subject:(digital forensics)

University of Plymouth

1. Alqahtany, Saad. A forensically-enabled IaaS cloud computing architecture.

Degree: PhD, 2017, University of Plymouth

► Cloud computing has been advancing at an intense pace. It has become one of the most important research topics in computer science and information systems.… (more)

▼ Cloud computing has been advancing at an intense pace. It has become one of the most important research topics in computer science and information systems. Cloud computing offers enterprise-scale platforms in a short time frame with little effort. Thus, it delivers significant economic benefits to both commercial and public entities. Despite this, the security and subsequent incident management requirements are major obstacles to adopting the cloud. Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures – largely due to the fundamental dynamic nature of the cloud. When an incident has occurred, an organization-based investigation will seek to provide potential digital evidence while minimising the cost of the investigation. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated by the very nature of the multi-tenanted operating environment. Thus, investigators have no option but to rely on the Cloud Service Providers (CSPs) to acquire evidence for them. Due to the cost and time involved in acquiring the forensic image, some cloud providers will not provide evidence beyond 1TB despite a court order served on them. Assuming they would be willing or are required to by law, the evidence collected is still questionable as there is no way to verify the validity of evidence and whether evidence has already been lost. Therefore, dependence on the CSPs is considered one of the most significant challenges when investigators need to acquire evidence in a timely yet forensically sound manner from cloud systems. This thesis proposes a novel architecture to support a forensic acquisition and analysis of IaaS cloud-base systems. The approach, known as Cloud Forensic Acquisition and Analysis System (Cloud FAAS), is based on a cluster analysis of non-volatile memory that achieves forensically reliable images at the same level of integrity as the normal “gold standard” computer forensic acquisition procedures with the additional capability to reconstruct the image at any point in time. Cloud FAAS fundamentally, shifts access of the data back to the data owner rather than relying on a third party. In this manner, organisations are free to undertaken investigations at will requiring no intervention or cooperation from the cloud provider. The novel architecture is validated through a proof-of-concept prototype. A series of experiments are undertaken to illustrate and model how Cloud FAAS is capable of providing a richer and more complete set of admissible evidence than what current CSPs are able to provide. Using Cloud FAAS, investigators have the ability to obtain a forensic image of the system after, just prior to or hours before the incident. Therefore, this approach can not only create images that are forensically sound but also provide access to deleted and more…

Subjects/Keywords: 004.67; Digital Forensics; Cloud Forensics; Digital Investigation

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Alqahtany, S. (2017). A forensically-enabled IaaS cloud computing architecture. (Doctoral Dissertation). University of Plymouth. Retrieved from http://hdl.handle.net/10026.1/9508

Chicago Manual of Style (16^th Edition):

Alqahtany, Saad. “A forensically-enabled IaaS cloud computing architecture.” 2017. Doctoral Dissertation, University of Plymouth. Accessed December 07, 2019. http://hdl.handle.net/10026.1/9508.

MLA Handbook (7^th Edition):

Alqahtany, Saad. “A forensically-enabled IaaS cloud computing architecture.” 2017. Web. 07 Dec 2019.

Vancouver:

Alqahtany S. A forensically-enabled IaaS cloud computing architecture. [Internet] [Doctoral dissertation]. University of Plymouth; 2017. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10026.1/9508.

Council of Science Editors:

Alqahtany S. A forensically-enabled IaaS cloud computing architecture. [Doctoral Dissertation]. University of Plymouth; 2017. Available from: http://hdl.handle.net/10026.1/9508

Edith Cowan University

2. Brand, Murray. Analysis avoidance techniques of malicious software.

Degree: 2010, Edith Cowan University

URL: http://ro.ecu.edu.au/theses/138

► Anti Virus (AV) software generally employs signature matching and heuristics to detect the presence of malicious software (malware). The generation of signatures and determination of… (more)

Subjects/Keywords: malware; digital forensics; anti-forensics; Computer Sciences

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Brand, M. (2010). Analysis avoidance techniques of malicious software. (Thesis). Edith Cowan University. Retrieved from http://ro.ecu.edu.au/theses/138

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Brand, Murray. “Analysis avoidance techniques of malicious software.” 2010. Thesis, Edith Cowan University. Accessed December 07, 2019. http://ro.ecu.edu.au/theses/138.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Brand, Murray. “Analysis avoidance techniques of malicious software.” 2010. Web. 07 Dec 2019.

Vancouver:

Brand M. Analysis avoidance techniques of malicious software. [Internet] [Thesis]. Edith Cowan University; 2010. [cited 2019 Dec 07]. Available from: http://ro.ecu.edu.au/theses/138.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Brand M. Analysis avoidance techniques of malicious software. [Thesis]. Edith Cowan University; 2010. Available from: http://ro.ecu.edu.au/theses/138

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

AUT University

3. Scholtz, Johan. Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes .

Degree: 2010, AUT University

URL: http://hdl.handle.net/10292/1098

► Digital Data Forensics is constantly under scrutiny to standardize processes. Previous researchers moved between various frameworks without presenting a firm platform or solution, addressing standardization.… (more)

▼ Digital Data Forensics is constantly under scrutiny to standardize processes. Previous researchers moved between various frameworks without presenting a firm platform or solution, addressing standardization. Only a few researchers referred to automated investigation processes. Established data banks do not exist. We investigate whether investigators use forensic frameworks in their investigations. We question if these frameworks are guiding the investigation and the feasibility of an automated investigation model. We also investigate if a prediction based on a global digital forensic data bank is possible. Investigation processes with regard to the readiness of automated investigation is also investigated. Problems encountered are primarily linked to privacy is a major concern. The lack or willingness to address privacy up front, place obstacles in the way of would be researchers. The term automated forensics and automated tools are misunderstood, some participants regard automation as automated software tools and address this as: “Forensic automation is already becoming a problem by giving untrained examiners a false sense of security when in reality, they are not conducting an examination at all” Investigations using software that reflects a click and drag scenario, does not promote an academic research platform. We suggests automated forensics to be the process of investigation where the investigator make use of previous data based on predictive analysis of data bank from previous data and make use of forensic software in a lesser part. We suggest changing the mindset from “automated software”, to “automated analysis” whereby investigators could sift through the first level of classification and determine sub levels of the investigation with optimal running of scripts, suitable for level comparison and prediction. (Beebe, 2009) suggests using an Intelligent Analytical Approach extending artificial intelligence and other intelligent search enabling successful retrieval, making use of algorithms. This supports our point of view as well; using a stronger reflection to a semantic vs. literal searching technique should set a base platform, substituting the traditional literal searches. This also fits well with our vision of having a structured, relational data structure in place thereby improving data indexing. This would ultimately present a match based on “fuzzy hashing” which require a complete paradigm shift. This shift would step away from the overwhelming traditional search patterns and move to prediction of similar cases. We suggest using predictive Markov models, analyzing data for predictive similarity in events. We will also move to a fuzzy re-classification of data models. Since each case differs substantially, a model built from a generic level to predictive sub levels is suggested. This research did not cover relational database creation and classification of variables, further research will be conducted. In other words, we form predictions, irrespective of the investigation model followed. Further… Advisors/Committee Members: Narayanan, Ajit (advisor), Petrova, Krassie (advisor).

Subjects/Keywords: Digital forensics; Automated digital forensics; Standardised digital forensics investigation; Predictive digital forensic investigation

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Scholtz, J. (2010). Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes . (Thesis). AUT University. Retrieved from http://hdl.handle.net/10292/1098

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Scholtz, Johan. “Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes .” 2010. Thesis, AUT University. Accessed December 07, 2019. http://hdl.handle.net/10292/1098.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Scholtz, Johan. “Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes .” 2010. Web. 07 Dec 2019.

Vancouver:

Scholtz J. Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes . [Internet] [Thesis]. AUT University; 2010. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10292/1098.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Scholtz J. Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes . [Thesis]. AUT University; 2010. Available from: http://hdl.handle.net/10292/1098

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Arizona State University

4. Mabey, Michael Kent. Collaborative Digital Forensics: Architecture, Mechanisms, and Case Study.

Degree: MS, Computer Science, 2011, Arizona State University

URL: http://repository.asu.edu/items/9444

► In order to catch the smartest criminals in the world, digital forensics examiners need a means of collaborating and sharing information with each other and… (more)

Subjects/Keywords: Computer Science; Android forensics; collaborative forensics; digital forensics; forensic framework; YAFFS

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Mabey, M. K. (2011). Collaborative Digital Forensics: Architecture, Mechanisms, and Case Study. (Masters Thesis). Arizona State University. Retrieved from http://repository.asu.edu/items/9444

Chicago Manual of Style (16^th Edition):

Mabey, Michael Kent. “Collaborative Digital Forensics: Architecture, Mechanisms, and Case Study.” 2011. Masters Thesis, Arizona State University. Accessed December 07, 2019. http://repository.asu.edu/items/9444.

MLA Handbook (7^th Edition):

Mabey, Michael Kent. “Collaborative Digital Forensics: Architecture, Mechanisms, and Case Study.” 2011. Web. 07 Dec 2019.

Vancouver:

Mabey MK. Collaborative Digital Forensics: Architecture, Mechanisms, and Case Study. [Internet] [Masters thesis]. Arizona State University; 2011. [cited 2019 Dec 07]. Available from: http://repository.asu.edu/items/9444.

