Lens ID,Title,Date Published,Publication Year,Publication Type,Source Title,ISSNs,Publisher,Source Country,Author/s,Abstract,Volume,Issue Number,Start Page,End Page,Fields of Study,Keywords,MeSH Terms,Chemicals,Funding,Source URLs,External URL,PMID,DOI,Microsoft Academic ID,PMCID,Citing Patents Count,References,Citing Works Count,Is Open Access,Open Access License,Open Access Colour
000-116-031-001-044,Versatile iPad forensic acquisition using the Apple Camera Connection Kit,,2012,journal article,Computers & Mathematics with Applications,08981221,Elsevier BV,United Kingdom,Luis Gómez-Miralles; Joan Arnedo-Moreno,"The Apple iPad is a popular tablet device presented by Apple in early 2010. The idiosyncracies of this new portable device and the kind of data it may store open new opportunities in the field of computer forensics. Given that its design, both internal and external, is very similar to the iPhone, the current easiest way to obtain a forensic image is to install an SSH server and some tools, dump its internal storage and transfer it to a remote host via wireless networking. This approach may require up to 20 hours. In this paper, we present a novel approach that takes advantage of an undocumented feature so that it is possible to use a cheap iPad accessory, the Camera Connection Kit, to image the disk to an external hard drive attached via USB connection, greatly reducing the required time.",63,2,544,553,Wireless network; Host (network); Undocumented feature; Mathematics; Field (computer science); Connection (mathematics); USB; Computer forensics; Computer hardware,,,,Spanish MCYT and the FEDER; Spanish Ministry of Science and Education,http://www.sciencedirect.com/science/article/pii/S0898122111008315 http://core.ac.uk/display/9629011 https://www.sciencedirect.com/science/article/pii/S0898122111008315 http://openaccess.uoc.edu/webapps/o2/handle/10609/11862 https://dl.acm.org/doi/10.1016/j.camwa.2011.09.053 http://openaccess.uoc.edu/webapps/o2/bitstream/10609/11862/1/iPadForensics.pdf https://dblp.uni-trier.de/db/journals/cma/cma63.html#Gomez-MirallesA12 https://core.ac.uk/download/pdf/82307999.pdf,http://dx.doi.org/10.1016/j.camwa.2011.09.053,,10.1016/j.camwa.2011.09.053,1971413516,,0,001-187-036-977-606; 063-777-134-301-668; 067-165-295-918-077; 069-007-833-693-813; 140-574-046-885-14X,12,true,elsevier-specific: oa user license,green
000-273-803-851-17X,Transaction Mining for Fraud Detection in ERP Systems,2010-06-01,2010,journal article,Industrial Engineering and Management Systems,15987248; 22346473,Korean Institute of Industrial Engineers,South Korea,Roheena Khan; Malcolm Corney; Andrew Clark; George M. Mohay,"Despite all attempts to prevent fraud, it continues to be a major threat to industry and government. Traditionally, organizations have focused on fraud prevention rather than detection, to combat fraud. In this paper we present a role mining inspired approach to represent user behaviour in Enterprise Resource Planning (ERP) systems, primarily aimed at detecting opportunities to commit fraud or potentially suspicious activities. We have adapted an approach which uses set theory to create transaction profiles based on analysis of user activity records. Based on these transaction profiles, we propose a set of (1) anomaly types to detect potentially suspicious user behaviour, and (2) scenarios to identify inadequate segregation of duties in an ERP environment. In addition, we present two algorithms to construct a directed acyclic graph to represent relationships between transaction profiles. Experiments were conducted using a real dataset obtained from a teaching environment and a demonstration dataset, both using SAP R/3, presently the predominant ERP system. The results of this empirical research demonstrate the effectiveness of the proposed approach.",9,2,141,156,Separation of duties; Empirical research; Commit; Set (psychology); Enterprise resource planning; Computer security; Computer science; Anomaly detection; Directed acyclic graph; Database transaction,,,,,http://www.ndsl.kr/soc_img/society/kiie/SGHHEA/2010/v9n2/SGHHEA_2010_v9n2_141.pdf http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=SGHHEA_2010_v9n2_141 https://eprints.qut.edu.au/32390/ https://core.ac.uk/display/10897736 https://core.ac.uk/download/10897736.pdf,http://dx.doi.org/10.7232/iems.2010.9.2.141,,10.7232/iems.2010.9.2.141,2077180684,,0,000-635-344-358-516; 000-662-690-445-317; 002-401-515-089-578; 002-693-438-888-313; 006-662-579-067-862; 012-749-721-964-978; 017-681-352-007-294; 018-306-850-690-315; 021-162-044-379-176; 026-946-131-716-107; 031-825-398-253-789; 034-183-561-604-364; 035-134-978-716-586; 036-547-617-435-449; 038-028-599-674-515; 039-781-341-493-676; 047-291-496-601-780; 048-990-394-471-179; 054-579-808-207-747; 054-642-377-135-268; 056-675-257-380-334; 057-429-060-353-036; 057-867-926-666-069; 059-393-159-592-601; 065-326-136-386-79X; 066-353-161-921-600; 078-036-897-265-681; 085-616-652-795-849; 085-669-579-012-375; 086-951-838-982-33X; 098-076-768-154-207; 101-385-081-193-694; 102-573-178-198-795; 105-218-510-023-210; 109-077-210-801-93X; 112-327-460-108-019; 115-838-352-915-124; 118-230-995-911-913; 128-951-825-374-329; 129-882-121-435-445; 135-008-935-145-785; 138-806-912-353-587; 151-257-142-018-433; 152-437-505-433-332; 157-567-053-709-189; 173-412-633-391-967; 176-842-001-783-46X,21,true,,green
000-534-406-835-275,A research on the investigation method of digital forensics for a VMware Workstation’s virtual machine,,2012,journal article,Mathematical and Computer Modelling,08957177,Elsevier BV,United Kingdom,Sungsu Lim; Byeongyeong Yoo; Jungheum Park; Keun Duck Byun; Sangjin Lee,"Abstract Virtualization is a technology that uses a logical environment to overcome physical limitations in hardware. Recently, its coverage has become broader. Because a virtual machine can perform the same role as an actual system, a recorded user’s activity trail in the virtual machine is important factor in terms of digital forensics. If the investigator found trails of the VMware Workstation on the host, he should investigate the virtual machine along with host system. However, due to a lack of understanding of the virtual machine, the investigation process is not clear. Moreover, a damaged virtual machine image is difficult to investigate because of the structural characteristics. Therefore, we need a technical understanding and a research about investigation procedures and recovery methods on the virtual machine. In this research, we suggest an investigation procedure of digital forensics and a recovery method on damaged images for the VMware Workstation that has the largest number of users.",55,1,151,160,Operating system; Host (network); Virtual machine; Computer science; Full virtualization; Virtualization; Workstation; Hardware virtualization; Digital forensics; Process (computing),,,,MKE/KEIT,https://dblp.uni-trier.de/db/journals/mcm/mcm55.html#LimYPBL12 https://www.sciencedirect.com/science/article/pii/S0895717711001014 https://koreauniv.pure.elsevier.com/en/publications/a-research-on-the-investigation-method-of-digital-forensics-for-a,http://dx.doi.org/10.1016/j.mcm.2011.02.011,,10.1016/j.mcm.2011.02.011,1971766706,,0,040-393-580-637-973; 042-922-388-727-569; 061-412-953-386-541; 075-092-110-948-778; 085-063-161-801-039; 105-708-174-479-949; 144-034-242-927-325,13,true,elsevier-specific: oa user license,
000-557-324-827-169,Digital Evidence: Challenging the Presumption of Reliability,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Eric Van Buskirk; Vincent T. Liu,"Abstract There is a general tendency among courts to presume that forensic software reliably yields accurate digital evidence. As a judicial construct, this presumption is unjustified in that it is not tailored to separate accurate results from inaccurate ones. The authors illustrate this unfortunate truth by the presentation of two currently uncorrected weaknesses in popular computer forensic tools, methods, and assumptions. Some percentage of these forensic software errors (and ones like them) will necessarily have negative effects on parties, whether in terms of faulty criminal convictions or improper civil judgments. The authors argue that the collective value of these negative effects among parties is far larger than the costs of research and development required to prevent such negative effects. Under a purely rational economic approach to the law, this dynamic constitutes an inefficiency to be corrected through the proper application of rules. The authors advance two approaches to cure current defe...",1,1,19,26,Software quality; Construct (philosophy); Law and economics; Value (ethics); Inefficiency; Federal Rules of Evidence; Presumption; Digital evidence; Computer security; Computer science; Computer forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#BuskirkL06 https://doi.org/10.1080/15567280500541421 https://www.tandfonline.com/doi/full/10.1080/15567280500541421,http://dx.doi.org/10.1080/15567280500541421,,10.1080/15567280500541421,2067550567,,0,,29,false,,
000-980-904-065-103,Detecting Double JPEG Compression With the Same Quantization Matrix,,2010,journal article,IEEE Transactions on Information Forensics and Security,15566013; 15566021,Institute of Electrical and Electronics Engineers (IEEE),United States,Fangjun Huang; Jiwu Huang; Yun Q. Shi,"Detection of double joint photographic experts group (JPEG) compression is of great significance in the field of digital forensics. Some successful approaches have been presented for detecting double JPEG compression when the primary compression and the secondary compression have different quantization matrixes. However, when the primary compression and the secondary compression have the same quantization matrix, no detection method has been reported yet. In this paper, we present a method which can detect double JPEG compression with the same quantization matrix. Our algorithm is based on the observation that in the process of recompressing a JPEG image with the same quantization matrix over and over again, the number of different JPEG coefficients, i.e., the quantized discrete cosine transform coefficients between the sequential two versions will monotonically decrease in general. For example, the number of different JPEG coefficients between the singly and doubly compressed images is generally larger than the number of different JPEG coefficients between the corresponding doubly and triply compressed images. Via a novel random perturbation strategy implemented on the JPEG coefficients of the recompressed test image, we can find a “proper” randomly perturbed ratio. For different images, this universal “proper” ratio will generate a dynamically changed threshold, which can be utilized to discriminate the singly compressed image and doubly compressed image. Furthermore, our method has the potential to detect triple JPEG compression, four times JPEG compression, etc.",5,4,848,856,Algorithm; Iterative reconstruction; Artificial intelligence; Lossy compression; Transform coding; Standard test image; JPEG; Quantization (image processing); Discrete cosine transform; Quantization (signal processing); Computer vision; Computer science; Compression artifact; JPEG 2000; Data compression; Lossless JPEG; Data compression ratio,,,,,https://dblp.uni-trier.de/db/journals/tifs/tifs5.html#HuangHS10a https://dlnext.acm.org/doi/abs/10.1109/TIFS.2010.2072921 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000005560817 https://ieeexplore.ieee.org/document/5560817/ https://ieeexplore.ieee.org/abstract/document/5560817 https://dl.acm.org/doi/10.1109/TIFS.2010.2072921 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000005560817 http://dblp.uni-trier.de/db/journals/tifs/tifs5.html#HuangHS10a https://researchwith.njit.edu/en/publications/detecting-double-jpeg-compression-with-the-same-quantization-matr,http://dx.doi.org/10.1109/tifs.2010.2072921,,10.1109/tifs.2010.2072921,2059907896,,1,004-690-012-680-59X; 013-175-055-053-326; 014-603-834-804-090; 026-163-602-249-656; 027-524-182-531-723; 039-604-410-537-357; 049-209-305-832-496; 073-341-674-212-039; 106-688-419-298-857; 135-262-782-091-897; 136-713-989-335-402; 140-408-113-219-371; 143-695-756-474-732,163,false,,
