SlideShare a Scribd company logo

FORENSIC DATA ORIGINS

Download as DOCX, PDF
D
Dominique Briscoe

This document discusses four data sources - hard drives, cloud storage, mobile devices, and GPS systems - that can be used as digital evidence by forensic investigators. It assesses the usefulness of each data source for investigating three types of attacks: network intrusion, malware intrusion, and insider file deletion. For network intrusion, hard drives and cloud storage are identified as containing the most valuable evidence. For malware intrusion, mobile devices and cloud storage are seen as most useful. And for insider file deletion cases, hard drives and mobile devices are ranked as the top sources of information for investigators.

Devices & Hardware
1 of 14
FORENSIC INVESTIGATION AND 4 DATA ORIGINS DominiqueBriscoe, CSEC 650 Cybercrime Investigationand DigitalForensics Fall 2016
1 Table of Contents Abstract………………………………………………………………………………….. Page 2 Introduction……………………………………………………………………………. Page 2 The Four ChosenData Origins………………………………………………… Page 3 Hard Drive ……………………………………………………………………………… Page 3 CloudStorage…………………………………………………………………………. Page 3 Mobile Devices………………………………………………………………………. Page 4 GPS ……………………………………………………………………………………….. Page 6 Attack Scenarios……………………………………………………………………. Page 7 NetworkIntrusion…………………………………………………………………. Page 7 Malware Intrusion…………………………………………………………………. Page 8 InsiderFile Deletion………………………………………………………………. Page 10 Conclusion…………………………………………………………………………….. Page 12 References…………………………………………………………………………….. Page 13
2 Abstract This paper elaborateson data sourcesas digital evidence usedby forensic investigatorstosolve and justify cases. I will attempt to discussthe job of a forensic investigatorand what datasources can sometimesmake a job tranquilor strenuous. Of course, increased evidence is better butwhich data sourcesconvey a robustamountofinformation? I will examine four data origins: hard drives, cloud storage, mobile devices, andGPS system. I will makean assessment, of howwell each regard three different typesof attacks:network intrusion, malware intrusion, andinsider file deletion. I will answer the questionof which data source are mostvaluable to these attacks,thereby reapingthe mostevidence in situationswhere theseattack typesare being investigated. I will conclude by identifying in 3 final charted figures, the usefulnessof each datasource when it encounterseach attack type, since we know thatan important focus of the forensic investigatoris finding the mostevidence possible. I. Introduction “Forensicsrefers to the process of identifying what hasoccurred on a systemby examining the data trail” (Dulaney, 2014). Sourcesof data allow us to understandwhathastaken place. A forensic investigatorneeds topossessthe ability to pull datafrom the sources. He needs to usedata sources that convey evidence, andhe needsto knowwhich datasources convey good portionsof evidence. “Law enforcement relies extensively ondigital evidence for importantinformationaboutbothvictims and suspects. Due tothe potential quantity of digital evidence available, cases where suchevidence is lacking are moredifficult todevelop leads andsolve” (Davis, 2015). Inthis paper I will discussharddrives as a data origin becauseof its long history technology andbecause it is the primary computer storagedevice, cloud storagebecause they havebecome extremely useful as storage, mobile devices because they have increased in complexity andpopularity, andGPS because it doespossesssome evidentiary value butI would like to uncoverexactly howuseful it really can be.
3 II. The Four Chosen Data Origins Hard Drive Storage “Computers can takemany forms suchas laptops, desktops, towercomputers, rack-mounted systems, mini-computers, andmainframecomputers”(NIJ, 2008). Dataisprocessed andstored insideof each computer system. Onesuch place is within the hard drive. The hard drive was ouroriginal method of data storagewithin a computersystemandit hasbecome very useful over yearsand grownin capabilities due to shrinkingin its physicalsize. What is convenientin ourpresent time is the ability to “carry” a hard drive. The harddrive began as an original SCSI drive andnow we have the SSDfor electronic storage. “Hard drives use magnetic spinningplatters, while SSDsuse flash memory chips” (Wiebe, 2013). Hard drives vary in sizes andtypes andcontainexternal circuit boardsandmetal platters that containdata. Hard drives at a crime scene may be found connectedor disconnectedfrom a computer. Cloningis a goodprocessoften usedby forensic investigators, specifically for the task of copying evidence. An added amenity is that there will also be a hash identifier andthe original hard drive can be preserved. However “because mostforensic analysistools expect to see forensic image files, the preferred dataacquisition methodis the creation of a forensic image” (SANS, 2014). CloudStorage Cloudstorage for consumerswho purchaseit is EASY BREEZY…it allows setup of its services througha wizard anduses easy dragand dropinterface tools for easy interaction. It is a methodthathas become easily adoptedby some. Itrelieves youof the addedheadache of managinglocal storagespace. In 2014 NISTrecognizedthe cloudas being a significant problem for law enforcement. It designedthe
4 NISTCloud ComputingForensicScience Challenge and arguedthat it could identify many “daunting challenges that law enforcement andothersface when investigationsinvolving cloudprovidersare a key audience for NIST’swork” (DeRosa, 2014). What hasbeen suggestedis that thosesame features that makethe cloud so marketablesuch as flexibility does create challenges for the forensic investigator. Wheninvestigatingwith the useof cloud storage eventhe initial stepscan get extremely complicated. When investigatorsare identifyingand collecting evidence, there are now larger parametersand locationswhere evidence could be. There may even be the need to involvedifferent jurisdictions becauseof the complexity of storage. “The complex cloud technology can makeit more difficult for law enforcement tozero in ononly the datait needsand protect the privacy of other tenantsin the cloud” (DeRosa, 2014). Mobile Devices Endingout year 2014, thegrowthof cellular subscriptionshadgrownto 7 billion worldwide. Mobile devices are complex and are the single item thatassistsus daily in bothour personaland professionallives. In our presentday mobile devices are usedfor “voice calls, audio/videoconferencing, emails, shortmessages, social networkingmedia, chatting, internet browsing, GPSnavigation, pictures, videos, andstandaloneapplications”(Anobah, 2014). FigureI below showsthe growth in smartphone users from 2010 to2016 basedonStatista.comfindings. With this in mindwe knowthat they are pretty goodsource of information for our own individual needs buthow aboutthe need to assistinvestigators? “More than80% of courtcases in UShave some form of digital evidence linked tothem” (Anobah, 2014). There are presently toolsthatinvestigatorsuse
5 to collect (extract) evidence from mobile devices but as the smartphonegrows, ourtoolboxas investigatorsneedsto as well. Figure I Smartphones Are TakingOver When collecting evidence, currently the only standardin place is thatimposedby NISTfor using the correct toolsto collect data. And, needless tosay, it is more of a recommendation. The NIST recommendationdoesneed to be addressedand updatedfromits 2010 version. A warrant is usually needed to access a mobile device since the storage(which connects tothe network) leads to an attached removablememory and sim card. Sometimesa vendorwho producedthe sim chip can provide information. Texting, calls logged, applicationinfo, GPS tracking, andfiles can be accessed througha mobile device. “Law enforcement andforensic investigatorshavestruggledto effectively manage digital evidence obtainedfrom mobile devices” (Bennett, 2011). Somereasonsbeing, mobile devices have a variety of operatingsystems, files contained require the phoneto continueto be powered on to save volatile memory, andmobile devices require specialized interface, storagemedia, andhardware.
6 Global PositioningSystem When people think of GPS (Global PositioningSystem)they tend to think of the convenience of acquiring directionsor defining locations. Althoughthisis true, a GPS is far more complex thanthis. GPS info was intended originally tobe usedfor military use, however in 1980 itwas available tocivilians. It originally beganwith the U.S. Departmentof Defense placing 24 satellites into orbitin space as a network. “The satellite syste is supportedby a numberof groundstationsthatmonitorthe data sentby the satellites and transmitcorrective databack to the satellites…the GPSreceiver collects the signal from the satellites and interprets themto give the user a fixed location” (Strawn, 2009). GPSevidence can play a significant role in many other typesof investigationssuchas accident reconstructionand search and rescue cases. GPS devices may contain the following data track logs, trackpoints, waypoints, routes, storedlocations, security locations, recent addresses, call logs, paired device history, incoming/outgoing text message, video, photos, andaudio. One datasource of the GPSalone, trackpointshasbeen provenextremely valuable to investigators. “Withtrackpoints, criminal acts can be pinpointeddownto almostthe exact seconda crime was committed. Almost all GPS devices collect trackpointsbuteven withouttrackpoints, GPS devices still holda significant amountof data”(LeMere, 2011). There are a numberof applications offered by vendorsthatare created for use by investigatorsto examine andretrieve forensic evidence from GPS devices. Three such devices are DeviceSeizure, Point2Point, andBlackthorn. “Like all investigations, GPSforensics mustbe approachedwith the willingness to view a broadpicture and the skill to decipher the small details in order to rebuild the occurrence of the crime” (Strawn, 2009).
7 III. Attack Types Network Intrusion In approachingthissubject we mustremember thata network intrusionis activity that is unwantedand thatit absorbs network resources that are intended for other users. This is what causes a threat to the security of the dataunder investigation. After viewing the sourcesof datain this paper I would rank them as follows: harddrives, cloudstorage, mobile devices, andGPS. I will suggestthat I have arrived at my findings by understanding thatharddrives andcloud storage are very muchmore likely to suffer dataneglect from network intrusion than mobiledevices andespecially GPS. Figure II givesthe analysisof network intrusionbelow. Figure II. Network IntrusionChart Hard drives storegreat amountof dataand they are embeddedintoevery computer. They are usedwidespread across the world for storing data. Hard drives are tools thatget breached daily. Cloud storage hasn’treachedits tremendousnumbersonly because it is a new concept butit still has become a major supplier for storage. Mobiledevices communicatewith a network butthe informationattained is 0 20 40 60 80 100 120 Hard Drive Cloud Storage Mobile GPS Network Intrusion Network Intrusion
8 usually not asvaluable so the likelihoodof encounteringnetwork intrusionis low. The same conceptcan be applied to the GPSsystem. “The three toptechnologies usedby hackersto cover their tracks after a network intrusionare deleting logs, using encryptiononthe data being sent outof your organizationand installing rootkits”(Lewis, 2016). Networksmustbe secured usingNetwork IntrusionDetectionSystems. An NIDSwill sendout an alarm or alert thatan intruder is tryingfor the network. It will be helpful in monitoringthenetwork for anomalies. Hard drives are the mostlikely to fall victim to this andshouldalways be run ona systemthat has a firewall installed alongwith virus protection. An investigatormay choose to use toolsfor securing the hard driveand makinga copy. He will also check the systemlogs andcheck for virusesandmalware. Malware Intrusion Malware can be viewed as malicious software causingan intrusion. It can mean vandalismand obstructionfor the intendedcomputer. Many times malware is able to be spreadwhen companies allow toomany privileges or when toomany computersuse the same network. There are different aspects of malware thatneed to be considered togather a robustunderstandingofit. The aspects toconsider are the typeof malware that a systemencounters, the infection that the malware will present, the effect that it will haveon the system, andwhat bestapproachesto preventand removeit. These aspectsare what can be examined to give a great awareness of which are the more threateningversusless threatening. To name a few types there are spyware, virus, worms, and Trojans. The processin which malware spreads its infection is basedon the typeof malware, for example “some trojan horsescan infect a computer when the user runsor installs the infected program…sometypesof malware can infect a computer by being uploadedthroughtheWeb browserwhen the user visits andinfected website”. The effect thatit will have onthe systemis also dependentuponwhich malware takesplace. To recognize malware takingplace ona system, the processingrate may slow down, it may reboot
9 simultaneously, orit may slow down withoutlogical explanation. The best approachto preventingand removingmalware wouldbe toprepare its physical health justyoudo yourown health. Vitaminsfor a computerwould be anti-spyware, anti-malware, or evenfirewalls. Anti-Virussoftware is what keepsthe virusor attacks from returning. Any systemshouldalwaysbe runninganti-virussoftware at all times. As I look at the list of data sourcesI would rate them in order of importance as follows: mobile devices, cloudstorage, hard drive, andGPS. I am familiar with the possibility of malware being spread ontomobile devices. Of all four data originsa mobile device is the only that will actually come into direct contact with websites. Of course, if a personlogs ontotheir cloud storagefrom that accountthe likelihood is raised butnot very high andmaybe place thosesame files ontoa harddrive. A GPSgenerally has noconnectionto networksbut tosatellites. Below Figure III givesmy malware intrusionanalysis. Figure III. Malware Intrusion Chart 0 20 40 60 80 100 120 Mobile Devices Cloud Storage Hard Drive GPS Malware Intrusion Malware Intrusion
10 Insider File Deletion “An organization’s information security is more likely to be compromised via the actions of an employee facilitated action, and “insider” attacks [of this kind] can have a much greater impact on the organization than many types of external attacks” (Hodgson, 2015). Many aren’t aware of the high level our vulnerability that we subject our sacred systems to as we grant access to fellow employees. Many times within our corporations we don’t adopt enough background screening checks to totally eliminate security hazards. This leads us to the insider file deletion scenarios. In, fact many companies are very well equipped and prepared to spend the money on protecting external attacks without a second thought of internal attacks that lives well within the walls of the company- the employees. In an effort to protect themselves companies should begin the process of protecting themselves from disgruntled employees with high likelihood of being fired sometime before the termination occurs. “With often potentially serious long-term financial and commercial consequences, the decision-making and management behind this process will be the key to limiting the fallout” (Parker, 2014). This means disgruntled former employees cannot access the internet, send webmails, burn DVDs and print documents, copy files to the file or memory stick. Even in the situation where they are able to do this they often unaware that they leave a trace behind. Therefore, The hard drive as a data source would be the first place to look. If employees had access to the system and decided to commit insider file deletion crimes while still employed, hard drives would allow us to trace steps. Forensic tools allow us to recover lost or deleted files. The disk investigator does this, it goes past the operating system to look directly at the raw drive sectors. The next source of information point that would be considered most important would be the mobile device. “Mobile and cloud technologies, with their unsecured devices and networks, have made it easier for insiders to wreak havoc. And things are getting worse. The US Department of Homeland Security cites a 64 percent increase in security breaches from 2014 to 2015” (Packer, 2016).
11 Mobile devices are the tools the leave the premises with former employees and those that have access via mobile devices can be dangerous if they decide to pursue hazardous outcomes. If an investigator suspects may have possibly used a mobile device, then that device is very useful in the process and a warrant to surrender it would be feasible. Even for the disgruntled employee that still works for the company, a mobile device is most convenient if you want to pursue insider file deletion and your system allows you that access from mobile devices. Mobile devices provide the privacy (as a carry on) that we need for committing a crime to avoid appearing susceptible. Cloud storage would definitely be third place to look. If the case is that the employer is still employed then access to cloud storage does put the company at risk. Cloud storage can be accessed from anywhere and it is a gold mine to an upset employer. The last place to look would probably be the GPS. Although this system will relay the location of the particular employee as the attack took place it wouldn’t grant as much data as the other items. The figure IV below gives order of importance in the case of an insider file deletion attack. Figure IV Insider File Deletion Chart 0 20 40 60 80 100 120 Hard Drive Mobile Devices Cloud Storage GPS Insider File Deletion Insider File Deletion
12 Conclusion In conclusion, we have learned in this paper that forensic investigation has to be suitable to meeting the needs of each individual investigation. There are different devices and attacks that can be examined. As we add more devices to our marketplace along with upscaling current products we place a lot of pressure on investigators to be complex in their tools and findings as well. Here are a couple of key points to consider in regards to what forensic investigators do know: 1) we know that tackling insider cyber threats requires a credible digital forensic strategy such as advance planning for those with the potential to leave a position soon because they have been given access to valuable information. 2) “we know that SSDs present challenges to forensic investigators primarily because disk technologies called program and erase cycles cause unallocated space to get overwritten sooner than it would on mechanical disk drives during normal operation” (Kumar, 2011) 3) we know that “no mobile forensic tool can claim to fully support any particular phone. Their compatibility and abilities should be explicitly stated to help an investigator in the selection of an appropriate tool” (Anobah, 2014). And this is only the beginning of a few approaches to some attack types and device types without mention of the many devices and attack types that haven’t been covered well within this paper. Finally, I conclude this paper with recognizing the issuethat we haveexamined many times well within this class andthat is revision of NISTstandardsthatneed tobe completedfor forensic investigatorstohave a framework to investigatefrom. Notsimply recommendationsbutenough research to knowwhat will reap the results of great analyzedevidence.
13 Reference Page Anobah, M., Popov, O. &Saleem, S. (2014). Testingframework for mobile device forensic tools. Retrieved from: commons.erau.edu/cgi/viewcontent.cgi?article=1183&context=jdfsl Bennett, D. (2011). The challenges facing computerforensic investigatorsin obtaininginformationfrom mobile devices for use in criminal investigations. Retrievedfrom: https://articles.forensicfocus.com/2011/08/22/the-challenges-facing-computer-forensics-investigators- in-obtaining-information-from-mobile-devices-for-use-in-criminal-investigations/ DeRose, M. (2014). Investigatinginthe cloud: challenges for digital forensics. Retrieved from: https://www.safecloud.org/2014/9/3/investigating-in-the-cloud-challenges-for-digital-forensics Hodgson, F. andKhoury, M. (2015). Investigationofinsiderattacks with computerforensics. Retrieved from: http://www.financierworldwide.com/investigation-of-insider-attacks-with-computer- forensics/#.WBJNVNVpGUk LeMere, B. (2011). Enhancinginvestigationswith GPS evidence. Retrieved from: http://www.forensicmag.com/article/2011/04/enhancing-investigations-gps-evidence Lewis, N. (2016.) What are the topthree network intrusiontechniques. Retrieved from: http://searchsecurity.techtarget.com/answer/What-are-the-top-three-network-intrusion-techniques NationalInstituteJustice. (2008). Special Report:Electronic Crime Scene Investigation. Retrievedfrom: https://www.ncjrs.gov/pdffiles1/nij/219941.pdf NationalInstituteof Justice. (2008). Digital Evidence and Forensics. Retrieved from: http://www.nij.gov/topics/forensics/evidence/digital/pages/welcome.aspx Packer, D. (2016). Too close for comfort: Insiderthreats to enterprise data. Retrieved from: http://www.druva.com/blog/close-comfort-insider-threats-enterprise-data/ Parker, J. (2014). Tackling insider cyber threats requires a credible digital forensic strategy. Retrieved from: https://www.theguardian.com/media-network/media-network-blog/2014/mar/14/insider-threats- security-digital-forensics SANS. (2014). Forensic images: for your viewing pleasures. Retrieved from: https://www.sans.org/reading-room/whitepapers/forensics/forensic-images-viewing-pleasure-35447 Strawn, C. (2009). Expandingthe potential for GPS evidence acquisition. Retrieved from: www.mislan.com/SSDDFJ/papers/SSDDFJ_V3_1_Strawn.pdf Weibe, J. (2013). Forensic insightinto solidstate drives. Retrieved from http://www.forensicmag.com/article/2013/05/forensic-insight-solid-state-drives

Recommended

The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityTech and Law Center
 
Sub1584
Sub1584Sub1584
Sub1584International Journal of Science and Research (IJSR)
 
Grid computing: An Emerging Technology
Grid computing: An Emerging TechnologyGrid computing: An Emerging Technology
Grid computing: An Emerging Technologyijsrd.com
 
A deep awareness framework for pervasiv video cloud
A deep awareness framework for pervasiv video cloudA deep awareness framework for pervasiv video cloud
A deep awareness framework for pervasiv video cloudredpel dot com
 
Information Extraction and Integration of Hard and Soft Information for D2D v...
Information Extraction and Integration of Hard and Soft Information for D2D v...Information Extraction and Integration of Hard and Soft Information for D2D v...
Information Extraction and Integration of Hard and Soft Information for D2D v...DataCards
 
L018137479
L018137479L018137479
L018137479IOSR Journals
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data FabricAngelo Corsaro
 

Recommended

The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityTech and Law Center
 
Sub1584
Sub1584Sub1584
Sub1584International Journal of Science and Research (IJSR)
 
Grid computing: An Emerging Technology
Grid computing: An Emerging TechnologyGrid computing: An Emerging Technology
Grid computing: An Emerging Technologyijsrd.com
 
A deep awareness framework for pervasiv video cloud
A deep awareness framework for pervasiv video cloudA deep awareness framework for pervasiv video cloud
A deep awareness framework for pervasiv video cloudredpel dot com
 
Information Extraction and Integration of Hard and Soft Information for D2D v...
Information Extraction and Integration of Hard and Soft Information for D2D v...Information Extraction and Integration of Hard and Soft Information for D2D v...
Information Extraction and Integration of Hard and Soft Information for D2D v...DataCards
 
L018137479
L018137479L018137479
L018137479IOSR Journals
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data FabricAngelo Corsaro
 
Moritz A Universe Of Data
Moritz A Universe Of DataMoritz A Universe Of Data
Moritz A Universe Of DataTom Moritz
 
A Universe of Data
A Universe of DataA Universe of Data
A Universe of DataTom Moritz
 
Scalable Image Encryption Based Lossless Image Compression
Scalable Image Encryption Based Lossless Image CompressionScalable Image Encryption Based Lossless Image Compression
Scalable Image Encryption Based Lossless Image CompressionIJERA Editor
 
[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...
[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...
[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...IJET - International Journal of Engineering and Techniques
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fogRezgar Mohammad
 
Encryption based multi user manner secured data sharing and storing in cloud
Encryption based multi user manner secured data sharing and storing in cloudEncryption based multi user manner secured data sharing and storing in cloud
Encryption based multi user manner secured data sharing and storing in cloudprjpublications
 
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGSECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGIJNSA Journal
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensicsijtsrd
 
Unit-2 Process of Digital Forensics [Autosaved].pptx
Unit-2 Process of Digital Forensics [Autosaved].pptxUnit-2 Process of Digital Forensics [Autosaved].pptx
Unit-2 Process of Digital Forensics [Autosaved].pptxSunny94841
 
Cell Phone Forensics Research
Cell Phone Forensics ResearchCell Phone Forensics Research
Cell Phone Forensics ResearchHouston Rickard
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxrichardnorman90310
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Toolsijtsrd
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsCSCJournals
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility ForensicsSabidur Rahman
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
White Paper - One Window - Non-US Version
White Paper - One Window - Non-US VersionWhite Paper - One Window - Non-US Version
White Paper - One Window - Non-US VersionStuart Clarke
 
ambient-computing
ambient-computingambient-computing
ambient-computingF. Marek Modzelewski
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...IJCSIS Research Publications
 
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf6510.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65Med labbi
 
Latest presentation
Latest presentationLatest presentation
Latest presentationAdetunji Adeoje
 

More Related Content

What's hot

Moritz A Universe Of Data
Moritz A Universe Of DataMoritz A Universe Of Data
Moritz A Universe Of DataTom Moritz
 
A Universe of Data
A Universe of DataA Universe of Data
A Universe of DataTom Moritz
 
Scalable Image Encryption Based Lossless Image Compression
Scalable Image Encryption Based Lossless Image CompressionScalable Image Encryption Based Lossless Image Compression
Scalable Image Encryption Based Lossless Image CompressionIJERA Editor
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fogRezgar Mohammad
 
Encryption based multi user manner secured data sharing and storing in cloud
Encryption based multi user manner secured data sharing and storing in cloudEncryption based multi user manner secured data sharing and storing in cloud
Encryption based multi user manner secured data sharing and storing in cloudprjpublications
 
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGSECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGIJNSA Journal
 

What's hot (7)

Moritz A Universe Of Data
Moritz A Universe Of DataMoritz A Universe Of Data
Moritz A Universe Of Data
 
A Universe of Data
A Universe of DataA Universe of Data
A Universe of Data
 
Scalable Image Encryption Based Lossless Image Compression
Scalable Image Encryption Based Lossless Image CompressionScalable Image Encryption Based Lossless Image Compression
Scalable Image Encryption Based Lossless Image Compression
 
[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...
[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...
[IJET-V2I1P12] Authors:Nikesh Pansare, Akash Somkuwar , Adil Shaikh and Satya...
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fog
 
Encryption based multi user manner secured data sharing and storing in cloud
Encryption based multi user manner secured data sharing and storing in cloudEncryption based multi user manner secured data sharing and storing in cloud
Encryption based multi user manner secured data sharing and storing in cloud
 
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGSECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
 

Similar to FORENSIC DATA ORIGINS

Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensicsijtsrd
 
Unit-2 Process of Digital Forensics [Autosaved].pptx
Unit-2 Process of Digital Forensics [Autosaved].pptxUnit-2 Process of Digital Forensics [Autosaved].pptx
Unit-2 Process of Digital Forensics [Autosaved].pptxSunny94841
 
Cell Phone Forensics Research
Cell Phone Forensics ResearchCell Phone Forensics Research
Cell Phone Forensics ResearchHouston Rickard
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxrichardnorman90310
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Toolsijtsrd
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsCSCJournals
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility ForensicsSabidur Rahman
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
White Paper - One Window - Non-US Version
White Paper - One Window - Non-US VersionWhite Paper - One Window - Non-US Version
White Paper - One Window - Non-US VersionStuart Clarke
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...IJCSIS Research Publications
 
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf6510.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65Med labbi
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
Forensic drive correlation
Forensic drive correlationForensic drive correlation
Forensic drive correlationRamesh Gubba
 

Similar to FORENSIC DATA ORIGINS (20)

Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensics
 
Unit-2 Process of Digital Forensics [Autosaved].pptx
Unit-2 Process of Digital Forensics [Autosaved].pptxUnit-2 Process of Digital Forensics [Autosaved].pptx
Unit-2 Process of Digital Forensics [Autosaved].pptx
 
Cell Phone Forensics Research
Cell Phone Forensics ResearchCell Phone Forensics Research
Cell Phone Forensics Research
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Tools
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future Directions
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility Forensics
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
White Paper - One Window - Non-US Version
White Paper - One Window - Non-US VersionWhite Paper - One Window - Non-US Version
White Paper - One Window - Non-US Version
 
ambient-computing
ambient-computingambient-computing
ambient-computing
 
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
Virtual Machine Forensic Analysis and Recovery Method for Recovery and Analys...
 
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf6510.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
10.0000@citeseerx.ist.psu.edu@generic 8 a6c4211cf65
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
G017424448
G017424448G017424448
G017424448
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Forensic drive correlation
Forensic drive correlationForensic drive correlation
Forensic drive correlation
 
3.2
3.23.2
3.2
 

Recently uploaded

《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...ur8mqw8e
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一ga6c6bdl
 
Gaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service GayaGaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service Gayasrsj9000
 
原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样
原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样
原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样qaffana
 
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /WhatsappsBeautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsappssapnasaifi408
 
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...srsj9000
 
Call Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile serviceCall Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile servicerehmti665
 
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一ss ss
 
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...Call Girls in Nagpur High Profile
 
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一ga6c6bdl
 
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai GapedCall Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gapedkojalkojal131
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...nagunakhan
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...Suhani Kapoor
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Pooja Nehwal
 
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service LucknowAlambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service Lucknowmakika9823
 
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up NumberCall Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up NumberMs Riya
 
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一zul5vf0pq
 
Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...
Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...
Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...anilsa9823
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsPooja Nehwal
 

Recently uploaded (20)

《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
 
Gaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service GayaGaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service Gaya
 
原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样
原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样
原版制作美国天普大学毕业证(本硕)tu毕业证明原版一模一样
 
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /WhatsappsBeautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
 
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
Hifi Defence Colony Call Girls Service WhatsApp -> 9999965857 Available 24x7 ...
 
Call Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile serviceCall Girls Delhi {Rohini} 9711199012 high profile service
Call Girls Delhi {Rohini} 9711199012 high profile service
 
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
定制(UI学位证)爱达荷大学毕业证成绩单原版一比一
 
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
VVIP Pune Call Girls Warje (7001035870) Pune Escorts Nearby with Complete Sat...
 
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
如何办理萨省大学毕业证(UofS毕业证)成绩单留信学历认证原版一比一
 
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai GapedCall Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
 
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service LucknowAlambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
 
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
 
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up NumberCall Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
Call Girls Delhi {Rs-10000 Laxmi Nagar] 9711199012 Whats Up Number
 
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
 
Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...
Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...
Lucknow 💋 Call Girls Adil Nagar | ₹,9500 Pay Cash 8923113531 Free Home Delive...
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call Girls
 

FORENSIC DATA ORIGINS

  • 1. FORENSIC INVESTIGATION AND 4 DATA ORIGINS DominiqueBriscoe, CSEC 650 Cybercrime Investigationand DigitalForensics Fall 2016
  • 2. 1 Table of Contents Abstract………………………………………………………………………………….. Page 2 Introduction……………………………………………………………………………. Page 2 The Four ChosenData Origins………………………………………………… Page 3 Hard Drive ……………………………………………………………………………… Page 3 CloudStorage…………………………………………………………………………. Page 3 Mobile Devices………………………………………………………………………. Page 4 GPS ……………………………………………………………………………………….. Page 6 Attack Scenarios……………………………………………………………………. Page 7 NetworkIntrusion…………………………………………………………………. Page 7 Malware Intrusion…………………………………………………………………. Page 8 InsiderFile Deletion………………………………………………………………. Page 10 Conclusion…………………………………………………………………………….. Page 12 References…………………………………………………………………………….. Page 13
  • 3. 2 Abstract This paper elaborateson data sourcesas digital evidence usedby forensic investigatorstosolve and justify cases. I will attempt to discussthe job of a forensic investigatorand what datasources can sometimesmake a job tranquilor strenuous. Of course, increased evidence is better butwhich data sourcesconvey a robustamountofinformation? I will examine four data origins: hard drives, cloud storage, mobile devices, andGPS system. I will makean assessment, of howwell each regard three different typesof attacks:network intrusion, malware intrusion, andinsider file deletion. I will answer the questionof which data source are mostvaluable to these attacks,thereby reapingthe mostevidence in situationswhere theseattack typesare being investigated. I will conclude by identifying in 3 final charted figures, the usefulnessof each datasource when it encounterseach attack type, since we know thatan important focus of the forensic investigatoris finding the mostevidence possible. I. Introduction “Forensicsrefers to the process of identifying what hasoccurred on a systemby examining the data trail” (Dulaney, 2014). Sourcesof data allow us to understandwhathastaken place. A forensic investigatorneeds topossessthe ability to pull datafrom the sources. He needs to usedata sources that convey evidence, andhe needsto knowwhich datasources convey good portionsof evidence. “Law enforcement relies extensively ondigital evidence for importantinformationaboutbothvictims and suspects. Due tothe potential quantity of digital evidence available, cases where suchevidence is lacking are moredifficult todevelop leads andsolve” (Davis, 2015). Inthis paper I will discussharddrives as a data origin becauseof its long history technology andbecause it is the primary computer storagedevice, cloud storagebecause they havebecome extremely useful as storage, mobile devices because they have increased in complexity andpopularity, andGPS because it doespossesssome evidentiary value butI would like to uncoverexactly howuseful it really can be.
  • 4. 3 II. The Four Chosen Data Origins Hard Drive Storage “Computers can takemany forms suchas laptops, desktops, towercomputers, rack-mounted systems, mini-computers, andmainframecomputers”(NIJ, 2008). Dataisprocessed andstored insideof each computer system. Onesuch place is within the hard drive. The hard drive was ouroriginal method of data storagewithin a computersystemandit hasbecome very useful over yearsand grownin capabilities due to shrinkingin its physicalsize. What is convenientin ourpresent time is the ability to “carry” a hard drive. The harddrive began as an original SCSI drive andnow we have the SSDfor electronic storage. “Hard drives use magnetic spinningplatters, while SSDsuse flash memory chips” (Wiebe, 2013). Hard drives vary in sizes andtypes andcontainexternal circuit boardsandmetal platters that containdata. Hard drives at a crime scene may be found connectedor disconnectedfrom a computer. Cloningis a goodprocessoften usedby forensic investigators, specifically for the task of copying evidence. An added amenity is that there will also be a hash identifier andthe original hard drive can be preserved. However “because mostforensic analysistools expect to see forensic image files, the preferred dataacquisition methodis the creation of a forensic image” (SANS, 2014). CloudStorage Cloudstorage for consumerswho purchaseit is EASY BREEZY…it allows setup of its services througha wizard anduses easy dragand dropinterface tools for easy interaction. It is a methodthathas become easily adoptedby some. Itrelieves youof the addedheadache of managinglocal storagespace. In 2014 NISTrecognizedthe cloudas being a significant problem for law enforcement. It designedthe
  • 5. 4 NISTCloud ComputingForensicScience Challenge and arguedthat it could identify many “daunting challenges that law enforcement andothersface when investigationsinvolving cloudprovidersare a key audience for NIST’swork” (DeRosa, 2014). What hasbeen suggestedis that thosesame features that makethe cloud so marketablesuch as flexibility does create challenges for the forensic investigator. Wheninvestigatingwith the useof cloud storage eventhe initial stepscan get extremely complicated. When investigatorsare identifyingand collecting evidence, there are now larger parametersand locationswhere evidence could be. There may even be the need to involvedifferent jurisdictions becauseof the complexity of storage. “The complex cloud technology can makeit more difficult for law enforcement tozero in ononly the datait needsand protect the privacy of other tenantsin the cloud” (DeRosa, 2014). Mobile Devices Endingout year 2014, thegrowthof cellular subscriptionshadgrownto 7 billion worldwide. Mobile devices are complex and are the single item thatassistsus daily in bothour personaland professionallives. In our presentday mobile devices are usedfor “voice calls, audio/videoconferencing, emails, shortmessages, social networkingmedia, chatting, internet browsing, GPSnavigation, pictures, videos, andstandaloneapplications”(Anobah, 2014). FigureI below showsthe growth in smartphone users from 2010 to2016 basedonStatista.comfindings. With this in mindwe knowthat they are pretty goodsource of information for our own individual needs buthow aboutthe need to assistinvestigators? “More than80% of courtcases in UShave some form of digital evidence linked tothem” (Anobah, 2014). There are presently toolsthatinvestigatorsuse
  • 6. 5 to collect (extract) evidence from mobile devices but as the smartphonegrows, ourtoolboxas investigatorsneedsto as well. Figure I Smartphones Are TakingOver When collecting evidence, currently the only standardin place is thatimposedby NISTfor using the correct toolsto collect data. And, needless tosay, it is more of a recommendation. The NIST recommendationdoesneed to be addressedand updatedfromits 2010 version. A warrant is usually needed to access a mobile device since the storage(which connects tothe network) leads to an attached removablememory and sim card. Sometimesa vendorwho producedthe sim chip can provide information. Texting, calls logged, applicationinfo, GPS tracking, andfiles can be accessed througha mobile device. “Law enforcement andforensic investigatorshavestruggledto effectively manage digital evidence obtainedfrom mobile devices” (Bennett, 2011). Somereasonsbeing, mobile devices have a variety of operatingsystems, files contained require the phoneto continueto be powered on to save volatile memory, andmobile devices require specialized interface, storagemedia, andhardware.
  • 7. 6 Global PositioningSystem When people think of GPS (Global PositioningSystem)they tend to think of the convenience of acquiring directionsor defining locations. Althoughthisis true, a GPS is far more complex thanthis. GPS info was intended originally tobe usedfor military use, however in 1980 itwas available tocivilians. It originally beganwith the U.S. Departmentof Defense placing 24 satellites into orbitin space as a network. “The satellite syste is supportedby a numberof groundstationsthatmonitorthe data sentby the satellites and transmitcorrective databack to the satellites…the GPSreceiver collects the signal from the satellites and interprets themto give the user a fixed location” (Strawn, 2009). GPSevidence can play a significant role in many other typesof investigationssuchas accident reconstructionand search and rescue cases. GPS devices may contain the following data track logs, trackpoints, waypoints, routes, storedlocations, security locations, recent addresses, call logs, paired device history, incoming/outgoing text message, video, photos, andaudio. One datasource of the GPSalone, trackpointshasbeen provenextremely valuable to investigators. “Withtrackpoints, criminal acts can be pinpointeddownto almostthe exact seconda crime was committed. Almost all GPS devices collect trackpointsbuteven withouttrackpoints, GPS devices still holda significant amountof data”(LeMere, 2011). There are a numberof applications offered by vendorsthatare created for use by investigatorsto examine andretrieve forensic evidence from GPS devices. Three such devices are DeviceSeizure, Point2Point, andBlackthorn. “Like all investigations, GPSforensics mustbe approachedwith the willingness to view a broadpicture and the skill to decipher the small details in order to rebuild the occurrence of the crime” (Strawn, 2009).
  • 8. 7 III. Attack Types Network Intrusion In approachingthissubject we mustremember thata network intrusionis activity that is unwantedand thatit absorbs network resources that are intended for other users. This is what causes a threat to the security of the dataunder investigation. After viewing the sourcesof datain this paper I would rank them as follows: harddrives, cloudstorage, mobile devices, andGPS. I will suggestthat I have arrived at my findings by understanding thatharddrives andcloud storage are very muchmore likely to suffer dataneglect from network intrusion than mobiledevices andespecially GPS. Figure II givesthe analysisof network intrusionbelow. Figure II. Network IntrusionChart Hard drives storegreat amountof dataand they are embeddedintoevery computer. They are usedwidespread across the world for storing data. Hard drives are tools thatget breached daily. Cloud storage hasn’treachedits tremendousnumbersonly because it is a new concept butit still has become a major supplier for storage. Mobiledevices communicatewith a network butthe informationattained is 0 20 40 60 80 100 120 Hard Drive Cloud Storage Mobile GPS Network Intrusion Network Intrusion
  • 9. 8 usually not asvaluable so the likelihoodof encounteringnetwork intrusionis low. The same conceptcan be applied to the GPSsystem. “The three toptechnologies usedby hackersto cover their tracks after a network intrusionare deleting logs, using encryptiononthe data being sent outof your organizationand installing rootkits”(Lewis, 2016). Networksmustbe secured usingNetwork IntrusionDetectionSystems. An NIDSwill sendout an alarm or alert thatan intruder is tryingfor the network. It will be helpful in monitoringthenetwork for anomalies. Hard drives are the mostlikely to fall victim to this andshouldalways be run ona systemthat has a firewall installed alongwith virus protection. An investigatormay choose to use toolsfor securing the hard driveand makinga copy. He will also check the systemlogs andcheck for virusesandmalware. Malware Intrusion Malware can be viewed as malicious software causingan intrusion. It can mean vandalismand obstructionfor the intendedcomputer. Many times malware is able to be spreadwhen companies allow toomany privileges or when toomany computersuse the same network. There are different aspects of malware thatneed to be considered togather a robustunderstandingofit. The aspects toconsider are the typeof malware that a systemencounters, the infection that the malware will present, the effect that it will haveon the system, andwhat bestapproachesto preventand removeit. These aspectsare what can be examined to give a great awareness of which are the more threateningversusless threatening. To name a few types there are spyware, virus, worms, and Trojans. The processin which malware spreads its infection is basedon the typeof malware, for example “some trojan horsescan infect a computer when the user runsor installs the infected program…sometypesof malware can infect a computer by being uploadedthroughtheWeb browserwhen the user visits andinfected website”. The effect thatit will have onthe systemis also dependentuponwhich malware takesplace. To recognize malware takingplace ona system, the processingrate may slow down, it may reboot
  • 10. 9 simultaneously, orit may slow down withoutlogical explanation. The best approachto preventingand removingmalware wouldbe toprepare its physical health justyoudo yourown health. Vitaminsfor a computerwould be anti-spyware, anti-malware, or evenfirewalls. Anti-Virussoftware is what keepsthe virusor attacks from returning. Any systemshouldalwaysbe runninganti-virussoftware at all times. As I look at the list of data sourcesI would rate them in order of importance as follows: mobile devices, cloudstorage, hard drive, andGPS. I am familiar with the possibility of malware being spread ontomobile devices. Of all four data originsa mobile device is the only that will actually come into direct contact with websites. Of course, if a personlogs ontotheir cloud storagefrom that accountthe likelihood is raised butnot very high andmaybe place thosesame files ontoa harddrive. A GPSgenerally has noconnectionto networksbut tosatellites. Below Figure III givesmy malware intrusionanalysis. Figure III. Malware Intrusion Chart 0 20 40 60 80 100 120 Mobile Devices Cloud Storage Hard Drive GPS Malware Intrusion Malware Intrusion
  • 11. 10 Insider File Deletion “An organization’s information security is more likely to be compromised via the actions of an employee facilitated action, and “insider” attacks [of this kind] can have a much greater impact on the organization than many types of external attacks” (Hodgson, 2015). Many aren’t aware of the high level our vulnerability that we subject our sacred systems to as we grant access to fellow employees. Many times within our corporations we don’t adopt enough background screening checks to totally eliminate security hazards. This leads us to the insider file deletion scenarios. In, fact many companies are very well equipped and prepared to spend the money on protecting external attacks without a second thought of internal attacks that lives well within the walls of the company- the employees. In an effort to protect themselves companies should begin the process of protecting themselves from disgruntled employees with high likelihood of being fired sometime before the termination occurs. “With often potentially serious long-term financial and commercial consequences, the decision-making and management behind this process will be the key to limiting the fallout” (Parker, 2014). This means disgruntled former employees cannot access the internet, send webmails, burn DVDs and print documents, copy files to the file or memory stick. Even in the situation where they are able to do this they often unaware that they leave a trace behind. Therefore, The hard drive as a data source would be the first place to look. If employees had access to the system and decided to commit insider file deletion crimes while still employed, hard drives would allow us to trace steps. Forensic tools allow us to recover lost or deleted files. The disk investigator does this, it goes past the operating system to look directly at the raw drive sectors. The next source of information point that would be considered most important would be the mobile device. “Mobile and cloud technologies, with their unsecured devices and networks, have made it easier for insiders to wreak havoc. And things are getting worse. The US Department of Homeland Security cites a 64 percent increase in security breaches from 2014 to 2015” (Packer, 2016).
  • 12. 11 Mobile devices are the tools the leave the premises with former employees and those that have access via mobile devices can be dangerous if they decide to pursue hazardous outcomes. If an investigator suspects may have possibly used a mobile device, then that device is very useful in the process and a warrant to surrender it would be feasible. Even for the disgruntled employee that still works for the company, a mobile device is most convenient if you want to pursue insider file deletion and your system allows you that access from mobile devices. Mobile devices provide the privacy (as a carry on) that we need for committing a crime to avoid appearing susceptible. Cloud storage would definitely be third place to look. If the case is that the employer is still employed then access to cloud storage does put the company at risk. Cloud storage can be accessed from anywhere and it is a gold mine to an upset employer. The last place to look would probably be the GPS. Although this system will relay the location of the particular employee as the attack took place it wouldn’t grant as much data as the other items. The figure IV below gives order of importance in the case of an insider file deletion attack. Figure IV Insider File Deletion Chart 0 20 40 60 80 100 120 Hard Drive Mobile Devices Cloud Storage GPS Insider File Deletion Insider File Deletion
  • 13. 12 Conclusion In conclusion, we have learned in this paper that forensic investigation has to be suitable to meeting the needs of each individual investigation. There are different devices and attacks that can be examined. As we add more devices to our marketplace along with upscaling current products we place a lot of pressure on investigators to be complex in their tools and findings as well. Here are a couple of key points to consider in regards to what forensic investigators do know: 1) we know that tackling insider cyber threats requires a credible digital forensic strategy such as advance planning for those with the potential to leave a position soon because they have been given access to valuable information. 2) “we know that SSDs present challenges to forensic investigators primarily because disk technologies called program and erase cycles cause unallocated space to get overwritten sooner than it would on mechanical disk drives during normal operation” (Kumar, 2011) 3) we know that “no mobile forensic tool can claim to fully support any particular phone. Their compatibility and abilities should be explicitly stated to help an investigator in the selection of an appropriate tool” (Anobah, 2014). And this is only the beginning of a few approaches to some attack types and device types without mention of the many devices and attack types that haven’t been covered well within this paper. Finally, I conclude this paper with recognizing the issuethat we haveexamined many times well within this class andthat is revision of NISTstandardsthatneed tobe completedfor forensic investigatorstohave a framework to investigatefrom. Notsimply recommendationsbutenough research to knowwhat will reap the results of great analyzedevidence.
  • 14. 13 Reference Page Anobah, M., Popov, O. &Saleem, S. (2014). Testingframework for mobile device forensic tools. Retrieved from: commons.erau.edu/cgi/viewcontent.cgi?article=1183&context=jdfsl Bennett, D. (2011). The challenges facing computerforensic investigatorsin obtaininginformationfrom mobile devices for use in criminal investigations. Retrievedfrom: https://articles.forensicfocus.com/2011/08/22/the-challenges-facing-computer-forensics-investigators- in-obtaining-information-from-mobile-devices-for-use-in-criminal-investigations/ DeRose, M. (2014). Investigatinginthe cloud: challenges for digital forensics. Retrieved from: https://www.safecloud.org/2014/9/3/investigating-in-the-cloud-challenges-for-digital-forensics Hodgson, F. andKhoury, M. (2015). Investigationofinsiderattacks with computerforensics. Retrieved from: http://www.financierworldwide.com/investigation-of-insider-attacks-with-computer- forensics/#.WBJNVNVpGUk LeMere, B. (2011). Enhancinginvestigationswith GPS evidence. Retrieved from: http://www.forensicmag.com/article/2011/04/enhancing-investigations-gps-evidence Lewis, N. (2016.) What are the topthree network intrusiontechniques. Retrieved from: http://searchsecurity.techtarget.com/answer/What-are-the-top-three-network-intrusion-techniques NationalInstituteJustice. (2008). Special Report:Electronic Crime Scene Investigation. Retrievedfrom: https://www.ncjrs.gov/pdffiles1/nij/219941.pdf NationalInstituteof Justice. (2008). Digital Evidence and Forensics. Retrieved from: http://www.nij.gov/topics/forensics/evidence/digital/pages/welcome.aspx Packer, D. (2016). Too close for comfort: Insiderthreats to enterprise data. Retrieved from: http://www.druva.com/blog/close-comfort-insider-threats-enterprise-data/ Parker, J. (2014). Tackling insider cyber threats requires a credible digital forensic strategy. Retrieved from: https://www.theguardian.com/media-network/media-network-blog/2014/mar/14/insider-threats- security-digital-forensics SANS. (2014). Forensic images: for your viewing pleasures. Retrieved from: https://www.sans.org/reading-room/whitepapers/forensics/forensic-images-viewing-pleasure-35447 Strawn, C. (2009). Expandingthe potential for GPS evidence acquisition. Retrieved from: www.mislan.com/SSDDFJ/papers/SSDDFJ_V3_1_Strawn.pdf Weibe, J. (2013). Forensic insightinto solidstate drives. Retrieved from http://www.forensicmag.com/article/2013/05/forensic-insight-solid-state-drives