The pages book Covers Multidisciplinary areas of Digital Forensics namely “Complexities of Cyber or Digital Forensics”. (Releasing soon) 4. My Research Papers in the Field of Digital Forensics I have published or presented total research papers. The Digital Forensics related research papers (total ) are as follows: • Journal: 67 May 25, · Digital forensics. In this week’s readings (Chapter 3 and 4 of the text), you first learn what digital evidence is, not in the physical sense but in the legal sense, and then what steps you should take to identify and collect it. Testimonial Evidence – Testimony or a statement provided by an individual detailing what they observed or Estimated Reading Time: 10 mins In the digital forensics community a number of digital forensic process models have been proposed encapsulating a complete method-ology for an investigation. Software developers have also greatly contributed toward the development of digital forensics tools. These developments have resulted in divergent views on digital forensic investigations
PhD Guidance in Digital Forensics - PHD TOPIC
As you read in Chapter 3, there are four basic classifications of evidence that can be applied to items of potential investigative value: Testimonial Evidence — Testimony or a statement provided by an individual detailing what they observed or experienced through any of their senses. For example, a witness may have heard tires screech and a loud crash but not actually have seen the accident, phd thesis in digital forensics.
Testimonial evidence can be significant as either direct or corroborating evidence. In addition, expert testimony can be provided that allows a subject matter expert vetted and accepted by the court to offer opinions and interpretations e.
Real Evidence — Physical evidence. Examples would be a murder weapon, a hard disk drive, fingerprints, blood or other bodily fluids, clothing, stolen property, etc. Documentary Evidence — Documents such as records, checks, or photographs that are like real evidence in that it may be a physical item e. For example, you examine and create potential documentary evidence each time you balance your checkbook.
Demonstrative Evidence — Evidence that utilizes or requires a demonstration, such as the use of a chart or map, to help prove what happened. Demonstrative evidence is most often created by an expert witness; an example might be using a dummy to show how a person was standing when he was shot, or it could be a flow chart showing how money was moved between different accounts. All four types of evidence could be, and frequently are, used together in court to prove or disprove the facts of a case.
You are a digital forensic examiner and have been asked to examine a hard drive for potential evidence, phd thesis in digital forensics. Give examples of how the hard drive or the phd thesis in digital forensics on it could be used as or lead to the presentation of all four types of evidence in court. If you do not believe one or more of the types of evidence would be included, explain why not. Another part of Chapter 3 discusses search and seizure or the ability to retrieve evidence.
Over the past two weeks, many of you have mentioned search warrants in your discussions. The Fourth Amendment to the U. However, there is no requirement for a private person or organization to obtain a search warrant or work under the same constraints. Further, the line can be blurred, as a private person or organization that searches property or seizes evidence not needing a warrant could subsequently turn it over to the Government, phd thesis in digital forensics.
In fact, they could do so even if the search was not legal under the Constitution, phd thesis in digital forensics, or even if they did not have the right to enter the place phd thesis in digital forensics be searched or committed civil trespass.
Although it may seem counterintuitive and like a severe violation of individual rights, the only time the Fourth Amendment applies to a private party is if the private party is acting as an agent for the Government or law enforcement such as a Government contractor or a citizen asked by a police detective to gather information for a specific purpose or investigation.
There are, of course, exceptions to the requirements on the Government to obtain a search warrant prior to searching or seizing evidence. For example, the Government phd thesis in digital forensics not need a search warrant when a person with proper authority gives consent to conduct the search e.
Another exception is when there are exigent circumstances present that, if the time was taken to obtain a proper warrant, could result in the destruction of evidence or harm to another person; however, it should be noted that searches undertaken due to exigent circumstances must be followed-up with a legally obtained warrant as soon as the exigent circumstance has been effectively neutralized.
Exigent circumstances could come into play in a digital evidence case when for example the owner of a computer likely containing digital evidence knows of the investigation and could delete the evidence from his storage devices before a warrant could be obtained.
However, while the storage devices could most likely be seized without a warrant to prevent data destruction, this exigent circumstance is not a valid reason to conduct a forensic analysis of the storage media and a warrant should be obtained immediately, phd thesis in digital forensics.
If evidence is not seized properly it may not be admissible in court. Therefore, it is important to know the rules governing what you can and cannot do whether you are a private entity or an instrument of the Governmentas well as being able to explain why you took the steps you did in order to sufficiently your actions from a legal perspective.
This is also helpful in minimizing any potential civil liability. After you seize a computer or device and have obtained the proper authority to conduct a search of the contents, you must then be able to testify that your next steps were forensically sound and within the scope of your search authority whether granted by consent or warrant.
Unless special precautions are taken, you risk changing digital data on a device each time you access it. Chapter 4 discusses common tasks facing a digital investigator, such as identifying different types of devices you should look for when conducting a search, as well as preservation and analysis of those devices. You have been asked to assist a law enforcement team serving a search warrant related to a child pornography investigation.
You are the digital forensic expert for the team, and, as such, have been assigned the task of identifying and collecting the digital evidence at the search location. What steps should you take before the search? For what types of evidence should you be alert when searching the residence? What types of items would you seize? Q2 This week your text focuses on the techniques and tools you would use to collect, phd thesis in digital forensics, preserve, and analyze digital evidence.
While this class does not focus as heavily on the highly technical aspects of digital forensics e. Of course, it is critical that computer forensic examiners understand processes such as capturing volatile data, recognizing and collecting digital evidence, analyzing the evidence once it is collected, etc. You should all understand the need to verify what a warrant will allow you to search for and seize in a criminal case ensuring that you do not exceed the scope and potentially compromise your case, phd thesis in digital forensics.
