Search results

1 – 10 of 388
To view the access options for this content please click here
Article
Publication date: 13 March 2020

R.I. Ferguson, Karen Renaud, Sara Wilford and Alastair Irons

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital

Abstract

Purpose

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction.

Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization's right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain.

This paper argues the need for a practical, ethically grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organizations, as well as acknowledging the needs of law enforcement. The paper derives a set of ethical guidelines, and then maps these onto a forensics investigation framework. The framework to expert review in two stages is subjected, refining the framework after each stage. The paper concludes by proposing the refined ethically grounded digital forensics investigation framework. The treatise is primarily UK based, but the concepts presented here have international relevance and applicability.

Design/methodology/approach

In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals' rights to privacy and organizations' rights to control intellectual capital disclosure.

Findings

The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically informed approach to digital forensics investigations, as a remedy, is highlighted and a framework proposed to provide this.

Research limitations/implications

The proposed ethically informed framework for guiding digital forensics investigations suggests a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.

Originality/value

Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other.

Details

Journal of Intellectual Capital, vol. 21 no. 2
Type: Research Article
ISSN: 1469-1930

Keywords

To view the access options for this content please click here
Article
Publication date: 16 March 2015

Corinne Rogers

This paper aims to explore a new model of “record” that maps traditional attributes of a record onto a technical decomposition of digital records. It compares the core…

Abstract

Purpose

This paper aims to explore a new model of “record” that maps traditional attributes of a record onto a technical decomposition of digital records. It compares the core characteristics necessary to call a digital object a “record” in terms of diplomatics or “evidence” in terms of digital forensics. It then isolates three layers of abstraction: the conceptual, the logical and the physical. By identifying the essential elements of a record at each layer of abstraction, a diplomatics of digital records can be proposed.

Design/methodology/approach

Digital diplomatics, a research outcome of the International Research on Permanent Authentic Records in Electronic Systems (InterPARES) project, gives archivists a methodology for analyzing the identity and integrity of digital records in electronic systems and thereby assessing their authenticity (Duranti and Preston, 2008; Duranti, 2005) and tracing their provenance.

Findings

Digital records consist of user-generated data (content), system-generated metadata identifying source and location, application-generated metadata managing the look and performance of the record (e.g., native file format), application-generated metadata describing the data (e.g., file system metadata OS), and user-generated metadata describing the data. Digital diplomatics, based on a foundation of traditional diplomatic principles, can help identify digital records through their metadata and determine what metadata needs to be captured, managed and preserved.

Originality/value

The value and originality of this paper is in the application of diplomatic principles to a deconstructed, technical view of digital records through functional metadata for assessing the identity and authenticity of digital records.

Details

Records Management Journal, vol. 25 no. 1
Type: Research Article
ISSN: 0956-5698

Keywords

To view the access options for this content please click here
Article
Publication date: 7 October 2019

Sisira Dharmasri Jayasekara and Iroshini Abeysekara

The purpose of this paper is to discuss the role of digital forensics in an evolving environment of cyber laws giving attention to Bay of Bengal Initiative for…

Abstract

Purpose

The purpose of this paper is to discuss the role of digital forensics in an evolving environment of cyber laws giving attention to Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) countries, comprising Bangladesh, India, Myanmar, Sri Lanka, Thailand, Nepal and Bhutan, in a dynamic global context.

Design/methodology/approach

This study uses a case study approach to discuss the digital forensics and cyber laws of BIMSTEC countries. The objective of the study was expected to be achieved by referring to decided cases in different jurisdictions. Cyber laws of BIMSTEC countries were studied for the purpose of this study.

Findings

The analysis revealed that BIMSTEC countries are required to amend legislation to support the growth of information technology. Most of the legislation are 10-15 years old and have not been amended to resolve issues on cyber jurisdictions.

Research limitations/implications

This study was limited to the members of the BIMSTEC.

Originality/value

This paper is an original work done by the authors who have discussed the issues of conducting investigations with respect to digital crimes in a rapidly changing environment of information technology and deficient legal frameworks.