001-161-687-871-519,Analysis of update delays in signature-based network intrusion detection systems,,2011,journal article,Computers & Security,01674048,Elsevier BV,United Kingdom,Hugo Gascon; Agustin Orfila; Jorge Blasco,"Network Intrusion Detection Systems (NIDS) play a fundamental role on security policy deployment and help organizations in protecting their assets from network attacks. Signature-based NIDS rely on a set of known patterns to match malicious traffic. Accordingly, they are unable to detect a specific attack until a specific signature for the corresponding vulnerability is created, tested, released and deployed. Although vital, the delay in the updating process of these systems has not been studied in depth. This paper presents a comprehensive statistical analysis of this delay in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits. The widely deployed NIDS Snort and its detection signatures release dates have been used. Results show that signature updates are typically available later than software patching releases. Moreover, Snort rules are generally released within the first 100 days from the vulnerability disclosure and most of the times exploits and the corresponding NIDS rules are published with little difference. Implications of these results are drawn in the context of security policy definition. This study can be easily kept up to date due to the methodology used.",30,8,613,624,Software deployment; Anomaly-based intrusion detection system; Security policy; Exploit; Vulnerability; Relation (database); Intrusion prevention system; Context (language use); Intrusion detection system; Computer security; Computer science; Vulnerability (computing),,,,,https://doi.org/10.1016/j.cose.2011.08.010 https://dblp.uni-trier.de/db/journals/compsec/compsec30.html#GasconOA11 https://www.sciencedirect.com/science/article/pii/S0167404811001106 https://core.ac.uk/download/30044499.pdf,http://dx.doi.org/10.1016/j.cose.2011.08.010,,10.1016/j.cose.2011.08.010,2078846165,,0,008-735-958-111-306; 018-015-057-679-284; 019-894-691-912-151; 020-885-011-437-897; 029-452-209-812-975; 033-820-436-580-458; 036-496-886-989-477; 036-570-139-292-046; 045-104-320-140-926; 045-494-422-820-099; 083-293-117-604-32X; 084-300-895-894-385; 094-130-112-371-363; 100-428-983-751-22X; 107-976-551-516-025; 126-980-102-017-272; 131-746-009-933-474; 133-916-487-800-053; 135-540-879-625-645; 145-841-489-671-314; 152-313-879-966-702; 152-937-620-267-692; 178-384-582-247-290; 191-190-602-403-170,23,true,,green
001-603-808-939-061,Preventing history forgery with secure provenance,,2009,journal article,ACM Transactions on Storage,15533077; 15533093,Association for Computing Machinery (ACM),United States,Ragib Hasan; Radu Sion; Marianne Winslett,"As increasing amounts of valuable information are produced and persist digitally, the ability to determine the origin of data becomes important. In science, medicine, commerce, and government, data provenance tracking is essential for rights protection, regulatory compliance, management of intelligence and medical data, and authentication of information as it flows through workplace tasks. While significant research has been conducted in this area, the associated security and privacy issues have not been explored, leaving provenance information vulnerable to illicit alteration as it passes through untrusted environments.In this article, we show how to provide strong integrity and confidentiality assurances for data provenance information at the kernel, file system, or application layer. We describe Sprov, our provenance-aware system prototype that implements provenance tracking of data writes at the application layer, which makes Sprov extremely easy to deploy. We present empirical results that show that, for real-life workloads, the runtime overhead of Sprov for recording provenance with confidentiality and integrity guarantees ranges from 1p to 13p, when all file modifications are recorded, and from 12p to 16p, when all file read and modifications are tracked.",5,4,12,43,Overhead (computing); Government; Authentication; Application layer; Audit; File system; Computer security; Computer science; Data Protection Act 1998; Confidentiality; Database,,,,Division of Computer and Network Systems; Division of Information and Intelligent Systems,https://www.ideals.illinois.edu/bitstream/2142/13004/2/hasan-secure-provenance.pdf https://dblp.uni-trier.de/db/journals/tos/tos5.html#HasanSW09 http://www.ragibhasan.com/wp-content/uploads/2016/01/hasan2009tos.pdf https://doi.org/10.1145/1629080.1629082 https://www.ideals.illinois.edu/bitstream/handle/2142/13004/hasan-secure-provenance.pdf?sequence=2 https://core.ac.uk/display/4822196 https://dl.acm.org/doi/10.1145/1629080.1629082 https://digitalpiglet.org/research/sion2009sprov-tos.pdf https://www.ideals.illinois.edu/handle/2142/13004 https://core.ac.uk/download/4822196.pdf,http://dx.doi.org/10.1145/1629080.1629082,,10.1145/1629080.1629082,2142753309,,3,002-552-557-358-092; 002-819-780-895-974; 003-689-260-772-982; 004-795-055-060-738; 019-567-889-663-359; 020-004-820-909-716; 022-915-561-056-498; 024-922-814-915-421; 029-862-634-642-462; 030-682-441-981-123; 031-507-793-352-628; 031-838-234-953-87X; 032-049-326-223-676; 033-292-300-474-828; 034-069-782-815-668; 035-287-304-146-473; 038-644-364-616-440; 042-445-300-096-872; 042-915-810-308-63X; 044-957-967-485-19X; 048-536-299-842-787; 050-777-891-878-980; 053-090-442-201-200; 054-041-083-496-419; 057-267-487-235-777; 059-229-793-537-197; 064-469-763-111-500; 066-314-462-224-92X; 079-942-967-294-551; 081-363-986-376-910; 082-260-669-254-279; 097-597-189-659-072; 100-463-756-062-604; 102-194-132-640-082; 107-745-435-451-959; 108-535-457-450-210; 111-153-680-731-415; 111-844-175-422-630; 112-920-119-768-440; 114-477-887-975-839; 116-195-736-788-419; 118-008-780-783-558; 120-488-280-636-014; 122-462-881-367-486; 129-889-232-113-643; 138-851-840-986-301; 143-410-032-573-143; 148-291-169-870-950; 149-991-407-181-952; 160-057-028-957-293; 163-329-708-527-647; 173-029-521-445-607; 189-366-260-601-058; 194-398-961-194-173; 195-616-332-143-954,119,true,,green
001-614-355-880-733,A machine learning approach to keystroke dynamics based user authentication,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Kenneth Revett; Florin Gorunescu; Marina Gorunescu; M. Ene; Sérgio Tenreiro de Magalhães; Henrique Santos,"The majority of computer systems employ a login ID and password as the principal method for access security. In stand-alone situations, this level of security may be adequate, but when computers are connected to the internet, the vulnerability to a security breach is increased. In order to reduce vulnerability to attack, biometric solutions have been employed. In this paper, we investigate the use of a behavioural biometric based on keystroke dynamics. Although there are several implementations of keystroke dynamics available, their effectiveness is variable and dependent on the data sample and its acquisition methodology. The results from this study indicate that the Equal Error Rate (EER) is significantly influenced by the attribute selection process and to a lesser extent on the authentication algorithm employed. Our results also provide evidence that a Probabilistic Neural Network (PNN) can be superior in terms of reduced training time and classification accuracy when compared with a typical MLFN back-propagation trained neural network.",1,1,55,70,Password; Login; Machine learning; Data mining; Probabilistic neural network; Principal (computer security); Artificial intelligence; Authentication; Computer science; Access control; Keystroke dynamics; Vulnerability (computing),,,,,https://repositorium.sdum.uminho.pt/bitstream/1822/6388/1/f191031146728125.pdf https://dl.acm.org/doi/10.1504/IJESDF.2007.013592 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#RevettGGEMS07 https://repositorium.sdum.uminho.pt/handle/1822/6388 https://westminsterresearch.westminster.ac.uk/item/91q5y/a-machine-learning-approach-to-keystroke-dynamics-based-user-authentication http://westminsterresearch.wmin.ac.uk/4577/ http://www.inderscience.com/link.php?id=13592 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.013592 https://core.ac.uk/download/55607502.pdf,http://dx.doi.org/10.1504/ijesdf.2007.013592,,10.1504/ijesdf.2007.013592,2099798707,,0,002-130-000-391-856; 002-478-729-440-015; 005-970-562-277-546; 016-893-857-817-303; 017-783-378-199-463; 021-993-038-171-851; 041-807-606-186-765; 044-409-429-855-539; 049-634-925-566-835; 056-473-007-165-53X; 058-520-281-681-205; 062-137-901-037-123; 068-840-950-252-033; 074-357-902-678-475; 076-247-293-040-497; 096-458-703-017-878; 104-218-645-087-717; 109-425-159-458-598; 114-101-015-588-713; 131-407-302-730-792; 136-722-461-221-778; 144-593-556-282-786; 166-221-444-705-861; 178-045-081-284-521; 191-006-721-492-011,58,true,,green
001-787-859-644-262,Development and Delivery of Coursework: The Legal/Regulatory/Policy Environment of Cyberforensics,,2006,journal article,"The Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,John W. Bagby; John C. Ruhnka,"This paper describes a cyber-forensics course that integrates important public policy and legal issues as well as relevant forensic techniques. Cyber-forensics refers to the amalgam of multi-disciplinary activities involved in the identification, gathering, handling, custody, use and security of electronic files and records, involving expertise from the forensic domain, and which produces evidence useful in the proof of facts for both commercial and legal activities. The legal and regulatory environment in which electronic discovery takes place is of critical importance to cyber-forensics experts because the legal process imposes both constraints and opportunities for the effective use of evidence gathered through cyber-forensic techniques. This paper discusses different pedagogies that can be used (including project teams, research and writing assignments, student presentations, case analyses, class activities and participation and examinations), evaluation methods, problem-based learning approaches and critical thinking analysis. A survey and evaluation is provided of the growing body of applicable print and online materials that can be utilized. Target populations for such a course includes students with majors, minors or supporting elective coursework in law, information sciences, information technology, computer science, computer engineering, financial fraud, security and information assurance, forensic aspects of cyber security, privacy, and electronic commerce.",1,2,39,74,Public policy; Information technology; Electronic discovery; Information assurance; Coursework; Computer security; Computer science; Critical thinking; Engineering ethics; Identification (information); Information science,,,,,https://core.ac.uk/display/92162949 https://commons.erau.edu/cgi/viewcontent.cgi?article=1005&context=jdfsl https://commons.erau.edu/jdfsl/vol1/iss2/3/ https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl1.html#BagbyR06a https://doaj.org/article/0c64178dd57040c8a4a22e79060e4958,http://dx.doi.org/10.15394/jdfsl.2006.1005,,10.15394/jdfsl.2006.1005,1909612679,,0,013-109-730-670-374; 024-711-735-736-003; 056-590-277-527-716,0,true,cc-by-nc,gold
001-885-975-399-371,Column: The Physics of Digital Information,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Fred Cohen,"One of the interesting questions underlying creating a science of digital forensics is what form that science might take. At the end of the IEEE Oakland Conference in 2011, I presented some of the underlying questions and identified my approach and why I favored it.2 My basic position is that science is about causality and a scientific theory should require that cause(C) produces effect (E) via mechanism M (written C→ME). The scientific method then identifies the criteria for rejecting (refuting) or accepting (for a time) a scientific theory. (see PDF for full column)",6,3,11,16,Scientific theory; Epistemology; Column (database); Mechanism (sociology); Computer security; Computer science; Causality (physics); Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Cohen11b https://commons.erau.edu/cgi/viewcontent.cgi?article=1097&context=jdfsl https://core.ac.uk/display/91685358 https://commons.erau.edu/jdfsl/vol6/iss3/2/,http://dx.doi.org/10.15394/jdfsl.2011.1097,,10.15394/jdfsl.2011.1097,1486892391,,0,,0,true,cc-by-nc,gold
002-328-258-595-526,"Archival application of digital forensics methods for authenticity, description and access provision",,2012,journal article,Comma,16801865; 20493355,Liverpool University Press,,Christopher A. Lee,"When acquiring born-digital materials, archivists must often extract digital materials from media in ways that reflect the rich metadata associated with records and ensure records' integrity. They must also allow users to make sense of materials and understand their context, while preventing inadvertent disclosure of sensitive data. There are a variety of methods and strategies from the field of digital-forensics that can aid this work. This paper discusses the development and application of digital forensics tools to improve the acquisition, management and access functions of archives. It reports on the BitCurator project, which is identifying current and desirable workflows of several archival institutions, as well as developing and testing tools to support the workflows. There are a variety of potential changes within the archival profession that are associated with adopting digital forensics tools and practices.",2012,2,133,140,Variety (cybernetics); World Wide Web; Work (electrical); Workflow; Context (language use); Field (computer science); Computer science; Digital forensics; Metadata,,,,,http://ica2012.ica.org/files/pdf/Full%20papers%20upload/ica12Final00290.pdf https://liverpooluniversitypress.co.uk/journals/article/30509/ https://online.liverpooluniversitypress.co.uk/doi/abs/10.3828/comma.2012.2.14,http://dx.doi.org/10.3828/comma.2012.2.14,,10.3828/comma.2012.2.14,2070769990,,0,016-874-564-437-194; 025-832-466-975-926; 027-105-572-507-191; 033-241-817-699-448; 033-292-300-474-828; 037-438-633-046-535; 037-647-066-964-858; 040-576-453-232-211; 041-066-232-929-572; 043-589-904-668-295; 044-224-934-641-370; 068-359-641-178-799; 069-199-701-151-667; 074-028-601-448-433; 095-362-324-026-43X; 096-085-861-594-137; 098-570-643-235-402; 111-843-229-824-017; 118-994-361-737-474; 121-157-572-649-706; 138-683-475-168-799; 151-783-042-648-550; 152-102-874-393-618; 172-443-563-369-742; 187-101-557-827-991; 198-570-571-263-492,4,false,,
