A social graph based text mining framework for chat log investigation

This paper presents a unified social graph based text mining framework to identify digital evidences from chat logs data. It considers both users' conversation and interaction data in group-chats to discover overlapping users' interests and their social ties. The proposed framework applies n-gram technique in association with a self-customized hyperlink-induced topic search (HITS) algorithm to identify key-terms representing users' interests, key-users, and key-sessions. We propose a social graph generation technique to model users' interactions, where ties (edges) between a pair of users (nodes) are established only if they participate in at least one common group-chat session, and weights are assigned to the ties based on the degree of overlap in users' interests and interactions. Finally, we present three possible cyber-crime investigation scenarios and a user-group identification method for each of them. We present our experimental results on a data set comprising 1100 chat logs of 11,143 chat sessions continued over a period of 29 months from January 2010 to May 2012. Experimental results suggest that the proposed framework is able to identify key-terms, key-users, key-sessions, and user-groups from chat logs data, all of which are crucial for cyber-crime investigation. Though the chat logs are recovered from a single computer, it is very likely that the logs are collected from multiple computers in real scenario. In this case, logs collected from multiple computers can be combined together to generate more enriched social graph. However, our experiments show that the objectives can be achieved even with logs recovered from a single computer by using group-chats data to draw relationships between every pair of users.     

A novel file carving algorithm for National Marine Electronics Association (NMEA) logs in GPS forensics

Globe positioning system (GPS) devices are an increasing importance source of evidence, as more of our devices have built-in GPS capabilities. In this paper, we propose a novel framework to efficiently recover National Marine Electronics Association (NMEA) logs and reconstruct GPS trajectories. Unlike existing approaches that require file system metadata, our proposed algorithm is designed based on the file carving technique without relying on system metadata. By understanding the characteristics and intrinsic structure of trajectory data in NMEA logs, we demonstrate how to pinpoint all data blocks belonging to the NMEA logs from the acquired forensic image of GPS device. Then, a discriminator is presented to determine whether two data blocks can be merged. And based on the discriminator, we design a reassembly algorithm to re-order and merge the obtained data blocks into new logs. In this context, deleted trajectories can be reconstructed by analyzing the recovered logs. Empirical experiments demonstrate that our proposed algorithm performs well when the system metadata is available/unavailable, log files are heavily fragmented, one or more parts of the log files are overwritten, and for different file systems of variable cluster sizes.     

Analyzing multiple logs for forensic evidence

Information stored in logs of a computer system is of crucial importance to gather forensic evidence of investigated actions or attacks. Analysis of this information should be rigorous and credible, hence it lends itself to formal methods. We propose a model checking approach to the formalization of the forensic analysis of logs. A set of logs is modeled as a tree whose labels are events extracted from the logs. In order to provide a structure to these events, we express each event as a term of algebra. The signature of the algebra is carefully chosen to include all relevant information necessary to conduct the analysis. Properties of the model, attack scenarios, and event sequences are expressed as formulas of a logic having dynamic, linear, temporal, and modal characteristics. Moreover, we provide a tableau-based proof system for this logic upon which a model checking algorithm can be developed. We use our model in a case study to demonstrate how events leading to an SYN attack can be reconstructed from a number of system logs.     

Digital Britain interim report: A step in the right direction?

The Digital Britain interim report was published on 29 January 2009 by the DCMS and BERR with the final report being due out in June. The Report divides itself into four areas for ‘action’; namely Digital Networks, Digital Content, Universal Connectivity and Equipping Everyone to Benefit from Digital Britain. The level of action proposed in each case varies widely and the Report has come under criticism for delivering little in the way of concrete promises or clearly defined strategy. This article summarises and analyses a number of the key purported actions from the Report in order to consider whether it is indeed an appropriate step towards an action plan that would secure the Britain's place at the forefront of the new media age.     