Council of Science Editors:

Mabey MK. Collaborative Digital Forensics: Architecture, Mechanisms, and Case Study. [Masters Thesis]. Arizona State University; 2011. Available from: http://repository.asu.edu/items/9444

AUT University

5. Knight, Benjamin Andrew. Mobile devices: iPhone risks and Forensic Tool capability .

Degree: 2011, AUT University

URL: http://hdl.handle.net/10292/1196

► The research evaluates the capability of software based tools that extract data stored on an Apple iPhone. A literature review is performed covering material on:… (more)

▼ The research evaluates the capability of software based tools that extract data stored on an Apple iPhone. A literature review is performed covering material on: mobile devices, iPhone, hard disks, networking connectivity, usage environments, data integrity, evidence volatility, data extraction methods and operating systems. Literature shows that iPhone data extraction is complex due to hardware and software limitations. Understanding the capability of the tool used to retrieve data is important in ensuring a sound investigation. Based on literature a research methodology is defined. A descriptive approach is selected. The research process is split into three phases: test iPhone capability, evaluate extraction tools and compare extraction tools. At each phase data is collected, processed and analysed. At the first stage a “catalog” of known data stored on the iPhone is collected. At the second phase an audit “journal” of procedure and “extraction log” of extracted data is collected. At the last phase a sample set of weighted scenarios are used to analyse tool capability. Research findings indicate 12,963 files were extracted from an iPhone and classified in the catalog. Operating system limitations restrict user access to the iPhone file system. A method of opening access, known as jailbreaking, can be used to bypass such restrictions. Of the files in the catalog the highest result obtained by an extraction tool is 797 from Oxygen Forensics Suite 2010 and the lowest result is 178 from Device Seizure. Scenario analysis indicates Oxygen Forensics Suite 2010 works better in case scenarios whereas non-forensic tools have more limitations. Discussion of findings indicates that SQLite and Property List files are common sources of data storage on the iPhone. Analysis into the iPhone operating system shows that Apple has put multiple controls to limit access to the stored data. There is potential for further research in expanding research into extraction tool capability. Advisors/Committee Members: Cusack, Brian (advisor).

Subjects/Keywords: Forensics; iPhone; Computer forensics; Digital forensics; Tool capability; Mobile devices

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Knight, B. A. (2011). Mobile devices: iPhone risks and Forensic Tool capability . (Thesis). AUT University. Retrieved from http://hdl.handle.net/10292/1196

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Knight, Benjamin Andrew. “Mobile devices: iPhone risks and Forensic Tool capability .” 2011. Thesis, AUT University. Accessed December 07, 2019. http://hdl.handle.net/10292/1196.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Knight, Benjamin Andrew. “Mobile devices: iPhone risks and Forensic Tool capability .” 2011. Web. 07 Dec 2019.

Vancouver:

Knight BA. Mobile devices: iPhone risks and Forensic Tool capability . [Internet] [Thesis]. AUT University; 2011. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10292/1196.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Knight BA. Mobile devices: iPhone risks and Forensic Tool capability . [Thesis]. AUT University; 2011. Available from: http://hdl.handle.net/10292/1196

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

6. Hales, Gavin. Assisting digital forensic analysis via exploratory information visualisation.

Degree: PhD, 2016, Abertay University

URL: http://hdl.handle.net/10373/2413

► Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However,… (more)

▼ Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However, the tools supporting digital forensics investigations have not kept pace with this evolution, often leaving the investigator to analyse large volumes of textual data and rely heavily on their own intuition and experience. Aim: This research proposes that given the ability of information visualisation to provide an end user with an intuitive way to rapidly analyse large volumes of complex data, such approached could be applied to digital forensics datasets. Such methods will be investigated; supported by a review of literature regarding the use of such techniques in other fields. The hypothesis of this research body is that by utilising exploratory information visualisation techniques in the form of a tool to support digital forensic investigations, gains in investigative effectiveness can be realised. Method:To test the hypothesis, this research examines three different case studies which look at different forms of information visualisation and their implementation with a digital forensic dataset. Two of these case studies take the form of prototype tools developed by the researcher, and one case study utilises a tool created by a third party research group. A pilot study by the researcher is conducted on these cases, with the strengths and weaknesses of each being drawn into the next case study. The culmination of these case studies is a prototype tool which was developed to resemble a timeline visualisation of the user behaviour on a device. This tool was subjected to an experiment involving a class of university digital forensics students who were given a number of questions about a synthetic digital forensic dataset. Approximately half were given the prototype tool, named Insight, to use, and the others given a common open-source tool. The assessed metrics included: how long the participants took to complete all tasks, how accurate their answers to the tasks were, and how easy the participants found the tasks to complete. They were also asked for their feedback at multiple points throughout the task. Results:The results showed that there was a statistically significant increase in accuracy for one of the six tasks for the participants using the Insight prototype tool. Participants also found completing two of the six tasks significantly easier when using the prototype tool. There were no statistically significant different difference between the completion times of both participant groups. There were no statistically significant differences in the accuracy of participant answers for five of the six tasks. Conclusions: The results from this body of research show that there is evidence to suggest that there is the potential for gains in investigative effectiveness when information visualisation techniques are applied to a digital forensic dataset. Specifically, in some scenarios, the investigator can draw conclusions which are more accurate…

Subjects/Keywords: Digital forensics; Visualisation; Computer security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Hales, G. (2016). Assisting digital forensic analysis via exploratory information visualisation. (Doctoral Dissertation). Abertay University. Retrieved from http://hdl.handle.net/10373/2413

Chicago Manual of Style (16^th Edition):

Hales, Gavin. “Assisting digital forensic analysis via exploratory information visualisation.” 2016. Doctoral Dissertation, Abertay University. Accessed December 07, 2019. http://hdl.handle.net/10373/2413.

MLA Handbook (7^th Edition):

Hales, Gavin. “Assisting digital forensic analysis via exploratory information visualisation.” 2016. Web. 07 Dec 2019.

Vancouver:

Hales G. Assisting digital forensic analysis via exploratory information visualisation. [Internet] [Doctoral dissertation]. Abertay University; 2016. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10373/2413.

Council of Science Editors:

Hales G. Assisting digital forensic analysis via exploratory information visualisation. [Doctoral Dissertation]. Abertay University; 2016. Available from: http://hdl.handle.net/10373/2413

7. Misiaszek, Lorenia. Training Material for the Regular Systems Administrator Facing a Breach .

Degree: 2017, California State University – San Marcos

URL: http://hdl.handle.net/10211.3/194745

► Although most of today's successful companies are well aware of common data security issues and put a great deal of efforts towards preventing a data… (more)

Subjects/Keywords: Cybersecurity; Digital Forensics; Data Breach

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Misiaszek, L. (2017). Training Material for the Regular Systems Administrator Facing a Breach . (Thesis). California State University – San Marcos. Retrieved from http://hdl.handle.net/10211.3/194745

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Misiaszek, Lorenia. “Training Material for the Regular Systems Administrator Facing a Breach .” 2017. Thesis, California State University – San Marcos. Accessed December 07, 2019. http://hdl.handle.net/10211.3/194745.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Misiaszek, Lorenia. “Training Material for the Regular Systems Administrator Facing a Breach .” 2017. Web. 07 Dec 2019.

Vancouver:

Misiaszek L. Training Material for the Regular Systems Administrator Facing a Breach . [Internet] [Thesis]. California State University – San Marcos; 2017. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10211.3/194745.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Misiaszek L. Training Material for the Regular Systems Administrator Facing a Breach . [Thesis]. California State University – San Marcos; 2017. Available from: http://hdl.handle.net/10211.3/194745

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

8. Hales, Gavin. Assisting digital forensic analysis via exploratory information visualisation.

Degree: Doctoral Thesis, Computing and Maths, 2016, Abertay University

URL: https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113

► Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However,… (more)

▼ Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However, the tools supporting digital forensics investigations have not kept pace with this evolution, often leaving the investigator to analyse large volumes of textual data and rely heavily on their own intuition and experience. Aim: This research proposes that given the ability of information visualisation to provide an end user with an intuitive way to rapidly analyse large volumes of complex data, such approached could be applied to digital forensics datasets. Such methods will be investigated; supported by a review of literature regarding the use of such techniques in other fields. The hypothesis of this research body is that by utilising exploratory information visualisation techniques in the form of a tool to support digital forensic investigations, gains in investigative effectiveness can be realised. Method: To test the hypothesis, this research examines three different case studies which look at different forms of information visualisation and their implementation with a digital forensic dataset. Two of these case studies take the form of prototype tools developed by the researcher, and one case study utilises a tool created by a third party research group. A pilot study by the researcher is conducted on these cases, with the strengths and weaknesses of each being drawn into the next case study. The culmination of these case studies is a prototype tool which was developed to resemble a timeline visualisation of the user behaviour on a device. This tool was subjected to an experiment involving a class of university digital forensics students who were given a number of questions about a synthetic digital forensic dataset. Approximately half were given the prototype tool, named Insight, to use, and the others given a common open-source tool. The assessed metrics included: how long the participants took to complete all tasks, how accurate their answers to the tasks were, and how easy the participants found the tasks to complete. They were also asked for their feedback at multiple points throughout the task. Results: The results showed that there was a statistically significant increase in accuracy for one of the six tasks for the participants using the Insight prototype tool. Participants also found completing two of the six tasks significantly easier when using the prototype tool. There were no statistically significant different difference between the completion times of both participant groups. There were no statistically significant differences in the accuracy of participant answers for five of the six tasks. Conclusions: The results from this body of research show that there is evidence to suggest that there is the potential for gains in investigative effectiveness when information visualisation techniques are applied to a digital forensic dataset. Specifically, in some scenarios, the investigator…

Subjects/Keywords: Digital forensics; Visualisation; Computer security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Hales, G. (2016). Assisting digital forensic analysis via exploratory information visualisation. (Thesis). Abertay University. Retrieved from https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Hales, Gavin. “Assisting digital forensic analysis via exploratory information visualisation.” 2016. Thesis, Abertay University. Accessed December 07, 2019. https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Hales, Gavin. “Assisting digital forensic analysis via exploratory information visualisation.” 2016. Web. 07 Dec 2019.