002-703-056-786-107,Using Multi-step Transition Matrices for Camera Model Identification,2012-04-01,2012,journal article,International Journal of Hybrid Information Technology,17389968,,,Shang Gao; Rui-Min Hu; Gang Tian,"Recently, camera model identification becomes one of the most popular research topics in digital forensics field. Since every camera imaging processing left artifacts on its final output image, and some of them can be considered as model-specific ‘traces’ of its source camera, camera model can be classified only with a single image by catching these ‘traces’. This paper presents a camera model identification method based on multi-step transition matrices. We firstly model JPEG image coefficients by Markov process. Then, one-step and two-step transition matrices along different directions are extracted respectively. Finally, 58 statistics calculated from these matrices are used to perform camera model identification as features. In our experiment, we chose images from seven camera models in Dresden Image Database as our experiment samples. Experiments results show that the average detection accuracy of this method can reach to 99.27%. Compared with previous Markov method, our approach can perform better only using 58-D features.",5,2,275,288,Camera resectioning; System identification; Artificial intelligence; Markov process; JPEG; Pinhole camera model; Computer vision; Computer science; Camera matrix; Camera auto-calibration; Markov chain,,,,,https://www.earticle.net/Article/A208134,https://www.earticle.net/Article/A208134,,,2187107849,,0,002-443-594-160-808; 023-928-444-110-407; 038-145-432-908-706; 053-781-637-768-867; 060-409-308-040-210; 064-189-799-565-495; 069-847-568-544-420; 075-009-191-029-203; 083-097-133-928-799; 098-650-216-061-460; 098-768-111-046-209; 110-826-717-975-956; 122-486-087-773-74X; 184-897-235-429-285,4,false,,
003-126-053-087-131,Automated Windows event log forensics,,2007,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Rich Murphey,"This paper proposes methods to automate recovery and analysis of Windows NT5 (XP and 2003) event logs for computer forensics. Requirements are formulated and methods are evaluated with respect to motivation and process models. A new, freely available tool is presented that, based on these requirements, automates the repair of a common type of corruption often observed in data carved NT5 event logs. This tool automates repair of multiple event logs in a single step without user intervention. The tool was initially developed to meet immediate needs of computer forensic engagements. Automating recovery, repair, and correlation of multiple logs make these methods more feasible for consideration in both a wider range of cases and earlier phases of cases, and hopefully, in turn, standard procedures. The tool was developed to fill a gap between capabilities of certain other freely available tools that may recover and correlate large volumes of log events, and consequently permit correlation with various other kinds of Windows artifacts. The methods are examined in the context of an example digital forensic service request intended to illustrate the kinds of civil cases that motivated this work.",4,,92,100,Automation; Software engineering; Data mining; Range (mathematics); Context (language use); Service (systems architecture); Computer science; Event (computing); Computer forensics; Process modeling; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/di/di4.html#Murphey07 https://www.sciencedirect.com/science/article/pii/S174228760700045X http://www.sciencedirect.com/science/article/pii/S174228760700045X https://doi.org/10.1016/j.diin.2007.06.012 https://dl.acm.org/doi/10.1016/j.diin.2007.06.012 https://dfrws.org/2007/proceedings/p92-murphey.pdf,http://dx.doi.org/10.1016/j.diin.2007.06.012,,10.1016/j.diin.2007.06.012,2104841399,,0,005-859-821-142-158; 007-648-632-822-878; 009-817-335-436-96X; 017-840-378-634-021; 023-341-419-324-638; 026-595-961-209-188; 032-697-093-668-898; 074-503-617-334-537; 135-717-892-795-412; 159-884-546-424-570; 162-201-727-094-331; 166-884-286-061-649; 191-734-947-037-017,16,true,cc-by-nc-nd,hybrid
004-330-943-405-028,Parsing ambiguities in authentication and key establishment protocols,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Liqun Chen; Chris J. Mitchell,"A new class of attacks against authentication and authenticated key establishment protocols is described, which we call parsing ambiguity attacks. If appropriate precautions are not deployed, these attacks apply to a very wide range of such protocols, including those specified in a number of international standards. Three example attacks are described in detail, and possible generalisations are also outlined. Finally, possible countermeasures are given, as are recommendations for modifications to the relevant standards.",3,1,82,94,Authentication; Parsing; Ambiguity; Key establishment; Electronic security; Cryptographic protocol; Computer security; Computer science,,,,,https://pure.royalholloway.ac.uk/portal/services/downloadRegister/1247085/paiaak.pdf https://dl.acm.org/citation.cfm?id=1753732 https://repository.royalholloway.ac.uk/items/6226ee0e-2734-bf23-ed7a-6854410b1d05/10/paiaak.pdf https://www.chrismitchell.net/Papers/paiaak.pdf http://www.inderscience.com/link.php?id=32333 https://dl.acm.org/doi/10.1504/IJESDF.2010.032333 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.032333 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#ChenM10 https://doi.org/10.1504/IJESDF.2010.032333 https://core.ac.uk/download/28892658.pdf,http://dx.doi.org/10.1504/ijesdf.2010.032333,,10.1504/ijesdf.2010.032333,2098539586,,0,009-498-739-814-124; 013-379-713-661-417; 028-502-864-816-303; 032-626-020-092-930; 036-481-605-764-895; 040-656-320-316-913; 052-177-010-424-617; 053-048-871-294-231; 084-663-906-958-616; 098-892-902-051-803; 117-340-521-107-596; 133-161-746-680-541; 166-258-370-966-610,8,true,,
004-872-169-627-620,A New Approach of Digital Forensic Model for Digital Forensic Investigation,,2011,journal article,International Journal of Advanced Computer Science and Applications,2158107x; 21565570,The Science and Information Organization,,Inikpi O Ademu; Chris Imafidon; David Preston,"The research introduces a structured and consistent approach for digital forensic investigation. Digital forensic science provides tools, techniques and scientifically proven methods that can be used to acquire and analyze digital evidence. The digital forensic investigation must be retrieved to obtain the evidence that will be accepted in the court. This research focuses on a structured and consistent approach to digital forensic investigation. This research aims at identifying activities that facilitate and improves digital forensic investigation process. Existing digital forensic framework will be reviewed and then the analysis will be compiled. The result from the evaluation will produce a new model to improve the whole investigation process.",2,12,,,World Wide Web; Data science; Digital evidence; Digital forensic investigation; Computer science; Process (engineering); Digital forensics,,,,,https://thesai.org/Publications/ViewPaper?Volume=2&Issue=12&Code=IJACSA&SerialNo=26 https://thesai.org/Downloads/Volume2No12/Paper%2026-A%20New%20Approach%20of%20Digital%20Forensic%20Model%20for%20Digital%20Forensic%20Investigation.pdf,http://dx.doi.org/10.14569/ijacsa.2011.021226,,10.14569/ijacsa.2011.021226,2261973985,,0,032-697-093-668-898; 035-223-520-491-228; 065-452-675-566-99X; 120-697-354-224-33X; 170-299-458-679-224; 178-883-713-153-793; 190-065-821-748-92X,60,true,cc-by,hybrid
005-364-762-673-076,The Proactive and Reactive Digital Forensics Investigation Process : A Systematic Literature Review,2011-10-01,2011,journal article,International journal of security and its applications,17389976,,,Soltan Abed Alharbi; Jens H. Weber-Jahnke; Issa Traore,"Recent papers have urged the need for new forensic techniques and tools able to investigate anti-forensics methods, and have promoted automation of live investigation. Such techniques and tools are called proactive forensic approaches, i.e., approaches that can deal with digitally investigating an incident while it occurs. To come up with such an approach, a Systematic Literature Review (SLR) was undertaken to identify and map the processes in digital forensics investigation that exist in literature. According to the review, there is only one process that explicitly supports proactive forensics, the multi-component process [1]. However, this is a very high-level process and cannot be used to introduce automation and to build a proactive forensics system. As a result of our SLR, a derived functional process that can support the implementation of a proactive forensics system is proposed.",5,4,59,72,Automation; Systematic review; Data science; Computer science; Process (engineering); Digital forensics,,,,,https://www.earticle.net/Article/A158919,https://www.earticle.net/Article/A158919,,,3182704732,,0,,0,false,,
005-985-034-255-396,"Exploiting error control in network traffic for robust, high rate covert channels",,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,William Karl Geissler; John McEachen,"Current means of steganography within network traffic are limited in terms of throughput and robustness. We present a novel concept for establishing reliable two-way covert channels that exchange information at a significantly higher rate compared to previous methods. This concept exploits the difficulty in differentiating between erroneous data and unauthorised data. As a proof-of-concept, we examine how the manipulation of Transmission Control Protocol (TCP) error handling may be used for global covert information transfer. Specifically, a new TCP routing application was developed to embed hidden information into cover media and to retrieve the information at the receiving end. A flexible testing architecture was designed and implemented that may also be used to test other steganographic techniques. Error handling techniques for the hidden information were identified for the steganographic protocol, to increase the robustness of the hidden information. Finally, steganalytic techniques and tools have been identified to counter the use of this technique by unfriendly forces.",1,2,180,193,Error detection and correction; Steganography; Information exchange; Information assurance; Covert channel; Computer network; Transmission Control Protocol; Computer science; Information transfer; Robustness (computer science),,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.016867 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#GeisslerM07,http://dx.doi.org/10.1504/ijesdf.2007.016867,,10.1504/ijesdf.2007.016867,2131512225,,0,009-620-813-233-034; 016-089-118-521-309; 021-237-372-495-823; 028-038-085-809-431; 056-018-006-333-365; 117-340-162-973-985; 156-624-120-310-971,2,false,,
007-398-225-185-040,Color-Decoupled Photo Response Non-Uniformity for Digital Image Forensics,,2012,journal article,IEEE Transactions on Circuits and Systems for Video Technology,10518215; 15582205,Institute of Electrical and Electronics Engineers (IEEE),United States,Chang-Tsun Li; Yue Li,"The last few years have seen the use of photo response non-uniformity noise (PRNU), a unique fingerprint of imaging sensors, in various digital forensic applications such as source device identification, content integrity verification, and authentication. However, the use of a color filter array for capturing only one of the three color components per pixel introduces color interpolation noise, while the existing methods for extracting PRNU provide no effective means for addressing this issue. Because the artificial colors obtained through the color interpolation process are not directly acquired from the scene by physical hardware, we expect that the PRNU extracted from the physical components, which are free from interpolation noise, should be more reliable than that from the artificial channels, which carry interpolation noise. Based on this assumption we propose a couple-decoupled PRNU (CD-PRNU) extraction method, which first decomposes each color channel into four sub-images and then extracts the PRNU noise from each sub-image. The PRNU noise patterns of the sub-images are then assembled to get the CD-PRNU. This new method can prevent the interpolation noise from propagating into the physical components, thus improving the accuracy of device identification and image content integrity verification.",22,2,260,271,Colors of noise; Noise; Artificial intelligence; Pixel; Interpolation; Color filter array; Fingerprint; Demosaicing; Computer vision; Computer science; Feature extraction; Channel (digital image),,,,,http://wrap.warwick.ac.uk/48171/ https://www.infona.pl/resource/bwmeta1.element.ieee-art-000005934587 https://researchoutput.csu.edu.au/en/publications/color-decoupled-photo-response-non-uniformity-for-digital-image-f https://dx.doi.org/10.1109/TCSVT.2011.2160750 http://ieeexplore.ieee.org/document/5934587 https://doi.org/10.1109/TCSVT.2011.2160750 https://dl.acm.org/doi/10.1109/TCSVT.2011.2160750 https://www2.warwick.ac.uk/fac/sci/dcs/people/chang-tsun_li/publications/tcsvt_4899_with_figures_tables__single_column.pdf https://ieeexplore.ieee.org/document/5934587 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000005934587 https://dblp.uni-trier.de/db/journals/tcsv/tcsv22.html#LiL12 http://dx.doi.org/10.1109/TCSVT.2011.2160750 http://dro.deakin.edu.au/view/DU:30119445 http://hdl.handle.net/10536/DRO/DU:30119445,http://dx.doi.org/10.1109/tcsvt.2011.2160750,,10.1109/tcsvt.2011.2160750,2048265462,,2,000-737-046-616-756; 008-448-075-469-433; 011-523-689-839-422; 012-835-560-358-176; 013-767-411-721-853; 014-079-494-188-077; 019-298-660-018-682; 025-030-015-067-422; 038-848-536-893-845; 049-811-577-405-860; 053-781-637-768-867; 055-800-840-764-62X; 056-817-850-080-480; 058-243-523-320-275; 059-469-656-960-469; 064-788-467-649-400; 064-853-388-134-482; 069-412-729-477-757; 083-097-133-928-799; 087-814-787-159-954; 087-895-411-431-312; 090-919-377-086-982; 098-650-216-061-460; 098-768-111-046-209; 105-505-966-086-414; 108-896-114-392-841; 122-486-087-773-74X; 123-517-707-710-682; 125-162-036-005-386; 128-981-158-424-27X; 131-591-334-936-827; 133-793-082-960-465; 135-488-578-174-515; 140-241-199-301-269; 164-040-908-533-91X; 166-707-282-642-502; 179-834-398-565-338; 180-187-778-807-973; 180-552-666-228-97X; 184-897-235-429-285,103,true,,green