Lipophilicity of fentalogs: Comparison of experimental and computationally derived data

Although fentanyl and a small number of derivatives used for medical or veterinary procedures are well characterized, physiochemical properties have not been determined for many of the newer fentanyl analogs. Partition coefficients (Log P) were determined for 19 fentalogs using the shake-flask method and liquid chromatography–tandem mass spectrometry (LC–MS/MS). Experimentally determined partition coefficients were compared with computationally derived data using six independent software sources (ACD/LogP, LogKOWWIN v 1.69, miLogP 2.2, OsirisP, XLOGP 3.0, ALogPS 2.1). Fentalogs with a wide variety of structural modifications were intentionally selected, yielding Log P values ranging from 1.21 to 4.90. Comparison of experimental and computationally derived Log P values were highly correlated (R² 0.854–0.967). Overall, substructure-based modeling using fragmental methods or property-based topological approaches aligned more closely with experimentally determined Log P values. LC–MS/MS was also used to estimate pK_a values for fentalogs with no previously reported data. Lipophilicity and pK_a are important considerations for analytical detection and toxicological interpretation. In silico methods allow the determination of physicochemical information prior to certified reference materials being readily available for in vitro or in vivo studies. Computationally derived data can provide insight regarding physiochemical characteristics of future fentalogs and other classes of synthetic analogs that have yet to emerge.     

Digital evidence accreditation in the corporate and business environment

A prominent banking institution in the United States has submitted an application to have its Computer Forensics unit inspected as the first step towards attaining accreditation. Several other corporations and businesses that operate Computer Forensics units are also considering submitting their applications. This is in response to the American Society of Crime Laboratory Directors/Laboratory Accreditation Board's (ASCLD/LAB) accreditation program which began offering accreditation in the Digital Evidence Discipline in 2003. As defined in the ASCLD/LAB accreditation manual, any laboratory conducting forensic analysis in any of the four sub-disciplines of Digital Evidence (Audio Analysis, Computer Forensics, Digital Imaging Analysis, or Video Analysis) can apply for accreditation. This information is widely known in the forensic crime laboratory community, but most executives and examiners in the corporate and business sector are not aware that they also can apply for accreditation in the Digital Evidence discipline.     

浅析深圳市处理医患纠纷的新模式——仲裁

既往由医疗损害引起的狭义医患纠纷的处理模式包括协商解决、行政调解、民事诉讼。现阶段我国医患纠纷的数量日益增多,有必要推出更多的解决途径。深圳市新推出的医患纠纷仲裁模式则更为医患双方认可,其最大优点是同时可以兼顾中立性、权威性与高效率,但单独采用这种模式仍有一些问题,理想的模式是强制推行医疗损害责任保险制度,采用仲裁模式解决医患纠纷。     

Automated Windows event log forensics

This paper proposes methods to automate recovery and analysis of Windows NT5 (XP and 2003) event logs for computer forensics. Requirements are formulated and methods are evaluated with respect to motivation and process models. A new, freely available tool is presented that, based on these requirements, automates the repair of a common type of corruption often observed in data carved NT5 event logs. This tool automates repair of multiple event logs in a single step without user intervention. The tool was initially developed to meet immediate needs of computer forensic engagements.Automating recovery, repair, and correlation of multiple logs make these methods more feasible for consideration in both a wider range of cases and earlier phases of cases, and hopefully, in turn, standard procedures. The tool was developed to fill a gap between capabilities of certain other freely available tools that may recover and correlate large volumes of log events, and consequently permit correlation with various other kinds of Windows artifacts. The methods are examined in the context of an example digital forensic service request intended to illustrate the kinds of civil cases that motivated this work.     

The collective welfare dimension of dark patterns regulation

Dark Patterns are interface design elements that can influence users' behaviour in digital environments. They can cause harm, not only on an individual but also a collective level, by creating behavioral market failures, reducing trust in markets and promoting unfair competition and data dominance. We contend that these collective effects of Dark Patterns cannot be tackled by existent laws, and thus call for policy intervention. This article reviews how existing and proposed laws in Europe and the US, namely the EU Digital Services Act and Digital Markets Act as well as the U.S. DETOUR and AICO Acts, address these collective dimensions of welfare and add to existing protection. We find that the novel legislative measures attain that goal to varying degrees. However, the collective welfare perspective may prove useful to both support a risk-based approach to the enforcement and provide guidance as to which practices should be addressed as priority.     

IoT forensics: Exploiting unexplored log records from the HIKVISION file system

CCTV surveillance systems are IoT products that can be found almost everywhere. Their digital forensic analysis often plays a key role in solving crimes. However, it is common for these devices to use proprietary file systems, which frequently hinders a complete examination. HIKVISION is a well-known manufacturer of such devices that typically ships its products with its proprietary file system. The HIKVISION file system has been analyzed before but that research has focused on the recovery of video footage. In this paper, the HIKVISION file system is being revisited regarding the log records it stores. More specifically, these log records are thoroughly examined to uncover both their structure and meaning. These unexplored pieces of evidence remain unexploited by major commercial forensic software, yet they can contain critical information for an investigation. To further assist digital forensic examiners with their analysis, a Python utility, namely the Hikvision Log Analyzer, was developed as part of this study that can automate part of the process.     

