共查询到20条相似文献,搜索用时 15 毫秒
1.
This paper proposes methods to automate recovery and analysis of Windows NT5 (XP and 2003) event logs for computer forensics. Requirements are formulated and methods are evaluated with respect to motivation and process models. A new, freely available tool is presented that, based on these requirements, automates the repair of a common type of corruption often observed in data carved NT5 event logs. This tool automates repair of multiple event logs in a single step without user intervention. The tool was initially developed to meet immediate needs of computer forensic engagements.Automating recovery, repair, and correlation of multiple logs make these methods more feasible for consideration in both a wider range of cases and earlier phases of cases, and hopefully, in turn, standard procedures. The tool was developed to fill a gap between capabilities of certain other freely available tools that may recover and correlate large volumes of log events, and consequently permit correlation with various other kinds of Windows artifacts. The methods are examined in the context of an example digital forensic service request intended to illustrate the kinds of civil cases that motivated this work. 相似文献
2.
In this research, a prototype enterprise monitoring system for Android smartphones was developed to continuously collect many data sets of interest to incident responders, security auditors, proactive security monitors, and forensic investigators. Many of the data sets covered were not found in other available enterprise monitoring tools. The prototype system neither requires root privileges nor the exploiting of the Android architecture for proper operation, thereby increasing interoperability among Android devices and avoiding a spyware classification for the system. An anti-forensics analysis on the system was performed to identify and further strengthen areas vulnerable to tampering. The contributions of this research include the release of the first open-source Android enterprise monitoring solution of its kind, a comprehensive guide of data sets available for collection without elevated privileges, and the introduction of a novel design strategy implementing various Android application components useful for monitoring on the Android platform. 相似文献
3.
Alexandre Novo Henrique Lorenzo Fernando I. Rial Mercedes Solla 《Forensic science international》2011,204(1-3):134-138
In the present work we show a forensic case study carried out in a mountainous environment. Main objective was to locate a clandestine grave which is around 10–20 years old and contains human remains of one individual and a metallic tool, probably a pick. Survey design started with an experimental burial of a pick at the expected depth (1 m) as well as the calculation of synthetic radargrams in order to know if the 250 MHz antenna was suitable for its detection and to have a record of the reflection of the pick. Conclusions extracted from the experiments together with rough terrain conditions suggested the use of the 250 MHz antenna which allowed a good compromise between target detection and dense grid acquisition of an extensive survey area. 相似文献
4.
The big data era has a high impact on forensic data analysis. Work is done in speeding up the processing of large amounts of data and enriching this processing with new techniques. Doing forensics calls for specific design considerations, since the processed data is incredibly sensitive. In this paper we explore the impact of forensic drivers and major design principles like security, privacy and transparency on the design and implementation of a centralized digital forensics service. 相似文献
5.
6.
7.
8.
Remote live forensics has recently been increasingly used in order to facilitate rapid remote access to enterprise machines. We present the GRR Rapid Response Framework (GRR), a new multi-platform, open source tool for enterprise forensic investigations enabling remote raw disk and memory access. GRR is designed to be scalable, opening the door for continuous enterprise wide forensic analysis. This paper describes the architecture used by GRR and illustrates how it is used routinely to expedite enterprise forensic investigations. 相似文献
9.
Lorenzini R 《Forensic science international》2005,153(2-3):218-221
DNA molecular techniques were used in a forensic investigation involving the poaching of wildlife in a national park of Italy. A poacher, after having snared a wild boar (Sus scrofa) sow, knifed it to death. The animal was retrieved by conservation officers at the scene before the poacher could remove the carcass. Subsequently, the suspect denied the charges. During a search of his home, a bloodstained knife was confiscated. A method to identify the species from the DNA extracted from the stains revealed the blood to be that of the non-domestic form of Sus scrofa. Further DNA typing for individual identity using species-specific single tandem repeats or microsatellites (STRs) showed that the DNA on the knife matched that of the poached boar. Based upon the forensic evidence obtained, the suspect was convicted of poaching and of cruelty to animals. 相似文献
10.
Recently, “Speed” is one of the hot issues in digital forensics. Thanks to a recent advanced technology, today we can get bigger hard drive disks at a lower price than previously. But unfortunately, it means for forensic investigators that they need tremendous time and effort in the sequence of process of creating forensic images, searching into them and analyzing them. In order to solve this problem, some methods have been proposed to improve performance of forensic tools. One of them getting attention is a hardware-based approach. However, such a way is limited in the field of evidence cloning or password cracking while it is rarely used in searching and analysis of the digital evidence. In this paper, we design and implement a high-speed search engine using a Tarari content processor. Furthermore, we show feasibility of our approach by comparing its performance and features to those of a popular forensic tool currently on the market. 相似文献
11.
