Search results

To explore the meaning, methods and techniques associated with the subject of computer forensics and consider the implications of computer forensics for records managers and recordkeeping.

Critically analyses the principles of computer forensics in the context of records characteristics – authenticity, reliability, integrity and usability – and the UK Association of Chief Police Officers (ACPO) principles and procedures for the collection of digital evidence.

The disciplines of records management and computer forensics are potentially mutually compatible. Computer forensics allows for identification of incidents, gathering of evidence, analysis of evidence and potentially recovery of records. Records managers can utilise computer forensics principles to positively enhance records management and have valuable knowledge and expertise to share with their computer forensics colleagues; e.g. metadata expertise, functional requirements for electronic records management, recordkeeping systems design and implementation methodologies, digital preservation and retention management.

Discusses how computer forensics can be used to highlight inadequate recordkeeping and provide a different perspective on records management based on an analysis of principles and concepts rather than empirical data.

Highlights the need for records managers to understand computer forensics and computer forensic scientists to understand recordkeeping to support better records management in the electronic environment; raises the implications for educators, trainers and professional societies.

Very little has been published on the discussion of the potential implications of computer forensics for records managers or how computer forensics can enhance the records management discipline; this paper addresses the gap.

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction.

Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization's right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain.

This paper argues the need for a practical, ethically grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organizations, as well as acknowledging the needs of law enforcement. The paper derives a set of ethical guidelines, and then maps these onto a forensics investigation framework. The framework to expert review in two stages is subjected, refining the framework after each stage. The paper concludes by proposing the refined ethically grounded digital forensics investigation framework. The treatise is primarily UK based, but the concepts presented here have international relevance and applicability.

In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals' rights to privacy and organizations' rights to control intellectual capital disclosure.

The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically informed approach to digital forensics investigations, as a remedy, is highlighted and a framework proposed to provide this.

The proposed ethically informed framework for guiding digital forensics investigations suggests a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.

Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other.

Purpose – The CSI effect, as it is referenced in mainstream media, is a purported effect on public perceptions caused by the portrayal of forensics and investigations in popular entertainment programming. Despite the obvious popularity of the programs – a common source of blame for such effects and the focus of limited prior research – impacts on perceptions by way of media content must be viewed as a product of multiple internal and external factors, rather than a result of popularity and viewership alone.

Methodology – By examining the portrayal of programming within the context of contemporary news publications, this project focuses on the value and context of presentations of forensics television programming across media genres, highlighting the bidirectional flow of popular media cues through various influential media outlets and outlining the potential for resulting public effects.

Findings – The authors find that an increase in the overall media visibility of entertainment images of forensic science, coupled with news media's tendency to tie such images to real-world forensics on the local and national scenes given an absence of alternative sources for news-oriented stories, speak to the importance of the holistic examination of the role of CSI-related programming in influencing popular perceptions.

The purpose of this paper is to discuss the role of digital forensics in an evolving environment of cyber laws giving attention to Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) countries, comprising Bangladesh, India, Myanmar, Sri Lanka, Thailand, Nepal and Bhutan, in a dynamic global context.

This study uses a case study approach to discuss the digital forensics and cyber laws of BIMSTEC countries. The objective of the study was expected to be achieved by referring to decided cases in different jurisdictions. Cyber laws of BIMSTEC countries were studied for the purpose of this study.

The analysis revealed that BIMSTEC countries are required to amend legislation to support the growth of information technology. Most of the legislation are 10-15 years old and have not been amended to resolve issues on cyber jurisdictions.

This study was limited to the members of the BIMSTEC.

This paper is an original work done by the authors who have discussed the issues of conducting investigations with respect to digital crimes in a rapidly changing environment of information technology and deficient legal frameworks.

The purpose of this paper is to propose a novel approach that automates the visualisation of both quantitative data (the network) and qualitative data (the content) within emails to aid the triage of evidence during a forensics investigation. Email remains a key source of evidence during a digital investigation, and a forensics examiner may be required to triage and analyse large email data sets for evidence. Current practice utilises tools and techniques that require a manual trawl through such data, which is a time-consuming process.

This paper applies the methodology to the Enron email corpus, and in particular one key suspect, to demonstrate the applicability of the approach. Resulting visualisations of network narratives are discussed to show how network narratives may be used to triage large evidence data sets.

Using the network narrative approach enables a forensics examiner to quickly identify relevant evidence within large email data sets. Within the case study presented in this paper, the results identify key witnesses, other actors of interest to the investigation and potential sources of further evidence.

The implications are for digital forensics examiners or for security investigations that involve email data. The approach posited in this paper demonstrates the triage and visualisation of email network narratives to aid an investigation and identify potential sources of electronic evidence.

There are a number of network visualisation applications in use. However, none of these enable the combined visualisation of quantitative and qualitative data to provide a view of what the actors are discussing and how this shapes the network in email data sets.