Vancouver:

Hales G. Assisting digital forensic analysis via exploratory information visualisation. [Internet] [Thesis]. Abertay University; 2016. [cited 2019 Dec 07]. Available from: https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Hales G. Assisting digital forensic analysis via exploratory information visualisation. [Thesis]. Abertay University; 2016. Available from: https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

9. AlMarri, Saeed. A structured approach to malware detection and analysis in digital forensics investigation.

Degree: PhD, 2017, University of Bedfordshire

URL: http://hdl.handle.net/10547/622529

► Within the World Wide Web (WWW), malware is considered one of the most serious threats to system security with complex system issues caused by malware… (more)

▼ Within the World Wide Web (WWW), malware is considered one of the most serious threats to system security with complex system issues caused by malware and spam. Networks and systems can be accessed and compromised by various types of malware, such as viruses, worms, Trojans, botnet and rootkits, which compromise systems through coordinated attacks. Malware often uses anti-forensic techniques to avoid detection and investigation. Moreover, the results of investigating such attacks are often ineffective and can create barriers for obtaining clear evidence due to the lack of sufficient tools and the immaturity of forensics methodology. This research addressed various complexities faced by investigators in the detection and analysis of malware. In this thesis, the author identified the need for a new approach towards malware detection that focuses on a robust framework, and proposed a solution based on an extensive literature review and market research analysis. The literature review focussed on the different trials and techniques in malware detection to identify the parameters for developing a solution design, while market research was carried out to understand the precise nature of the current problem. The author termed the new approaches and development of the new framework the triple-tier centralised online real-time environment (tri-CORE) malware analysis (TCMA). The tiers come from three distinctive phases of detection and analysis where the entire research pattern is divided into three different domains. The tiers are the malware acquisition function, detection and analysis, and the database operational function. This framework design will contribute to the field of computer forensics by making the investigative process more effective and efficient. By integrating a hybrid method for malware detection, associated limitations with both static and dynamic methods are eliminated. This aids forensics experts with carrying out quick, investigatory processes to detect the behaviour of the malware and its related elements. The proposed framework will help to ensure system confidentiality, integrity, availability and accountability. The current research also focussed on a prototype (artefact) that was developed in favour of a different approach in digital forensics and malware detection methods. As such, a new Toolkit was designed and implemented, which is based on a simple architectural structure and built from open source software that can help investigators develop the skills to critically respond to current cyber incidents and analyses.

Subjects/Keywords: malware; computer security; digital forensics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

AlMarri, S. (2017). A structured approach to malware detection and analysis in digital forensics investigation. (Doctoral Dissertation). University of Bedfordshire. Retrieved from http://hdl.handle.net/10547/622529

Chicago Manual of Style (16^th Edition):

AlMarri, Saeed. “A structured approach to malware detection and analysis in digital forensics investigation.” 2017. Doctoral Dissertation, University of Bedfordshire. Accessed December 07, 2019. http://hdl.handle.net/10547/622529.

MLA Handbook (7^th Edition):

AlMarri, Saeed. “A structured approach to malware detection and analysis in digital forensics investigation.” 2017. Web. 07 Dec 2019.

Vancouver:

AlMarri S. A structured approach to malware detection and analysis in digital forensics investigation. [Internet] [Doctoral dissertation]. University of Bedfordshire; 2017. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10547/622529.

Council of Science Editors:

AlMarri S. A structured approach to malware detection and analysis in digital forensics investigation. [Doctoral Dissertation]. University of Bedfordshire; 2017. Available from: http://hdl.handle.net/10547/622529

University of Cape Town

10. Van Ramesdonk, Paul. Continued forensic development - investigation into current trends and proposed model for digital forensic practitioners.

Degree: Image, Information Systems, 2016, University of Cape Town

URL: http://hdl.handle.net/11427/20707

► Continuous professional development has been looked at in many professions over the years, most notably in primary and secondary education and in the medical fields.… (more)

▼ Continuous professional development has been looked at in many professions over the years, most notably in primary and secondary education and in the medical fields. With digital forensics being cast into the limelight due to the rapid advancements in technology, academic institutions have added courses to address the void created by the boom in the industry. Little research has been done to address the issues that have now become apparent concerning continued learning in this field. The purpose of this research was to investigate the kinds of frameworks and methods used in other professions, and how the practitioners themselves see career development, and to create a framework that could be used to keep abreast of developments in the field of digital forensics, be it changes in the law, case law, or changes in software. The data analysis showed quite a number of continued learning approaches that could be employed in the digital/computer forensic fields to achieve the objective of keeping abreast of changes in the field. Some, understandably, are due to the nature of the discipline. As part of practitioners' current approach to continued learning, they rely heavily on knowledge sharing in the form of learning from other professionals, through self-study by reading books, articles and research conducted in the forensic field, the use of Information and Communications Technology (ICT) for education, and the use of Internet sources such as user forums, Facebook groups, and web-blogs. The majority of the respondents had received formal training in digital forensics, and of the total number of participants, only six percent had not been involved in any form of continued learning activities in the past five years. When looking at the data obtained, and because there are no formal requirements to perform continued learning in the digital/computer forensic field, it becomes clear that individuals themselves need to be self-driven to keep up to date with changes in the field. As seen in studies focused on continued learning activities in other professions, the research shows that digital/computer forensic practitioners experience similar barriers to their own approaches to continued learning. Advisors/Committee Members: Stander, Adrie (advisor).

Subjects/Keywords: Information Systems; digital forensics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Van Ramesdonk, P. (2016). Continued forensic development - investigation into current trends and proposed model for digital forensic practitioners. (Thesis). University of Cape Town. Retrieved from http://hdl.handle.net/11427/20707

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Van Ramesdonk, Paul. “Continued forensic development - investigation into current trends and proposed model for digital forensic practitioners.” 2016. Thesis, University of Cape Town. Accessed December 07, 2019. http://hdl.handle.net/11427/20707.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Van Ramesdonk, Paul. “Continued forensic development - investigation into current trends and proposed model for digital forensic practitioners.” 2016. Web. 07 Dec 2019.

Vancouver:

Van Ramesdonk P. Continued forensic development - investigation into current trends and proposed model for digital forensic practitioners. [Internet] [Thesis]. University of Cape Town; 2016. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/11427/20707.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Van Ramesdonk P. Continued forensic development - investigation into current trends and proposed model for digital forensic practitioners. [Thesis]. University of Cape Town; 2016. Available from: http://hdl.handle.net/11427/20707

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Pretoria

11. Adedayo, Oluwasola Mary. Reconstruction in Database Forensics.

Degree: PhD, Computer Science, 2015, University of Pretoria

URL: http://hdl.handle.net/2263/43777

► The increasing usage of databases in the storage of critical and sensitive information in many organizations has led to an increase in the rate at… (more)

▼ The increasing usage of databases in the storage of critical and sensitive information in many organizations has led to an increase in the rate at which databases are exploited in computer crimes. Databases are often manipulated to facilitate crimes and as such are usually of interest during many investigations as useful information relevant to the investigation can be found therein. A branch of digital forensics that deals with the identification, preservation, analysis and presentation of digital evidence from databases is known as database forensics. Despite the large amount of information that can be retrieved from databases and the amount of research that has been done on various aspects of databases, database security and digital forensics in general, very little has been done on database forensics. Databases have also been excluded from traditional digital investigations until very recently. This can be attributed to the inherent complexities of databases and the lack of knowledge on how the information contained in the database can be retrieved, especially in cases where such information have been modified or existed in the past. This thesis addresses one major part of the challenges in database forensics, which is the reconstruction of the information stored in the database at some earlier time. The dimensions involved in a database forensics analysis problem are identified and the thesis focuses on one of these dimensions. Concepts such as the relational algebra log and the inverse relational algebra are introduced as tools in the definition of a theoretical framework that can be used for database forensics. The thesis provides an algorithm for database reconstruction and outlines the correctness proof of the algorithm. Various techniques for a complete regeneration of deleted or lost data during a database forensics analysis are also described. Due to the importance of having adequate logs in order to use the algorithm, specifications of an ideal log configuration for an effective reconstruction process are given, putting into consideration the various dimensions of the database forensics problem space. Throughout the thesis, practical situations that illustrate the application of the algorithms and techniques described are given. The thesis provides a scientific approach that can be used for handling database forensics analysis practice and research, particularly in the aspect of reconstructing the data in a database. It also adds to the field of digital forensics by providing insights into the field of database forensics reconstruction. Advisors/Committee Members: Olivier, Martin S. (advisor).

Subjects/Keywords: Computer Science; Digital Forensics; Database Forensics; Digital Forensics Investigation; Forensic analysis; UCTD

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Adedayo, O. M. (2015). Reconstruction in Database Forensics. (Doctoral Dissertation). University of Pretoria. Retrieved from http://hdl.handle.net/2263/43777

Chicago Manual of Style (16^th Edition):

Adedayo, Oluwasola Mary. “Reconstruction in Database Forensics.” 2015. Doctoral Dissertation, University of Pretoria. Accessed December 07, 2019. http://hdl.handle.net/2263/43777.

MLA Handbook (7^th Edition):

Adedayo, Oluwasola Mary. “Reconstruction in Database Forensics.” 2015. Web. 07 Dec 2019.

Vancouver:

Adedayo OM. Reconstruction in Database Forensics. [Internet] [Doctoral dissertation]. University of Pretoria; 2015. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/2263/43777.

