or any other unethical practice involving manipulation of digital content. Such digital content can take many forms which are manifested by different file formats and digital artifacts”. This paper concentrates on acquisition of deleted e-mail from mailbox of web servers satisfying two tier, three tier and n-tier technology. A detailed survey of several possibilities are included for non-repudiation forensic. A case study of a particular file type using suitable forensic tool is cited as a proof of concept towards this claimed inference to provide digital evidence in case of non-repudiation by sender and/or by receiver. This is simply conducted by using Encase a proprietary Digital forensic tools. The whole process is captured in step by step fashion to have a better understanding of the mechanism used. Recovery of files/emails have certain kinds of legal hurdles, the paper have addressed them as well. This paper contributes to the extend the recovered email can used as a ready digital evidence in any court of law.

On Creating Digital Evidence in IP Networks With NetTrack

2018 ◽  
pp. 225-245
Author(s):  
Diana Berbecaru
Keyword(s):  
Network Traffic ◽  
High Speed ◽  
Digital Signatures ◽  
Digital Evidence ◽  
Open Court ◽  
Forensic Tools ◽  
Network Forensic ◽  
Ip Packet ◽  
Computer Forensic ◽  
Short Time

Computer forensic is the practice of collecting, analyzing, and reporting digital evidence in a way that is legally admissible in open court. Network forensics, an offset of computer forensic, is mainly concerned with the monitoring and analysis of network traffic, both local and WAN/internet, in order to identify security incidents and to investigate fraud or network misuse. In this chapter, the authors discuss challenges in creating high-speed network forensic tools and propose NetTrack, a tamper-proof device aimed to produce evidences with probative value via digital signatures for the network traffic. Since digitally signing each IP packet is not efficient, the authors used a specific technique exploiting the Merkle trees to create digital signatures for flows and multicasts and implemented it by using an optimized algorithm for Merkle tree traversal to save space and time. Through experiments, the authors show NetTrack signing is fast as it can produce digital evidence within a short time.

scholarly journals Comparative Study and Analysis on Integrity of Data Files Using Different Tools and Techniques

2021 ◽  
Vol 4 (1) ◽  
pp. 43-54
Author(s):  
Kumarshankar Raychaudhuri ◽  
M. George Christopher ◽  
Nayeem Abbas Hamdani
Keyword(s):  
Comparative Study ◽  
Data File ◽  
Digital Evidence ◽  
Forensic Investigation ◽  
Digital Devices ◽  
Sample Data ◽  
Chain Of Custody ◽  
Data Files ◽  
Forensic Tools ◽  
Tools And Techniques

Digital forensic investigation is the scientific process of collection, preservation, examination, analysis, documentation and presentation of digital evidence from digital devices, so that the evidence is in compliance with legal terms and acceptable in a court of law. Integrity of the digital evidence is an indispensable part of the investigation process and should be preserved to maintain the chain of custody. This is done through hashing technique using standardized forensic tools. However, while handling the evidences , lack of knowledge might lead to unintentional alteration of computed hash. This violates the chain of custody and makes the evidence inadmissible in a court of law. In this paper, our objective is to determine the different conditions under which the original hash value of a digital evidence changes. For this, we create different scenarios using sample data files and compute their hash values. A comparative study and analysis are done to determine in which scenario the original hash value of the data file changes. The results of the research will prove useful and essential for Criminal Justice Functionaries in gaining knowledge about various conditions leading to the change in hash value of digital evidence and therefore, avoid its accidental alteration during forensic investigation/examination.

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

scholarly journals Evidencia digital y técnicas y herramientas de auditoría asistidas por computador [Digital evidence and Computer Assisted Audit Tools and Techniques]

2013 ◽  
Author(s):  
Francisco Javier Valencia Duque ◽  
Johnny Alexander Tamayo Arias
Keyword(s):  
Digital Evidence ◽  
Computer Assisted ◽  
Exploratory Research ◽  
Information And Communications Technologies ◽  
Audit Process ◽  
Electronic Evidence ◽  
Palabras Clave ◽  
Level Of Use ◽  
Communications Technologies ◽  
Tools And Techniques

Resumen La evidencia, es la esencia del proceso auditor, demostrado implícita y explícitamente en las definiciones formales de auditoría; sin embargo con la adopción intensiva de las Tecnologías de Información y Comunicaciones en las organizaciones, la evidencia digital, se ha convertido en un tema clave para la competitividad de los auditores. Este artículo desarrolla una investigación exploratoria acerca de la evidencia tradicional y digital, con énfasis en esta última, asociada a las Técnicas y Herramientas de Auditoría Asistidas por Computador, explorando sus conceptos, tipologías, normas y estándares; además de intentar establecer su nivel de uso tomando como referencia estudios desarrollados en el ámbito internacional. Los resultados de esta indagación llevan a concluir que el tratamiento de la evidencia digital, y su obtención a través de Técnicas y Herramientas de Auditoría Asistidas por computador no son nuevas y han sido objeto de estudio por parte de las principales entidades relacionadas con la disciplina de la auditoría, destacándose en los estudios de nivel de uso, la tendencia a indagar sobre las Herramientas de Auditoría y con un fuerte énfasis en el software generalizado de auditoría, más que en las técnicas de auditoría asistidas por computador propiamente dichas. Palabras clave Evidencia, Evidencia digital, Evidencia electrónica, TAAC, Técnicas de auditoría. Abstract The evidence is the essence of the audit process, implicitly and explicitly demonstrated in the formal definitions of audit, but the intensive adoption of Information and Communications Technologies in organizations, the digital evidence, has become a key issue for competitiveness of the auditors. This paper develops an exploratory research on traditional and digital evidence, with emphasis on the latter, associated with Techniques and Tools Computer Assisted Audit, exploring the concepts, types, rules and standards in addition to trying to establish their level of use reference to studies carried out internationally. The results of this investigation lead us to conclude that the processing of digital evidence, and obtaining through Techniques and Tools Computer Assisted Audit are not new and have been studied by the main entities involved in the discipline of the audit, highlighting the use of level studies, the tendency to investigate audit Tools with a strong emphasis on generalized audit software, rather than on technical computer-assisted audit themselves.KeywordsEvidence, Digital Evidence, Electronic Evidence, CAATT, Audit Techniques. 

A Project of Protection Digital Evidence

2011 ◽  
Vol 268-270 ◽  
pp. 1653-1656
Author(s):  
Huan Zhou Li ◽  
Jian Zhang ◽  
Zhang Guo Tang ◽  
Ming Quan Zhong
Keyword(s):  
Digital Signature ◽  
Computer Forensics ◽  
Protection System ◽  
Digital Evidence ◽  
Time Stamp ◽  
Digital Time

To protect digital evidence during Computer Forensics, the measure of protection digital evidence was analyzed, and a project of protection digital evidence (Digital Evidence Protection System, called DEPS) was designed. In this paper, the framework and element of DEPS was introduced, and the mechanism of multi-digital-signature and digital time-stamp of DEPS was described.

Sign in / Sign up

Export Citation Format

Share Document