This paper aims to explore a new model of “record” that maps traditional attributes of a record onto a technical decomposition of digital records. It compares the core characteristics necessary to call a digital object a “record” in terms of diplomatics or “evidence” in terms of digital forensics. It then isolates three layers of abstraction: the conceptual, the logical and the physical. By identifying the essential elements of a record at each layer of abstraction, a diplomatics of digital records can be proposed.

Digital diplomatics, a research outcome of the International Research on Permanent Authentic Records in Electronic Systems (InterPARES) project, gives archivists a methodology for analyzing the identity and integrity of digital records in electronic systems and thereby assessing their authenticity (Duranti and Preston, 2008; Duranti, 2005) and tracing their provenance.

Digital records consist of user-generated data (content), system-generated metadata identifying source and location, application-generated metadata managing the look and performance of the record (e.g., native file format), application-generated metadata describing the data (e.g., file system metadata OS), and user-generated metadata describing the data. Digital diplomatics, based on a foundation of traditional diplomatic principles, can help identify digital records through their metadata and determine what metadata needs to be captured, managed and preserved.

The value and originality of this paper is in the application of diplomatic principles to a deconstructed, technical view of digital records through functional metadata for assessing the identity and authenticity of digital records.

Based on this holistic model, the authors propose and analyze seven key issues related to the admissibility of digital media in cross-border trials considering four Latin American countries.

The authors apply the modeling process of the soft systems methodology by Checkland in order to develop a holistic model focused on human situation problems involving digital media and information technology devices or systems.

The authors discuss the status of the identified key issues in each country and offer a perspective on the integration of cross-border work analyzing the contribution of these key issues to the collaboration between countries criminal cases or the use of foreign digital artifacts in domestic trials.

In this study, the authors assumed that the problems of official interaction between agencies of different countries are considered solved. However, for future studies or research, the authors recommend that these issues can be considered as relevant, since they are related to cross-border cooperation topics that will necessarily require unavoidable official arrangements, agreements and formalities.

This work is aimed at defining and analyzing the key issues that can contribute to the application of current techniques and methodologies in digital forensics as a tool to support the legal framework of each country, considering cross-border trials. Finally, the authors highlight the implications of this study lie in the identification and analysis of the key issues that must be considered for digital forensics as a support tool for the admissibility of digital evidence in cross-border trials.

The authors consider that digital forensic will have high demand in cross-border trials, and it will depend on the people mobility between the countries considered in this study.

This paper shows that the soft systems methodology allows elaborating a holistic model focused on social problems involving digital media and informatics devices.

This chapter reviews traditional intelligence work, primarily how intelligence was perceived and conducted in the industrial economy. The review includes economic sectors with dedicated intelligence functions such as military, law enforcement, and national security. The review also includes secondary intelligence work in all other economic sectors. Looking across all these examples, the authors present a traditional life cycle model of intelligence work and highlight this traditional view of intelligence’s tactical and reactive approach. The chapter details the historical evolution and common intelligence elements in military, business, law enforcement, judicial forensics, national security, market, financial, medical, digital, and computer forensics.

Purpose: The authors attempt to capture new forensic science students’ pre-conceptions of the field and their assessment of competencies. Methodology: The authors surveyed students at a Historically Black College and University and a Primarily White Institution on their viewership of crime and forensic TV shows and measured their competencies in a range of forensic science skills at the start and end of the semester, along with having students capture errors and evidence from an episode of CSI Las Vegas. Findings: Students who were viewers of crime series with and without prior forensics coursework over evaluated their level of preparedness at the start of the semester, often ranking themselves as moderately or well prepared in blood spatter analysis, fingerprinting, bodily fluid, and hair/fiber collection. Research limitations: The authors relied on a convenience sample of forensic science courses, and their comparison of student learning was disrupted by COVID-19. Originality: The authors examine student concerns with working at crime scenes and reflections on their abilities to succeed in the field. The authors discuss the need for incorporating media literacy, content warnings, and emotional socialization and professional development into forensic science curricula to better equip and prepare students for careers as crime scene investigators and forensic analysts.

The purpose of this study is to discuss moving forward on a global basis with digital diplomatics.

This study fused a historic review of multiple fields to form a proposed future.

Today, the metadata associated with digital record-keeping is largely based on the methods from the pre-digital age. It fails to take into account the underlying digital mechanisms and their unique properties. At the same time, digital systems already produce large quantities of redundant data that could be and has been used in consistency analysis. A rational improvement would be to use the nature of digital systems in conjunction with intentional redundancy to create metadata and other forms of redundant information that could be validated in diplomatic examination but would be hard to forge consistently by an internal act of alteration.

This study uses a unique approach of fusing digital forensic science with digital diplomatics in the form of using inherent redundancy in digital records and metadata for consistency analysis as a means to fuse the fields.