Tomb With a View

正China's famed Terracotta Warriors conquer the Big Apple A600-pound armored general from China has invaded New York City.He has come in peace,along with a few warriors of his army,some livestock,a horse,kitchen supplies and even an acrobat.Nearby,a kneeling archer practices his aim,with a spray of arrows fanning out on the wall ahead.The entourage seems appropriate,since it is the 2,200-year-old general's first     

Artifacts of CD burning in the Microsoft Windows master file table

When theft of a physical item occurs it is detectable by the fact that the object is missing, however, when the theft of a digital item occurs it can go unnoticed as exact replicas can be created. The original file is left intact but valuable information has been absconded. One of the challenges facing digital forensic examiners is detecting when files have been copied off of a computer system in some fashion. While certain methods do leave residual evidence behind, CD Burning has long been held as a copying method that cannot be identified. Through testing of the burning process and close examination of the New Technology File System (NTFS), artifacts from the master file table in the various versions of Microsoft Windows, markers have been found that are associated with copying or "burning" files to CD or DVD. Potential evidence that was once overlooked may now be detectable.     

Cloud forensics–Tool development studies & future outlook

In this work, we describe our experiences in developing cloud forensics tools and use them to support three main points:First, we make the argument that cloud forensics is a qualitatively different problem. In the context of SaaS, it is incompatible with long-established acquisition and analysis techniques, and requires a new approach and forensic toolset. We show that client-side techniques, which are an extension of methods used over the last three decades, have inherent limitations that can only be overcome by working directly with the interfaces provided by cloud service providers.Second, we present our results in building forensic tools in the form of three case studies: kumodd–a tool for cloud drive acquisition, kumodocs–a tool for Google Docs acquisition and analysis, and kumofs–a tool for remote preview and screening of cloud drive data. We show that these tools, which work with the public and private APIs of the respective services, provide new capabilities that cannot be achieved by examining client-side artifacts.Finally, we use current IT trends, and our lessons learned, to outline the emerging new forensic landscape, and the most likely course of tool development over the next five years.     

Exploiting the post-attendee URL feature in Zoom webinar to distribute malware

The post-attendee Uniform Resource Locator (URL) feature within the video conferencing application known as Zoom is often overlooked by digital forensic experts as a potential risk for malware transmission. However, with the ability to redirect webinar participants to any URL set by the host for the webinar, the post-attendee URL can be abused by bad actors to expose webinar participants to malicious websites or, in the worst-case scenario, force participants to download a file through the use of a direct download link URL. This study aims to showcase how this exploit can be replicated by creating an experimental environment involving four Windows 10 desktops running Zoom version 5.7.5 and creating a webinar with four user accounts acting as webinar participants and setting the post-attendee URL value to the URL of a website that contained a keylogger. In another trial, the same experimental environment was utilized, with the only difference being the post-attendee URL that was set to redirect webinar participants to a download link for a .jpg file. In both instances, every user account that joined the webinar via clicking on the invitation link that was emailed to each user account after registering for the webinar was redirected to the post-attendee URL regardless of their user account role. These results not only prove that the post-attendee URL can be exploited, but also provide insight as to how this type of attack can be prevented.     

SOCIET

正Larger LakesNam Co Lake is the largest inland lake in Tibet.New research has found that the combined area of inland lakes in the Qinghai-Tibet Plateau,which has an average altitude of 4,500 meters,has expanded to 32,300 square km from 25,600 square km 20 years ago,a     

The Use of Forensic Tests to Distinguish Blowfly Artifacts from Human Blood,Semen, and Saliva

This study investigated whether routinely used forensic tests can distinguish 3‐day‐old or 2‐week‐old fly artifacts, produced after feeding on human blood, semen, or saliva, from the biological fluid. Hemastix^®, Hemident^?, and Hemascein^? were unable to distinguish blood from artifacts. Hemastix^® returned false positives from negative controls. ABAcard^® Hematrace^® and Hexagon OBTI could distinguish blood from 3‐day‐old artifacts, but not 2‐week‐old artifacts. Phadebas^® and SALIgAE^® were unable to distinguish saliva from artifacts. RSID^?‐Saliva was able to distinguish saliva from 3‐day‐old artifacts, but not 2‐week‐old artifacts. Semen tests Seminal Acid Phosphatase, RSID^?‐Semen, and ABAcard^® p30 were all able to distinguish semen from 3‐day‐old artifacts, but not 2‐week‐old artifacts. The tests investigated cannot be relied upon to distinguish artifacts from biological fluids. However, if an artifact is identified by its morphology, a positive result may indicate which biological fluid the fly consumed, and this knowledge may prove useful for investigators searching for DNA.     

An Issue of Grave Concern

正China’s buried historic relics are under severe threat of theft After one and a half days of presentations and voting by a 21-judge jury,China’s top 10 archaeological discoveries in 2013 were announced by the Institute of Archaeology under the Chinese Academy of     

Anthropological and Radiographic Comparison of Antemortem Surgical Records for Identification of Skeletal Remains*

Abstract: This case review illustrates the important contributions of forensic archeological methods and forensic anthropological analysis to the identification of found skeletal remains. After reassociation of skeletal remains found in two locations, anthropological analysis provided the basis for a presumptive identification and a request for antemortem medical records. Partial DNA profiles were supportive but not conclusive and antemortem dental records were not available. Comparison of antemortem traumas, skeletal morphology, and surgical artifacts with antemortem radiographs and surgical records led to positive identification of an individual missing for almost a decade.     

Forensic Inspection of Sensitive User Data and Artifacts from Smartwatch Wearable Devices

Wearable devices allow users the ability to leave mobile phones behind while remaining connected to the digital world; however, this creates challenges in the examination, acquisition, identification, and analysis of probative data. This preliminary research aims to provide an enhanced understanding of where sensitive user data and forensic artifacts are stored on smartwatch wearable devices, both through utilization as a connected and standalone device. It also provides a methodology for the forensically sound acquisition of data from a standalone smartwatch wearable device. The results identify significant amounts of data on the Samsung^? Gear S3 Frontier, greater than that stored on the companion mobile phone. An Apple Watch^® Series 3 manual examination method which produces native screenshots was identified; however, the companion mobile phone was found to store the greatest amount of data. As a result of this research, a data extraction tool for the Samsung^? Gear S3 Frontier was created.