Details

Journal of Money Laundering Control, vol. 22 no. 4
Type: Research Article
ISSN: 1368-5201

Keywords

To view the access options for this content please click here
Article
Publication date: 16 March 2015

Frederick B. Cohen

– The purpose of this study is to discuss moving forward on a global basis with digital diplomatics.

Abstract

Purpose

The purpose of this study is to discuss moving forward on a global basis with digital diplomatics.

Design/methodology/approach

This study fused a historic review of multiple fields to form a proposed future.

Findings

Today, the metadata associated with digital record-keeping is largely based on the methods from the pre-digital age. It fails to take into account the underlying digital mechanisms and their unique properties. At the same time, digital systems already produce large quantities of redundant data that could be and has been used in consistency analysis. A rational improvement would be to use the nature of digital systems in conjunction with intentional redundancy to create metadata and other forms of redundant information that could be validated in diplomatic examination but would be hard to forge consistently by an internal act of alteration.

Originality/value

This study uses a unique approach of fusing digital forensic science with digital diplomatics in the form of using inherent redundancy in digital records and metadata for consistency analysis as a means to fuse the fields.

Details

Records Management Journal, vol. 25 no. 1
Type: Research Article
ISSN: 0956-5698

Keywords

To view the access options for this content please click here
Article
Publication date: 11 December 2019

Dana Wilson-Kovacs

Building on the findings of a British Academy-funded project on the development of digital forensics (DF) in England and Wales, the purpose of this paper is to explore how…

Abstract

Purpose

Building on the findings of a British Academy-funded project on the development of digital forensics (DF) in England and Wales, the purpose of this paper is to explore how triage, a process that helps prioritise digital devices for in-depth forensic analysis, is experienced by DF examiners and police officers in four English police forces. It is argued that while as a strategy triage can address the increasing demand in the examination of digital exhibits, careful consideration needs to be paid to the ways in which its set-up, undertaking and outcomes impact on the ability of law enforcement agencies to solve cases.

Design/methodology/approach

The methodological approach adopted here builds on the ethnographic turn in criminology. The analysis draws on 120 h of ethnographic observations and 43 semi-structured interviews. Observational data of the working DF environment at each location and a systematic evaluation of internal documents, organisational settings and police priorities helped refine emergent analysis threads, which were analytically compared between sites and against the testimonies of members of different occupational groups to identify similarities and differences between accounts.

Findings

The findings emphasise the challenges in the triage of digital exhibits as they are encountered in everyday practice. The discussion focusses on the tensions between the delivery of timely and accurate investigation results and current gaps in the infrastructural arrangements. It also emphasises the need to provide police officers with a baseline understanding of the role of DF and the importance of clearly defined strategies in the examination of digital devices.

Originality/value

This paper aims to bridge policy and practice through an analysis of the ways in which DF practitioners and police officers in four English constabularies reflect on the uses of triage in DF to address backlogs and investigative demands. Highlighting the importance of digital awareness beyond the technical remit of DF units, it offers new insights into the ways in which police forces seek to improve the evidential trail with limited resources.

Details

Policing: An International Journal, vol. 43 no. 1
Type: Research Article
ISSN: 1363-951X

Keywords

To view the access options for this content please click here
Article
Publication date: 31 October 2011

Robert Fox

This paper seeks to examine important issues relating to digital preservation with a focus on file integrity and digital forensics.

Abstract

Purpose

This paper seeks to examine important issues relating to digital preservation with a focus on file integrity and digital forensics.

Design/methodology/approach

This is a viewpoint paper.

Findings

This paper highlights important issues relating to digital preservation and offers suggestions on comprehensive approaches to achieving a high level of integrity with library digital repositories.

Practical implications

Libraries have always had as a part of their core mission the preservation of information and cultural heritage. The seriousness with which the challenges associated with digital preservation are met will determine the reputation of libraries as continuing to be a reliable preserver of cultural heritage and research data.

Social implications

Libraries play an important role in cultural heritage and preservation of research data. This role is manifested both generally and specifically within the academic context. It is important that libraries stay at the forefront of developing reliable means for digital preservation.

Originality/value

Several means of achieving a high degree of reliability in the area of digital preservation are suggested. If these and similar ideas suggested from others in the field are followed, it will assist libraries in maintaining a reputation as reliable preservers of cultural heritage and as important players in twenty‐first century research endeavors.