Council of Science Editors:

Adedayo OM. Reconstruction in Database Forensics. [Doctoral Dissertation]. University of Pretoria; 2015. Available from: http://hdl.handle.net/2263/43777

University of Illinois – Urbana-Champaign

12. Palmer, Imani Nkechinyere. Forensic analysis of computer evidence.

Degree: PhD, Computer Science, 2018, University of Illinois – Urbana-Champaign

URL: http://hdl.handle.net/2142/101030

► Digital forensics is the science involved in the discovery, preservation, and analysis of evidence on digital devices. The end goal of digital forensics is to… (more)

▼ Digital forensics is the science involved in the discovery, preservation, and analysis of evidence on digital devices. The end goal of digital forensics is to determine the events that occurred, who performed them, and how were they performed. In order for an investigation to lead to a sound conclusion, it must demonstrate that it is the product of sound scientific methodology. Digital forensics is inundated with many problems. These problems include an insufficient number of capable examiners, without a standard for certification there is a lack of training for examiners and current tools are unable to deal with the more complex cases, and lack of intelligent automation. This work perpetuates the ability of computer science principles to digital forensics creates a basis of acceptance for digital forensics in both the legal and forensic science community. This work focuses on three solutions. In terms of education, there is a lack of mandatory standardization, certification, and accreditation. Currently, there is a lack of standards in the interpretation of forensic evidence. The current techniques used by forensic investigators during analysis generally involve ad-hoc methods based on the vague and untested understanding of the system. These forensic techniques are the root of the significant differences in the testimony conducted by digital forensic expert witnesses. Lastly, digital forensic expert witness testimony is under great scrutiny because of the lack of standards in both education and investigative methods. To remedy this situation, we developed multiple avenues to facilitate more effective investigations. To improve the availability and standardization of education, we developed a multidisciplinary digital forensics curriculum. To improve the standards of forensic evidence interpretation, we developed a methodology based on graph theory to develop a logical view of low-level forensic data. To improve the admissibility of evidence, we developed a methodology to assign a likelihood to the hypotheses determined by forensic investigators. Together, these methods significantly improve the effectiveness of digital forensic investigations. Overall, this work calls the computer science community to join forces with the digital forensics community in order to develop, test and implement established computer science methodology in the application of digital forensics. Advisors/Committee Members: Campbell, Roy H (advisor), Campbell, Roy H (Committee Chair), Bates, Adam (committee member), Gunter, Carl (committee member), Kesan, Jay (committee member), Gelfand, Boris (committee member).

Subjects/Keywords: Digital Forensics; Graph Theory; Digital Forensic Investigations

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Palmer, I. N. (2018). Forensic analysis of computer evidence. (Doctoral Dissertation). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/101030

Chicago Manual of Style (16^th Edition):

Palmer, Imani Nkechinyere. “Forensic analysis of computer evidence.” 2018. Doctoral Dissertation, University of Illinois – Urbana-Champaign. Accessed December 07, 2019. http://hdl.handle.net/2142/101030.

MLA Handbook (7^th Edition):

Palmer, Imani Nkechinyere. “Forensic analysis of computer evidence.” 2018. Web. 07 Dec 2019.

Vancouver:

Palmer IN. Forensic analysis of computer evidence. [Internet] [Doctoral dissertation]. University of Illinois – Urbana-Champaign; 2018. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/2142/101030.

Council of Science Editors:

Palmer IN. Forensic analysis of computer evidence. [Doctoral Dissertation]. University of Illinois – Urbana-Champaign; 2018. Available from: http://hdl.handle.net/2142/101030

Halmstad University

13. Bade, Hans. Anti-Forensik : Anti-forensiska metoder på mobila enheter.

Degree: Information Technology, 2018, Halmstad University

URL: http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-37701

►

Mobiltelefoner har blivit grundläggande för extrahering av digitala artefakter i fo-rensiska utredningar. Androids Linuxbaserade operativsystem medför större möj-ligheter för anti-forensiska metoder, detta gör att… (more)

Subjects/Keywords: Anti-Forensics; Forensics; mobile forensics; Digital Forensics; Anti-forensik; forensik; mobil forensik; mobil anti-forensik; Digital forensik; Computer Engineering; Datorteknik

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Bade, H. (2018). Anti-Forensik : Anti-forensiska metoder på mobila enheter. (Thesis). Halmstad University. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-37701

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Bade, Hans. “Anti-Forensik : Anti-forensiska metoder på mobila enheter.” 2018. Thesis, Halmstad University. Accessed December 07, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-37701.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Bade, Hans. “Anti-Forensik : Anti-forensiska metoder på mobila enheter.” 2018. Web. 07 Dec 2019.

Vancouver:

Bade H. Anti-Forensik : Anti-forensiska metoder på mobila enheter. [Internet] [Thesis]. Halmstad University; 2018. [cited 2019 Dec 07]. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-37701.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Bade H. Anti-Forensik : Anti-forensiska metoder på mobila enheter. [Thesis]. Halmstad University; 2018. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-37701

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

AUT University

14. Laurenson, Thomas. Forensic Data Storage for Wireless Networks: a compliant architecture .

Degree: 2011, AUT University

URL: http://hdl.handle.net/10292/1200

► In the past 10 years there has been an explosion of unprecedented growth in wireless based technologies. Wireless networking has escalated in popularity since its… (more)

▼ In the past 10 years there has been an explosion of unprecedented growth in wireless based technologies. Wireless networking has escalated in popularity since its inauguration due to the ability to form computer networks without the use of a wired base infrastructure. However, the very nature of wireless networking engenders inherent security threats and vulnerabilities. Furthermore, with the rapid growth of technology based digital services also comes intentional misuse and related corruption of those services. Therefore, potential issues outline the possibility of criminal activity. Now, the need exists for Digital Forensic procedures in wireless networks which are specifically aimed at obtaining viable digital evidence. The current academic literature mainly relates to traditional digital forensic principles and device evidence extraction rather than assurance and network layer architectures. Further research in the particular field of digital forensics in wireless networks is crucial. The main focus of the research project addresses the development of a design system which is capable of acquiring and preserving wireless network traffic, where the resultant data contains viable evidentiary trails from 802.11g based Wireless Local Area Networks (WLAN). The proposed system architecture of the Wireless Forensic Model (WFM) consists of two components: a wireless drone and a Forensic Server. The model is specifically engineered for infrastructure based WLANs with multiple Access Points (APs). The proposed design system therefore monitors and acquires wireless network traffic from the APs using a distribution of wireless drones. These collect and forward the network traffic to the centralised Forensic Server which in turn stores and preserves the acquired data. Four phases of research testing were conducted; two for initial testing and two for stabilised testing. Phase One and Two of initial testing involved the implementation of a test-bed WLAN infrastructure and the implementation of the prescribed WFM design system. Both entities were subjected to benchmark testing. The initial WFM was evaluated to determine the requirements and capabilities of acquiring and preserving data from the WLAN. Phase Three drew experience from the initial WFM testing and reconfigured a stable system design. Benchmark testing was again conducted to examine the system performance and whether a full data set of viable digital evidence could be obtained. In Phase Four the stabilised WFM was finally evaluated on the ability to obtain evidentiary trails from a series of recreated attacks conducted against the WLAN. The findings illustrate that the WFM is capable of acquiring and preserving a large proportion of data generated at the maximum speeds of the 802.11g WLAN configuration. Integrity of the evidence was also maintained. Furthermore, recreated Denial of Service (DoS) and Fake Access Point (FakeAP) attacks against the WLAN infrastructure resulted in evidentiary trails being collected by the implemented WFM. The acquired wireless network… Advisors/Committee Members: Cusack, Brian (advisor), Sarkar, Nurul (advisor).

Subjects/Keywords: IEEE 802.11; Digital Forensics; Wireless Forensic Model; Wi-Fi; Wireless Forensics; Network Forensics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Laurenson, T. (2011). Forensic Data Storage for Wireless Networks: a compliant architecture . (Thesis). AUT University. Retrieved from http://hdl.handle.net/10292/1200

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Laurenson, Thomas. “Forensic Data Storage for Wireless Networks: a compliant architecture .” 2011. Thesis, AUT University. Accessed December 07, 2019. http://hdl.handle.net/10292/1200.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Laurenson, Thomas. “Forensic Data Storage for Wireless Networks: a compliant architecture .” 2011. Web. 07 Dec 2019.

Vancouver:

Laurenson T. Forensic Data Storage for Wireless Networks: a compliant architecture . [Internet] [Thesis]. AUT University; 2011. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10292/1200.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Laurenson T. Forensic Data Storage for Wireless Networks: a compliant architecture . [Thesis]. AUT University; 2011. Available from: http://hdl.handle.net/10292/1200

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

AUT University

15. Spence, Michael Edward. Factors influencing Digital Evidence transfer across international borders: a case study .

Degree: 2011, AUT University

URL: http://hdl.handle.net/10292/1187

► Digital Forensics has grown out of the necessity to extract, analyse and present evidence from digital devices in support of an investigation or court case.… (more)

▼ Digital Forensics has grown out of the necessity to extract, analyse and present evidence from digital devices in support of an investigation or court case. In its early stages in the 1970' and 80's this would often relate to a computer that was not connected to any networks. The issues were therefore local and dealt with by local law enforcement agencies and prosecuted under local (national) laws. The explosive growth of Internet usage and e-commerce has resulted in a corresponding growth in international e-crime. The perpetrator of this international e-crime can be based in one country with the victim in a second country and the data in a third country. This raises the question regarding in which country the offence has occurred and under which jurisdiction it should be investigated and prosecuted. This new paradigm now means that the digital forensic practitioner may have to deal with the acquisition and presentation of digital evidence in a foreign country. This raises a whole new level of complexity regarding both the integrity of the evidence that has moved between countries and acceptance of the digital forensics practitioner as an expert witness in a foreign court. The differences in the laws of the countries involved in the investigation and prosecution of the offenders can also have a substantial impact on the digital evidence process. The purpose of this research is to identify the main factors that influence the successful presentation of digital evidence across international borders. The test of the success of the presentation of digital evidence is usually considered to be that the evidence and the digital forensic practitioner presenting the evidence are accepted by a court of law. The research commences with a review of the current literature in this area. From the review of the literature a set of 16 hypothesised main factors influencing the transfer of digital evidence across international borders is formulated. In order to test the 16 main hypothesised issues, and investigate if any other main factors exist, a case study approach is used as part of a series of unstructured interviews with digital forensic and legal professionals. A thematic analysis technique is applied to the interview transcripts to extract common themes in the options of the interviewees. The result of the research is the identification of 11 main factors that influence the transfer of digital evidence across international borders. These factors are classified in the four areas of Technical, Transportation, Standards/Qualifications/Certification and Legal. The research postulates the main areas in which the solutions to some of the issues raised by these main factors may be found. The research recognises that the area of digital forensics and the international perspective of the movement of digital evidence across borders is a new and evolving discipline. The thesis concludes with the learnings from the research, the limitations of the research and suggests four areas for future research regarding law enforcement development of… Advisors/Committee Members: Cusack, Brian (advisor).