In either case, you need to able to testify about all the steps you took, from the point when you were first notified of the incident or called in to collect the digital evidence, until the time you are called to testify about it. Digital evidence must not just be simply collected e.
Describe at least 5 steps in a process to collect digital evidence to the time you testify that you consider important. Please explain why they are important. You phd thesis in digital forensics a witness and I am asking the following question- please answer as if you are on the witness stand.
Upon entering the room where the computer was located, what was the first thing you did? After seizing the computer evidence, what did you do with it?
Interestingly, the use of stego goes much farther back than the use of computers. Like cryptology, steganography is used to hide something in something else.
So, even though a code breaker can detect the hidden code, they may not be aware that the code actually contains a different message. Cryptography scrambles a message so that it is unreadable, but still visible, while stego camouflages data to hide it or make it undetectable. This course is not meant to teach you about the technical details of encryption or passwords or steganography entire books are written on each of those subjectsbut rather to help you understand their place in the criminal justice process.
Does a warrant give you the authority to break passwords protecting information or to decipher encrypted data? This is a very important question. As many of you have discussed, it is important to make sure you know the limits of your warrant.
But while you are conducting a search with a properly executed warrant, you may come across other information that is not included in your scope but is still evidence of a crime, phd thesis in digital forensics. For example, imagine you are searching a hard drive for information related to a fraud scheme.
While you are looking through the files you come across a picture that is obviously child porn, but you do not have child porn addressed in any way by your warrant. What do you do? The proper response is to stop the search and obtain another warrant for evidence related to child pornography.
The same thing applies to discovering encrypted data. In your affidavit you should explain that criminals sometimes encrypt files that contain evidence.
Some may even use stego techniques to hide other files. This week I would like you to do some research on encryption and steganography. First, list five 5 examples phd thesis in digital forensics of how steganography and encryption or cryptology were used BEFORE the advent of computers. Then, discuss how stegonography or encryption could be used legitimately, phd thesis in digital forensics, and why this could cause you a problem as a computer forensic examiner.
Q4 This week you are reading about the forensic tools used by Computer Forensics Examiners. Once you have properly identified and collected digital evidence, the next step is to analyze it. It does not really matter if you are performing analysis as part of a criminal investigation or as part of a corporate investigation; you should always follow the same protocols.
An emphasis in this course is on helping you understand why using an analysis protocol is important. Remember, you should NEVER, EVER work on original evidence, if it can be avoided by any means; instead, use a forensic image. When you work on the image, you pick the tools you will use. During your analysis, you should document every step you take and all of your findings. However, this should always be supplemented with your own notes and documentation. This week, I would like you to discuss why you need to use a write blocker either hardware or software in your examinations, whether for a criminal case or a corporate case.
Also, imagine you are a computer forensic examiner receiving a suspect hard disk drive from a detective in your department. The drive was seized properly during a legally executed search warrant. The detective signs the chain of custody log and hands you the phd thesis in digital forensics. Your job is to accept the drive, conduct an analysis, phd thesis in digital forensics, and maintain the drive until trial. Please explain the steps you would take, from receipt until testimony, including the reasons why you would take each step.
For example, what would you check for when you sign for the drive on the chain of custody? Q5 This final conference deals with the final issue any computer forensics examiner or any other witness to an event will face — testifying under oath to what you know.
Each person who testifies is a witness and as we discussed several weeks ago, phd thesis in digital forensics, will present testimonial evidence. As an expert witness, which is how a computer forensic examiner will be generally be presented, you are not providing eye-witness testimony to a crime, but are testifying about what you as an expert found or did not find during your collection, preservation, and examination of physical evidence.
When you testify on behalf of the government or defense, you will first testify on direct examination- that means the attorney who called you to the stand has to lay certain groundwork to get your testimony about your examination of the evidence before the jury. What are some of the questions do you think you would be asked initially on direct examination? Once the preliminary questions have been asked and answered phd thesis in digital forensics attorney handling the direct examination will then turn over examination to the defense.
This is often done before you are allowed to answer questions about the actual evidence or case before the court. The reason this is done in this matter is that you are first being presented to the court as an expert in some field. The opposing counsel gets to cross-examine you to try to defeat your being named as an expert.
Incases where you ahve already been determined to be an expert by the court on previous occasions, there is less chance the ooposing counsel will be successful.
But, for a new examiner, the first couple of times before the court will be mor demanding as to your expertise. What kind of questions do you think the opposing counsel will phd thesis in digital forensics you?
Remember on cross examination opposing counsel can ask leading questions to challenge your expertise. After both sides had a chance to question your bone fides as an expert, the counsel wishing you to be accepted will make a motion that you be accepted as an expert. Once that is complete, you will be asked about the matter at hand. This is also where the opposing counsel will be especially alert for any weakness ir contradictions in your testimony.
How do you think it is important for you to testify to limit any contradictions?
PhD Research Proposal in Digital Forensics - PhD Projects in Digital Forensics
, time: 1:46Digital forensics: an integrated approach for the investigation of cyber/computer related crimes
PHD RESEARCH TOPIC IN DIGITAL FORENSICS. PHD RESEARCH TOPIC IN DIGITAL FORENSICS gains its significance also due to development of latest technologies, and also need for the effective identification of crime. Computer forensics is an investigation and analysis techniques which gathers and preserve evidence also from a particular computing device in a way that is suitable also for In the field of Phd Thesis In Digital Forensics essay writing service, has been the one providing not only quality essays but also provides essay writing service to students in prices that are affordable by every student. We provide 24/7 days of customer service to our customers to help them in their essay writing/10() In the digital forensics community a number of digital forensic process models have been proposed encapsulating a complete method-ology for an investigation. Software developers have also greatly contributed toward the development of digital forensics tools. These developments have resulted in divergent views on digital forensic investigations
No comments:
Post a Comment