007-687-786-017-195,Identifying computer generated images based on analysis of image noise,,2010,journal article,Journal of Optoelectronics·laser,,,,Jin Bo,"The discrimination of computer generated images from real images becomes more and more important.A novel digital forensics technique to distinguish computer generated images from real images is proposed based on the differences in the noise distribution of images.More specifically,at first,image noise is preprocessed using wavelet-domain hidden Markov tree models,and then the pattern noise is estimated relying on maximum likelihood estimate,finally,feature vectors are extracted such as statistics and differential correlation coefficient which will be classified by SVM.The experiment results show that this method offers a significant improvement in the performance compared with existing typical methods.",,,,,Computer-generated imagery; Noise; Artificial intelligence; Real image; Pattern recognition; Value noise; Computer vision; Mathematics; Image noise; Gaussian noise; Feature vector; Digital forensics,,,,,https://en.cnki.com.cn/Article_en/CJFDTotal-GDZJ201002034.htm,https://en.cnki.com.cn/Article_en/CJFDTotal-GDZJ201002034.htm,,,2365546933,,0,,1,false,,
008-411-232-101-212,USING ENTROPY SPACES AND MIXTURES OF GAUSSIAN DISTRIBUTIONS TO CHARACTERIZE TRAFFIC ANOMALIES,,2012,journal article,Procedia Technology,22120173,Elsevier BV,,Pablo Velarde-Alvarado; Alberto F. Martínez-Herrera; Adalberto Iriarte-Solis,"In this paper, a technique for detecting anomalous behavior traffic in a computer network is presented. Entropy space method is based on a 3D-space built on a flow-packet level. The complete set of points obtained in the 3D-space can be seen as a data cloud. Each 3D point in the space is a value of the obtained clusters for each slot of the network traffic. The selected features for the set of points are done by applying Pattern Recognition, Principal Component Analysis, and Kernel Density Estimation. At the next stage, the network traffic can be modelled by using Gaussian Mixtures and Extreme Generalized Distributions, which define the behavior of each selected feature. By integrating this model in an Anomaly-based Intrusion Detection System, anomalous behaviour traffic can be detected easily and early. The effectiveness and feasibility of this model was tested in a Local Area Network of a Campus.",3,,97,108,Algorithm; Data mining; Local area network; Gaussian; Principal component analysis; Anomalous behavior; Data cloud; Mathematics; Intrusion detection system; Entropy (information theory); Kernel density estimation,,,,,https://www.sciencedirect.com/science/article/pii/S221201731200240X http://dspace.uan.mx:8080/jspui/handle/123456789/1072 http://www.sciencedirect.com/science/article/pii/S221201731200240X https://core.ac.uk/display/82352908 https://core.ac.uk/download/pdf/82352908.pdf,http://dx.doi.org/10.1016/j.protcy.2012.03.011,,10.1016/j.protcy.2012.03.011,1965331894,,0,010-423-042-177-734; 026-987-844-884-38X; 032-286-659-568-014; 033-820-436-580-458; 045-731-964-462-632; 047-551-796-729-282; 049-935-156-019-544; 067-541-631-652-498; 089-785-544-123-626; 090-530-590-260-577; 095-563-603-963-814; 107-987-336-947-563; 122-421-229-823-814; 122-778-208-982-893; 124-161-928-981-963; 196-065-019-864-550,2,true,,gold
008-585-027-827-022,Digital forensics: pre-conference workshop,2011-12-01,2011,journal article,Journal of Computing Sciences in Colleges,19374763,,,Crystal Edge,"This workshop demonstrates selected topics from an introductory digital forensics course within the context of a class project. Topics include general cell phone forensics, Windows forensics, data carving, forensic imaging, file signature analysis, registry analysis, volatile memory analysis, and other selected topics. The presenter taught this course during the Spring 2011 semester, and the final class project was to write, produce, and perform a short play that demonstrates potential uses and methods of digital forensics in a legal investigation. Students were to draw from the knowledge and skills gained from their lab experiences, which were the primary method of instruction throughout the course. In this tutorial, the attendees will see recorded scenes from that class project, and watch demonstrations of several techniques and tools demonstrated in the play.",27,2,98,98,Forensic science; Class (computer programming); Context (language use); Legal investigation; Forensic imaging; Computer science; Multimedia; Mobile device forensics; Digital forensics,,,,,http://dl.acm.org/citation.cfm?id=2038836.2038849,http://dl.acm.org/citation.cfm?id=2038836.2038849,,,2993909083,,0,,0,false,,
008-753-042-735-409,Extraction of Electronic Evidence from VoIP: Identification & Analysis of Digital Speech,,2012,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,David Irwin; Arek Dadej; Jill Slay,"The Voice over Internet Protocol (VoIP) is increasing in popularity as a cost effective and efficient means of making telephone calls via the Internet. However, VoIP may also be an attractive method of communication to criminals as their true identity may be hidden and voice and video communications are encrypted as they are deployed across the Internet. This produces in a new set of challenges for forensic analysts compared with traditional wire-tapping of the Public Switched Telephone Network (PSTN) infrastructure, which is not applicable to VoIP. Therefore, other methods of recovering electronic evidence from VoIP are required.  This research investigates the analysis and recovery of digitised human, which persists in computer memory after a VoIP call. This paper proposes a proof of concept how remnants of digitised human speech from a VoIP call may be identified within a forensic memory capture based on how the human voice is detected via a microphone and encoded to a digital format using the sound card of your personal computer. This digital format is unencrypted whist processed in Random Access Memory (RAM) before it is passed to the VoIP application for encryption and  transmission over the Internet. Similarly, an incoming encrypted VoIP call is decrypted by the VoIP application and passes through RAM unencrypted in order to be played via the speaker output. A series of controlled tests were undertaken whereby RAM captures were analysed for remnants of digital speech after a VoIP audio call with known conversation. The identification and analysis of digital speech from RAM attempts to construct an automatic process for the identification and subsequent reconstruction of the audio content of a VoIP call.",7,3,55,82,The Internet; Voice over IP; Mobile communications over IP; Public switched telephone network; Digital evidence; Personal computer; Computer network; Computer security; Computer science; Computer forensics; Identification (information),,,,,https://commons.erau.edu/jdfsl/vol7/iss3/4/ https://core.ac.uk/display/91904164 https://commons.erau.edu/cgi/viewcontent.cgi?article=1128&context=jdfsl,http://dx.doi.org/10.15394/jdfsl.2012.1128,,10.15394/jdfsl.2012.1128,1538870800,,0,006-008-915-210-060; 018-847-752-429-414; 033-686-733-236-501; 035-448-415-847-226; 049-958-322-737-528; 075-056-106-679-562; 086-105-298-044-98X; 089-048-294-489-077; 096-095-990-199-036; 119-032-757-533-83X; 121-387-181-087-404; 124-075-111-976-368; 130-956-682-941-49X; 142-388-561-082-054; 148-698-839-036-557; 157-065-570-698-158,4,true,cc-by-nc,gold
009-198-262-320-615,Heuristic Security-Testing Methods,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,John E. Kerivan,"ABSTRACT This is the first of two papers that deal with the development of running state requirements for functional testing of security software and hardware systems. It outlines the need to adopt paradigms that reflect typical usage patterns, prevalent infection methods, and proper security tool use and configurations that are grounded in real-world scenarios. This paper outlines a practical set of such test tools based on attack infection techniques designed to evaluate the efficacy and utility of signature as well as knowledge-based security systems, including those found in forensic toolkits. Signature-based testing of security solutions is complicated by the continuing increase in the number of attack signatures. Likewise, realistic behavioral testing methods for the same suffer from the increasing numbers of combinations and permutations for attack infection methods that quickly become outdated as new attack categories emerge. However, the usage patterns and base attack infection techniques have re...",1,1,27,36,Signature (logic); Heuristic; Set (abstract data type); Security testing; Test (assessment); Security software; Computer security; Computer science; State (computer science); Functional testing,,,,,https://www.tandfonline.com/doi/full/10.1080/15567280500541439 https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Kerivan06,http://dx.doi.org/10.1080/15567280500541439,,10.1080/15567280500541439,1979228063,,1,,0,false,,
009-310-096-591-598,Different-quality Re-demosaicing in Digital Image Forensics,2012-09-30,2012,journal article,Journal of Convergence Information Technology,19759320; 22339299,AICIT,South Korea,Bo Wang; Xiangwei Kong; Lanying Wu,"As an important branch of digital image forensics, image splicing is the most fundamental step in photomontage. In the present paper, an efficient blind digital forensics method for image splicing localization and forgery detection is proposed. The method is based on the estimated natural counterpart of the spliced image using different quality re-demosaicing approaches. By comparing the test image with its estimated natural counterpart, the abrupt edges along the spliced region are exposed and a binary image is obtained to illustrate the localization of the splicing. The features extracted from the binary image are fed into a support vector machine classifier to detect spliced forgeries. The DVMM uncompressed spliced image database is used to evaluate the performance of the proposed method. The experimental results show the effectiveness of the method on splicing localization and its accuracy on forgery detection.",7,17,492,505,Image (mathematics); Artificial intelligence; Uncompressed video; Pattern recognition; Standard test image; Binary image; Demosaicing; Quality (physics); Computer science; RNA splicing; Digital forensics,,,,,http://ice.dlut.edu.cn/WangBo/Publications/Journal/Different-qualityRe-demosaicinginDigitalImageForensics-2012.pdf,http://dx.doi.org/10.4156/jcit.vol7.issue17.58,,10.4156/jcit.vol7.issue17.58,2333935123,,0,002-607-145-595-935; 008-944-622-967-339; 014-522-220-231-828; 016-617-865-487-243; 017-323-449-607-720; 017-853-220-883-872; 023-928-444-110-407; 029-093-526-590-26X; 036-341-049-220-437; 038-133-216-870-792; 039-909-224-291-709; 043-801-596-710-759; 045-812-091-260-656; 049-241-042-800-133; 069-528-465-236-961; 071-707-450-059-216; 076-704-896-134-67X; 079-713-945-947-153; 080-794-266-877-942; 083-097-133-928-799; 084-593-935-283-469; 087-895-411-431-312; 091-071-878-794-718; 092-750-910-644-236; 111-350-402-523-723; 119-327-495-983-141; 132-070-153-674-795; 142-753-198-605-756; 145-340-612-895-378; 173-881-114-277-726; 180-187-778-807-973; 182-017-605-279-245; 183-682-743-695-729; 185-278-534-528-121; 185-576-102-926-949,2,false,,
