Digital Forensics of Cybercrimes and the Use of Cyber Forensics Tools to Obtain Digital Evidence

Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-7998-4162-3.ch003 ◽

2021 ◽

pp. 45-68

Keyword(s):

International Collaboration ◽

Digital Forensics ◽

Lessons Learned ◽

Digital Evidence ◽

Collaboration Networks ◽

Forensic Evidence ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Chain Of Custody ◽

New Strategies

This chapter evaluates the most relevant methodologies and best practices for conducting digital investigations, preserving digital forensic evidence and following chain of custody (CoC) of cybercrimes. Cybercriminals are assuming new strategies to launch their sophisticated cyberattacks within the ever-changing digital ecosystems. The authors recommend that digital investigations must continually shift to tackle cybercrimes and prosecute cybercriminals to increase international collaboration networks, to share prevention knowledge, and to analyze lessons learned. They also establish a cyber forensics model for miscellaneous ecosystems called cyber forensics model in digital ecosystems (CFMDE). This chapter also reviews the most important categories of tools to conduct digital investigations. Nevertheless, as the cybercrime sophistication keeps improving, it is also necessary to harden technologies, techniques, methodologies, and tools to acquire digital evidence in order to support and make cyber investigation cases stronger.

Download Full-text

Digital Forensic Analysis of Cybercrimes

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2017040103 ◽

2017 ◽

Vol 11 (2) ◽

pp. 25-37 ◽

Cited By ~ 2

Author(s):

Regner Sabillon ◽

Jordi Serra-Ruiz ◽

Victor Cavaller ◽

Jeimy J. Cano

Keyword(s):

Best Practices ◽

International Collaboration ◽

Forensic Analysis ◽

Lessons Learned ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Digital Forensic ◽

Chain Of Custody ◽

Technological Ecosystems ◽

Forensic Tools

This paper reviews the existing methodologies and best practices for digital investigations phases like collecting, evaluating and preserving digital forensic evidence and chain of custody of cybercrimes. Cybercriminals are adopting new strategies to launch cyberattacks within modified and ever changing digital ecosystems, this article proposes that digital investigations must continually readapt to tackle cybercrimes and prosecute cybercriminals, working in international collaboration networks, sharing prevention knowledge and lessons learned. The authors also introduce a compact cyber forensics model for diverse technological ecosystems called Cyber Forensics Model in Digital Ecosystems (CFMDE). Transferring the knowledge, international collaboration, best practices and adopting new digital forensic tools, methodologies and techniques will be hereinafter paramount to obtain digital evidence, enforce organizational cybersecurity policies, mitigate security threats, fight anti-forensics practices and indict cybercriminals. The global Digital Forensics community ought to constantly update current practices to deal with cybercriminality and foreseeing how to prepare to new technological environments where change is always constant.

Download Full-text

Digital Forensic Analysis of Cybercrimes

Digital Multimedia ◽

10.4018/978-1-5225-3822-6.ch029 ◽

2018 ◽

pp. 588-600

Author(s):

Regner Sabillon ◽

Jordi Serra-Ruiz ◽

Victor Cavaller ◽

Jeimy J. Cano

Keyword(s):

Best Practices ◽

International Collaboration ◽

Forensic Analysis ◽

Lessons Learned ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Digital Forensic ◽

Chain Of Custody ◽

Technological Ecosystems ◽

Forensic Tools

Download Full-text

Lessons learned writing digital forensics tools and managing a 30TB digital evidence corpus

Digital Investigation ◽

10.1016/j.diin.2012.05.002 ◽

2012 ◽

Vol 9 ◽

pp. S80-S89 ◽

Cited By ~ 20

Author(s):

Simson Garfinkel

Keyword(s):

Digital Forensics ◽

Lessons Learned ◽

Digital Evidence

Download Full-text

The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa

Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad ◽

10.17159/1727-3781/2019/v22i0a4886 ◽

2019 ◽

Vol 22 ◽

pp. 1-42 ◽

Cited By ~ 1

Author(s):

Jacobus Gerhardus Nortje ◽

Daniel Christoffel Myburgh

Keyword(s):

Information Technology ◽

Police Officers ◽

Digital Forensics ◽

Legal Framework ◽

Legal Aspects ◽

Search And Seizure ◽

Digital Evidence ◽

Digital Forensic ◽

Chain Of Custody ◽

Principles And Standards

The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic. Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition. The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur. To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure. Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics. It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows: Data should not be changed or altered. Original evidence should not be directly examined. Forensically sound duplicates should be created. Digital forensic analyses should be performed by competent persons. Digital forensic analyses should adhere to relevant local legal requirements. Audit trails should exist consisting of all required documents and actions. The chain of custody should be protected. Processes and procedures should be proper, while recognised and accepted by the industry. If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.

