Ethical Issues Raised by Data Acquisition Methods in Digital Forensics Research

Q2 Arts and Humanities Journal of Information Ethics Pub Date : 2012-04-01 DOI:10.3172/JIE.21.1.40
Brian Roux, Michael Falgoust
{"title":"Ethical Issues Raised by Data Acquisition Methods in Digital Forensics Research","authors":"Brian Roux, Michael Falgoust","doi":"10.3172/JIE.21.1.40","DOIUrl":null,"url":null,"abstract":"1. IntroductionDigital Forensics (\"DF\") is a relatively new area of Computer Science. Like forensic areas in other scientific fields, Digital Forensics seeks to discover evidence and reconstruct events based on an intimate knowledge of how computers, networks, and other electronic devices and communication systems function. As new as it is, DF is playing an increasingly important role not only in the expected area of criminal law, but now in civil law as well. With the changes to the Federal Rules of Civil Procedure in 2006, terms like Electronically Stored Information (\"ESI\") and Electronic Document/Data Discovery (\"EDD\") are entering the vocabulary of civil law firms with celerity.Despite its increasing importance, the DF field is still very young. At one extreme there are highly skilled researchers with strong backgrounds in computer science and mathematics pondering the esoteric inner workings of technology in order to develop new forensic tools and techniques; at the other end there is a frenzied market filled with service providers, software vendors, and other specialists offering any and every service that can even remotely be branded Digital Forensics by some contortion of logic. The EDD market itself was estimated to be 2.7 billion dollars in 2007 and projected to increase to 4.6 billion dollars by 2010 making it a quickly growing massive industry currently existing with minimal oversight (Socha 2008). While the field is moving full speed ahead it has not stopped to formally or substantively ponder the ethics which should underlie research and practice. Some certification bodies have sprung up and produced their own codes of ethics, but, aside from publishing an arbitrary list of rules primarily intended to govern certified members, no substantial discourse has been published to justify them. No substantial discourse has been published on the ethical usage of data in digital forensic research or on digital forensics in general. Our work, therefore, is novel in its application.In this paper we examine the ethical issues involved with procuring data storage media, primarily hard drives, from 3rd party sources such as eBay for use in Digital Forensic research. In Section 2, we give a background on research areas that benefit from real world data sources, outline related research making use of such sources, and briefly examine its contributions. In Section 3, we establish scenarios to frame the ethical analysis. In Section 4, we discuss the ethical issues and draw parallels to other fields with relevant similarities. In Section 5, we establish tests for determining ethical behavior. Finally, in Section 6, we conclude.2. Background and Related WorkFile Carving (\"FC\") is a DF technique for recovering data from media where the file system information is damaged or deleted. The technique relies upon the nature of the file it attempts to recover. Many file types contain sections which are static for all files of the given type; these invariant sections often come at the beginning and ending of a file making header and footer sections. This may be as simple as the Linux/Unix \"magic number\" interpreted by the files command, or a part of the file standard denoting the start of a specific segment of the file. The general process involves reading data blocks from a drive sequentially while noting the location and type of any headers or footers encountered. In the most privative form, the file carver then goes back and \"carves\" out data between a pair of headers and footers of the same type with no intervening header or footer blocks. The more advanced versions of this concept attempt to reconstruct data where the file is fragmented on the drive, making sequential carving useless. This area of research benefits from real world data due to the complexity of file fragmentation. Simulating the fragmentation will not show all the patterns of fragmentation created over time with different usage patterns, software version, drive utilization, operating system, hardware configuration, and so on. …","PeriodicalId":39913,"journal":{"name":"Journal of Information Ethics","volume":"21 1","pages":"40-60"},"PeriodicalIF":0.0000,"publicationDate":"2012-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Ethics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3172/JIE.21.1.40","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Arts and Humanities","Score":null,"Total":0}
引用次数: 10