009-821-227-350-976,Forensic Resources For Network Professionals,2010-04-01,2010,journal article,Review of Business Information Systems (RBIS),21579547; 1534665x,Clute Institute,,Stephen J. Specker; Kenneth R. Janson,"Network professionals face an environment characterized by constantly increasing technological complexity and the daunting challenges posed by ill-intentioned intruders. Securing the systems that they are entrusted to manage is a task of primary importance. Effective network security includes protocols to detect, to investigate, and to preclude the recurrence of any breach in the installed security systems. This study investigates principal forensic techniques that are available to the network professional and provides an efficient access path to practical solutions to the post-breach segment of security system design.",14,2,,,Network security policy; Principal (computer security); Network Access Control; Network security; Task (project management); PATH (variable); Security system; Security service; Computer security; Computer science,,,,,https://www.cluteinstitute.com/ojs/index.php/RBIS/article/view/497/484 http://www.sciary.com/journal-scientific-natalandzuluhistory-article-212017 https://core.ac.uk/download/pdf/268105807.pdf,http://dx.doi.org/10.19030/rbis.v14i2.497,,10.19030/rbis.v14i2.497,1871922419,,0,,0,true,,bronze
009-963-198-569-373,Ethical Issues Raised by Data Acquisition Methods in Digital Forensics Research,2012-04-01,2012,journal article,Journal of Information Ethics,10619321,"McFarland and Company, Inc., Publishers",United States,Brian Roux; Michael Falgoust,"1. IntroductionDigital Forensics (""DF"") is a relatively new area of Computer Science. Like forensic areas in other scientific fields, Digital Forensics seeks to discover evidence and reconstruct events based on an intimate knowledge of how computers, networks, and other electronic devices and communication systems function. As new as it is, DF is playing an increasingly important role not only in the expected area of criminal law, but now in civil law as well. With the changes to the Federal Rules of Civil Procedure in 2006, terms like Electronically Stored Information (""ESI"") and Electronic Document/Data Discovery (""EDD"") are entering the vocabulary of civil law firms with celerity.Despite its increasing importance, the DF field is still very young. At one extreme there are highly skilled researchers with strong backgrounds in computer science and mathematics pondering the esoteric inner workings of technology in order to develop new forensic tools and techniques; at the other end there is a frenzied market filled with service providers, software vendors, and other specialists offering any and every service that can even remotely be branded Digital Forensics by some contortion of logic. The EDD market itself was estimated to be 2.7 billion dollars in 2007 and projected to increase to 4.6 billion dollars by 2010 making it a quickly growing massive industry currently existing with minimal oversight (Socha 2008). While the field is moving full speed ahead it has not stopped to formally or substantively ponder the ethics which should underlie research and practice. Some certification bodies have sprung up and produced their own codes of ethics, but, aside from publishing an arbitrary list of rules primarily intended to govern certified members, no substantial discourse has been published to justify them. No substantial discourse has been published on the ethical usage of data in digital forensic research or on digital forensics in general. Our work, therefore, is novel in its application.In this paper we examine the ethical issues involved with procuring data storage media, primarily hard drives, from 3rd party sources such as eBay for use in Digital Forensic research. In Section 2, we give a background on research areas that benefit from real world data sources, outline related research making use of such sources, and briefly examine its contributions. In Section 3, we establish scenarios to frame the ethical analysis. In Section 4, we discuss the ethical issues and draw parallels to other fields with relevant similarities. In Section 5, we establish tests for determining ethical behavior. Finally, in Section 6, we conclude.2. Background and Related WorkFile Carving (""FC"") is a DF technique for recovering data from media where the file system information is damaged or deleted. The technique relies upon the nature of the file it attempts to recover. Many file types contain sections which are static for all files of the given type; these invariant sections often come at the beginning and ending of a file making header and footer sections. This may be as simple as the Linux/Unix ""magic number"" interpreted by the files command, or a part of the file standard denoting the start of a specific segment of the file. The general process involves reading data blocks from a drive sequentially while noting the location and type of any headers or footers encountered. In the most privative form, the file carver then goes back and ""carves"" out data between a pair of headers and footers of the same type with no intervening header or footer blocks. The more advanced versions of this concept attempt to reconstruct data where the file is fragmented on the drive, making sequential carving useless. This area of research benefits from real world data due to the complexity of file fragmentation. Simulating the fragmentation will not show all the patterns of fragmentation created over time with different usage patterns, software version, drive utilization, operating system, hardware configuration, and so on. …",21,1,40,60,Market fragmentation; Electronically stored information; Software versioning; File system fragmentation; Data discovery; Electronic document; File system; Computer security; Computer science; Digital forensics,,,,,https://www.questia.com/library/journal/1P3-3694815191/ethical-issues-raised-by-data-acquisition-methods https://philpapers.org/rec/ROUEIR,http://dx.doi.org/10.3172/jie.21.1.40,,10.3172/jie.21.1.40,2015886144,,0,010-388-991-543-520; 043-093-846-816-675; 089-636-685-300-308; 130-171-275-979-28X,7,false,,
010-221-513-072-483,Analysis Method of Digital Forgeries on the Filtered Tampered Images,2011-02-28,2011,journal article,Journal of information and communication convergence engineering,22348255,The Korean Institute of Information and Communication Sciences,,Jin-Tae Kim; Chang-Hee Joo,"Digital forensics is the emerging research field for determining digital forgeries. Key issues of the tampered images are to solve the problems for detecting the interpolation factor and the tampered regions. This paper describes a method to detect the interpolation factors and the forged maps using the differential method and fast Fourier transform (FFT) along the horizontal, vertical, and diagonal direction, respectively from digital filtered tampered images. The detection map can be used to find out interpolated regions from the tempered image. Experimental results demonstrate the proposed algorithm proves effective on several filtering images by Adobe Photoshop™ and show a ratio of detecting the interpolated regions and factors form digital filtered composite images.",9,1,95,99,Image (mathematics); Diagonal; Artificial intelligence; Interpolation; Differential method; Analysis method; Computer vision; Mathematics; Field (computer science); Fast Fourier transform; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/jicce/jicce9.html#KimJ11 http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=E1ICAW_2011_v9n1_95 https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART001532065,http://dx.doi.org/10.6109/jicce.2011.9.1.095,,10.6109/jicce.2011.9.1.095,2137680229,,0,030-415-606-034-559; 067-303-718-151-959; 083-274-787-587-30X; 108-896-114-392-841; 125-162-036-005-386; 135-262-782-091-897; 146-861-557-328-601; 159-132-926-596-284; 180-552-666-228-97X,9,true,,bronze
010-405-514-783-523,Adaptation of PyFlag to Efficient Analysis of Overtaken Computer Data Storage,,2010,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Aleksander Byrski; Wojciech Stryjewski; Bartłomiej Czechowicz,"Based on existing software aimed at investigation support in the analysis of computer data storage overtaken during investigation (PyFlag), an extension is proposed involving the introduction of dedicated components for data identification and filtering. Hash codes for popular software contained in NIST/NSRL database are considered in order to avoid unwanted files while searching and to classify them into several categories. The extension allows for further analysis, e.g. using artificial intelligence methods. The considerations are illustrated by the overview of the system's design.",5,1,49,62,NIST; Data mining; Computer data storage; Software; Extension (predicate logic); Data identification; Computer science; Digital forensics; Adaptation (computer science); Hash function,,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl5.html#ByrskiSC10 https://commons.erau.edu/jdfsl/vol5/iss1/3/ https://doi.org/10.15394/jdfsl.2010.1071 https://commons.erau.edu/cgi/viewcontent.cgi?article=1071&context=jdfsl,http://dx.doi.org/10.15394/jdfsl.2010.1071,,10.15394/jdfsl.2010.1071,1515728488,,0,016-416-292-195-428; 051-165-387-606-715; 077-719-891-519-632; 155-219-003-803-384; 173-306-199-978-132,1,true,cc-by-nc,gold
010-868-054-879-057,The Method of Verification for Legal Admissibility of Digital Evidence using the Digital Forensics Ontology,2009-04-30,2009,journal article,The KIPS Transactions:PartD,15982866,Korea Information Processing Society,,Hyuk Gyu Cho; Heum Park; Hyuk Chul Kwon,"ABSTRACT Although the various crime involved numerous digital evidence, the digital evidence is hard to be acknowledged as a evidence to proof the crime fact in court. We propose the method of verification for the legal admissibility of digital evidence using digital forensics ontology. In order to verify the legal admissibility of digital evidence, we will extend the digital ontology by standard digital forensics process from Digital Forensics Technical Manual defined by KNPA and set up the relation properties and the rule of property constraint to process class in the digital forensics ontology. It is possible for proposed ontology to utilize to plan the criminal investigation and to educate the digital forensics.Keywords:Digital Forensics Ontology, Digital Evidence, Verification For Legal Admissibility of Digital Evidence 1. 서 론 1) 정보화 사회가 정착되면서 컴퓨터와 인터넷의 사용이 일반인들의 생활에 많은 부분을 차지하고 있어 다양한 디지털 정보가 사용되고 있다. 한국의 경우 2007년도 상반기에 인터넷 사용자가 전체 인구의 75%를 차지하고 있다[1]. 또한 2003년도 버클리 대학의 연구 보고서에 따르면 전 세계적으로 생성되는 정보의 약 92% 이상이 디지털 형태로 나타나고 있다[2]. 따라서 인터넷 상에서 발생하는 사이버 범죄뿐만 아니라 실생활에서 발생하는 일반 범죄에서도 디지털 자",16,2,265,272,World Wide Web; Ontology (information science); Digital evidence; Computer science; Computer forensics; Digital forensics,,,,,http://ktccs.kips.or.kr/digital-library/15149 https://www.koreascience.or.kr/article/JAKO200913937272898.page https://www.koreascience.or.kr:443/article/JAKO200913937272898.pdf,http://dx.doi.org/10.3745/kipstd.2009.16-d.2.265,,10.3745/kipstd.2009.16-d.2.265,2018831071,,0,026-606-280-614-787; 047-937-309-229-62X; 075-442-352-377-450; 112-843-834-394-162; 180-352-675-042-601,1,true,,bronze
011-549-912-119-985,Methods for Investigating of Edit History about MS PowerPoint Files That Using the OOXML Formats,2012-08-31,2012,journal article,The KIPS Transactions:PartC,15982858,Korea Information Processing Society,,Ji-Hye Youn; Jungheum Park; Sangjin Lee,"Today, individuals and businesses are a lot of paperwork through a computer. So many documents files are creating to digital type. And the digital type files are copied, moved by various media such as USB, E-mail and so on. A careful analysis of these digital materials can be tracked that occurred during the document editing work history. About these research are on the compound document file format, but has not been studied about the new OOXML format that how to analyze linkages between different document files, tracking an internal order, finding unsaved file for identify the process of creating the file. Future, the use of OOXML format digital documents will further increase, these document work history traceability in digital forensic investigation would be a big help. Therefore, this paper on the new OOXML format(has a forensic viewpoint) will show you how to track the internal order and analyze linkages between the files.",19,4,215,224,World Wide Web; Traceability; Work history; Compound document; Digital forensic investigation; Computer science; Process (engineering); Multimedia; USB; File format,,,,,https://www.koreascience.kr/article/JAKO201226935181301.page http://www.ndsl.kr/soc_img/society/kips/JBCRDA/2012/v19Cn4/JBCRDA_2012_v19Cn4_215.pdf https://www.koreascience.or.kr/article/JAKO201226935181301.page https://www.koreascience.or.kr:443/article/JAKO201226935181301.pdf http://ktsde.kips.or.kr/journals/ktsde/digital-library/14242 http://ktccs.kips.or.kr/journals/ktccs/digital-library/14242 https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART001692857,http://dx.doi.org/10.3745/kipstc.2012.19c.4.215,,10.3745/kipstc.2012.19c.4.215,2078157280,,0,027-678-595-672-200; 071-079-281-371-668; 077-438-967-698-163; 100-506-053-238-500; 108-086-708-688-274; 125-636-863-707-180,3,true,,bronze