A Study on the Belt and Road Digital Economy Prospects and Pathway to the Rule of Law

Digital economy empowers the further pursuit and materialization of the Belt and Road Initiative (BRI). It has social efficacy and is governance-oriented in the process of economic globalization, but also has multi-faceted predicaments of governance as well as obstacles to the rule of law. Therefore, the BRI digital economy governance should mediate four relationships at the macro level, and implement the rule of law from three dimensions with the purpose of contributing to constructing global digital governance system.     

人工智能时代法律推理的基本模式——基于可废止逻辑的刻画

从逻辑学的角度看,法律推理具有非单调性。人工智能时代更清晰地凸显出了与这一特性相应的可废止推理模式的必要性。可废止推理虽未必一定用可废止逻辑来刻画,但这一做法在人工智能的环境下更加合乎目的。法律推理的可废止性源于法律规则的可废止性,法律规则的逻辑形式化要求将其构成要件表征为"有待证明的要素"(P要素)与"未被驳倒的要素"(NR要素)两部分,后者的引入恰当地处理了规则与例外的关系。在此基础上,可以通过引入三类"废止者",即反驳型废止者、截断型废止者和削弱型废止者,来建构可废止法律推理的基本模型。但这同时也显现出了可废止法律推理的智能化限度,核心在于它无法进行司法裁判中必不可少的价值判断。     

Emerging Economies,Turnover Rates and Inflation Variability: A Comparison of Generalized Maximum Likelihood and SUR Models

Theoretical exposition and empirical evidence in central bank independence (CBI) literature confirm an inverse relationship between inflation and measures of CBI mostly in developed economies. Based on this ex ante information on CBI-inflation tradeoff, this paper proposes two functional forms for the diagonal and off diagonal elements in the residual covariance matrix in the estimation process. The proposed functional forms are used in a generalized maximum likelihood and then in a generalized least squares (GLS) (with the restricted covariance matrix) framework for the empirical test. The results are compared to the outcome of an SUR model (unrestricted). The tests involve 14 emerging economies and covers the period 1960–1990. Compared to SUR, majority of results of GLS model in samples with and without outliers provide stronger and more significant evidence confirming the CBI-inflation tradeoff. Notably, the standard errors of the GLS estimates are lower than that of the SUR estimates. Without outliers, the GLS estimates show even lower standard errors as compared to the outcome of the SUR model. Low standard errors provide baseline indication of more accurate estimates. This research has benefited from comments from David Tufte, and Gerald Whitney and contributions by participants at the colloquia series at the Montclair State University and the University of New Orleans.     

Investigation Delayed Is Justice Denied: Proposals for Expediting Forensic Examinations of Digital Evidence*

Abstract: There is an urgent need to reduce the growing backlog of forensic examinations in Digital Forensics Laboratories (DFLs). Currently, DFLs routinely create forensic duplicates and perform in‐depth forensic examinations of all submitted media. This approach is rapidly becoming untenable as more cases involve increasing quantities of digital evidence. A more efficient and effective three‐tiered strategy for performing forensic examinations will enable DFLs to produce useful results in a timely manner at different phases of an investigation, and will reduce unnecessary expenditure of resources on less serious matters. The three levels of forensic examination are described along with practical examples and suitable tools. Realizing that this is not simply a technical problem, we address the need to update training and establish thresholds in DFLs. Threshold considerations include the likelihood of missing exculpatory evidence and seriousness of the offense. We conclude with the implications of scaling forensic examinations to the investigation.     

