Pub Date : 2019-10-01DOI: 10.1017/9781780688909.007
J. Schroers
{"title":"Identity Management and Security","authors":"J. Schroers","doi":"10.1017/9781780688909.007","DOIUrl":"https://doi.org/10.1017/9781780688909.007","url":null,"abstract":"","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75407990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-07DOI: 10.1017/9781780688909.003
Plixavra Vogiatzoglou, Stefano Fantin
During the drafting of Directive (EU) 2016/680 the major European data protection supervisory bodies raised their concerns as regards the scope of the directive, and in particular the purpose of safeguarding public security within. The directive does not further define the notion of public security, while explicitly juxtaposing the concept vis-a-vis national security, as the latter is excluded from the scope of application of EU legislation. Several months after the official deadline for the national transposition of the directive, this question has not been given any more thought. This chapter will thus seek to clarify the scope of the directive and the meaning of public security within, first through its contraposition with the equally nebulous concept of national security, and then through the definition of competent authorities, as formulated in the text of the directive and transposed into national law.
{"title":"National and Public Security within and beyond the Police Directive","authors":"Plixavra Vogiatzoglou, Stefano Fantin","doi":"10.1017/9781780688909.003","DOIUrl":"https://doi.org/10.1017/9781780688909.003","url":null,"abstract":"During the drafting of Directive (EU) 2016/680 the major European data protection supervisory bodies raised their concerns as regards the scope of the directive, and in particular the purpose of safeguarding public security within. The directive does not further define the notion of public security, while explicitly juxtaposing the concept vis-a-vis national security, as the latter is excluded from the scope of application of EU legislation. Several months after the official deadline for the national transposition of the directive, this question has not been given any more thought. This chapter will thus seek to clarify the scope of the directive and the meaning of public security within, first through its contraposition with the equally nebulous concept of national security, and then through the definition of competent authorities, as formulated in the text of the directive and transposed into national law.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2019-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90976949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-07-01DOI: 10.1017/9781780688909.004
Laurens Naudts
Big data analytics allow law enforcement agencies to build profiles of individuals, and groups of individuals, in order to guide the decisions they need to make for the prediction, prevention, detection and combat of crime. This chapter analyses the role of non-discrimination law, and more specifically the legal discourse on non-discrimination grounds, as a lens to evaluate the use of (group) profiles for security purposes. The chapter will first explore the Law Enforcement Directive (Directive 2016/680) to ascertain the legal limits of profiling from a data protection perspective. Mainly aimed towards safeguarding the fundamental rights to privacy and data protection, data protection laws nonetheless remain sensitive towards the potential discriminatory nature of personal data processing. In the chapter’s second section, it will be ascertained, through an analysis of the European Court of Human Rights’ (ECtHR) case law, to what extent the use of profiles, as they are deployed to differentiate amongst individuals or groups of individuals, can be considered problematic from a non-discrimination perspective. The chapter therefore aims to identify the key criteria developed by the ECtHR for new differentiation grounds to engage the European Convention on Human Rights’ non-discrimination clause. The legal analysis will be juxtaposed to the risks big data analytics pose to the fundamental rights of equality and non-discrimination. It will be argued that in order to adequately respond to the new threats of technology, both a return to a procedural and instrumental conception of equality and non-discrimination, and a thorough insight into the data and tools used by criminal authorities, might be needed.