012-156-253-747-791,"Retrocomputing, Archival Research, and Digital Heritage Preservation: A Computer Museum and iSchool Collaboration",,2011,journal article,Library Trends,15590682; 00242594,Project Muse,United States,Patricia Galloway,"This article discusses the potential contributions of lay members of the public to the dialogue around the data/information/knowledge life-cycle in a community technology museum, the Goodwill Computer Museum in Austin, Texas. Through an examination of the museum's collaboration with the University of Texas School of Information, the article addresses the situation that arises when a museum is created by non(museum)-professionals who control considerable expertise in the subject field, and explores how the presence and collaboration of volunteers allows the museum to serve as a laboratory setting for the participation of academic researchers in the field of digital heritage preservation.",59,4,623,636,Engineering; Library science; Archival research; Subject (documents); Digital preservation; Goodwill; Digital heritage; Museum informatics,,,,,https://muse.jhu.edu/article/433360/summary https://core.ac.uk/display/4834314 https://www.ideals.illinois.edu/handle/2142/26427 https://core.ac.uk/download/4834314.pdf,http://dx.doi.org/10.1353/lib.2011.0014,,10.1353/lib.2011.0014,2087550817,,0,029-715-021-726-479; 040-076-670-791-772; 069-338-535-244-434; 071-545-089-013-049; 074-671-151-941-900; 075-520-685-751-27X; 076-482-199-211-165; 096-032-194-888-799; 105-210-670-038-060; 116-667-769-742-487; 120-440-203-353-739; 126-734-204-090-063; 148-502-453-386-389; 163-159-853-593-959; 173-235-848-190-99X; 192-443-579-596-996,14,true,,green
012-723-051-030-715,The Admissibility of Electronic Evidence in Court (A.E.E.C.): Fighting against High-Tech Crime—Results of a European Study,2007-06-22,2007,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Fredesvinda Insa,"ABSTRACT Electronic evidence has been used in most states in Europe for several years, although the obtaining, seizure, analysis, and presentation of electronic evidence before an adjudicator is carried out in different ways in each member state. In November 2005, a group of European multidisciplinary experts started to set out the different methods by which electronic evidence is adduced in the courts of sixteen member states 1 under the Admissibility of the Electronic Evidence (A.E.E.C.) project. Previous research on the electronic evidence in Europe is not well known and very fragmentary in nature because none were comparative studies. And none dealt with the topic “admissibility.” The A.E.E.C. project has been designed to provide a response to the current situation since the lack of knowledge in this field is hindering procedures to incriminate the offenders of cyber crime. The study has been financially supported by the European Commission in the Framework Program AGIS. The main objectives of the ini...",1,4,285,289,Political science; High tech; Law; Multidisciplinary approach; Presentation; Member state; Adjudicator; Cyber crime; Lack of knowledge; Member states; Computer security,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Insa06 https://www.tandfonline.com/doi/full/10.1080/15567280701418049,http://dx.doi.org/10.1080/15567280701418049,,10.1080/15567280701418049,2072295589,,0,,21,true,,bronze
013-091-980-049-684,Computer Forensics Model Based on Evidence Ring and Evidence Chain,,2011,journal article,Procedia Engineering,18777058,Elsevier BV,,Guofu Ma; Zixian Wang; Likun Zou; Qian Zhang,"Abstract In recent years, with the development of technology, judicial practice involving electronic crime is frequent. To combat this crime, computer forensics bears the irreplaceable role. This is a combination science of law and computer, but there is a “mismatch” phenomenon exists on the research on computer forensics currently, most of them only study the technical aspects of computer or electronic evidence related to legal issues, the two studies combined less. To solve this problem, in this paper, evidence of the general attributes: objectivity, relevance, legitimacy as a criterion to build a computer forensics model based on ring and chain of evidence. In this model, forensic evidence of links forms a ring, in accordance with the forensic to form chain of evidence. In order to ensure the objectivity, legitimacy of evidence, in building a chain of evidence and evidence ring as well as a supervisory chain in supervision, the final forms a electronic evidence forensics system.",15,,3663,3667,Chain of custody; Engineering; Relevance (law); Order (exchange); Ring (mathematics); Objectivity (science); Computer security; Legitimacy; Phenomenon; Computer forensics,,,,,https://www.sciencedirect.com/science/article/pii/S1877705811021874 https://core.ac.uk/display/82453587 https://core.ac.uk/download/pdf/82453587.pdf,http://dx.doi.org/10.1016/j.proeng.2011.08.686,,10.1016/j.proeng.2011.08.686,2035666293,,0,009-866-216-542-090,1,true,,gold
013-223-937-343-687,A meta-process for information security risk management,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Katerina Papadaki; Despina Polemi,"Information security risk management (ISRM) is a major concern of organisations worldwide. Although the number of existing ISRM methodologies is enormous, in practice several resources are invested by organisations in creating new ISRM methodologies in order to capture more accurately the risks of their complex information systems. This is a crucial knowledge-intensive process for organisations, but in most cases it is addressed in an ad hoc manner. The existence of a systematic approach for the development of new or improved ISRM methodologies would enhance the effectiveness of the process. In this paper, we propose a systematic meta-process for developing new, or improved ISRM methods. We also present the specifications for a collaboration and knowledge-sharing platform supporting a virtual intra-organisational cross-disciplinary team, which aims at improving its ISRM methodologies by adopting the proposed meta-process.",1,4,336,343,Risk analysis (engineering); Information system; Order (exchange); Knowledge sharing; Virtual community; Information security risk management; Risk management; Computer science; Process (engineering); Information security; Knowledge management,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#0002P08 https://link.springer.com/chapter/10.1007/978-3-540-69403-8_30 https://ui.adsabs.harvard.edu/abs/2008ges..conf..257P/abstract https://rd.springer.com/chapter/10.1007/978-3-540-69403-8_30 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.021451,http://dx.doi.org/10.1504/ijesdf.2008.021451,,10.1504/ijesdf.2008.021451,2134085935; 2996897070,,0,001-856-317-038-31X; 005-698-012-833-552; 008-845-070-905-362; 009-511-307-100-711; 012-081-188-873-877; 025-303-293-514-983; 035-722-084-983-707; 035-798-611-700-926; 037-813-655-903-413; 045-119-187-307-855; 046-942-356-376-50X; 048-599-998-350-202; 050-405-450-488-904; 051-323-584-879-043; 060-612-311-945-751; 064-007-880-224-428; 065-355-780-107-176; 068-124-021-413-894; 081-024-840-470-561; 081-066-397-399-961; 083-616-439-857-403; 103-603-280-682-947; 117-382-751-606-775; 142-156-855-140-050; 173-963-629-852-581; 188-181-795-136-079,1,false,,
014-403-336-708-18X,Describing and Categorizing Disk-Avoiding Anti-Forensics Tools,2007-06-22,2007,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Aaron D. Smith,"ABSTRACT Disk-avoiding anti-forensics tools are now being used to prevent current forensics tools from detecting their activities. These new tools must be described and categorized in order for forensics investigators to be aware of and therefore able to detect the tools and collect the information they produce. This article builds upon existing categories used to classify anti-forensics methods, such as evidence source elimination and data contraception, and provides useful information for understanding the current and anticipated trends in anti-forensics.",1,4,309,313,Data science; Order (business); Computer science,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Smith06 https://www.tandfonline.com/doi/full/10.1080/15567280701418155,http://dx.doi.org/10.1080/15567280701418155,,10.1080/15567280701418155,2056851541,,0,063-257-284-816-393; 078-598-867-814-365; 097-567-011-227-46X; 106-166-309-388-976,4,true,,bronze
014-510-444-730-433,A comparison of forensic evidence recovery techniques for a windows mobile smart phone,,2011,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,George Grispos; Tim Storer; William Bradley Glisson,"Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation. A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent. This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is conflicting.",8,1,23,36,Mobile database; Mobile computing; Embedded system; Mobile device; Mobile station; Mobile search; Computer science; Multimedia; Mobile Web; Mobile technology; Mobile device forensics,,,,,https://digitalcommons.unomaha.edu/cgi/viewcontent.cgi?article=1044&context=interdiscipinformaticsfacpub http://www.sciencedirect.com/science/article/pii/S1742287611000417 https://dx.doi.org/10.1016/j.diin.2011.05.016 https://experts.nebraska.edu/en/publications/a-comparison-of-forensic-evidence-recovery-techniques-for-a-windo https://digitalcommons.unomaha.edu/interdiscipinformaticsfacpub/45/ https://www.sciencedirect.com/science/article/abs/pii/S1742287611000417 https://works.bepress.com/george-grispos/1/download/ http://eprints.gla.ac.uk/54769/1/ID54769.pdf http://dx.doi.org/10.1016/j.diin.2011.05.016 https://dblp.uni-trier.de/db/journals/di/di8.html#GrisposSG11 https://works.bepress.com/george-grispos/1/ http://eprints.gla.ac.uk/54769/ http://www.dcs.gla.ac.uk/~grisposg/Papers/windowsmobile.pdf https://core.ac.uk/download/pdf/296105162.pdf,http://dx.doi.org/10.1016/j.diin.2011.05.016,,10.1016/j.diin.2011.05.016,2016917250,,0,001-187-036-977-606; 005-204-756-049-67X; 010-707-379-000-138; 010-837-337-430-717; 013-246-076-655-612; 013-701-867-210-611; 023-341-419-324-638; 024-385-303-080-230; 030-121-862-351-330; 031-982-129-275-33X; 033-059-274-408-956; 048-141-687-795-752; 052-164-838-212-603; 065-081-141-831-71X; 073-910-371-295-970; 074-933-143-629-826; 093-202-006-367-348; 096-987-095-416-990; 097-761-044-556-015; 124-590-497-029-991; 142-657-351-097-509,60,true,,green
015-248-252-251-775,Recovering faces from memory: the distracting influence of external facial features.,2012-04-30,2012,journal article,Journal of experimental psychology. Applied,19392192; 1076898x,American Psychological Association Inc.,United States,Charlie D. Frowd; Faye Collette Skelton; Chris J Atherton; Melanie Pitchford; Gemma Hepton; Laura Holden; Alex H. McIntyre; Peter J. B. Hancock,"Recognition memory for unfamiliar faces is facilitated when contextual cues (e.g. head pose, background environment, hair and clothing) are consistent between study and test. By contrast, inconsistencies in external features, especially hair, promote errors in unfamiliar face-matching tasks. For the construction of facial composites, as carried out by witnesses and victims of crime, the role of external features (hair, ears and neck) is less clear, although research does suggest their involvement. Here, over three experiments, we investigate the impact of external features for recovering facial memories using a modern, recognition-based composite system, EvoFIT. Participant-constructors inspected an unfamiliar target face and, one day later, repeatedly selected items from arrays of whole faces, with ‘breeding’, to ‘evolve’ a composite with EvoFIT; further participants (evaluators) named the resulting composites. In Experiment 1, the important internal-features (eyes, brows, nose and mouth) were constructed more identifiably when the visual presence of external features was decreased by Gaussian blur during construction: higher blur yielded more identifiable internal-features. In Experiment 2, increasing the visible extent of external features (to match the target’s) in the presented face-arrays also improved internal-features quality, although less so than when external features were masked throughout construction. Experiment 3 demonstrated that masking external-features promoted substantially more identifiable images than using the previous method of blurring external-features. Overall, the research indicates that external features are a distractive rather than a beneficial cue for face construction; the results also provide a much better method to construct composites, one that should dramatically increase identification of offenders.",18,2,224,238,Experimental psychology; Gaussian blur; Psychology; Face perception; Face (geometry); Facial composite; Speech recognition; Poison control; Communication; Context effect; Recognition memory,,"Adult; Attention; Cues; Face; Facial Expression; Female; Humans; Male; Pattern Recognition, Visual; Photic Stimulation; Recognition, Psychology",,,https://europepmc.org/article/MED/22545929 https://psycnet.apa.org/doiLanding?doi=10.1037%2Fa0027393 https://eric.ed.gov/?id=EJ977656 http://doi.apa.org/getdoi.cfm?doi=10.1037/a0027393 https://dspace.stir.ac.uk/handle/1893/3584 https://www.ncbi.nlm.nih.gov/pubmed/22545929 https://clok.uclan.ac.uk/2211/ https://dspace.stir.ac.uk/bitstream/1893/3584/1/Frowd%20Recovering%20faces%20from%20memory_JEPA2012.pdf https://core.ac.uk/display/340341 https://core.ac.uk/download/9050587.pdf,http://dx.doi.org/10.1037/a0027393,22545929,10.1037/a0027393,2120671916,,0,000-514-011-740-097; 001-637-658-725-230; 001-713-061-697-902; 002-342-938-459-772; 003-630-924-057-601; 003-846-053-882-35X; 003-878-333-342-16X; 004-482-736-001-023; 004-488-760-823-382; 005-365-786-759-805; 006-287-178-739-443; 008-436-621-233-682; 009-027-981-175-016; 012-302-440-154-329; 013-377-588-261-190; 013-424-316-276-267; 014-132-570-905-470; 016-575-500-166-428; 016-977-838-585-541; 019-466-667-607-252; 028-571-049-622-915; 031-886-747-441-630; 032-049-177-406-929; 033-715-146-100-191; 034-131-802-942-440; 034-698-874-933-874; 036-265-226-203-696; 036-350-260-341-394; 036-555-052-193-015; 037-570-906-977-406; 039-465-213-566-880; 041-278-637-211-838; 042-252-042-100-566; 044-562-390-633-672; 045-614-132-250-503; 047-101-115-787-244; 047-181-008-522-067; 047-720-870-340-131; 047-923-549-693-221; 049-044-363-871-220; 049-244-169-802-359; 050-807-416-944-859; 051-717-473-298-950; 052-036-362-890-508; 054-777-390-684-868; 062-618-194-192-331; 064-359-735-301-828; 065-543-353-142-717; 067-523-168-535-601; 067-959-746-978-621; 070-029-086-733-641; 077-285-101-711-262; 084-435-335-236-825; 088-485-617-988-233; 092-084-273-936-284; 095-071-294-867-00X; 099-355-263-178-885; 100-370-627-627-370; 106-354-687-680-665; 106-878-158-180-697; 108-135-700-298-624; 112-614-127-356-109; 119-363-771-199-387; 120-801-731-431-041; 121-094-012-428-248; 126-235-480-354-196; 140-780-309-818-844; 140-815-222-654-282; 141-426-186-398-396; 150-950-424-287-286; 152-557-274-774-020; 156-692-838-444-228; 164-325-416-813-471; 164-786-749-106-857; 167-602-986-246-618; 182-094-852-044-194; 183-621-525-648-394; 188-546-377-245-888; 193-566-877-632-824,49,true,cc0,green