手机物证检验及其在刑事侦查中的应用 总被引:2,自引:2,他引:2
随着移动通信技术的迅速发展和广泛应用,手机内部包含的信息已经成为犯罪侦查重要的线索和证据来源。采用专门的符合物证鉴定原理要求的技术方法检验手机的SIM卡存储器、主板存储器和闪存卡,可以获得大量的手机使用者个人信息、通信内容信息、通信发生信息、使用者写入存储信息和手机设置信息等大量信息资料。手机检验结果给出的这些信息具有非常高的侦查和证据价值的,手机也因此成为物证鉴定领域内一个新的检验对象。 相似文献
12.
Recently, “Speed” is one of the hot issues in digital forensics. Thanks to a recent advanced technology, today we can get bigger hard drive disks at a lower price than previously. But unfortunately, it means for forensic investigators that they need tremendous time and effort in the sequence of process of creating forensic images, searching into them and analyzing them. In order to solve this problem, some methods have been proposed to improve performance of forensic tools. One of them getting attention is a hardware-based approach. However, such a way is limited in the field of evidence cloning or password cracking while it is rarely used in searching and analysis of the digital evidence. In this paper, we design and implement a high-speed search engine using a Tarari content processor. Furthermore, we show feasibility of our approach by comparing its performance and features to those of a popular forensic tool currently on the market. 相似文献
13.
This paper presents the first deep investigation of the kmem_cache facility in Linux from a forensics perspective. The kmem_cache is used by the Linux kernel to quickly allocate and deallocate kernel structures associated with processes, files, and the network stack. Our focus is on deallocated information that remains in the cache and the major contribution of this paper is to illustrate what forensically relevant information can be retrieved from the kmem_cache and what information is definitively not retrievable. We show that the kmem_cache contains a wealth of digital evidence, much of which was either previously unavailable or difficult to obtain, requiring ad hoc methods for extraction. Previously executed processes, memory mappings, sent and received network packets, NAT translations, accessed file system inodes, and more can all be recovered through examination of the kmem_cache contents. We also discuss portable methods for erasing this information, to ensure that private data is no longer recoverable. 相似文献
14.
Itiel E. Dror 《Science & justice》2012,52(2):128-130
Understanding and coping with cognitive bias in forensic science requires multiple studies, utilizing both laboratory-based experiments and data from casework. Neither type of studies has ever been conducted to examine bias in mixture DNA interpretations. A study that includes both types of data has recently been published in Science and Justice. The data and statistical analysis clearly — at the very least — suggest that bias may potentially influence DNA mixture interpretation. This is due, in part, to the subjective elements in interpretation of mixture DNA. The issue of bias and other cognitive influences is of a sensitive nature and presents complex experimental challenges. Our study takes a step in examining these issues and calls for more research. 相似文献
15.
16.
An intensive field study of 17 correctional personnel training programs was conducted to assess the organization-environment context in which these programs emerged and operated. Content analysis of site visit data revealed that correctional training programs less often served specific organization goal achievement purposes, and more often served as general strategies for coping with external environmental demands and pressures. A theoretical framework for examining organization-environment relations is described, and then used to analyze correctional training programs as a boundary-spanning activity that relates correctional organizations to environmental conditions. Organizational responses to environmental demands are placed along a continuum of adjustment ranging from survival, to adaptation, and innovation. Organizational responses to environmental demands, in turn, are related to training patterns that dovetail with the major needs of organizations and their personnel in efforts to adjust to the environment. 相似文献
17.
Writing digital forensics (DF) tools is difficult because of the diversity of data types that needs to be processed, the need for high performance, the skill set of most users, and the requirement that the software run without crashing. Developing this software is dramatically easier when one possesses a few hundred disks of other people's data for testing purposes. This paper presents some of the lessons learned by the author over the past 14 years developing DF tools and maintaining several research corpora that currently total roughly 30TB. 相似文献
18.
19.
20.
There is an alarming increase in the number of cybercrime incidents through anonymous e-mails. The problem of e-mail authorship attribution is to identify the most plausible author of an anonymous e-mail from a group of potential suspects. Most previous contributions employed a traditional classification approach, such as decision tree and Support Vector Machine (SVM), to identify the author and studied the effects of different writing style features on the classification accuracy. However, little attention has been given on ensuring the quality of the evidence. In this paper, we introduce an innovative data mining method to capture the write-print of every suspect and model it as combinations of features that occurred frequently in the suspect's e-mails. This notion is called frequent pattern, which has proven to be effective in many data mining applications, but it is the first time to be applied to the problem of authorship attribution. Unlike the traditional approach, the extracted write-print by our method is unique among the suspects and, therefore, provides convincing and credible evidence for presenting it in a court of law. Experiments on real-life e-mails suggest that the proposed method can effectively identify the author and the results are supported by a strong evidence. 相似文献