AutoProfile: Towards Automated Profile Generation for Memory Analysis

Despite a considerable number of approaches that have been proposed to protect computer systems, cyber-criminal activities are on the rise and forensic analysis of compromised machines and seized devices is becoming essential in computer security. This article focuses on memory forensics, a branch of digital forensics that extract artifacts from the volatile memory. In particular, this article looks at a key ingredient required by memory forensics frameworks: a precise model of the OS kernel under analysis, also known as profile . By using the information stored in the profile, memory forensics tools are able to bridge the semantic gap and interpret raw bytes to extract evidences from a memory dump. A big problem with profile-based solutions is that custom profiles must be created for each and every system under analysis. This is especially problematic for Linux systems, because profiles are not generic : they are strictly tied to a specific kernel version and to the configuration used to build the kernel. Failing to create a valid profile means that an analyst cannot unleash the true power of memory forensics and is limited to primitive carving strategies. For this reason, in this article we present a novel approach that combines source code and binary analysis techniques to automatically generate a profile from a memory dump, without relying on any non-public information. Our experiments show that this is a viable solution and that profiles reconstructed by our framework can be used to run many plugins, which are essential for a successful forensics investigation.

Forensic Analysis of Security features in India Bank Cheque- Authentication & Recognition through Docucenter Nirvis

Cheque is one of the most important and commonly encountered financial documents by many individuals and banks for various financial transactions all over the world. Thus, the security and integrity of the cheque is the acute need. Different kind of security features are embedded in bank cheques in order to prevent fraud and counterfeiting of cheques and other bank security documents. Security features appended are in two different ways covert and overt features, some of which are watermarks, logo, serial number, A/c number etc. which can be viewed under different light sources and instruments for examination. In this study the embedded security features of Indian Bank Cheque are examined under instrument Docucenter Nirvis. After examination, deriving to the conclusion that the Indian bank note is appended with ample security features. Keywords: cheque, security features, embedded, examination, counterfeiting

On the Tasks of Forensic Ecology

The article analyses the concept of “a forensic examination’s task” as one of the fundamental terms of forensic expertology. The author demonstrates that it is a part of a broader concept of “the subject of forensic examination”. She also reviews the classification of tasks of forensic examination.Next, the article addresses the tasks of forensic ecological examination, which by their nature, as a rule, are diagnostic. The author presents their definition as a set of actions common to this kind of forensic analysis, formed by an expert based on the questions posed to him. These actions are implemented by converting potential evidentiary information about the negative anthropogenic impact on environmental objects contained in the case materials submitted for examination into up-to-date evidentiary information.

CRIMES ASSOCIATED WITH THE USE OF ELECTRONIC PAYMENT MEANS: METHODS AND TRACE INFORMATION

The results of a forensic analysis of typical methods of committing crimes involving the use of electronic payment methods are presented. It is shown that the basis of this criminal activity are the methods of social engineering based on the application of the achievements of modern information and communication technologies, as well as on actions and approaches through which offenders gain unauthorized access to the personal data of the victim. Taking into account the study of the stages of the mechanism of the considered criminal acts, the sources of trace information are formulated, reflecting the processes of interaction of participants in a criminal event with each other and with the environment.

Prevalence and Recovery of Microorganisms from Containers used for the Collection of Forensic Biological Samples

Background: Microbes play a significant role in the degradation of biological evidence collected for forensic analysis. The present study is aimed to isolate and identify the microbes present inside the empty container used for the biological evidence collection. Methods: Bacterial isolation from the selected containers was done by cotton swab over the inner surface of the containers. Streaking was done on the surface of the three different culture plates as a Blood agar plate, Nutrient plate and MacConkey plate. The plates were placed in an incubator shaker at 37ºC for 48 hours. The colonies grown on the surface of the media were counted on and used for further study. Various biochemical assays were performed to characterize isolated bacteria. Results: Staining results suggested that the presence of Gram-positive stain (Staphylococcus, Bacillus, Corynebacterium, Clostridium) and Gram negative stain (E. coli, Enterobacteriaceae, Pseudomonas, Salmonella, Shigella, Stenotrophomonas, Bdellovibrio, Acetic acid bacteria). The Catalase and Coagulase test suggested the presence of Staphylococcus aureus, S. epidermis and S. sapropyticus. Moreover, the indole test suggested the presence of Citrobacter koseri, Kebsiella oxytoca, Proteus vulgaris etc. Some of the bacteria were urea metabolizing, including Proteus spp, Helicobacter pylori, Cryptococcus spp, Corynebacterium spp. Conclusion: This study recommends that there should be proper maintenance of the chain of custody from the collection to analysis so that evidence properly prevents degradation or contamination in the biological evidence. Extra care is needed for the collection and packing of biological evidence from the crime scene. Moreover, the collection containers, if left wide open, lead to contamination and degradation of biological evidence.

Forensic Analysis and Identification Processes in Mass Disasters: Explosion of Gun Powder in the Fireworks Factory

A mass disaster is a situation that involves criticality between the number of victims and resources, in terms of both men and means, present on the site of an event that is mostly unexpected and sudden. In the multidisciplinary teams that intervene, the role of forensic pathologists, who are responsible for the direction and coordination of post-mortem operations, is central, and must remain so. The authors report the case of an explosion of a pyrotechnic artifice factory, as a result of which numerous victims and injuries are recorded. So, the team completed the autopsies and created a protocol to obtain biological samples (bones, blood, teeth, muscles), while the forensic pathologists contacted the families of the alleged victims and each provided a blood sample that was collected for the DNA. The geneticist, using the method of gene extraction and amplification, obtained the DNA from each bone, tooth, and muscle of blood taken from the victims and then compared it with that extracted from the blood samples of the relatives; the electropherograms showed at least one allele for each genetic marker of the “Combined DNA Index System” in common between the victims and the families, thus allowing to establish the identity of all the subjects involved in the event. Having established the identity of all workers, it was possible to determine their whereabouts in the environment at the time of the location of fires and explosions. The results of the various forensic analyzes (autopsies, genetic investigations and even traumatological investigations) have allowed us to validate a scientific method useful in all mass disasters even when any type of anthropological or forensic dental research is difficult.