015-351-482-914-752,Research on the Architecture Model of Volatile Data Forensics,,2012,journal article,Procedia Engineering,18777058,Elsevier BV,,Liang Hu; Xiaolu Zhang; Feng Wang; Wenbo Wang; Kuo Zhao,"Abstract This paper proposed a new architecture model of volatile data forensic. The model applied to all the volatile data sources is a general model. It can rebuild the evidence data fragment to chains of evidence which contains the behavior characteristics, so as to assist investigators to do case analysis. With the accumulated experience, the model can help judicial officers to intelligently analyze the same type of computer crimes, and based on currently available information to predict the impending crimes.",29,,4254,4258,Engineering; Architecture model; Data fragment; Computer security; Computer forensics; Case analysis,,,,,http://www.sciencedirect.com/science/article/pii/S1877705812006637 https://core.ac.uk/display/81118767 https://www.sciencedirect.com/science/article/pii/S1877705812006637 https://core.ac.uk/download/pdf/81118767.pdf,http://dx.doi.org/10.1016/j.proeng.2012.01.653,,10.1016/j.proeng.2012.01.653,2025022410,,0,008-475-550-011-549; 030-155-118-042-252; 037-821-713-720-130; 046-973-884-620-547; 065-459-442-784-779; 087-287-912-803-488; 106-102-265-775-524; 118-722-872-870-470; 139-495-561-188-858,3,true,,gold
016-123-869-009-118,An Ontological Approach to Study and Manage Digital Chain of Custody of Digital Evidence,2011-06-27,2011,journal article,Journal of information and organizational sciences,18463312,,,Jasmin Ćosić; Zoran Ćosić; Miroslav Bača,"Chain of custody of digital evidence in digital forensic field are today essential part of digital investigation process. In order the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly, when, where, why and how came into contact with evidence in each stage of the digital investigations process. This paper deals with digital evidence and chain of custody of digital evidence. Authors definetaxonomy and use an ontological approach to manage chain of custody of digital evidence. The aim of this paper was to develop ontology to provide a new approach to study and better understand chain of custody of digital evidence . Additionally, developed ontology can be used as a method to further develop a set of standard and procedures for secure management with digital evidence.",35,1,1,13,Chain of custody; Set (psychology); Data science; Ontology; Order (business); Digital evidence; Field (computer science); Computer security; Computer science; Process (engineering); Digital forensics,,,,,https://doaj.org/article/e188b09a2d93432386d471c0304e7c40 http://jios.foi.hr/index.php/jios/article/view/188 https://hrcak.srce.hr/69671 https://www.bib.irb.hr/526972 https://hrcak.srce.hr/file/103886 https://jios.foi.hr/index.php/jios/article/download/188/113 http://hrcak.srce.hr/file/103886,https://doaj.org/article/e188b09a2d93432386d471c0304e7c40,,,267787713,,0,019-618-656-851-241; 137-617-097-405-934,26,true,cc-by-nc-nd,gold
016-464-630-795-773,Data recovery from PalmmsgV001,,2008,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Satheesaan Pasupatheeswaran,"Both SMS and MMS data analysis is an important factor in mobile forensic analysis. Author did not find any mobile forensic tool that is capable of extracting short messages (SMS) and multimedia messages (MMS) from Palm Treo 750. SMS file of Palm Treo 750 is called PalmMgeV001 and it is a proprietary file system. A research work done to find a method to recover SMS data from PalmMsgV001 file. This paper is going to describe the research work and its findings. This paper also discusses a methodology that will help recover SMS data from PalmMsgV001. The PalmMsgV001 file is analysed using hex analysis method.  Solutions were found to recover each message from every folder like Inbox, Outbox, Sentbox, Draft and Template. The research work partially contributes to improving mobile forensic analysis since the finding will be helpful to forensic tool developers. At this stage, this study will concern only the SMS part and  not the MMS part.",3,4,43,58,World Wide Web; File system; Factor (programming language); Computer science; Data recovery; Mobile device forensics,,,,,https://ro.ecu.edu.au/adf/50/ https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl3.html#Pasupatheeswaran08 https://core.ac.uk/display/41527718 https://commons.erau.edu/cgi/viewcontent.cgi?article=1050&context=jdfsl https://commons.erau.edu/jdfsl/vol3/iss4/3/ https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1049&context=adf,http://dx.doi.org/10.15394/jdfsl.2008.1050,,10.15394/jdfsl.2008.1050,2118865550,,0,100-688-013-988-657,0,true,cc-by-nc,gold
017-266-006-970-020,Report from the Digital Curation Curriculum Symposium (DigCCurr) 2009,2009-06-29,2009,journal article,International Journal of Digital Curation,17468256,Edinburgh University Library,,Alexander Ball; Michael Day,"Normal 0 The second Digital Curation Curriculum Symposium was held on April 1-3, 2009, in Chapel Hill, North Carolina, with the theme ""Digital Curation Practice, Promise and Prospects"". The Symposium featured sessions dealing with issues from the cutting edge of digital curation research, while others showcased recent developments in digital curation tools. At the same time, the Symposium also considered how to equip the new generation of information professionals with the necessary skills to put this research and development into practice.",4,1,138,151,Library science; Data science; Digital curation; Theme (narrative); Chapel; Computer science; Curriculum,,,,,https://doi.org/10.2218/ijdc.v4i1.84 https://dblp.uni-trier.de/db/journals/ijdc/ijdc4.html#BallD09 https://core.ac.uk/display/2809707 http://www.ijdc.net/article/view/108 http://www.ijdc.net/index.php/ijdc/article/download/108/84 https://researchportal.bath.ac.uk/en/publications/report-from-the-digital-curation-curriculum-symposium-digccurr-20 https://core.ac.uk/download/pdf/162675622.pdf,http://dx.doi.org/10.2218/ijdc.v4i1.84,,10.2218/ijdc.v4i1.84,2038770395,,0,014-268-796-865-160; 046-639-587-269-419; 074-812-902-505-912; 169-035-154-628-335,1,true,cc-by,gold
017-616-094-974-749,An Introduction to Computer Forensics,,2006,journal article,"Medicine, science, and the law",00258024; 20421818,SAGE Publications Ltd,United Kingdom,Nick Furneaux,"This paper provides an introduction to the discipline of Computer Forensics. With computers being involved in an increasing number, and type, of crimes the trace data left on electronic media can play a vital part in the legal process. To ensure acceptance by the courts, accepted processes and procedures have to be adopted and demonstrated which are not dissimilar to the issues surrounding traditional forensic investigations. This paper provides a straightforward overview of the three steps involved in the examination of digital media: Acquisition of data. Investigation of evidence. Reporting and presentation of evidence. Although many of the traditional readers of Medicine, Science and the Law are those involved in the biological aspects of forensics, I believe that both disciplines can learn from each other, with electronic evidence being more readily sought and considered by the legal community and the long, tried and tested scientific methods of the forensic community being shared and adopted by the computer forensic world.",46,3,213,218,Internet privacy; Electronic media; Digital media; Presentation; Legal process; Computer science; Engineering ethics; Computer forensics; Accreditation; TRACE (psycholinguistics); Digital forensics,,Accreditation; Computers; Forensic Sciences; Humans,,,https://www.ncbi.nlm.nih.gov/pubmed/16909643 https://pubmed.ncbi.nlm.nih.gov/16909643/ https://europepmc.org/article/MED/16909643 https://core.ac.uk/display/74390811 https://journals.sagepub.com/doi/abs/10.1258/rsmmsl.46.3.213,http://dx.doi.org/10.1258/rsmmsl.46.3.213,16909643,10.1258/rsmmsl.46.3.213,1982756929,,0,,5,false,,
018-155-042-578-215,Biometric technologies and their perception by the common citizen,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Vítor J. Sá; Daniela Borges; Sérgio Tenreiro de Magalhães; Henrique Santos,"This article presents the biometric technology and its perception by the common citizen in Portugal. The results of a systematic inquiry about the perception of the Portuguese on the biometric technology are presented, which involved 606 citizens. Through the article, we present the principal biometrics, subdivided in stealth and collaborative, and the main concepts on its evaluation. Following a simple method consisting in a survey by questionnaire, the most relevant conclusions are presented.",4,2,187,200,Principal (computer security); Biometrics; Data science; Perception; Simple (abstract algebra); Portuguese; Computer science; Multimedia,,,,,https://dx.doi.org/10.1504/IJESDF.2012.048418 https://www.inderscienceonline.com/doi/full/10.1504/IJESDF.2012.048418 http://www.inderscience.com/link.php?id=48418 http://dx.doi.org/10.1504/IJESDF.2012.048418 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#SaBMS12,http://dx.doi.org/10.1504/ijesdf.2012.048418,,10.1504/ijesdf.2012.048418,2169399797,,0,,1,false,,
018-521-552-742-035,Recycling Information: Science Through Data Mining,2008-12-02,2008,journal article,International Journal of Digital Curation,17468256,Edinburgh University Library,,Michael Lesk,"An article considering the changes afoot in the world of Science and how the exponentially increasing amounts of recorded data are affecting the way in which scientists now work, for example with data mining. Changes in the way that resources become obsolete are also discussed and how more value must be placed on the work of professionals in digital curation.",3,1,154,157,Data mining; Work (electrical); Data science; Digital curation; Value (mathematics); Computer science; Data curation; Information science,,,,,https://core.ac.uk/display/91041932 http://www.ijdc.net/index.php/ijdc/article/view/71 http://www.ijdc.net/index.php/ijdc/article/download/71/50 https://core.ac.uk/download/pdf/162675594.pdf,http://dx.doi.org/10.2218/ijdc.v3i1.50,,10.2218/ijdc.v3i1.50,1997384645,,0,,10,true,cc-by,gold
018-620-335-450-996,Teaching Digital Forensics to Undergraduate Students,,2008,journal article,IEEE Security & Privacy Magazine,15407993; 15584046,Institute of Electrical and Electronics Engineers (IEEE),United States,Lynn Batten; Lei Pan,"Digital forensics isn't commonly a part of an undergraduate university degree, but Deakin University in Australia recently introduced the subject as part of an IT security course. As instructors, we've found that digital forensics complements our other security offerings because it affords insights into why and how security fails. A basic part of this course is an ethics agreement signed by students and submitted to the unit instructor. This agreement, approved by Deakin University's legal office and consistent with Barbara Endicott-Popovsky's approach, requires students to maintain a professional and ethical attitude to the subject matter and its applications. Assignments regularly cast students in the role of forensic professional. Our teaching team emphasizes throughout the course that professional conduct establishes credibility with employers and customers as well as colleagues, and is required to perform the job effectively. This article describes our experiences with this course.",6,3,54,56,Forensic science; Subject (documents); Professional conduct; Credibility; Subject matter; Computer science; Multimedia; Medical education; Digital forensics,,,,,http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000004530400 http://dx.doi.org/10.1109/MSP.2008.74 http://dro.deakin.edu.au/view/DU:30017610 https://ieeexplore.ieee.org/abstract/document/4530400 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000004530400 http://dro.deakin.edu.au/eserv/DU:30017610/batten-teachingdigitalforensics-2008.pdf https://dx.doi.org/10.1109/MSP.2008.74 https://dblp.uni-trier.de/db/journals/ieeesp/ieeesp6.html#BattenP08 http://hdl.handle.net/10536/DRO/DU:30017610,http://dx.doi.org/10.1109/msp.2008.74,,10.1109/msp.2008.74,1976562900,,0,017-131-297-757-546,12,true,,green
