Modern ships Voyage Data Recorders: A forensics perspective on the Costa Concordia shipwreck

International regulations about the safety of ships at sea require every modern vessel to be equipped with a Voyage Data Recorder to assist investigations in the event of an accident. As such, these devices are the primary means for acquiring reliable data about an accident involving a ship, and so they must be the first targets in an investigation. Although regulations describe the sources and amount of data to be recorded, they say nothing about the format of the recording. Because of this, nowadays investigators are forced to rely solely on the help of the builder of the system, which provides proprietary software to “replay” the voyage recordings. This paper delves into the examination of data found in the VDR from the actual Costa Concordia accident in 2012, and describes the recovery of information useful for the investigation, both by deduction and by reverse engineering of the data, some of which were not even shown by the official replay software.     

我国数字城市建设现状、存在问题及对策

城市数字化是城市发展的必然趋势,但我国数字城市建设起步较晚,目前发展比较落后。建议加快信息基础建设,实现资源共享;加强政府的统一管理,加快政府的信息化建设;缩小地区差距、城乡差距;培养引进专业人才。     

以政府为主导推进电子政务建设的总体策略

电子政务建设是一项复杂的系统工程。以政府为先导,结合中国国情制定正确的实施策略,是成功推进电子政务建设的关键环节。政府从全局出发,立足国情,进行正确的策略选择,不仅有利于形成和完善适合中国国情的电子政务建设模式,也为企业、社会的信息化建设提供了有益的探索途径。     

数码图像合法性的侦查对策研究

数码摄影作为一项高科技,它在刑事侦查中的运用已越来越广泛,在带来便利的同时,也带来了一些问题,如何面对数码图像这种高科技证据的合法性问题,我们侦查人员必须进行研究探讨。     

Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform

We describe the design, implementation, and evaluation of FROST—three new forensic tools for the OpenStack cloud platform. Our implementation for the OpenStack cloud platform supports an Infrastructure-as-a-Service (IaaS) cloud and provides trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs. Unlike traditional acquisition tools, FROST works at the cloud management plane rather than interacting with the operating system inside the guest virtual machines, thereby requiring no trust in the guest machine. We assume trust in the cloud provider, but FROST overcomes non-trivial challenges of remote evidence integrity by storing log data in hash trees and returning evidence with cryptographic hashes. Our tools are user-driven, allowing customers, forensic examiners, and law enforcement to conduct investigations without necessitating interaction with the cloud provider. We demonstrate how FROST's new features enable forensic investigators to obtain forensically-sound data from OpenStack clouds independent of provider interaction. Our preliminary evaluation indicates the ability of our approach to scale in a dynamic cloud environment. The design supports an extensible set of forensic objectives, including the future addition of other data preservation, discovery, real-time monitoring, metrics, auditing, and acquisition capabilities.     

FRASH: A framework to test algorithms of similarity hashing

Automated input identification is a very challenging, but also important task. Within computer forensics this reduces the amount of data an investigator has to look at by hand. Besides identifying exact duplicates, which is mostly solved using cryptographic hash functions, it is necessary to cope with similar inputs (e.g., different versions of a file), embedded objects (e.g., a JPG within a Word document), and fragments (e.g., network packets), too. Over the recent years a couple of different similarity hashing algorithms were published. However, due to the absence of a definition and a test framework, it is hardly possible to evaluate and compare these approaches to establish them in the community.The paper at hand aims at providing an assessment methodology and a sample implementation called FRASH: a framework to test algorithms of similarity hashing. First, we describe common use cases of a similarity hashing algorithm to motivate our two test classes efficiency and sensitivity & robustness. Next, our open and freely available framework is briefly described. Finally, we apply FRASH to the well-known similarity hashing approaches ssdeep and sdhash to show their strengths and weaknesses.     

A case study on anonymised sharing platforms and digital traces left by their usage

Non-local forms of file storage and transfer provide investigatory concerns. Whilst mainstream cloud providers offer a well-established challenge to those involved in criminal enquiries, there are also a host of services offering non-account based ‘anonymous’ online temporary file storage and transfer. From the context of a digital forensic investigation, the practitioner examining a suspect device must detect when such services have been utilised by a user, as offending files may not be resident on local storage media. In addition, identifying the use of a service may also expose networks of illegal file distribution, supporting wider investigations into criminal activity. This work examines 16 anonymous file transfer services and identifies and interprets the digital traces left behind on a device following their use to support law enforcement investigations.     

Digital evidence and the crime scene

Many criminal investigations maintain an element of digital evidence, where it is the role of the first responder in many cases to both identify its presence at any crime scene, and assess its worth. Whilst in some instances the existence and role of a digital device at-scene may be obvious, in others, the first responder will be required to evaluate whether any ‘digital opportunities’ exist which could support their inquiry, and if so, where these are. This work discusses the potential presence of digital evidence at crime scenes, approaches to identifying it and the contexts in which it may exist, focusing on the investigative opportunities that devices may offer. The concept of digital devices acting as ‘digital witnesses’ is proposed, followed by an examination of potential ‘digital crime scene’ scenarios and strategies for processing them.     

论复合型图书馆

复合型图书馆是图书馆的存在和运行模式,是图书馆存在与运行的现实形态。复合型图书馆的发展模式,是在传统图书馆基础上改进、发展而成的,目的是建设既有传统图书馆的社会基础和实体优势,又有数字图书馆的基本特征的现代图书馆。     

Vehicle remote keyless entry systems and engine immobilisers: Do not believe the insurer that this technology is perfect

In the 1990s, governments put pressure on motor vehicle manufacturers to provide better security for vehicles. Thieves could steal cars and lorries with relative ease. The manufacturers responded by introducing electronic systems to make it more difficult for vehicles to be stolen without the key. However, as with most forms of technology, the software can be bypassed. In recent years, thieves have manipulated weaknesses in the technology, so that vehicles can be stolen without the key.