Download Full-text

Digital Forensics and Data Mining

Advances in Digital Crime, Forensics, and Cyber Terrorism - Critical Concepts, Standards, and Techniques in Cyber Forensics ◽

10.4018/978-1-7998-1558-7.ch014 ◽

2020 ◽

pp. 240-247

Author(s):

Mohammad Suaib ◽

Mohd. Akbar ◽

Mohd. Shahid Husain

Keyword(s):

Data Mining ◽

Digital Forensics ◽

Traditional Approach ◽

Information Age ◽

Digital Evidence ◽

Law Enforcement Agencies ◽

Cyber Forensics ◽

Data Mining Techniques ◽

Digital Forensic ◽

Efficiency And Reliability

Digital forensic experts need to identify and collect the data stored in electronic devices. Further, this acquired data has to be analyzed to produce digital evidence. Data mining techniques have been successfully implemented in various applications across the domains. Data mining techniques help us to gain insight from a large volume of data. It helps us to predict the pattern, classify the data, and other various aspects of the data based on the users' perspective. Digital forensics is a sophisticated area of research. As the information age is revolutionizing at an inconceivable speed and the information stored in digital form is growing at a rapid rate, law enforcement agencies have a heavy reliance on digital forensic techniques that can provide timely acquisition of data, zero fault data processing, and accurate interpretation of data. This chapter gives an overview of the tasks involved in cyber forensics. It also discusses the traditional approach for digital forensics and how the integration of data mining techniques can enhance the efficiency and reliability of the existing systems used for cyber forensics.

Download Full-text

Cyber Forensics Evolution and Its Goals

Advances in Digital Crime, Forensics, and Cyber Terrorism - Critical Concepts, Standards, and Techniques in Cyber Forensics ◽

10.4018/978-1-7998-1558-7.ch002 ◽

2020 ◽

pp. 16-30

Author(s):

Mohammad Zunnun Khan ◽

Anshul Mishra ◽

Mahmoodul Hasan Khan

Keyword(s):

Life Cycle ◽

Personal Computer ◽

Police Officers ◽

Digital Forensics ◽

Computer Forensics ◽

Digital Evidence ◽

Cyber Forensics ◽

Forensic Research ◽

Research Workshop

This chapter includes the evolution of cyber forensics from the 1980s to the current era. It was the era when computer forensics came into existence after a personal computer became a viable option for consumers. The formation of digital forensics is also discussed here. This chapter also includes the formation of cyber forensic investigation agencies. Cyber forensic life cycle and related phases are discussed in detail. Role of international organizations on computer evidence is discussed with the emphasize on Digital Forensic Research Workshop (DFRWS), Scientific Working Group on Digital Evidence (SWDGE), chief police officers' involvement. Authenticity-, accuracy-, and completeness-related pieces of evidence are also discussed. The most important thing that is discussed here is the cyber forensics data.

Download Full-text

CustodyBlock: A Distributed Chain of Custody Evidence Framework

Information ◽

10.3390/info12020088 ◽

2021 ◽

Vol 12 (2) ◽

pp. 88

Author(s):

Fahad F. Alruwaili

Keyword(s):

Digital Forensics ◽

Research Direction ◽

Digital Evidence ◽

Smart Contracts ◽

Critical Component ◽

Original State ◽

Relevant Evidence ◽

Control Transfer ◽

Evidence Framework ◽

Chain Of Custody

With the increasing number of cybercrimes, the digital forensics team has no choice but to implement more robust and resilient evidence-handling mechanisms. The capturing of digital evidence, which is a tangible and probative piece of information that can be presented in court and used in trial, is very challenging due to its volatility and improper handling procedures. When computer systems get compromised, digital forensics comes into play to analyze, discover, extract, and preserve all relevant evidence. Therefore, it is imperative to maintain efficient evidence management to guarantee the credibility and admissibility of digital evidence in a court of law. A critical component of this process is to utilize an adequate chain of custody (CoC) approach to preserve the evidence in its original state from compromise and/or contamination. In this paper, a practical and secure CustodyBlock (CB) model using private blockchain protocol and smart contracts to support the control, transfer, analysis, and preservation monitoring is proposed. The smart contracts in CB are utilized to enhance the model automation process for better and more secure evidence preservation and handling. A further research direction in terms of implementing blockchain-based evidence management ecosystems, and the implications on other different areas, are discussed.

Download Full-text

Manajemen Pengelolaan Bukti Digital Untuk Meningkatkan Aksesibilitas Pada Masa Pandemi Covid-19

Jurnal Ilmiah SINUS ◽

10.30646/sinus.v19i1.502 ◽

2021 ◽

Vol 19 (1) ◽

pp. 27

Author(s):

Moch Bagoes Pakarti ◽

Dhomas Hatta Fudholi ◽

Yudi Prayudi

Keyword(s):

Management System ◽

Digital Forensics ◽

Current Problem ◽

Human Life ◽

Hash Functions ◽

Digital Evidence ◽

Chain Of Custody

Covid-19 has a major impact on human life, including the process of managing digital evidence. Management of digital evidence requires special handling that can store and maintain the integrity of digital evidence. The current problem is there is no concept of storing digital evidence that can be accessed online in wider accessibility. Online digital evidence management is proposed as a solution to solve this problem. This concept is in the form of an online digital evidence management system that can be accessed anywhere and anytime using MD5 and SHA1 hash functions in order to maintain the properties of digital evidence so that it can be legally accepted. The problems with digital evidence management require a Management System for Digital Evidence that is suitable for application in Digital Forensics Laboratory. This research had successfully implemented the concept of online chain of custody. It is expected, with the concept of Online Digital Evidence Management, this digital evidence control and all activities related to it can be maintained and well documented. Moreover, it can reach a wider area accessed anywhere and any time and reduce the spread of Covid-19.

Download Full-text

THE INTEGRATION OF DIGITAL FORENSICS SCIENCE AND ISLAMIC EVIDENCE LAWS

International Journal of Law, Government and Communication ◽

10.35631/ijlgc.417006 ◽

2019 ◽

Vol 4 (17) ◽

pp. 61-70

Author(s):

Mohamad Khairudin Kallil ◽

Ahmad Che Yaacob

Keyword(s):

Operating Procedure ◽

Digital Forensics ◽

Islamic Law ◽

Standard Operating Procedure ◽

Digital Evidence ◽

Standard Requirement ◽

Standard Operating ◽

Chain Of Custody ◽

Court Proceedings ◽

A Chain

Evidence is anything that tends to prove or disprove a fact at issue in legal action. It involves the offering of alleged proof through testimony or objects at court proceedings to persuade the trier of fact about an issue in dispute. Islamic Evidence Law is a body of rules that helps to govern conduct and determines what will admissible in certain legal proceedings and trials. In the proceeding that involves digital evidence, the court will consider whether the digital evidence is admissible or inadmissible depends on the requirements of admissibility stated in law statutes in force and the existence of any Standard Operating Procedure (SOP). Under section 33 of the Syariah Court (Federal Territories) Evidence Act or other Syariah Evidence Enactments, digital evidence is subjected to be authenticated by the digital forensics experts. In digital forensics, the process of identification, preservation, collection, analysis, and presentation is the main procedures contained in any Standard Operating Procedure (SOP) of any digital forensics services. The court will ensure that this procedure can maintain the authenticity and the originality of the evidence especially on the issue of expert qualification, a chain of custody and analysis part. Thus, digital forensics is integrated with the Islamic law of evidence to maintain justice in delivering judgment. Therefore, this article examines the standard requirement of the admissibility of digital evidence by digital forensic methodology by using the qualitative approach on the analysis of articles, books, law statutes documents and law cases. The results show that the need for amendment of Syariah Court Evidence and Procedure statutes and the necessity of the existence of Standard Operating Procedure (SOP) on digital evidence in the Syariah courts as a guideline for judges, lawyers and parties involved.

Download Full-text

Cyber Forensic – A Literature Review

Trinity Journal of Management, IT & Media ◽

10.48165/tjmitm.2019.1002 ◽

2019 ◽

Vol 10 (1) ◽

pp. 24-29

Author(s):

Aparna Chaturvedi ◽

Ashish Awasthi

Keyword(s):

Literature Review ◽

Digital Forensics ◽

Cyber Attacks ◽

Digital Evidence ◽

Review Of The Literature ◽

Electronic Information ◽

Cyber Forensics ◽

Digital Devices ◽

Frequent Use ◽

Use Of Internet

Cyber Forensics is a branch of forensic science that is aimed to restore, collect and examine the digital evidence of materials found in digital devices, in relation to cybercrimes. With the advancement in cyber area, frequent use of internet and technologies leads to cyber-attacks. Cyber forensic is opted for acquiring electronic information and investigation of malicious evidence found in system or on network in such a manner that makes it admissible in court. It is also used to recover lost information in a system. The retrived information is used to prosecute a criminal. Number of crimes committed against an internet and malware attacks over the digital devices have increased. This paper contains a brief review of the literature aimed to identify the relevant pieces of knowledge in the digital forensics field.

Download Full-text