scholarly journals Comparative Study and Analysis on Integrity of Data Files Using Different Tools and Techniques

2021 ◽  
Vol 4 (1) ◽  
pp. 43-54
Author(s):  
Kumarshankar Raychaudhuri ◽  
M. George Christopher ◽  
Nayeem Abbas Hamdani
Keyword(s):  
Comparative Study ◽  
Data File ◽  
Digital Evidence ◽  
Forensic Investigation ◽  
Digital Devices ◽  
Sample Data ◽  
Chain Of Custody ◽  
Data Files ◽  
Forensic Tools ◽  
Tools And Techniques

Digital forensic investigation is the scientific process of collection, preservation, examination, analysis, documentation and presentation of digital evidence from digital devices, so that the evidence is in compliance with legal terms and acceptable in a court of law. Integrity of the digital evidence is an indispensable part of the investigation process and should be preserved to maintain the chain of custody. This is done through hashing technique using standardized forensic tools. However, while handling the evidences , lack of knowledge might lead to unintentional alteration of computed hash. This violates the chain of custody and makes the evidence inadmissible in a court of law. In this paper, our objective is to determine the different conditions under which the original hash value of a digital evidence changes. For this, we create different scenarios using sample data files and compute their hash values. A comparative study and analysis are done to determine in which scenario the original hash value of the data file changes. The results of the research will prove useful and essential for Criminal Justice Functionaries in gaining knowledge about various conditions leading to the change in hash value of digital evidence and therefore, avoid its accidental alteration during forensic investigation/examination.

scholarly journals Holistic Analytics of Digital Artifacts

2021 ◽  
Vol 13 (5) ◽  
pp. 78-100
Author(s):  
Ashok Kumar Mohan ◽  
Sethumadhavan Madathil ◽  
Lakshmy K. V.
Keyword(s):  
Digital Evidence ◽  
Forensic Investigation ◽  
Association Model ◽  
Digital Devices ◽  
Digital Forensic ◽  
Unique Mapping ◽  
Metadata Association ◽  
Almost All ◽  
Mapping Models ◽  
Unique Association

Investigation of every crime scene with digital evidence is predominantly required in identifying almost all atomic files behind the scenes that have been intentionally scrubbed out. Apart from the data generated across digital devices and the use of diverse technology that slows down the traditional digital forensic investigation strategies. Dynamically scrutinizing the concealed or sparse metadata matches from the less frequent archives of evidence spread across heterogeneous sources and finding their association with other artifacts across the collection is still a horrendous task for the investigators. The effort of this article via unique pockets (UP), unique groups (UG), and unique association (UA) model is to address the exclusive challenges mixed up in identifying incoherent associations that are buried well within the meager metadata field-value pairs. Both the existing similarity models and proposed unique mapping models are verified by the unique metadata association model.

scholarly journals MEMORY FORENSIC: ACQUISITION AND ANALYSIS OF MEMORY AND ITS TOOLS COMPARISON

2020 ◽  
Vol 5 (2) ◽  
pp. 90-95
Author(s):  
Mital Parekh ◽  
Snehal Jani
Keyword(s):  
Data Collection ◽  
Research Paper ◽  
Cyber Crime ◽  
Forensic Investigation ◽  
Short Period ◽  
Cryptographic Keys ◽  
Volatile Memory ◽  
Forensic Tools ◽  
Tools And Techniques ◽  
Complete Investigation

The enhancement of technology has led to a considerable amount of growth in number of cases pertaining to cyber-crime and has raised an enormous challenge to tackle it effectively.  There are various cyber forensic techniques and tools used to recover data from the devices to tackle cyber-crime. Present research paper focuses on performing memory forensic and analyzes the memory which contains many pieces of information relevant to forensic investigation, such as username, password, cryptographic keys, deleted files, deleted logs, running processes; that can be helpful to investigate the cyber-crime pining down the accused. The three main steps followed in memory forensic are acquiring, analyzing and recovering. Recovery of the evidences of crime from the volatile memory can be possible with the knowledge of different tools and techniques used in memory forensic.  However, it is always tough to analyze volatile memory as it stays for a very short period. Not all tools can be used for memory forensic in every situation and therefore, it is important to have the knowledge of tools before applying to solve a particular cyber-crime. It is yet to establish on using a single tool for complete investigation, however, most of the tools used are successful in providing reasonable evidences. The present research paper provides an insight on analyzing the memory that stores relevant data, collection of evidences from the device(s), extraction of essential data using different memory forensic tools, tools useful for various purposes and the best suited tool for a particular situation.                                      

Electronic Discovery (eDiscovery): Performing the Early Stages of the Enron Investigation

2019 ◽  
Vol 35 (1) ◽  
pp. 43-58
Author(s):  
Eric M. Negangard ◽  
Rebecca G. Fay
Keyword(s):  
Electronic Communication ◽  
Reference Model ◽  
Preliminary Investigation ◽  
Unstructured Data ◽  
Digital Evidence ◽  
Forensic Investigation ◽  
Early Stages ◽  
Electronic Discovery ◽  
Tools And Techniques ◽  
Digital Search

