Your browser doesn't support javascript.
loading
Mostrar: 20 | 50 | 100
Resultados 1 - 18 de 18
Filtrar
Más filtros










Base de datos
Intervalo de año de publicación
1.
J Forensic Sci ; 2022 Jan 07.
Artículo en Inglés | MEDLINE | ID: mdl-34997585

RESUMEN

Data acquisition is a fundamental stage of the digital forensic workflow, where without it, it may not be possible to conduct many criminal inquiries effectively. While any investigative team may want access to all digital data available, it is no longer an approach that is considered justifiable or proportionate in all cases. There is now an increasing narrative highlighting the invasiveness of digital data acquisition processes and their impact upon privacy, with calls to ensure greater scrutiny is placed upon their use. This work proposes the "Order of Data Acquisition" which defines 10 digital data acquisition methods that are available to practitioners as a part of a forensic examination, derived from a review of existing literature and best practice acquisition approaches, and arranged by their "invasiveness." Each method is discussed with examples provided in order to clarify and formalize the process of determining a suitable acquisition method in every case while acknowledging privacy invasion concerns. Finally, conclusions are drawn.

2.
Sci Justice ; 61(6): 761-770, 2021 Nov.
Artículo en Inglés | MEDLINE | ID: mdl-34802650

RESUMEN

Many criminal investigations maintain an element of digital evidence, where it is the role of the first responder in many cases to both identify its presence at any crime scene, and assess its worth. Whilst in some instances the existence and role of a digital device at-scene may be obvious, in others, the first responder will be required to evaluate whether any 'digital opportunities' exist which could support their inquiry, and if so, where these are. This work discusses the potential presence of digital evidence at crime scenes, approaches to identifying it and the contexts in which it may exist, focusing on the investigative opportunities that devices may offer. The concept of digital devices acting as 'digital witnesses' is proposed, followed by an examination of potential 'digital crime scene' scenarios and strategies for processing them.

3.
Sci Justice ; 61(5): 627-634, 2021 Sep.
Artículo en Inglés | MEDLINE | ID: mdl-34482943

RESUMEN

The importance of ensuring the results of any digital forensic (DF) examination are effectively communicated cannot be understated. In most cases, this communication will be done via written report, yet despite this there is arguably limited best practice guidance available which is specific for this field in regards to report construction. Poor reporting practices in DF are likely to undermine the reliability of evidence provided across this field, where there is a need for formalised guidance regarding the requirements for effective DF report construction; this should not be a task left solely to each individual practitioner to determine without instruction. For this, the field of DF should look to the wider forensic community and the existing work in this area for support. In line with many other 'traditional' forensic science types, a DF practitioner can be commissioned to report in one of three ways - 'technical', 'investigative' or 'evaluative', where each reporting type maintains a specific purpose and interpretative-context, determined by the examination workflow undertaken by a practitioner following client instruction. This work draws upon guidance set out in fundamental forensic science reporting literature in order to describe each reporting type in turn, outlining their scope, content and construction requirements in an attempt to provide support for the DF field.

4.
J Forensic Sci ; 66(1): 179-189, 2021 Jan.
Artículo en Inglés | MEDLINE | ID: mdl-33034896

RESUMEN

As digital evidence now features prominently in many criminal investigations, such large volumes of requests for the forensic examination of devices has led to well publicized backlogs and delays. In an effort to cope, triage policies are frequently implemented in order to reduce the number of digital devices which are seized unnecessarily. Often first responders are tasked with performing triage at scene in order to decide whether any identified devices should be seized and submitted for forensic examination. In some cases, this is done with the assistance of software which allows device content to be "previewed"; however, in some cases, a first responder will triage devices using their judgment and experience alone, absent of knowledge of the devices content, referred to as "decision-based device triage" (DBDT). This work provides a discussion of the challenges first responders face when carrying out DBDT at scene. In response, the COLLECTORS ranking scale is proposed to help first responders carry out DBDT and to formalize this process in an effort to support quality control of this practice. The COLLECTORS ranking scale consists of 10 categories which first responders should rank a given device against. Each devices cumulative score should be queried against the defined "seizure thresholds" which offer support to first responders in assessing when to seize a device. To offer clarify, an example use-case involving the COLLECTORS ranking scale is included, highlighting its application when faced with multiple digital devices at scene.

5.
Sci Justice ; 61(1): 89-96, 2021 Jan.
Artículo en Inglés | MEDLINE | ID: mdl-33357831

RESUMEN

Digital devices now play an important role in the lives of many in society. Whilst they are used predominantly for legitimate purposes, instances of digital crime are witnessed, where determining their usage is important to any criminal investigation. Typically, when determining who has used a digital device, digital forensic analysis is utilised, however, biological trace evidence or fingerprints residing on its surfaces may also be of value. This work provides a preliminary study which examines the potential for fingerprint recovery from computer peripherals, namely keyboards and mice. Our implementation methodology is outlined, and results discussed which indicate that print recovery is possible. Findings are intended to support those operating at-scene in an evidence collection capacity.