{"title":"Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?","authors":"Laurens Naudts","doi":"10.1017/9781780688909.004","DOIUrl":"https://doi.org/10.1017/9781780688909.004","url":null,"abstract":"Big data analytics allow law enforcement agencies to build profiles of individuals, and groups of individuals, in order to guide the decisions they need to make for the prediction, prevention, detection and combat of crime. This chapter analyses the role of non-discrimination law, and more specifically the legal discourse on non-discrimination grounds, as a lens to evaluate the use of (group) profiles for security purposes. The chapter will first explore the Law Enforcement Directive (Directive 2016/680) to ascertain the legal limits of profiling from a data protection perspective. Mainly aimed towards safeguarding the fundamental rights to privacy and data protection, data protection laws nonetheless remain sensitive towards the potential discriminatory nature of personal data processing. In the chapter’s second section, it will be ascertained, through an analysis of the European Court of Human Rights’ (ECtHR) case law, to what extent the use of profiles, as they are deployed to differentiate amongst individuals or groups of individuals, can be considered problematic from a non-discrimination perspective. The chapter therefore aims to identify the key criteria developed by the ECtHR for new differentiation grounds to engage the European Convention on Human Rights’ non-discrimination clause. The legal analysis will be juxtaposed to the risks big data analytics pose to the fundamental rights of equality and non-discrimination. It will be argued that in order to adequately respond to the new threats of technology, both a return to a procedural and instrumental conception of equality and non-discrimination, and a thorough insight into the data and tools used by criminal authorities, might be needed.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84774358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-01DOI: 10.15394/jdfsl.2019.1609
M. Novák
{"title":"Digital Evidence in Criminal Cases Before the U.S. Courts of Appeal: Trends and Issues for Consideration","authors":"M. Novák","doi":"10.15394/jdfsl.2019.1609","DOIUrl":"https://doi.org/10.15394/jdfsl.2019.1609","url":null,"abstract":"","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83975508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-01DOI: 10.15394/jdfsl.2019.1626
Oluwaseun Adegbehingbe, James H. Jones
When an application is uninstalled from a computer system, the application’s deleted file contents are overwritten over time, depending on factors such as operating system, available unallocated disk space, user activity, etc. As this content decays, the ability to infer the application’s prior presence, based on the remaining digital artifacts, becomes more difficult. Prior research inferring previously installed applications by matching sectors from a hard disk of interest to a previously constructed catalog of labeled sector hashes showed promising results. This prior work used a white list approach to identify relevant artifacts, resulting in no irrelevant artifacts but incurring the loss of some potentially useful artifacts. In this current work, we collect a more complete set of relevant artifacts by adapting the sequential snapshot file differencing method to identify and eliminate from the catalog file-system changes which are not due to application installation and use. The key contribution of our work is the building of a more complete catalog which ultimately results in more accurate prior application inference.
{"title":"Improved Decay Tolerant Inference of Previously Uninstalled Computer Applications","authors":"Oluwaseun Adegbehingbe, James H. Jones","doi":"10.15394/jdfsl.2019.1626","DOIUrl":"https://doi.org/10.15394/jdfsl.2019.1626","url":null,"abstract":"When an application is uninstalled from a computer system, the application’s deleted file contents are overwritten over time, depending on factors such as operating system, available unallocated disk space, user activity, etc. As this content decays, the ability to infer the application’s prior presence, based on the remaining digital artifacts, becomes more difficult. Prior research inferring previously installed applications by matching sectors from a hard disk of interest to a previously constructed catalog of labeled sector hashes showed promising results. This prior work used a white list approach to identify relevant artifacts, resulting in no irrelevant artifacts but incurring the loss of some potentially useful artifacts. In this current work, we collect a more complete set of relevant artifacts by adapting the sequential snapshot file differencing method to identify and eliminate from the catalog file-system changes which are not due to application installation and use. The key contribution of our work is the building of a more complete catalog which ultimately results in more accurate prior application inference.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87585592","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-01DOI: 10.15394/JDFSL.2019.1590
Markus Bilger
This paper will review the risks associated with the Federal Reserve’s Fedwire network as a key resource necessary for the efficient function of the American financial system. It will examine the business model of the Fedwire system of real-time interbank transfers, the network characteristics of Fedwire, and the possibility of a successful attack on Fedwire and its potential impact on the U.S. financial system.
{"title":"Cyber-Security Risks of Fedwire","authors":"Markus Bilger","doi":"10.15394/JDFSL.2019.1590","DOIUrl":"https://doi.org/10.15394/JDFSL.2019.1590","url":null,"abstract":"This paper will review the risks associated with the Federal Reserve’s Fedwire network as a key resource necessary for the efficient function of the American financial system. It will examine the business model of the Fedwire system of real-time interbank transfers, the network characteristics of Fedwire, and the possibility of a successful attack on Fedwire and its potential impact on the U.S. financial system.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90428226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-01DOI: 10.15394/jdfsl.2019.1591
Sean McKeown, Gordon Russell, P. Leimich
A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives are now so large that it can take several hours just to read this data from the disk, and can contribute to the large investigative backlogs suffered by many law enforcement bodies. Digital forensic triage techniques may thus be used to prioritise evidence and effect faster investigation turnarounds. This paper proposes a new forensic triage method for investigating disk evidence relating to picture files, making use of centralised thumbnail caches that are present in the Windows operating system. Such centralised caches serve as a catalogue of images on the device, allowing for fast triage. This work includes a comprehensive analysis of the thumbnail variants across a range of windows operating systems, which causes difficulties when detecting contraband using cryptographic hash databases. A novel method for large-scale hash database generation is described which allows precalculated cryptographic hash databases to be built from arbitrary image sets for use in thumbnail contraband detection. This approach allows for cryptographic hashes to be generated for multiple Windows versions from the original source image, facilitating wider detection. Finally, a more flexible approach is also proposed which makes novel use of perceptual hashing techniques, mitigating issues caused by the differences between thumbnails across Windows versions. A key contribution of this work demonstrates that by using new techniques, thumbnail caches can be used to robustly and effectively detect contraband in seconds, with processing times being largely independent of disk capacity.