Subjects/Keywords: Digital Forensics; Transfer of Digital Evidence; Internaltional; Digital Evidence; Computer Forensics; International e-crime

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Spence, M. E. (2011). Factors influencing Digital Evidence transfer across international borders: a case study . (Thesis). AUT University. Retrieved from http://hdl.handle.net/10292/1187

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Spence, Michael Edward. “Factors influencing Digital Evidence transfer across international borders: a case study .” 2011. Thesis, AUT University. Accessed December 07, 2019. http://hdl.handle.net/10292/1187.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Spence, Michael Edward. “Factors influencing Digital Evidence transfer across international borders: a case study .” 2011. Web. 07 Dec 2019.

Vancouver:

Spence ME. Factors influencing Digital Evidence transfer across international borders: a case study . [Internet] [Thesis]. AUT University; 2011. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10292/1187.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Spence ME. Factors influencing Digital Evidence transfer across international borders: a case study . [Thesis]. AUT University; 2011. Available from: http://hdl.handle.net/10292/1187

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Ontario Institute of Technology

16. Lacroix, Jesse. Vehicular infotainment forensics: collecting data and putting it into perspective.

Degree: 2017, University of Ontario Institute of Technology

URL: http://hdl.handle.net/10155/821

► In today???s transportation system, countless numbers of vehicles are on the road and later generations have become mobile computers. Vehicles now have embedded infotainment systems… (more)

Subjects/Keywords: Digital forensics; Internal vehicle components; Embedded devices; Infotainment systems; Vehicular forensics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Lacroix, J. (2017). Vehicular infotainment forensics: collecting data and putting it into perspective. (Thesis). University of Ontario Institute of Technology. Retrieved from http://hdl.handle.net/10155/821

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Lacroix, Jesse. “Vehicular infotainment forensics: collecting data and putting it into perspective.” 2017. Thesis, University of Ontario Institute of Technology. Accessed December 07, 2019. http://hdl.handle.net/10155/821.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Lacroix, Jesse. “Vehicular infotainment forensics: collecting data and putting it into perspective.” 2017. Web. 07 Dec 2019.

Vancouver:

Lacroix J. Vehicular infotainment forensics: collecting data and putting it into perspective. [Internet] [Thesis]. University of Ontario Institute of Technology; 2017. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10155/821.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Lacroix J. Vehicular infotainment forensics: collecting data and putting it into perspective. [Thesis]. University of Ontario Institute of Technology; 2017. Available from: http://hdl.handle.net/10155/821

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Purdue University

17. Gurule, Kaitlyn. An analysis of digital forensic units.

Degree: MS, Computer and Information Technology, 2016, Purdue University

URL: https://docs.lib.purdue.edu/open_access_theses/948

► Technology is growing rapidly. The first computer, ENIAC, was built in 1946 and it was not until 1975 that personal computers existed (Knight, 2014).… (more)

Subjects/Keywords: Information Technology; Applied sciences; Computer forensics; Cybercrime; Cyberforensics; Digital forensics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Gurule, K. (2016). An analysis of digital forensic units. (Thesis). Purdue University. Retrieved from https://docs.lib.purdue.edu/open_access_theses/948

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Gurule, Kaitlyn. “An analysis of digital forensic units.” 2016. Thesis, Purdue University. Accessed December 07, 2019. https://docs.lib.purdue.edu/open_access_theses/948.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Gurule, Kaitlyn. “An analysis of digital forensic units.” 2016. Web. 07 Dec 2019.

Vancouver:

Gurule K. An analysis of digital forensic units. [Internet] [Thesis]. Purdue University; 2016. [cited 2019 Dec 07]. Available from: https://docs.lib.purdue.edu/open_access_theses/948.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Gurule K. An analysis of digital forensic units. [Thesis]. Purdue University; 2016. Available from: https://docs.lib.purdue.edu/open_access_theses/948

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Queensland University of Technology

18. White, Andrew J. Identifying the unknown in user space memory.

Degree: 2013, Queensland University of Technology

URL: https://eprints.qut.edu.au/64181/

► This thesis is a study of how the contents of volatile memory on the Windows operating system can be better understood and utilised for the… (more)

Subjects/Keywords: Memory Forensics; User Space Memory; Malware Detection; Windows; Digital Forensics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

White, A. J. (2013). Identifying the unknown in user space memory. (Thesis). Queensland University of Technology. Retrieved from https://eprints.qut.edu.au/64181/

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

White, Andrew J. “Identifying the unknown in user space memory.” 2013. Thesis, Queensland University of Technology. Accessed December 07, 2019. https://eprints.qut.edu.au/64181/.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

White, Andrew J. “Identifying the unknown in user space memory.” 2013. Web. 07 Dec 2019.

Vancouver:

White AJ. Identifying the unknown in user space memory. [Internet] [Thesis]. Queensland University of Technology; 2013. [cited 2019 Dec 07]. Available from: https://eprints.qut.edu.au/64181/.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

White AJ. Identifying the unknown in user space memory. [Thesis]. Queensland University of Technology; 2013. Available from: https://eprints.qut.edu.au/64181/

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Purdue University

19. Flory, Teri A. Digital Forensics in Law Enforcement: A Needs Based Analysis of Indiana Agencies.

Degree: MS, Information Security, 2015, Purdue University

URL: https://docs.lib.purdue.edu/open_access_theses/1220

► Cyber crime is a growing problem, with the impact to both businesses and individuals increasing exponentially, but the ability of law enforcement agencies to investigate… (more)

▼ Cyber crime is a growing problem, with the impact to both businesses and individuals increasing exponentially, but the ability of law enforcement agencies to investigate and successfully prosecute criminals for these crimes is unclear. Many national needs assessments were conducted in the late 1990’s and early 2000’s by the Department of Justice (DOJ) and the National Institute of Justice (NIJ), which all indicated that state and local law enforcement did not have the training, tools, or staff to effectively conduct digital investigations (Institute for Security and Technology Studies [ISTS], 2002; NIJ, 2004). Additionally, there have been some studies conducted at the state level, however, to date, none have been conducted in Indiana (Gogolin & Jones, 2010). A quick search of the Internet located multiple training opportunities and publications that are available at no cost to state and local law enforcement, but it is not clear how many agencies use these resources (“State, Local, & Tribal” for FLETC, n.d.; https://www.ncfi. usss.gov). This study provided a current and localized assessment of the ability of Indiana law enforcement agencies to effectively investigate when a crime that involves digital evidence is alleged to have occurred, the availability of training for both law enforcement officers and prosecuting attorneys, and the ability of prosecuting attorneys to pursue and obtain convictions in cases involving digital evidence. Through an analysis of the survey responses by Indiana law enforcement agencies and prosecutors’ offices, it is evident that Indiana agencies have improved their ability to investigate crimes with digital evidence, with more than half with employees on staff who have attended a digital forensic training course within the past five years. However, a large majority of the agencies still perceive their abilities to investigate crimes with digital evidence in the mid-range or lower. The results support the recommendation that a comprehensive resource guide needs to be made available that the agencies can use to locate experts, obtain assistance with standard operating procedures, learn about free training courses, and find funding opportunities to increase their capabilities in investigating crimes involving digital evidence. Advisors/Committee Members: Eugene H. Spafford, Glenn G. Sparks, Marcus K. Rogers.

Subjects/Keywords: Computer Forensics; Cybercrime; Digital Evidence; Forensics; Law Enforcement

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Flory, T. A. (2015). Digital Forensics in Law Enforcement: A Needs Based Analysis of Indiana Agencies. (Thesis). Purdue University. Retrieved from https://docs.lib.purdue.edu/open_access_theses/1220

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Flory, Teri A. “Digital Forensics in Law Enforcement: A Needs Based Analysis of Indiana Agencies.” 2015. Thesis, Purdue University. Accessed December 07, 2019. https://docs.lib.purdue.edu/open_access_theses/1220.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Flory, Teri A. “Digital Forensics in Law Enforcement: A Needs Based Analysis of Indiana Agencies.” 2015. Web. 07 Dec 2019.

Vancouver:

Flory TA. Digital Forensics in Law Enforcement: A Needs Based Analysis of Indiana Agencies. [Internet] [Thesis]. Purdue University; 2015. [cited 2019 Dec 07]. Available from: https://docs.lib.purdue.edu/open_access_theses/1220.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Flory TA. Digital Forensics in Law Enforcement: A Needs Based Analysis of Indiana Agencies. [Thesis]. Purdue University; 2015. Available from: https://docs.lib.purdue.edu/open_access_theses/1220

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Nairobi

20. Mogire, Obwaya. Digital forensics framework for Kenyan courts of laws .

Degree: 2011, University of Nairobi

URL: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/10249

► We are living in the knowledge age where information and knowledge has become of the most sought after commodity as characterized by proliferation of digital… (more)

▼ We are living in the knowledge age where information and knowledge has become of the most sought after commodity as characterized by proliferation of digital devices and systems. This has seen a paradigm shift in the world where there is an increasing need for Digital Forensics (DF) as a vehicle that organizations can use to provide good and trustworthy evidence and processes. Previous research however points out that developing countries have not yet derived expected benefits from DF technology since very few organizations have the structures in place to enable them to conduct cost effective, low-impact and efficient digital investigations. The adoption, proliferation and maturation of digital forensics in Kenya have been slow due to improper regulatory policies, procedures/processes, technologies, standards, legal and governance challenges. The purpose of this research was to develop a digital forensics framework that will serve as a blueprint for Kenyan courts of laws in apprehending digital criminals. Existing DF models were surveyed and then adopted to create a specific application framework. Towards achieving this goal, the research investigated best practices, standards, regulatory policies, procedures, technologies, governance, legal systems and people in place and explored some areas in the legal system where digital forensics evidence is most likely to be questioned. To validate the framework, the research methodology employed in this research was a combination of descriptive survey and case study. The findings of this study have various implications for research as well as practice. For research, best practices, standards, regulatory policies, procedures, technologies, governance and people are critical to influencing digital evidence admissibility in courts. For practice, the findings of this study provide a generic framework for implementation of Digital Forensics. The finding can be used by both government and private agencies in developing countries like Kenya as a guide in providing Digital Forensics services whether internal investigation, disciplinary hearing or court case.