6.
Sci Justice ; 61(1): 97-106, 2021 Jan.
Artículo en Inglés | MEDLINE | ID: mdl-33357832

RESUMEN

Non-local forms of file storage and transfer provide investigatory concerns. Whilst mainstream cloud providers offer a well-established challenge to those involved in criminal enquiries, there are also a host of services offering non-account based 'anonymous' online temporary file storage and transfer. From the context of a digital forensic investigation, the practitioner examining a suspect device must detect when such services have been utilised by a user, as offending files may not be resident on local storage media. In addition, identifying the use of a service may also expose networks of illegal file distribution, supporting wider investigations into criminal activity. This work examines 16 anonymous file transfer services and identifies and interprets the digital traces left behind on a device following their use to support law enforcement investigations.

7.
Sci Justice ; 60(6): 555-566, 2020 Nov.
Artículo en Inglés | MEDLINE | ID: mdl-33077039

RESUMEN

Despite many academic studies in the last 15 years acknowledging the investigative value of physical memory due to the potential sensitive nature of data it may contain, it arguably remains rarely collected at-scene in most criminal investigations. Whilst this may be due to factors such as first responders lacking the technical skills to do this task, or simply that it is overlooked as an evidence source, this work seeks to emphasise the worth of this task by demonstrating the ability to recover plain-text login credentials from it. Through an examination of logins made to 15 popular online services carried out via the Chrome, Edge and Mozilla Firefox browsers, testing shows that plain-text credentials are present in RAM in every case. Here, a transparent test methodology is defined and the results of test cases are presented along with 'string markers' which allow a practitioner to search their RAM captures for the presence of unknown credential information for these services in future cases.

8.
Sci Justice ; 60(5): 399-402, 2020 Sep.
Artículo en Inglés | MEDLINE | ID: mdl-32873378

RESUMEN

Whilst the field of digital forensics is now well established, its research community can be considered relatively emerging in comparison to the associated areas of traditional forensic and computer sciences. As a result, this comment article takes a quick look at the demographics of digital forensics research over the last 20 years, with metadata from 6589 articles being extracted and analysed from Scopus in order to provide a brief insight into this field's research activity.

10.
Sci Justice ; 59(5): 565-572, 2019 09.
Artículo en Inglés | MEDLINE | ID: mdl-31472802

RESUMEN

There are an abundance of measures available to the standard digital device users which provide the opportunity to act in an anti-forensic manner and conceal any potential digital evidence denoting a criminal act. Whilst there is a lack of empirical evidence which evaluates the scale of this threat to digital forensic investigations leaving the true extent of engagement with such tools unknown, arguably the field should take proactive steps to examine and record the capabilities of these measures. Whilst forensic science has long accepted the concept of toolmark analysis as part of criminal investigations, 'digital tool marks' (DTMs) are a notion rarely acknowledged and considered in digital investigations. DTMs are the traces left behind by a tool or process on a suspect system which can help to determine what malicious behaviour has occurred on a device. This article discusses and champions the need for DTM research in digital forensics highlighting the benefits of doing so.


Asunto(s)
Seguridad Computacional , Anonimización de la Información , Compresión de Datos , Tecnología Disruptiva , Ciencias Forenses/métodos , Intención , Crimen , Humanos , Tecnología de la Información/tendencias
12.
Sci Justice ; 59(1): 83-92, 2019 01.
Artículo en Inglés | MEDLINE | ID: mdl-30654972

RESUMEN

With a reliance on the various forms of forensic science evidence in complex criminal investigations, the measures for ensuring its quality are facing increasing scrutiny. Improvements to quality management systems, to ensure both the robust application of scientific principles and the accurate interpretation and reporting of results, have arisen as a consequence of high-profile rebuttals of forensic science evidence, combined with process improvements driven by evaluation of current practice. These improvements are crucial to ensure validity of results as well as providing assurance for all those involved in the Criminal Justice System. This work first examines the quality management systems utilised for the examination and analysis of fingerprint, body fluid and DNA evidence. It then proceeds to highlight an apparent lack of comparable quality assurance mechanisms within the field of digital forensics, one of the newest branches of forensic science. Proposals are provided for the improvement of quality assurance for the digital forensics arena, drawing on the experiences of, and more well-established practices within, other forensic disciplines.


Asunto(s)
Computadores , Ciencias Forenses/organización & administración , Ciencias Forenses/normas , Almacenamiento y Recuperación de la Información/normas , Control de Calidad , Gestión de la Calidad Total/normas , Acreditación , Líquidos Corporales/química , ADN/análisis , Dermatoglifia , Femenino , Guías como Asunto/normas , Humanos , Masculino , Revisión por Pares , Manejo de Especímenes/normas , Reino Unido
13.
J Forensic Sci ; 64(1): 231-235, 2019 Jan.
Artículo en Inglés | MEDLINE | ID: mdl-29684939

RESUMEN

The forensic analysis of mobile handsets is becoming a more prominent factor in many criminal investigations. Despite such devices frequently storing relevant evidential content to support an investigation, accessing this information is becoming an increasingly difficult task due to enhanced effective security features. Where access to a device's resident data is not possible via traditional mobile forensic methods, in some cases it may still be possible to extract user information via queries made to an installed intelligent personal assistant. This article presents an evaluation of the information which is retrievable from Apple's Siri when interacted with on a locked iOS device running iOS 11.2.5 (the latest at the time of testing). The testing of verbal commands designed to elicit a response from Siri demonstrate the ability to recover call log, SMS, Contacts, Apple Maps, Calendar, and device information which may support any further investigation.