ABSTRACT A good investigator, whether it be in the context of an audit or a forensic investigation, recognizes the evidentiary value of digital evidence and can harness its power. The following instructional case introduces students to how digital evidence is incorporated into a forensic accounting investigation and challenges them to learn electronic discovery (eDiscovery) tools and techniques. While performing the early stages of the investigation at Enron, students gain exposure to the electronic discovery reference model (EDRM), learn the differences between structured and unstructured data, and deploy various digital search strategies. After performing their preliminary investigation, students are asked to “scope” the remainder of the investigation by creating a detailed workplan. At the conclusion of the case, students are encouraged to reflect upon their own methods of electronic communication. This encourages students to think before digitizing (and therefore memorializing) their next thought, statement, or action.

Adoption of Chain of Custody Improves Digital Forensic Investigation Process

2018 ◽  
Vol 1 (2) ◽  
pp. 13-23
Author(s):  
Talib Mohammed Jawad
Keyword(s):  
Practical Method ◽  
Digital Evidence ◽  
Successful Implementation ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Experimental Environment ◽  
Wide Range ◽  
Chain Of Custody ◽  
Acceptable Method ◽  
Investigation Process

Chain of custody plays an important role in determine integrity of digital evidence, because the chain of custody works on a proof that evidence has not been altered or changed through all phases, and must include documentation on how evidence is gathered, transported, analyzed and presented. The aims of this work is first to find out how the chain of custody has been applied to a wide range of models of the digital forensic investigation process for more than ten years. Second, a review of the methods on digitally signing an evidence that achieves the successful implementation of chain of custody through answering a few questions "who, when, where, why, what and how", and thus providing digital evidence to be accepted by the court. Based on the defined aims an experimental environment is being setup to outline practically an acceptable method in chain of custody procedure. Therefore, we have adopted SHA512 for hashing and regarding encryption RSA and GnuGP is applied where according to the defined requirement a combination of this algorithms could be adopted as a practical method.

scholarly journals Memory Based Anti-Forensic Tools and Techniques

2010 ◽  
pp. 184-199
Author(s):  
Hamid Jahankhani ◽  
Elidon Beqiri
Keyword(s):  
Computer Forensics ◽  
Digital Evidence ◽  
The Creation ◽  
Volatile Memory ◽  
Forensic Tools ◽  
Tools And Techniques ◽  
Computer Forensic

Computer forensics is the discipline that deals with the acquisition, investigation, preservation and presentation of digital evidence in the court of law. Whereas anti-forensics is the terminology used to describe malicious activities deployed to delete, alter or hide digital evidence with the main objective of manipulating, destroying and preventing the creation of evidence .Various anti-forensic methodologies and tools can be used to interfere with digital evidence and computer forensic tools. However, memory-based anti-forensic techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence and attack on computer forensic tools. These techniques are mainly performed in volatile memory using advanced data alteration and hiding techniques. For these reasons memory-based anti-forensic techniques are considered to be unbeatable. This chapter aims to present some of the current anti-forensic approaches and in particular reports on memory-based anti-forensic tools and techniques.

scholarly journals Advancing Automation in Digital Forensic Investigation

2021 ◽  
pp. 378-382
Author(s):  
Sathwara Prerna ◽  
Dr. Chandresh Parekh ◽  
Priyank Parmar
Keyword(s):  
Open Source ◽  
Web Applications ◽  
Computer Systems ◽  
Digital Evidence ◽  
Forensic Investigation ◽  
Technical Approach ◽  
Computing Device ◽  
Digital Devices ◽  
Digital Forensic ◽  
Main Motive

This paper represents the thoroughly technical approach to carry out forensics investigation in web applications or computer systems which combines and provided digital evidence from the particular computing device. The main objective is to recover and investigate the material found in digital devices related to cybercrime and maintain the integrity of the evidence collected. The main motive of the scanner is to investigate the system or application and process a stronger result/report of each vulnerable system or application effectively. This tool is the Open source that is used to perform some forensics investigation tasks which is helpful to the investigator to do their job and generate digital evidence which can be used by a court of law.

Digital Chain of Custody

2017 ◽  
Vol 7 (7) ◽  
pp. 117
Author(s):  
Matthew N.O. Sadiku ◽  
Adebowale E. Shadare ◽  
Sarhan M. Musa
Keyword(s):  
Digital Evidence ◽  
Chain Of Custody ◽  
Digital Investigation ◽  
A Chain ◽  
Admissible Evidence ◽  
Investigation Process

Digital chain of custody is the record of preservation of digital evidence from collection to presentation in the court of law. This is an essential part of digital investigation process.  Its key objective is to ensure that the digital evidence presented to the court remains as originally collected, without tampering. The chain of custody is important for admissible evidence in court. Without a chain of custody, the opposing attorney can challenge or dismiss the evidence presented. The aim of this paper is to provide a brief introduction to the concept of digital chain custody.

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Sign in / Sign up

Export Citation Format

Share Document