{"title":"Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems","authors":"Sean McKeown, Gordon Russell, P. Leimich","doi":"10.15394/jdfsl.2019.1591","DOIUrl":"https://doi.org/10.15394/jdfsl.2019.1591","url":null,"abstract":"A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives are now so large that it can take several hours just to read this data from the disk, and can contribute to the large investigative backlogs suffered by many law enforcement bodies. Digital forensic triage techniques may thus be used to prioritise evidence and effect faster investigation turnarounds. This paper proposes a new forensic triage method for investigating disk evidence relating to picture files, making use of centralised thumbnail caches that are present in the Windows operating system. Such centralised caches serve as a catalogue of images on the device, allowing for fast triage. This work includes a comprehensive analysis of the thumbnail variants across a range of windows operating systems, which causes difficulties when detecting contraband using cryptographic hash databases. A novel method for large-scale hash database generation is described which allows precalculated cryptographic hash databases to be built from arbitrary image sets for use in thumbnail contraband detection. This approach allows for cryptographic hashes to be generated for multiple Windows versions from the original source image, facilitating wider detection. Finally, a more flexible approach is also proposed which makes novel use of perceptual hashing techniques, mitigating issues caused by the differences between thumbnails across Windows versions. A key contribution of this work demonstrates that by using new techniques, thumbnail caches can be used to robustly and effectively detect contraband in seconds, with processing times being largely independent of disk capacity.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83513324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cover Back","authors":"","doi":"10.58940/1558-7223.1517","DOIUrl":"https://doi.org/10.58940/1558-7223.1517","url":null,"abstract":"","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48933561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.15394/JDFSL.2016.1416
Jo Bryce, V. N. Franqueira, A. Marrington
{"title":"Special Issue on Cyberharassment Investigation: Advances and Trends","authors":"Jo Bryce, V. N. Franqueira, A. Marrington","doi":"10.15394/JDFSL.2016.1416","DOIUrl":"https://doi.org/10.15394/JDFSL.2016.1416","url":null,"abstract":"","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81433120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-03-31DOI: 10.15394/JDFSL.2014.1160
Chad M. S. Steel
Idiographic digital profiling (IDP) is the application of behavioral analysis to the field of digital forensics. Previous work in this field takes a nomothetic approach to behavioral analysis by attempting to understand the aggregate behaviors of cybercriminals. This work is the first to take an idiographic approach by examining a particular subject's digital footprints for immediate use in an ongoing investigation.  IDP provides a framework for investigators to analyze digital behavioral evidence for the purposes of case planning, subject identification, lead generation, obtaining and executing warrants, and prosecuting offenders.
具体数字分析(IDP)是行为分析在数字取证领域的应用。在这一领域的先前工作采取了一种通过试图理解网络罪犯的总体行为来进行行为分析的方法。Â这项工作是第一次采取具体的方法,通过检查特定主题的数字足迹,立即用于正在进行的调查。Â Â IDP为调查人员提供了一个框架,以分析数字行为证据,用于案件规划,主题识别,线索生成,获得和执行搜查令以及起诉罪犯。
{"title":"Idiographic Digital Profiling: Behavioral Analysis Based on Digital Footprints","authors":"Chad M. S. Steel","doi":"10.15394/JDFSL.2014.1160","DOIUrl":"https://doi.org/10.15394/JDFSL.2014.1160","url":null,"abstract":"Idiographic digital profiling (IDP) is the application of behavioral analysis to the field of digital forensics. Previous work in this field takes a nomothetic approach to behavioral analysis by attempting to understand the aggregate behaviors of cybercriminals. This work is the first to take an idiographic approach by examining a particular subject's digital footprints for immediate use in an ongoing investigation.  IDP provides a framework for investigators to analyze digital behavioral evidence for the purposes of case planning, subject identification, lead generation, obtaining and executing warrants, and prosecuting offenders.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.3,"publicationDate":"2014-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83715094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: