No standard methodology for
Mark Reith, Clint Carr & Gregg
Gunsch 2002 model:
"Never touch, change, or alter anything
until it has been documented, identified,
measured, and photographed . . . when a
body or article has been moved, it can
never be restored to its original
Utilities, editors, Forensic Workstations,
password recovery, Devices readers, cables,
imagery, etc. etc.
Alphabetical List of High Tech Crime
Computer Forensics Institute, Inc
Products Alphabetical list of links
suppliers, and products
What is Ubiquitous Computing?
being present everywhere at once; omnipresent;
use of computers
Problems of CF with UC?
Increased variety of platforms (dimensions)
File systems, physical connections, encryption, time,
Increased quantity of data (depth of dimensions)
More tedious to find the specific data
Increased number of data dimensions and the depth of
the dimension itself led to more ways to hide data and
more difficult to detect the data.
(++|dn|)++|D| = n Exp(++|universe|)
The curse of dimensionality?
How will CF evolve?
"As the ways to store and transit data increases, the ways
of CF also increases."
More variety and Awareness towards
sophistication of tools computer security
More methodologies Confidentiality of
More laws observed information
Faster computer Laws for CF to obtain
Concerns for future of CF?
More negative publicity
Attracting other cyber-attackers
Inviting the ridicule of enemies of CF
Undermining the confidence of their customers, suppliers, and
Growing sophistication and stealth of cyber criminal activities
Much harder to detect than crimes in the physical world
Often insiders and international involvement
Indirectly through various hiding techniques
Information hiding: steganography, covert channel, etc
Current open problems in CF?
Unavailability of Legal Framework
Lack of unified guidelines for the evidence collection
Evidence acceptable in one country may not be in
Gives way to international crimes
Lack of technical knowledge
Judge may not have relevant computer knowledge
hence may not understand the evidences
Seek help from international organisations with high
authorit, to establish unified legal framework
E.g. ISO, UN
Increase public awareness of computer security
Find ways to get those information to the masses
Mark Reith, C. C., Gregg Gunsch (2002). "An Examination
of Digital Forensic Models." International Journal of
Digital Evidence 1(3).
Dennis Rader. (2009, December 9). In Wikipedia, The
Free Encyclopedia. Retrieved 03:28, December 11, 2009,
Vacca, John R. Computer Forensics : Computer Crime
Scene Investigation (2nd Edition).Boston, MA, USA:
Course Technolgy, 2005. p xxv.