FrostWire P2P forensic examinations

FrostWire is a peer-to-peer (P2P) application derived from the open source code of Limewire. Frostwire was first released in February of 2005 as a Gnutella P2P client. As interest in the Gnutella network waned, FrostWire switched in later versions to becoming a torrent client. Since the United States government shut Limewire down, FrostWire has become more popular and is seen more often in criminal investigations. This paper describes the different components of FrostWire and the useful information which can be obtained in a digital forensic examination.     

Civil asset forfeiture, equitable sharing, and policing for profit in the United States

Purpose

Critics of asset forfeiture claim that forfeiture laws create financial incentives that inappropriately influence police behavior. The present study examines the relationship between measures of the financial incentive and legal burdens for civil asset forfeiture on federal equitable sharing payments to local law enforcement to determine whether police behavior is affected by different statutory incentives for forfeiture activity.

Methods

Using LEMAS and DOJ forfeiture data, this study addresses some of the limitations of previous research by using a multi-year average for forfeiture activity, an improved measure of financial incentives for law enforcement, and multiple measures of statutory burdens to law enforcement to determine the impact of forfeiture laws on forfeiture activity.

Results

Consistent with anecdotal reports and limited prior research, findings indicate that agencies in jurisdictions with more restrictive state forfeiture laws receive more proceeds through federal equitable sharing.

Conclusions

Results suggest that state and local law enforcement agencies use federal equitable sharing to circumvent their own state forfeiture laws when state laws are more burdensome or less financially rewarding to these agencies, providing additional evidence that police operations are influenced by financial incentives.     

iCOP: Live forensics to reveal previously unknown criminal media on P2P networks

The increasing levels of criminal media being shared in peer-to-peer (P2P) networks pose a significant challenge to law enforcement agencies. One of the main priorities for P2P investigators is to identify cases where a user is actively engaged in the production of child sexual abuse (CSA) media – they can be indicators of recent or on-going child abuse. Although a number of P2P monitoring tools exist to detect paedophile activity in such networks, they typically rely on hash value databases of known CSA media. As a result, these tools are not able to adequately triage the thousands of results they retrieve, nor can they identify new child abuse media that are being released on to a network. In this paper, we present a new intelligent forensics approach that incorporates the advantages of artificial intelligence and machine learning theory to automatically flag new/previously unseen CSA media to investigators. Additionally, the research was extensively discussed with law enforcement cybercrime specialists from different European countries and Interpol. The approach has been implemented into the iCOP toolkit, a software package that is designed to perform live forensic analysis on a P2P network environment. In addition, the system offers secondary features, such as showing on-line sharers of known CSA files and the ability to see other files shared by the same GUID or other IP addresses used by the same P2P client. Finally, our evaluation on real CSA case data shows high degrees of accuracy, while hands-on trials with law enforcement officers demonstrate the toolkit's complementarity to extant investigative workflows.     

Police use of force against drug suspects: Understanding the legal need for policy development

When confronted by the police, drug suspects sometimes attempt to destroy evidence by orally ingesting the contraband in their possession. Police officers have limited time to react before this evidence is destroyed. These conditions raise the question of exactly how much force officers may employ lawfully to prevent the imminent destruction of evidence. If an officer overreacts and uses more force than reasonably necessary to retrieve the drugs, the evidence may be ruled as inadmissible at trial. Furthermore, the application of excessive force may expose the officer and the agency to claims of civil liability for injury or damages. Given the myriad of legal questions arising within this unique context, this paper reviews relevant federal and state case law to assess the legality of various levels of force when resolving such situations. Law enforcement agencies need to develop appropriate policy statements to guide officer behavior during these types of field encounters.     

BitTorrent Sync: First Impressions and Digital Forensic Implications

With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorrent Sync is seen as an alternative by many and has gathered over two million users by December 2013 (doubling since the previous month). The service is completely decentralised, offers much of the same synchronisation functionality of cloud powered services and utilises encryption for data transmission (and optionally for remote storage). The importance of understanding BitTorrent Sync and its resulting digital investigative implications for law enforcement and forensic investigators will be paramount to future investigations. This paper outlines the client application, its detected network traffic and identifies artefacts that may be of value as evidence for future digital investigations.     

Assessing the Use of Profiling in Searches by Law Enforcement Personnel

This article considers statistical means of evaluating profiling in searches of individuals by law enforcement agencies. It reviews examples of inappropriate methods that have been used to date. A relatively recent, more appropriate, and simple method is elaborated and its usefulness documented with data from Maryland State Police highway stops and searches. The method evaluates profiling for specified groups of interest by comparing the relative magnitudes of contraband find rates among those stopped and searched of each group. When find rates are approximately the same across groups, then profiling used in making the stops and searches is deemed effective and nondiscriminatory. With an increasing number of jurisdictions mandated to collect data on stops and searches, it is important that appropriate methods be used in their analyses so correct public policy conclusions can be drawn.     

A forensic examination of four popular cross‐platform file‐sharing apps with Wi‐Fi P2P

File‐sharing apps with Wi‐Fi hotspot or Wi‐Fi Direct functions become more popular. They can work on multiple platforms and allow users to transfer files in a concealed manner. However, when criminals use these apps in illegal activities, it becomes an important issue for investigators to find digital evidence on multiple platforms. At present, there are few studies on this topic, and most of them are limited to the single platform problem. In this paper, we propose a forensic examination method for four popular cross‐platform file‐sharing apps with Wi‐Fi hotspot and Wi‐Fi Direct functions: Zapya, SHAREit, Xender, and Feem. We use 22 static and live forensic tools for 11 platforms to acquire, analyze, and classify the forensic artifacts. In our experiments, we find many useful forensic artifacts and classify them into six categories. The experimental results can support law enforcement investigations of digital evidence and provide information for future studies on other cross‐platform file‐sharing apps.     

论公私协作执法

公私协作执法是公共执法和私人执法基于各自特点进行协作的法律执行模式,可以有效弥补公共执法动力不足、腐败和信息劣势的缺陷,也可以有效弥补单纯私人执法过程中的执法过度、缺乏强制力等缺陷.长期以来,我国法律执行活动被公共执法机构垄断,公私协作执法的制度空间不大.为此,应当通过扩张诉讼当事人资格、建立罚金分享制度、增加惩罚性赔偿规定以及放宽风险代理诉讼限制等方式为公私协作执法开辟空间,使公私协作执法能够成为我国法律执行机制改革的重要方向.     

The Teamsters, the White House, the Labor Department

This paper examines the instrumental networks established between organized criminals and national politicians. Its major focus centers on the International Brotherhood of Teamsters, the Department of Labor, and the Reagan Administration. We explore the organized crime influence that affected President Reagan's selection of Raymond Donovan as Secretary of Labor. The choice of Donovan resulted in several related investigations into Donovan's association with organized criminals primarily in the construction industry in New Jersey and New York. We explain and critique the investigations thereby establishing the instrumental quality of the networks and the politics of law enforcement. This revised version was published online in July 2006 with corrections to the Cover Date.     

Resisting the Enforcement of Sexual Harassment Law

Most people in the United States believe that sexual harassment should be illegal and that enforcement is necessary. In spite of such widespread support for antiharassment regulations, sexual harassment policy training provokes backlash and has been shown to activate traditional gender stereotypes. Using in‐depth interviews and participant observations of sexual harassment policy training sessions, this study uncovers the micro‐level mechanisms that underlie ambivalence about the enforcement of sexual harassment law. I find that while the different locations of men and women in the status hierarchy lead to different manifestations of resistance, gender stereotypes are used to buttress perceptions that sexual harassment laws threaten norms of interaction and status positions that men and women have an interest in maintaining. The research has implications for understanding the role of law in social change, legal compliance, and the potential/limits of law for reducing inequality.     

The legal aspects of corporate e-mail investigations

The undertaking of e-mail investigations was previously limited mainly to law enforcement agencies. However, UK organisations are increasingly undertaking e-mail investigation activities for incidents such as fraud, accessing or distributing indecent images and harassment amongst others. Organisations are also increasingly using computer forensic analysts to search through e-mail archives in order to gather evidence relating to e-mail misuse. In this paper we examine the legal aspects of UK corporate e-mail investigations.     

Crime as a negotiated commodity: The police use of informers

Criminologists have long been interested in the relationship between policing and community participation. Traditionally, it has been argued that law enforcement agencies are dependent upon the general community for crime information. Recently, however, there is a growing interest among criminologists to explore the dependency relations police create within different subpopulations, especially diverse street subcultures. This study explores the social organization of police-street hustlers relations. Using qualitative data on 70 hustlers and 50 police officers, we examine how crime is manipulated as a commodity in advancing the interests of informers and the police. It is argued that although separate and unrelated situational factors are important, a more comprehensive understanding of the nature of these exchanges warrants an investigation of social networks and law. It is concluded that the informal contexts of law significantly pervade the informal contexts of these encounters. This topic demands considerable attention given the lack of organizational policies or standards which jeopardizes public confidence and erodes the informer's constitutional protections.     

Diffusion of the Budapest Convention on cybercrime and the development of cybercrime legislation in Pacific Island countries: ‘Law on the books’ vs ‘law in action’

The Council of Europe Convention on Cybercrime,¹ referred to as the Budapest Convention on Cybercrime, has been diffused globally, and is serving as a benchmark or a ‘model law’ for drafting national cybercrime legislation in many countries worldwide. This paper argues that, through the mechanism of ‘state socialization’ combined with incentives, e.g. assistance in building law enforcement capacity, the diffusion of the Budapest Convention has had a profound influence on the development of cybercrime legislation in a number of Pacific Island Countries (PICs).² Some PICs have expressed their great interest in acceding to the Convention and ‘imported’ several provisions from the Convention. This article, nevertheless, contends that these PICs do not seem to consider carefully whether the ‘imported’ law is applicable to their existing law enforcement capacity. It is evident that various domestic factors, such as lack of resources, have deterred the enforcement of cybercrime laws in these countries. As the result, although those PICs would have adequate cybercrime laws ‘on the books’, ‘law in action’ is still feeble.     

To admit or not to admit: a comparative constitutional perspective on illegally obtained evidence in Ghana

During criminal investigations, law enforcement agents sometimes flout the law. They extract evidence by torture, illegal wiretapping, unlawful searches and seizures among other illegitimate means. In the United States, such illegally (or improperly) obtained evidence is inadmissible in criminal trials subject to some exceptions. The reverse position generally obtains under English law. In Ghana, because the Supreme Court has yet to make a definitive pronouncement on the issue, conflicting viewpoints exist. In this article, we analyse the relevant constitutional, statutory and case law principles with the view to clarifying the admissibility or otherwise of illegally obtained evidence in Ghanaian courts.     

A case study on anonymised sharing platforms and digital traces left by their usage

Non-local forms of file storage and transfer provide investigatory concerns. Whilst mainstream cloud providers offer a well-established challenge to those involved in criminal enquiries, there are also a host of services offering non-account based ‘anonymous’ online temporary file storage and transfer. From the context of a digital forensic investigation, the practitioner examining a suspect device must detect when such services have been utilised by a user, as offending files may not be resident on local storage media. In addition, identifying the use of a service may also expose networks of illegal file distribution, supporting wider investigations into criminal activity. This work examines 16 anonymous file transfer services and identifies and interprets the digital traces left behind on a device following their use to support law enforcement investigations.     

Social network analysis as a tool for criminal intelligence: understanding its potential from the perspectives of intelligence analysts

Over the past two decades an increasing number of researchers have applied social network analysis (SNA) to various ‘dark’ networks. This research suggests that SNA is capable of revealing significant insights into the dynamics of dark networks, particularly the identification of critical nodes, which can then be targeted by law enforcement and security agencies for disruption. However, there has so far been very little research into whether and how law enforcement agencies can actually leverage SNA in an operational environment and in particular the challenges agencies face when attempting to apply various network analysis techniques to criminal networks. This paper goes some way towards addressing these issues by drawing on qualitative interviews with criminal intelligence analysts from two Australian state law enforcement agencies. The primary contribution of this paper is to call attention to the organisational characteristics of law enforcement agencies which, we argue, can influence the capacity of criminal intelligence analysts to successfully apply SNA as much as the often citied ‘characteristics of criminal networks’.     

Corruption among narcotic officers: A study of innocence and integrity

This study focuses on the influencing components producing corruption among narcotic law enforcement officers, and it is the second article of a three part series among 255 officers. It was postulated that income and stress among of narcotic officers gives rise to corruption. Although, corruption was defined as police brutality, personal use of contraband, and abuse of due process rights, the data was insufficient to support the hypothesis. It was revealed, however, that corruption did exist among narcotic officers, but its causal factors were related to an officer’s lack of experience, innocence, and integrity. Recommendations are that narcotic officers be selected based on their experiences especially military service. Further research should be conducted examining the link between military training and quality narcotic law enforcement service. Author Note: Dennis J. Stevens, Ph.D. is an associate professor of criminal justice at the University of Massachusetts at Boston. In addition to teaching traditional and nontraditional students, he teaches and counsels law enforcement officers in police academies such as at the North Carolina Justice Academy and felons at maximum custody penitentiaries such as Attica in New York, Eastern and Women’s Institute in North Carolina, Stateville and Joliet near Chicago, and CCI in Columbia, South Carolina. He is a former group facilitator for an organization that specializes in court ordered abuse counseling. He can be reached at dennis.stevens@umb.edu     

Public/private information sharing in healthcare fraud investigations

Private insurers have good reason, both in their private interest and in the public interest, for pursuing and rooting out fraud in the healthcare system; moreover, they often have sophisticated data systems, substantial investigative information, and management expertise that can be useful to prosecutors. It makes sense, as a public policy matter, to undertake steps to encourage insurers to be aggressive in pursuing legitimate fraud cases, and to provide a framework for effective cooperation and information sharing with law enforcement. At the same time, prosecutors are responsible for enforcing equal justice under the law; thus, any such relationship must be handled in an appropriate manner, with safeguards to protect privacy and the reputation of investigative subjects. While the courts have not yet explored many of the relevant legal and factual issues in this area, the author surveys existing guidance under governing laws and policies applicable to state and federal prosecutors, and suggests techniques to prevent inappropriate communication or use of such information.     

Digital evidence in fog computing systems

Fog Computing provides a myriad of potential societal benefits: personalised healthcare, smart cities, automated vehicles, Industry 4.0, to name just a few. The highly dynamic and complex nature of Fog Computing with its low latency communication networks connecting sensors, devices and actuators facilitates ambient computing at scales previously unimaginable. The combination of Machine Learning, Data Mining, and the Internet of Things, supports endless innovation in our data driven society. Fog computing incurs new threats to security and privacy since these become more difficult when there are an increased number of connected devices, and such devices (for example sensors) typically have limited capacity for in-built security. For law enforcement agencies, the existing models for digital forensic investigations are ill suited to the emerging fog paradigm. In this paper we examine the procedural, technical, legal, and geopolitical challenges associated with digital forensic investigations in Fog Computing. We highlight areas that require further development, and posit a framework to stimulate further consideration and discussion around the challenges associated with extracting digital evidence from Fog Computing systems.     

When farmworkers and advocates see trafficking but law enforcement does not: challenges in identifying labor trafficking in North Carolina

This article reports on the perceptions and experiences with labor trafficking of farmworkers, stakeholders, and law enforcement representatives in North Carolina. We found a sizeable number of farmworkers who had experienced labor trafficking violations, albeit with a convenience sample; and community agencies reported stories of labor trafficking victimization. However, most of the state and local law enforcement agencies that we attempted to contact simply ignored our requests for information about labor trafficking or reported no evidence of such victimization. Notwithstanding the sample limitations, we found a general lack of awareness of agricultural labor trafficking problems among law enforcement officials in our surveyed jurisdictions. We question whether our current law enforcement system will ever be in a position to effectively enforce the anti-labor-trafficking law; and suggest an alternative specialized mechanism be established.