14.
J Forensic Sci ; 64(1): 236-242, 2019 Jan.
Artículo en Inglés | MEDLINE | ID: mdl-29813188

RESUMEN

The use of search engines and associated search functions to locate content online is now common practice. As a result, a forensic examination of a suspect's online search activity can be a critical aspect in establishing whether an offense has been committed in many investigations. This article offers an analysis of online search URL structures to support law enforcement and associated digital forensics practitioners interpret acts of online searching during an investigation. Google, Bing, Yahoo!, and DuckDuckGo searching functions are examined, and key URL attribute structures and metadata have been documented. In addition, an overview of social media searching covering Twitter, Facebook, Instagram, and YouTube is offered. Results show the ability to extract embedded metadata from search engine URLs which can establish online searching behaviors and the timing of searches.

15.
J Forensic Sci ; 64(2): 577-586, 2019 Mar.
Artículo en Inglés | MEDLINE | ID: mdl-30048565

RESUMEN

The Microsoft Windows operating system continues to dominate the desktop computing market. With such high levels of usage comes an inferred likelihood of digital forensic practitioners encountering this platform during their investigations. As part of any forensic examination of a digital device, operating system artifacts, which support the identification and understanding of how a user has behaved on their system provide a potential source of evidence. Now, following Microsoft's April 2018 build 1803 release with its incorporated "Timeline" feature, the potential for identifying and tracking user activity has increased. This work provides a timely examination of the Windows 10 Timeline feature demonstrating the ability to recover activity-based content from within its stored database log files. Examination results and underpinning experimental methodologies are offered, demonstrating the ability to recover activity tile and process information in conjunction with the Windows Timeline. Further, an SQL query has been provided to support the interpretation of data stored within the ActivitiesCache.db.

16.
Sci Justice ; 58(6): 433-440, 2018 11.
Artículo en Inglés | MEDLINE | ID: mdl-30446072

RESUMEN

The field of digital forensics maintains significant reliance on the software it uses to acquire and investigate forms of digital evidence. Without these tools, analysis of digital devices would often not be possible. Despite such levels of reliance, techniques for validating digital forensic software are sparse and research is limited in both volume and depth. As practitioners pursue the goal of producing robust evidence, they face the onerous task of both ensuring the accuracy of their tools and, their effective use. Whilst tool errors provide one issue, establishing a tool's limitations also provides an investigatory challenge leading the potential for practitioner user-error and ultimately a grey area of accountability. This article debates the problems surrounding digital forensic tool usage, evidential reliability and validation.

17.
J Forensic Sci ; 63(5): 1392-1400, 2018 Sep.
Artículo en Inglés | MEDLINE | ID: mdl-29481707

RESUMEN

With an increase in the creation and maintenance of personal websites, web content management systems are now frequently utilized. Such systems offer a low cost and simple solution for those seeking to develop an online presence, and subsequently, a platform from which reported defamatory content, abuse, and copyright infringement has been witnessed. This article provides an introductory forensic analysis of the three current most popular web content management systems available, WordPress, Drupal, and Joomla! Test platforms have been created, and their site structures have been examined to provide guidance for forensic practitioners facing investigations of this type. Result's document available metadata for establishing site ownership, user interactions, and stored content following analysis of artifacts including Wordpress's wp_users, and wp_comments tables, Drupal's "watchdog" records, and Joomla!'s _users, and _content tables. Finally, investigatory limitations documenting the difficulties of investigating WCMS usage are noted, and analysis recommendations are offered.

18.
Sci Justice ; 57(6): 448-454, 2017 Nov.
Artículo en Inglés | MEDLINE | ID: mdl-29173458

RESUMEN

Now approximately 30years old, the field of digital forensics is arguably facing some of its greatest challenges to date. Whilst currently supporting law enforcement in numerous criminal cases annually, questions are beginning to emerge regarding whether it can sustain this contribution, with digital crime remaining prevalent. In his first live interview in September 2015, Head of MI5, Andrew Parker indicated that individuals are now engaging in computing acts which are beyond the control of authorities, confirming earlier remarks made by British Prime Minister David Cameron in the wake of the Charlie Hebdo attacks. Such comments cast doubt on the future effectiveness of the digital forensic discipline and its ability to effectively investigate those who implement the latest forms of technology to carry out illicit acts. This article debates the controversial question, could we be facing an era where digital crime can no longer be effectively policed?

SELECCIÓN DE REFERENCIAS
DETALLE DE LA BÚSQUEDA
...