Abstract

1. IntroductionDigital Forensics ("DF") is a relatively new area of Computer Science. Like forensic areas in other scientific fields, Digital Forensics seeks to discover evidence and reconstruct events based on an intimate knowledge of how computers, networks, and other electronic devices and communication systems function. As new as it is, DF is playing an increasingly important role not only in the expected area of criminal law, but now in civil law as well. With the changes to the Federal Rules of Civil Procedure in 2006, terms like Electronically Stored Information ("ESI") and Electronic Document/Data Discovery ("EDD") are entering the vocabulary of civil law firms with celerity.Despite its increasing importance, the DF field is still very young. At one extreme there are highly skilled researchers with strong backgrounds in computer science and mathematics pondering the esoteric inner workings of technology in order to develop new forensic tools and techniques; at the other end there is a frenzied market filled with service providers, software vendors, and other specialists offering any and every service that can even remotely be branded Digital Forensics by some contortion of logic. The EDD market itself was estimated to be 2.7 billion dollars in 2007 and projected to increase to 4.6 billion dollars by 2010 making it a quickly growing massive industry currently existing with minimal oversight (Socha 2008). While the field is moving full speed ahead it has not stopped to formally or substantively ponder the ethics which should underlie research and practice. Some certification bodies have sprung up and produced their own codes of ethics, but, aside from publishing an arbitrary list of rules primarily intended to govern certified members, no substantial discourse has been published to justify them. No substantial discourse has been published on the ethical usage of data in digital forensic research or on digital forensics in general. Our work, therefore, is novel in its application.In this paper we examine the ethical issues involved with procuring data storage media, primarily hard drives, from 3rd party sources such as eBay for use in Digital Forensic research. In Section 2, we give a background on research areas that benefit from real world data sources, outline related research making use of such sources, and briefly examine its contributions. In Section 3, we establish scenarios to frame the ethical analysis. In Section 4, we discuss the ethical issues and draw parallels to other fields with relevant similarities. In Section 5, we establish tests for determining ethical behavior. Finally, in Section 6, we conclude.2. Background and Related WorkFile Carving ("FC") is a DF technique for recovering data from media where the file system information is damaged or deleted. The technique relies upon the nature of the file it attempts to recover. Many file types contain sections which are static for all files of the given type; these invariant sections often come at the beginning and ending of a file making header and footer sections. This may be as simple as the Linux/Unix "magic number" interpreted by the files command, or a part of the file standard denoting the start of a specific segment of the file. The general process involves reading data blocks from a drive sequentially while noting the location and type of any headers or footers encountered. In the most privative form, the file carver then goes back and "carves" out data between a pair of headers and footers of the same type with no intervening header or footer blocks. The more advanced versions of this concept attempt to reconstruct data where the file is fragmented on the drive, making sequential carving useless. This area of research benefits from real world data due to the complexity of file fragmentation. Simulating the fragmentation will not show all the patterns of fragmentation created over time with different usage patterns, software version, drive utilization, operating system, hardware configuration, and so on. …
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
数字取证研究中数据采集方法引发的伦理问题
1. 数字取证(“DF”)是计算机科学的一个相对较新的领域。与其他科学领域的法医领域一样,数字法医寻求发现证据并基于对计算机、网络和其他电子设备和通信系统功能的深入了解来重建事件。作为一个新事物,DF不仅在刑法领域发挥着越来越重要的作用,而且现在在民法领域也发挥着越来越重要的作用。随着2006年《联邦民事诉讼规则》的修订,电子存储信息(“ESI”)和电子文档/数据发现(“EDD”)等术语正迅速进入民事律师事务所的词汇。尽管其重要性日益增加,但DF领域仍然非常年轻。在一个极端,有高技能的研究人员,他们在计算机科学和数学方面有很强的背景,思考着深奥的技术内部运作,以开发新的法医工具和技术;另一方面,一个疯狂的市场充斥着服务提供商、软件供应商和其他专家,他们提供任何服务,甚至可以通过一些逻辑扭曲来远程标记为数字取证。EDD市场本身在2007年估计为27亿美元,预计到2010年将增加到46亿美元,使其成为一个快速增长的庞大产业,目前存在的监管很少(Socha 2008)。虽然该领域正在全速前进,但它并没有停下来正式或实质性地思考应该作为研究和实践基础的伦理问题。一些认证机构如雨后之笋般涌现,并制定了自己的道德准则,但是,除了发布一份主要用于管理认证成员的武断规则清单外,还没有发表实质性的论述来证明这些准则的合理性。关于数字取证研究中数据的道德使用或一般数字取证的实质性论述尚未发表。因此,我们的工作在应用上是新颖的。在本文中,我们研究了从第三方来源(如eBay)购买数据存储介质(主要是硬盘驱动器)用于数字法医研究所涉及的伦理问题。在第2节中,我们给出了受益于真实世界数据源的研究领域的背景,概述了利用这些数据源的相关研究,并简要检查了其贡献。在第3节中,我们建立场景来框架伦理分析。在第4节中,我们讨论了伦理问题,并与其他具有相关相似性的领域进行了类比。在第5节中,我们建立了确定道德行为的测试。最后,在第6节中,我们得出结论。背景和相关工作文件雕刻(“FC”)是一种DF技术,用于从文件系统信息损坏或删除的介质中恢复数据。该技术依赖于它试图恢复的文件的性质。许多文件类型包含的节对于给定类型的所有文件都是静态的;这些不变节通常出现在文件的开头和结尾,形成页眉和页脚节。这可以简单到像由files命令解释的Linux/Unix“幻数”一样,或者是文件标准的一部分,表示文件的特定段的开始。一般的过程包括顺序地从驱动器读取数据块,同时注意遇到的任何页眉或页脚的位置和类型。在最私隐的形式中,文件雕刻器然后返回并在一对相同类型的页眉和页脚之间“雕刻”出数据,没有中间的页眉或页脚块。这个概念的更高级的版本试图重建驱动器上文件碎片的数据,使顺序雕刻无用。由于文件碎片的复杂性,该研究领域受益于真实世界的数据。模拟碎片不会显示随着时间的推移,在不同的使用模式、软件版本、驱动器利用率、操作系统、硬件配置等情况下创建的所有碎片模式。…
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Information Ethics
Journal of Information Ethics Arts and Humanities-Philosophy
自引率
0.00%
发文量
0
期刊最新文献
Diversity Matters: Economic Inequality and Policymaking During a Pandemic A Survival Guide to the Misinformation Age: Scientific Habits of Mind Intellectual Privacy: Rethinking Civil Liberties in the Digital Age Hate Crimes in Cyberspace We Believe the Children: A Moral Panic in the 1980s
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1