Subjects/Keywords: Digital forensics; e-evidence; admissibility; Kenyan courts

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Mogire, O. (2011). Digital forensics framework for Kenyan courts of laws . (Thesis). University of Nairobi. Retrieved from http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/10249

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Mogire, Obwaya. “Digital forensics framework for Kenyan courts of laws .” 2011. Thesis, University of Nairobi. Accessed December 07, 2019. http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/10249.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Mogire, Obwaya. “Digital forensics framework for Kenyan courts of laws .” 2011. Web. 07 Dec 2019.

Vancouver:

Mogire O. Digital forensics framework for Kenyan courts of laws . [Internet] [Thesis]. University of Nairobi; 2011. [cited 2019 Dec 07]. Available from: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/10249.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Mogire O. Digital forensics framework for Kenyan courts of laws . [Thesis]. University of Nairobi; 2011. Available from: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/10249

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Penn State University

21. Tentilucci, Matthew Joseph. Secure Acquisition of Digital Evidence from VMware ESXi Hypervisors.

Degree: MS, Information Sciences and Technology, 2015, Penn State University

URL: https://etda.libraries.psu.edu/catalog/24944

► The use of computer virtualization technologies has rapidly grown since the early 2000’s. Factors driving this growth include the ever-increasing utilization of cloud computing as… (more)

Subjects/Keywords: Digital Forensics; VMware ESXi; Computer Security; Perl

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Tentilucci, M. J. (2015). Secure Acquisition of Digital Evidence from VMware ESXi Hypervisors. (Masters Thesis). Penn State University. Retrieved from https://etda.libraries.psu.edu/catalog/24944

Chicago Manual of Style (16^th Edition):

Tentilucci, Matthew Joseph. “Secure Acquisition of Digital Evidence from VMware ESXi Hypervisors.” 2015. Masters Thesis, Penn State University. Accessed December 07, 2019. https://etda.libraries.psu.edu/catalog/24944.

MLA Handbook (7^th Edition):

Tentilucci, Matthew Joseph. “Secure Acquisition of Digital Evidence from VMware ESXi Hypervisors.” 2015. Web. 07 Dec 2019.

Vancouver:

Tentilucci MJ. Secure Acquisition of Digital Evidence from VMware ESXi Hypervisors. [Internet] [Masters thesis]. Penn State University; 2015. [cited 2019 Dec 07]. Available from: https://etda.libraries.psu.edu/catalog/24944.

Council of Science Editors:

Tentilucci MJ. Secure Acquisition of Digital Evidence from VMware ESXi Hypervisors. [Masters Thesis]. Penn State University; 2015. Available from: https://etda.libraries.psu.edu/catalog/24944

22. Hales, Gavin. Assisting digital forensic analysis via exploratory information visualisation.

Degree: PhD, 2016, Abertay University

URL: https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.693288

► Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However,… (more)

▼ Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However, the tools supporting digital forensics investigations have not kept pace with this evolution, often leaving the investigator to analyse large volumes of textual data and rely heavily on their own intuition and experience. Aim: This research proposes that given the ability of information visualisation to provide an end user with an intuitive way to rapidly analyse large volumes of complex data, such approached could be applied to digital forensics datasets. Such methods will be investigated; supported by a review of literature regarding the use of such techniques in other fields. The hypothesis of this research body is that by utilising exploratory information visualisation techniques in the form of a tool to support digital forensic investigations, gains in investigative effectiveness can be realised. Method:To test the hypothesis, this research examines three different case studies which look at different forms of information visualisation and their implementation with a digital forensic dataset. Two of these case studies take the form of prototype tools developed by the researcher, and one case study utilises a tool created by a third party research group. A pilot study by the researcher is conducted on these cases, with the strengths and weaknesses of each being drawn into the next case study. The culmination of these case studies is a prototype tool which was developed to resemble a timeline visualisation of the user behaviour on a device. This tool was subjected to an experiment involving a class of university digital forensics students who were given a number of questions about a synthetic digital forensic dataset. Approximately half were given the prototype tool, named Insight, to use, and the others given a common open-source tool. The assessed metrics included: how long the participants took to complete all tasks, how accurate their answers to the tasks were, and how easy the participants found the tasks to complete. They were also asked for their feedback at multiple points throughout the task. Results:The results showed that there was a statistically significant increase in accuracy for one of the six tasks for the participants using the Insight prototype tool. Participants also found completing two of the six tasks significantly easier when using the prototype tool. There were no statistically significant different difference between the completion times of both participant groups. There were no statistically significant differences in the accuracy of participant answers for five of the six tasks. Conclusions: The results from this body of research show that there is evidence to suggest that there is the potential for gains in investigative effectiveness when information visualisation techniques are applied to a digital forensic dataset. Specifically, in some scenarios, the investigator can draw conclusions which are more accurate…

Subjects/Keywords: 363.250285; Digital forensics; Visualisation; Computer security

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Hales, G. (2016). Assisting digital forensic analysis via exploratory information visualisation. (Doctoral Dissertation). Abertay University. Retrieved from https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.693288

Chicago Manual of Style (16^th Edition):

Hales, Gavin. “Assisting digital forensic analysis via exploratory information visualisation.” 2016. Doctoral Dissertation, Abertay University. Accessed December 07, 2019. https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.693288.

MLA Handbook (7^th Edition):

Hales, Gavin. “Assisting digital forensic analysis via exploratory information visualisation.” 2016. Web. 07 Dec 2019.

Vancouver:

Hales G. Assisting digital forensic analysis via exploratory information visualisation. [Internet] [Doctoral dissertation]. Abertay University; 2016. [cited 2019 Dec 07]. Available from: https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.693288.

Council of Science Editors:

Hales G. Assisting digital forensic analysis via exploratory information visualisation. [Doctoral Dissertation]. Abertay University; 2016. Available from: https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113 ; http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.693288

University of Otago

23. Dowling, Anthony. Digital Forensics: A Demonstration of the Effectiveness of The Sleuth Kit and Autopsy Forensic Browser .

Degree: 2010, University of Otago

URL: http://hdl.handle.net/10523/378

► The Sleuth Kit is a collection of Linux tools that perform different aspects of a file system analysis. The Autopsy Forensic Browser is a graphical… (more)

Subjects/Keywords: Digital Forensics; Sleuth Kit; Autopsy; Forensic Browser

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Dowling, A. (2010). Digital Forensics: A Demonstration of the Effectiveness of The Sleuth Kit and Autopsy Forensic Browser . (Masters Thesis). University of Otago. Retrieved from http://hdl.handle.net/10523/378

Chicago Manual of Style (16^th Edition):

Dowling, Anthony. “Digital Forensics: A Demonstration of the Effectiveness of The Sleuth Kit and Autopsy Forensic Browser .” 2010. Masters Thesis, University of Otago. Accessed December 07, 2019. http://hdl.handle.net/10523/378.

MLA Handbook (7^th Edition):

Dowling, Anthony. “Digital Forensics: A Demonstration of the Effectiveness of The Sleuth Kit and Autopsy Forensic Browser .” 2010. Web. 07 Dec 2019.

Vancouver:

Dowling A. Digital Forensics: A Demonstration of the Effectiveness of The Sleuth Kit and Autopsy Forensic Browser . [Internet] [Masters thesis]. University of Otago; 2010. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10523/378.

Council of Science Editors:

Dowling A. Digital Forensics: A Demonstration of the Effectiveness of The Sleuth Kit and Autopsy Forensic Browser . [Masters Thesis]. University of Otago; 2010. Available from: http://hdl.handle.net/10523/378

AUT University

24. Junewon, Park. Acquiring digital evidence from Botnet attacks: procedures and methods .

Degree: 2011, AUT University

URL: http://hdl.handle.net/10292/1482

► The botnet, a collection of compromised computers, is one of the latest technologies in the evolution of cybercrime. Cybercriminals, motivated by financial gain, use those… (more)

▼ The botnet, a collection of compromised computers, is one of the latest technologies in the evolution of cybercrime. Cybercriminals, motivated by financial gain, use those infected computers as an equipment of cybercrime. For example, botnets are used in Distributed Denial of Service (DDoS) extortion scams, sending of spam, and running arbitrary network services for phishing. Therefore, digital forensic investigators need to forensically analysis and reconstruct those criminal activities. However, the writers of botnets have employed various stealth and deception techniques to hide the existence of their bots. They have also used new techniques such as rootkit and packing methods to hamper the botnet analysis. Even though the need for live forensic approaches has constantly increased for gathering valuable information that cannot be obtained by conventional digital forensic approaches, it is not only unrepeatable in normal situations, but also can damage the integrity of the digital evidence. For this reason, the main purpose of this study is to propose a forensic investigation approach to address those challenges. The proposed approach is mainly designed to increase repeatability of live forensic investigation and accuracy of digital evidence, which especially is focused on analysis of the memory image acquired from an infected host. In addition, the proposed approach uses various types of information to increase the effectiveness of botnet investigation. In order to evaluate the proposed approach, an experiment is conducted in two phases: malware collection and forensic investigation. In the malware collection phase, the researcher collects botnet samples from the Internet and builds a malware signature database by running a low interaction honeypot. After that, collected malware samples are submitted to some external analysis service providers to understand their behaviour. In the second phase, a forensic analysis is performed on a host infected by a botnet malware to identify and preserve the possible digital evidence. Afterwards, an analysis of the collected evidence is conducted with various types of information to reconstruct a botnet incident. An important contribution of this study is that the proposed approach shows that the most effective approach for the forensic investigation of a botnet incident is to combine internal and external information. The live forensic investigation on the infected system does not provide enough information for reconstruction. To make up for the weak points, the researcher uses existing external knowledge about the malware sample. The lack of explanation about the initial exploitation and propagation method is supplemented by analysing the log of a honeypot system. The details of sequential activities to infect the target machine are explained by the reports of sandbox analysis. Finally, the researcher is able to reconstruct the entire picture of the botnet incident with both internal and external information. Advisors/Committee Members: Brian, Cusack (advisor).