Details

OCLC Systems & Services: International digital library perspectives, vol. 27 no. 4
Type: Research Article
ISSN: 1065-075X

Keywords

To view the access options for this content please click here
Article
Publication date: 31 August 2012

Jason Bengtson

The purpose of this paper is to define and stimulate interest in a potential new specialty within the information science field.

Abstract

Purpose

The purpose of this paper is to define and stimulate interest in a potential new specialty within the information science field.

Design/methodology/approach

Sources on digital forensics and digital archeology are discussed, and the topic is examined critically from a librarian perspective. The author examines the possibility of an information science specialty pursuing the reconstruction of “digital palimpsests”, where data that later becomes historically significant has been deleted or partially overwritten on digital media.

Findings

The author identifies at least one key incident (the NASA moon landing tapes) where this potential field has already started to be defined. Examination of the literature indicates that emphasis in data recovery to this point has centered on the needs of law enforcement and disaster recovery rather than on the considerations of manuscript preservation, recovery, and curation. The author emphasizes the need for librarians to bring together the skills of multiple fields, especially that of information technology, in order to shape the tools needed to take the lead in “digital palimpsest” recovery.

Originality/value

The author asserts that the recovery of “digital palimpsests” will become important as digital archives age and society's position on what has historical value inevitably shifts. The author further asserts that members of the information science field must actively work to take ownership of the field before it is subsumed by information technology or another discipline less equipped to manage its nebulous considerations effectively.

To view the access options for this content please click here
Article
Publication date: 11 February 2019

Nikolaos Serketzis, Vasilios Katos, Christos Ilioudis, Dimitrios Baltatzis and George J. Pangalos

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities…

Abstract

Purpose

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.

Design/methodology/approach

This paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.

Findings

While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.

Originality/value

The proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.

Details

Information & Computer Security, vol. 27 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 20 January 2020

Joakim Kävrestad, Johan Zaxmy and Marcus Nohlberg

Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of…

Abstract

Purpose

Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community.

Design/methodology/approach

The study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users.

Findings

The result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users.

Originality/value

This paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.

Details

Information & Computer Security, vol. 28 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 9 November 2015

Himanshu Srivastava and Shashikala Tapaswi

The purpose of this paper is to propose an approach that helps in acquisition of live data as well as data stored in the internal/external memory of android mobile device…

Abstract

Purpose

The purpose of this paper is to propose an approach that helps in acquisition of live data as well as data stored in the internal/external memory of android mobile device considering that the data on the device are not much altered during the extraction process. Also, the emphasis is laid on testing the validity of existing forensic tools against the data obtained manually and by using this approach. Smartphones have spurred the mobile computing technology, and Android is widely used as an Operating System in these devices. These days, users store most of their personal information like emails, images, contacts etc., on Phones/Tablets as their data would be readily accessible and thus convenient for them.

Design/methodology/approach

Android Operating System is built on the Linux Kernel and scripts to extract data from Android Mobile Device with the use of Android Debugging Bridge have been written. The approach is more focused on the logical acquisition of data from devices rather than acquisition using physical methods.

Findings

Live data of the Facebook application running on the device can be extracted. Also, the password of the LuksManager application (used to create an encrypted volume on the device), which is stored in the internal memory, is also extracted and identified.

Research limitations/implications

The study has been conducted in an academic environment, thereby limiting external validity. Another limitation is the limited edition of some of the software forensics tools that are used. The full access to these software tools are restricted by Law enforcement and Investigation policies. The research provides a different approach which could aid in criminal investigation activities on mobile devices.

Practical implications

The devices which have the latest versions of Android not only store messages and mails, but a lot of information about GPS, as well as information about popular applications like Facebook, WhatsApp, etc. This could practically help a lot in criminal investigation.

Originality/value

This study is important because very few works have been done on recent versions (Jellybean and Kitkat) of Android. The proposed approach could extract large amounts of information as compared to earlier approaches with the newer versions of Android having larger memory and new features.

Details

Information & Computer Security, vol. 23 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

1 – 10 of 388