Optimizing risk mitigation in management of sexual offenders: a structural model

Sexual violence is an insidious and pervasive problem that insinuates itself into all aspects of contemporary society. It can neither be mitigated nor adequately controlled through current socio-legal practices. A more promising approach must embrace four integrated elements: (1) public policy, (2) primary prevention, (3) statutory management, and (3) secondary intervention. In the present paper we tackle the 3rd and 4th elements by proposing an integrated model for reducing and managing sexual violence among known sex offenders. Relying on the highly effective Risk-Need-Responsivity (RNR) model as the core of our Sex Offender Risk Mitigation and Management Model (SORM³), we draw together evidence based practices from clinical interventions and risk assessment strategies. Developed by Andrews & Bonta (2006), RNR has a strong empirical track record of efficacy when applied to diverse samples of offenders, including sex offenders (Hanson, Bourgon, Helmus, & Hodgson, 2009). We offer a detailed structural model that seeks to provide a more seamless integration of risk assessment with management and discretionary decisions, including a primary focus on RNR-based post-release aftercare. We end with the mantra that sex offender treatment alone will never effectively mitigate sexual violence in society, since the problem is not confined to the handful of offenders who spend time in prison and are offered some limited exposure to treatment. Any truly effective model must go well beyond the management of those known to be violent and embrace a comprehensive and integrated approach that begins by recognizing the seeds of sexual violence sown by society. Such a public health paradigm places victims - not offenders - at the center, forcing society to come to address the full gamut of hazards that fuel sexual violence.     

The Social Psychology of Making and Responding to Hospital Complaints: An Account Model of Complaint Processes*

Drawing on a study of 399 hospital complaints entering the National Health Service formal complaints procedure, this paper analyzes the interaction between complainant and hospital as a social episode in which the hospital is called to account for violation of the complainant's normative expectations and makes its response. The non-instrumental and uncrystallized character of many complaints is emphasized. Letters of complaint and replies from the hospital were readily analyzed in terms of the proposed model, providing insights into the social psychology of complaining, the goals of complainants, and the elements of successful apologies. Factors correlating with complainants' satisfaction further support the model and confirm the importance of a socially appropriate response to complaints. The implications of the study are discussed both in relation to hospital complaints and in the context of the literature on disputing more broadly.     

Microsoft SQL Server数据库中删除数据的恢复

目的恢复Microsoft SQL Server数据库中删除数据。方法解析SQL Server的数据文件和日志文件结构,使用Lumigent Log Explorer软件分析提取的日志中的记录。结果从某案件提取的数据库日志文件中提取有效记录70万余条。结论该方法可以分析并且提取Microsoft SQL Server日志文件中的记录,恢复被删除数据,具有很强的实用性。     

The Role of Flexibility Mechanisms in EU Climate Strategy: Lessons Learned and Future Challenges?

The main objective of this paper is to examine the evolution of European Union (EU) climate strategy, scrutinising in particular developments in EU's views on the so-called flexibility or Kyoto mechanisms. In brief, the paper argues that there has been a gradual change in EU's views, from the role of a sceptic in the run-up to Kyoto towards becoming more of a frontrunner on emissions trading in recent years. The need to 'save Kyoto' and the protracted development of EU climate policy are highlighted as two of the most important drivers behind this process of change. This paper also discusses some of the lessons learned from international negotiations and the development of EU climate policy. Finally, and drawing upon the lessons learned, the paper explores key future challenges for the further development of EU climate strategy.     

Comparative vs. Transcendental Approaches to Justice: A Misleading Dichotomy in Sen's The Idea of Justice

This paper examines the distinction drawn by Amartya Sen between transcendental and comparative theories of justice, and its application to Rawls' doctrine. It then puts forward three arguments. First, it is argued that Sen offers a limited portrayal of Rawls' doctrine. This is the result of a rhetorical strategy that depicts Rawlsian doctrine as more “transcendental” than it really is. Although Sen deploys numerous quotations in support of his interpretation, it is possible to offer a less transcendental interpretation of Rawls. Second, the dichotomy between transcendental and comparative approaches to questions of justice is partly misleading, insofar as any plausible moral doctrine has both transcendental and comparative elements. Transcendental elements are necessary to avoid the confusion between the general acceptance of a norm, value or principle and its justification. A comparative view highlights the conditions of application of the doctrine to the real world, taking into account the possibility of moral dilemmas, evaluative disagreements and limited resources, while proposing possible provisos and caveats to the risk of the doctrine being self‐defeating. Third, although the transcendental approach is useful, it is argued that in elaborating this dichotomy Sen overlooks the merits of the third way between comparative and transcendental doctrines, what he calls “conglomerate theory,” and also the possibility that his doctrine (the capability approach) might be considered as an example of such a theory. The paper concludes with the argument that conglomerate theory does not aim to produce complete moral orderings, but rather a comparative approach with transcendental elements, as a form of weak transcendentalism.