Subjects/Keywords: Digital Forensics; Botnet; Malware; Honeypot; Honeynet

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Junewon, P. (2011). Acquiring digital evidence from Botnet attacks: procedures and methods . (Thesis). AUT University. Retrieved from http://hdl.handle.net/10292/1482

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Junewon, Park. “Acquiring digital evidence from Botnet attacks: procedures and methods .” 2011. Thesis, AUT University. Accessed December 07, 2019. http://hdl.handle.net/10292/1482.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Junewon, Park. “Acquiring digital evidence from Botnet attacks: procedures and methods .” 2011. Web. 07 Dec 2019.

Vancouver:

Junewon P. Acquiring digital evidence from Botnet attacks: procedures and methods . [Internet] [Thesis]. AUT University; 2011. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10292/1482.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Junewon P. Acquiring digital evidence from Botnet attacks: procedures and methods . [Thesis]. AUT University; 2011. Available from: http://hdl.handle.net/10292/1482

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

De Montfort University

25. Alanazi, Fahad Mosalm. A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi Arabia.

Degree: PhD, 2017, De Montfort University

URL: http://hdl.handle.net/2086/15290

► The tremendous increase in the use of digital devices has led to their involvement in the vast majority of current criminal investigations. As a result,… (more)

▼ The tremendous increase in the use of digital devices has led to their involvement in the vast majority of current criminal investigations. As a result, digital forensics has increasingly become one of the most important aspects of criminal investigations. The digital forensics process involves consideration of a number of important phases in order to achieve the required level of accuracy and to reach a successful conclusion of the investigation into the digital aspects of crimes; through obtaining acceptable evidence for use in a court of law. There have been a number of models developed and produced since 1984 to support the digital investigation processes. In this submission, I introduce a proposed model for the digital investigation processes which is based on the scope of the Saudi Arabia investigation process, which has been integrated with existing models of digital investigation processes and has produced a new phase to deal with a situation where there is insufficient evidence. In this research, grounded theory has been adopted as a research method to investigate and explore the participant’s perspectives and their opinions regarding the adoption of a method of a digital forensics investigation process in the absence of complete evidence in the Saudi Arabian context. The interaction of investigators with digital forensics processes involves the social aspect of digital investigation which is why it was suitable to adopt a grounded theory approach. A semi-structured data collection approach has been adopted, to enable the participants to express their visions, concerns, opinions and feelings related to factors that impact the adoption of the DF model for use in cases where there is an absence of sufficient evidence in Saudi Arabia. The proposed model emerged after conducting a number of interviews and analysing the data of this research. The researcher developed the proposed model based on the answers of the participant which helped the researcher to find a solution for dealing with cases where there is insufficient evidence, through adding a unique step in the investigation process, the “TraceBack” Phase. This study is the first in Saudi Arabia to be developed to enhance the accuracy of digital forensics in the absence of sufficient evidence, which opens a new method of research. It is also the first time has been employed a grounded theory in a digital forensics study in the Saudi context, where it was used in a digital forensics study, which indicates the possibility of applying this methodology to this field.

Subjects/Keywords: 600; Digital forensics; Process; Traceback; Saudi Arabia

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Alanazi, F. M. (2017). A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi Arabia. (Doctoral Dissertation). De Montfort University. Retrieved from http://hdl.handle.net/2086/15290

Chicago Manual of Style (16^th Edition):

Alanazi, Fahad Mosalm. “A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi Arabia.” 2017. Doctoral Dissertation, De Montfort University. Accessed December 07, 2019. http://hdl.handle.net/2086/15290.

MLA Handbook (7^th Edition):

Alanazi, Fahad Mosalm. “A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi Arabia.” 2017. Web. 07 Dec 2019.

Vancouver:

Alanazi FM. A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi Arabia. [Internet] [Doctoral dissertation]. De Montfort University; 2017. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/2086/15290.

Council of Science Editors:

Alanazi FM. A method to enhance the accuracy of digital forensics in the absence of complete evidence in Saudi Arabia. [Doctoral Dissertation]. De Montfort University; 2017. Available from: http://hdl.handle.net/2086/15290

University of Pretoria

26. Pieterse, Heloise. Evaluation and Identification of Authentic Smartphone Data.

Degree: PhD, Computer Science, 2019, University of Pretoria

URL: http://hdl.handle.net/2263/70669

► Mobile technology continues to evolve in the 21st century, providing end-users with mobile devices that support improved capabilities and advance functionality. This ever-improving technology allows… (more)

▼ Mobile technology continues to evolve in the 21st century, providing end-users with mobile devices that support improved capabilities and advance functionality. This ever-improving technology allows smartphone platforms, such as Google Android and Apple iOS, to become prominent and popular among end-users. The reliance on and ubiquitous use of smartphones render these devices rich sources of digital data. This data becomes increasingly important when smartphones form part of regulatory matters, security incidents, criminal or civil cases. Digital data is, however, susceptible to change and can be altered intentionally or accidentally by end-users or installed applications. It becomes, therefore, essential to evaluate the authenticity of data residing on smartphones before submitting the data as potential digital evidence. This thesis focuses on digital data found on smartphones that have been created by smartphone applications and the techniques that can be used to evaluate and identify authentic data. Identification of authentic smartphone data necessitates a better understanding of the smartphone, the related smartphone applications and the environment in which the smartphone operates. Derived from the conducted research and gathered knowledge are the requirements for authentic smartphone data. These requirements are captured in the smartphone data evaluation model to assist digital forensic professionals with the assessment of smartphone data. The smartphone data evaluation model, however, only stipulates how to evaluate the smartphone data and not what the outcome of the evaluation is. Therefore, a classification model is constructed using the identified requirements and the smartphone data evaluation model. The classification model presents a formal classification of the evaluated smartphone data, which is an ordered pair of values. The first value represents the grade of the authenticity of the data and the second value describes the completeness of the evaluation. Collectively, these models form the basis for the developed SADAC tool, a proof of concept digital forensic tool that assists with the evaluation and classification of smartphone data. To conclude, the evaluation and classification models are assessed to determine the effectiveness and efficiency of the models to evaluate and identify authentic smartphone data. The assessment involved two attack scenarios to manipulate smartphone data and the subsequent evaluation of the effects of these attack scenarios using the SADAC tool. The results produced by evaluating the smartphone data associated with each attack scenario confirmed the classification of the authenticity of smartphone data is feasible. Digital forensic professionals can use the provided models and developed SADAC tool to evaluate and identify authentic smartphone data. The outcome of this thesis provides a scientific and strategic approach for evaluating and identifying authentic smartphone data, offering needed assistance to digital forensic professionals. This research also adds… Advisors/Committee Members: Olivier, Martin S. (advisor), Van Heerden, Renier (coadvisor).

Subjects/Keywords: UCTD; Digital Forensics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Pieterse, H. (2019). Evaluation and Identification of Authentic Smartphone Data. (Doctoral Dissertation). University of Pretoria. Retrieved from http://hdl.handle.net/2263/70669

Chicago Manual of Style (16^th Edition):

Pieterse, Heloise. “Evaluation and Identification of Authentic Smartphone Data.” 2019. Doctoral Dissertation, University of Pretoria. Accessed December 07, 2019. http://hdl.handle.net/2263/70669.

MLA Handbook (7^th Edition):

Pieterse, Heloise. “Evaluation and Identification of Authentic Smartphone Data.” 2019. Web. 07 Dec 2019.

Vancouver:

Pieterse H. Evaluation and Identification of Authentic Smartphone Data. [Internet] [Doctoral dissertation]. University of Pretoria; 2019. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/2263/70669.

Council of Science Editors:

Pieterse H. Evaluation and Identification of Authentic Smartphone Data. [Doctoral Dissertation]. University of Pretoria; 2019. Available from: http://hdl.handle.net/2263/70669

Purdue University

27. Nielsen, Jeremiah Jens. Distributed Digital Forensics on Pre-existing Internal Networks.

Degree: MS, Computer and Information Technology, 2013, Purdue University

URL: http://docs.lib.purdue.edu/open_access_theses/135

► Today's large datasets are a major hindrance on digital investigations and have led to a substantial backlog of media that must be examined. While… (more)

Subjects/Keywords: client services; digital forensics; distributed digital forensics; forensic toolkit 4.1; mapreduce; Computer Sciences

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Nielsen, J. J. (2013). Distributed Digital Forensics on Pre-existing Internal Networks. (Thesis). Purdue University. Retrieved from http://docs.lib.purdue.edu/open_access_theses/135

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Nielsen, Jeremiah Jens. “Distributed Digital Forensics on Pre-existing Internal Networks.” 2013. Thesis, Purdue University. Accessed December 07, 2019. http://docs.lib.purdue.edu/open_access_theses/135.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Nielsen, Jeremiah Jens. “Distributed Digital Forensics on Pre-existing Internal Networks.” 2013. Web. 07 Dec 2019.

Vancouver:

Nielsen JJ. Distributed Digital Forensics on Pre-existing Internal Networks. [Internet] [Thesis]. Purdue University; 2013. [cited 2019 Dec 07]. Available from: http://docs.lib.purdue.edu/open_access_theses/135.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Nielsen JJ. Distributed Digital Forensics on Pre-existing Internal Networks. [Thesis]. Purdue University; 2013. Available from: http://docs.lib.purdue.edu/open_access_theses/135

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Victoria

28. Alharbi, Soltan Abed. Proactive System for Digital Forensic Investigation.

Degree: Department of Electrical and Computer Engineering, 2014, University of Victoria

URL: http://hdl.handle.net/1828/5237

► Digital Forensics (DF) is defined as the ensemble of methods, tools and techniques used to collect, preserve and analyse digital data originating from any type… (more)

Subjects/Keywords: Digital Forensics; Reactive Digital Forensic; Proactive Digital Forensic

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Alharbi, S. A. (2014). Proactive System for Digital Forensic Investigation. (Thesis). University of Victoria. Retrieved from http://hdl.handle.net/1828/5237

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Alharbi, Soltan Abed. “Proactive System for Digital Forensic Investigation.” 2014. Thesis, University of Victoria. Accessed December 07, 2019. http://hdl.handle.net/1828/5237.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Alharbi, Soltan Abed. “Proactive System for Digital Forensic Investigation.” 2014. Web. 07 Dec 2019.

Vancouver:

Alharbi SA. Proactive System for Digital Forensic Investigation. [Internet] [Thesis]. University of Victoria; 2014. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/1828/5237.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Alharbi SA. Proactive System for Digital Forensic Investigation. [Thesis]. University of Victoria; 2014. Available from: http://hdl.handle.net/1828/5237

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

29. Delgado, Manuel. Combater o crime económico com armas digitais: o papel do open-source.

Degree: 2012, RCAAP

URL: https://www.rcaap.pt/detail.jsp?id=oai:repositorio.iscte-iul.pt:10071/8063

►

A par do extraordinário desenvolvimento económico proporcionado pela evolução das Tecnologias da Informação e Comunicação, potenciado, nos anos mais recentes, com o desenvolvimento da internet,… (more)

▼

A par do extraordinário desenvolvimento económico proporcionado pela evolução das Tecnologias da Informação e Comunicação, potenciado, nos anos mais recentes, com o desenvolvimento da internet, consolida-se uma dimensão anárquica e obscura que, a coberto do anonimato e tirando partido da mesma tecnologia, veicula uma miríade de comportamentos de natureza criminosa, que tendem a subverter os princípios básicos da vivência em sociedade, alguns dos quais, contribuíram em larga medida para a dimensão da presente crise económica. Grande parte das dificuldades que a generalidade dos sistemas de justiça enfrentam, para dominar este novo tipo de criminalidade, radicam no Gap Tecnológico que se verifica nas tecnologias de que dispõe, face aos meios utilizados pelo crime organizado. Tomando como referencial o fenómeno do crime económico, o presente trabalho apresenta a Informática Forense como ferramenta incontornável para combater aquele flagelo. Ao longo da revisão da literatura, evidenciam-se cenários concretos e recorrentes na investigação da criminalidade económica, no sentido de concretizar em fase posterior, o respectivo tratamento com recurso a ferramentas Open Source, confrontando os resultados obtidos com os resultantes de idêntico tratamento efectuado com base numa ferramenta comercial de referência. Procura-se assim demonstrar que estão disponíveis ferramentas que possibilitam um salto qualitativo nos processos de investigação, sem por em causa o equilíbrio orçamental que a actual situação económica exige.

In addition to the extraordinary economic development provided by the evolution of Information and Communication Technologies, boosted in recent years, with the development of internet, will be consolidating an anarchic and obscure dimension that, under cover of anonymity and exploiting the same technology, conveys a myriad of behaviors of a criminal nature, which tend to undermine the basic principles of living in society, some of which have contributed greatly to the dimensions of this economic crisis. Many of the difficulties that the generality of the justice systems faced to master this new type of crime, rooted in the Technological Gap between the means used by organized crime and those that have the justice system. Taking as reference the phenomenon of economic crime, this dissertation presents the Forensic Computing as a tool essential to combat that scourge. Through the literature review, I will seek to show, specific scenarios, but recurrent in the investigation of economic crime, in order to realize at a later stage, their treatment with the use of Open Source tools, comparing the results obtained with the same treatment carried out based on a commercial reference tool. Thus I will show that tools are available that enable a qualitative jump in research processes, without jeopardizing the budget balance of the justice departments, as the current economic situation requires.

Advisors/Committee Members: Costa, Carlos J., Aparício, Manuela.

Subjects/Keywords: Informática forense; Forense digital; Evidência digital; Investigação de crime económico; Computer forensics; Digital forensics; Digital evidence; Economic crime investigation

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Delgado, M. (2012). Combater o crime económico com armas digitais: o papel do open-source. (Thesis). RCAAP. Retrieved from https://www.rcaap.pt/detail.jsp?id=oai:repositorio.iscte-iul.pt:10071/8063

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Delgado, Manuel. “Combater o crime económico com armas digitais: o papel do open-source.” 2012. Thesis, RCAAP. Accessed December 07, 2019. https://www.rcaap.pt/detail.jsp?id=oai:repositorio.iscte-iul.pt:10071/8063.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Delgado, Manuel. “Combater o crime económico com armas digitais: o papel do open-source.” 2012. Web. 07 Dec 2019.

Vancouver:

Delgado M. Combater o crime económico com armas digitais: o papel do open-source. [Internet] [Thesis]. RCAAP; 2012. [cited 2019 Dec 07]. Available from: https://www.rcaap.pt/detail.jsp?id=oai:repositorio.iscte-iul.pt:10071/8063.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Delgado M. Combater o crime económico com armas digitais: o papel do open-source. [Thesis]. RCAAP; 2012. Available from: https://www.rcaap.pt/detail.jsp?id=oai:repositorio.iscte-iul.pt:10071/8063

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

AUT University

30. Son, Jung. Social Network Forensics: evidence extraction tool capabilities .

Degree: 2012, AUT University

URL: http://hdl.handle.net/10292/4068

► The introduction of Social Networking Sites (SNSs) in recent years caused an explosion in consumer participation and these sites now attract hundreds of millions of… (more)

▼ The introduction of Social Networking Sites (SNSs) in recent years caused an explosion in consumer participation and these sites now attract hundreds of millions of users from around the world. Likewise, blogs and wikis are increasingly popular Web 2.0 venues that can evolve into formal communities of interest, providing significant knowledge-sharing and learning opportunities. Used appropriately, these venues therefore represent a valuable public space. Unfortunately, because a majority of the users of these sites are young people, the sites also tend to attract online predators and others who would exploit the sites. It is opportune to review and test the capability of different Digital Forensic tools that have practical application in the extraction of potential evidence from SNSs such as FacebookTM, TwitterTM, LinkedIn and Google+TM, in the event of criminal activity. This research evaluates evidence extraction tools in a systematic and forensically sound manner and based on the findings of the literature review in this research, to measure the capability of extracting evidence from SNSs in different test scenarios. The research question underpinning this research asks whether the existing digital forensic tools have enable forensic investigators to enhance investigative process, and what features there are in each tool that can collect evidence from SNSs. This research will explore evidence extraction tool capabilities by posing the following main research question: What are the capabilities of the 3 chosen tools to collect and analyse evidence from Social Networking Sites in a digital forensic investigation? There are volumes of blog articles and ACM publications on social network technologies that reflect research in a full range of related topics. However, although there is a large body of literature on social networks generated since 2009, there are only a few articles on forensics in SNSs. The available literature is concerned with the impact of social networking on society in general, rather than how to find evidence from social networking sites. In the proposed research, a samples of three software tools are evaluated for capability after a thorough review from literature about the available tools. A simulated social networking site is constructed in a controlled environment, and then stress-tested. The three selected tools are used to extract social network chat or web pages from allocated space on a hard disk partition, from unallocated space, and generated log data. Each tool is assessed for scope and capability. Advice on best practice for compliance with forensic data acquisition principles can be made based on performance. These outcomes can contribute to gaps in the current literature on conducting digital forensics investigation for SNSs. The research found that evidence extraction from SNSs is complex as evidence is typically not saved on the hard drive, and artifacts are stored in many different places, depending on a number of variables. Given that the data exchange in… Advisors/Committee Members: Cusack, Brian (advisor).

Subjects/Keywords: Social Network Forensics; Browser Forensics; Internet Forensics; Digital Forensic Tools; Tool Evaluation; Tool capability; Social Networking Sites

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Son, J. (2012). Social Network Forensics: evidence extraction tool capabilities . (Thesis). AUT University. Retrieved from http://hdl.handle.net/10292/4068

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Son, Jung. “Social Network Forensics: evidence extraction tool capabilities .” 2012. Thesis, AUT University. Accessed December 07, 2019. http://hdl.handle.net/10292/4068.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Son, Jung. “Social Network Forensics: evidence extraction tool capabilities .” 2012. Web. 07 Dec 2019.

Vancouver:

Son J. Social Network Forensics: evidence extraction tool capabilities . [Internet] [Thesis]. AUT University; 2012. [cited 2019 Dec 07]. Available from: http://hdl.handle.net/10292/4068.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Son J. Social Network Forensics: evidence extraction tool capabilities . [Thesis]. AUT University; 2012. Available from: http://hdl.handle.net/10292/4068

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

		in
And / Or
		in
And / Or
		in
And / Or
		in

Open Access Theses and Dissertations