018-965-628-187-398,Artifacts of CD burning in the Microsoft Windows master file table.,2011-10-07,2011,journal article,Journal of forensic sciences,15564029; 00221198,Wiley-Blackwell,United States,B A Douglas Elrick,"Abstract:  When theft of a physical item occurs it is detectable by the fact that the object is missing, however, when the theft of a digital item occurs it can go unnoticed as exact replicas can be created. The original file is left intact but valuable information has been absconded. One of the challenges facing digital forensic examiners is detecting when files have been copied off of a computer system in some fashion. While certain methods do leave residual evidence behind, CD Burning has long been held as a copying method that cannot be identified. Through testing of the burning process and close examination of the New Technology File System (NTFS), artifacts from the master file table in the various versions of Microsoft Windows, markers have been found that are associated with copying or “burning” files to CD or DVD. Potential evidence that was once overlooked may now be detectable.",57,1,103,107,Operating system; Symbolic link; Fork (file system); SYSTEM.INI; File system; Master file; ZAP File; Transactional NTFS; Computer science; Computer file,,,,,https://onlinelibrary.wiley.com/doi/full/10.1111/j.1556-4029.2011.01919.x https://onlinelibrary.wiley.com/doi/10.1111/j.1556-4029.2011.01919.x/abstract https://www.ncbi.nlm.nih.gov/pubmed/21981315,http://dx.doi.org/10.1111/j.1556-4029.2011.01919.x,21981315,10.1111/j.1556-4029.2011.01919.x,2107487218,,1,097-541-981-128-766,0,false,,
018-971-845-492-242,Sensitive Privacy Data Acquisition in the iPhone for Digital Forensic Analysis,,2011,journal article,Communications in Computer and Information Science,18650929; 18650937,Springer Berlin Heidelberg,Germany,Jinhyung Jung; Chorong Jeong; Keunduk Byun; Sangjin Lee,"As a diverse range of smartphones has been recently developed, the use of smartphones is being dramatically increased. The use of smartphones allowed many tasks to be done at smartphones, which used to require the use of computers. Especially, along with the increase in smartphone use, the users of SNS (Social Network Service) also have been sharply increased. The SNS saves a variety of information such as exchanged pictures and videos, voice mails or location sharing, chat history, etc. as well as simple user data, so that the acquisition of data that are useful in the aspect of digital forensic is achievable. This thesis reviews the types of SNS that are available for the iPhone, a recent example of highly used smartphones, and studies the data to be collected by client and the analysis methods accordingly.",18,4,172,186,Variety (cybernetics); World Wide Web; Data acquisition; SIMPLE (military communications protocol); Location sharing; Social network service; Analysis method; Computer science; Digital forensics,,,,,http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=JBCRDA_2011_v18Cn4_217 https://koreauniv.pure.elsevier.com/en/publications/sensitive-privacy-data-acquisition-in-the-iphone-for-digital-fore https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART001584468 https://link.springer.com/chapter/10.1007%2F978-3-642-22339-6_21 https://rd.springer.com/chapter/10.1007/978-3-642-22339-6_21,http://dx.doi.org/10.1007/978-3-642-22339-6_21,,10.1007/978-3-642-22339-6_21,2025853936,,0,,9,false,,
020-048-521-593-63X,Report examining the weaknesses in the fight against cyber-crime from within,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Aminata Taal,"This report examines the weaknesses in some of the computer forensic methods used by law enforcement in the fight against computer crime (e-crime) and the work that needs to be done from the perspective of someone who works in the field, observed from within and now looking in from the outside. The computer forensic tools and technology that are heavily relied upon without proper research and evaluation, the lack of procedures in place to assess computer forensic experts in the private sector used by law enforcement agencies, insufficient training and the lack of funding for in-house research and development are all contributory to the problem.",1,2,125,130,Private sector; Government; Work (electrical); Expert witness; Law enforcement; Field (computer science); Computer security; Public relations; Computer science; Computer forensics; Digital forensics,,,,,https://dl.acm.org/doi/abs/10.1504/IJESDF.2007.016862 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.016862 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#Taal07,http://dx.doi.org/10.1504/ijesdf.2007.016862,,10.1504/ijesdf.2007.016862,2139281544,,0,,1,false,,
020-605-563-988-604,The Impact Of Organizational Change On Information Systems Security,2010-12-21,2010,journal article,Journal of Business & Economics Research (JBER),21578893; 15424448,Clute Institute,,Melinda Cline; Carl S. Guynes; Andrew B. Nyaboga,"When major change is imposed on organizations, there is often resistance and resentment. Organizational change has been identified as one of the key issues that will present significant challenges to an organization’s effective and timely implementation of privacy and security standards. It will be necessary to identify specific implementation requirements that represent the most significant organizational change challenges. Organizations will also have to identify processes and methods to foster acceptance of the change associated with the entire compliance project This research examines changing information security requirements and the strategies organizations are developing to meet the related challenges.",8,1,,,Business; Process management; Compliance (psychology); Information systems security; Organizational change; Key issues; Resistance (psychoanalysis); Public relations; Resentment; Information security,,,,,https://www.cluteinstitute.com/ojs/index.php/JBER/article/download/658/644 https://core.ac.uk/download/pdf/268111300.pdf,http://dx.doi.org/10.19030/jber.v8i1.658,,10.19030/jber.v8i1.658,2180713941,,0,005-125-881-215-010; 010-631-045-908-316; 026-679-229-301-504; 028-459-376-677-796; 046-688-203-900-373; 050-448-840-677-487; 051-322-529-489-224; 080-859-431-310-208; 081-592-148-351-73X; 108-631-307-545-978; 113-639-875-896-175; 148-926-847-465-855; 158-166-736-275-198; 164-752-934-917-285; 173-400-635-002-912,3,true,,bronze
020-689-181-201-539,Performing the Union: the Prüm Decision and the European dream.,2012-09-26,2012,journal article,Studies in history and philosophy of biological and biomedical sciences,18792499; 13698486,Elsevier Limited,Netherlands,Barbara Prainsack; Victor Toom,"In 2005, seven European countries signed the so-called Prum Treaty to increase transnational collaboration in combating international crime, terrorism and illegal immigration. Three years later, the Treaty was adopted into EU law. EU member countries were now obliged to have systems in place to allow authorities of other member states access to nationally held data on DNA, fingerprints, and vehicles by August 2011. In this paper, we discuss the conditions of possibility for the Prum network to emerge, and argue that rather than a linear ascent towards technological and political convergence and harmonisation, the (hi)story of Prum is heterogeneous and halting. This is reflected also in the early stages of implementing the Prum Decision which has proven to be more challenging than it was hoped by the drivers of the Prum process. In this sense, the Prum network sits uncomfortably with success stories of forensic science (many of which served the goal of justifying the expansion of technological and surveillance systems). Instead of telling a story of heroic science, the story of Prum articulates the European dream: one in which goods, services, and people live and travel freely and securely.",44,1,71,79,Political science; Law; Terrorism; Performativity; Convergence (economics); Treaty; Dream; Illegal immigration; Member states; Politics,,"Crime/legislation & jurisprudence; Criminal Law; DNA; Databases, Factual/legislation & jurisprudence; Dermatoglyphics; Emigration and Immigration/legislation & jurisprudence; Europe; Forensic Sciences/legislation & jurisprudence; Humans; International Cooperation/legislation & jurisprudence; Jurisprudence; Terrorism",DNA,,https://www.ncbi.nlm.nih.gov/pubmed/23021789 https://northumbria-test.eprints-hosting.org/id/document/261834 https://researchportal.northumbria.ac.uk/en/publications/performing-the-union-the-prüm-decision-and-the-european-dream http://nrl.northumbria.ac.uk/id/eprint/4130 https://core.ac.uk/display/9986486 http://www.sciencedirect.com/science/article/pii/S1369848612001033 http://nrl.northumbria.ac.uk/4130/1/Prainsack_and_Toom_2013_%2D_Performing_the_Union.pdf https://www.sciencedirect.com/science/article/pii/S1369848612001033 https://core.ac.uk/download/9986486.pdf,http://dx.doi.org/10.1016/j.shpsc.2012.09.009,23021789,10.1016/j.shpsc.2012.09.009,2007515883,,0,009-258-747-867-768; 010-565-199-849-096; 022-998-330-058-249; 023-840-639-592-569; 024-303-555-608-167; 024-433-338-455-825; 027-208-027-800-837; 027-451-966-401-826; 029-002-204-311-348; 029-775-977-119-985; 036-232-258-674-205; 040-339-875-147-608; 040-640-377-247-924; 041-372-210-771-239; 041-490-317-128-507; 044-703-923-756-39X; 045-999-996-230-091; 051-562-252-252-111; 059-252-286-053-089; 066-796-673-251-148; 072-553-235-697-52X; 077-485-891-655-117; 079-090-431-160-291; 079-773-527-537-21X; 089-503-176-495-70X; 092-111-996-528-525; 095-350-513-509-31X; 096-771-922-783-274; 109-772-503-089-100; 113-750-219-311-007; 113-970-721-632-660; 116-274-844-105-924; 118-817-876-327-59X; 120-390-967-861-319; 122-794-924-176-817; 124-935-709-541-93X; 125-513-778-707-450; 128-480-300-665-432; 128-784-853-735-165; 131-529-005-912-173; 138-619-404-446-791; 148-322-208-396-454; 151-706-186-794-187; 156-607-647-685-046; 180-324-079-394-661; 180-864-930-572-335,36,true,,green
021-237-083-615-788,"Estimation of sex and age of ""virtual skeletons""--a feasibility study.",2008-09-03,2008,journal article,European radiology,14321084; 09387994,Springer Verlag,Germany,Silke Grabherr; Christine Cooper; Susi Ulrich-Bochsler; Tanya Uldin; Steffen Ross; Lars Oesterhelweg; Stephan A. Bolliger; Andreas Christe; Pierre Schnyder; Patrice Mangin; Michael J. Thali,"This article presents a feasibility study with the objective of investigating the potential of multi-detector computed tomography (MDCT) to estimate the bone age and sex of deceased persons. To obtain virtual skeletons, the bodies of 22 deceased persons with known age at death were scanned by MDCT using a special protocol that consisted of high-resolution imaging of the skull, shoulder girdle (including the upper half of the humeri), the symphysis pubis and the upper halves of the femora. Bone and soft-tissue reconstructions were performed in two and three dimensions. The resulting data were investigated by three anthropologists with different professional experience. Sex was determined by investigating three-dimensional models of the skull and pelvis. As a basic orientation for the age estimation, the complex method according to Nemeskeri and co-workers was applied. The final estimation was effected using additional parameters like the state of dentition, degeneration of the spine, etc., which where chosen individually by the three observers according to their experience. The results of the study show that the estimation of sex and age is possible by the use of MDCT. Virtual skeletons present an ideal collection for anthropological studies, because they are obtained in a non-invasive way and can be investigated ad infinitum.",19,2,419,429,Anatomy; Radiology; Dentition; Virtopsy; Shoulder girdle; Pelvis; Symphysis; Skull; Neuroradiology; Orthodontics; Medicine; Bone age,,"Adolescent; Adult; Age Determination by Skeleton; Aged; Aged, 80 and over; Feasibility Studies; Female; Forensic Medicine/instrumentation; Humans; Male; Middle Aged; Models, Anatomic; Observer Variation; Skeleton; Tomography, X-Ray Computed/methods",,,https://link.springer.com/article/10.1007/s00330-008-1155-y?view=classic http://europepmc.org/abstract/MED/18766348 https://link.springer.com/article/10.1007/s00330-008-1155-y/fulltext.html https://boris.unibe.ch/26650/ https://link.springer.com/10.1007/s00330-008-1155-y https://archive-ouverte.unige.ch/unige:112059 https://inis.iaea.org/Search/search.aspx?orig_q=RN:40031259 https://www.ncbi.nlm.nih.gov/pubmed/18766348 https://core.ac.uk/download/33055069.pdf,http://dx.doi.org/10.1007/s00330-008-1155-y,18766348,10.1007/s00330-008-1155-y,1991445224,,0,004-857-178-061-90X; 006-053-337-346-101; 007-587-674-890-055; 014-982-298-719-265; 024-065-202-822-642; 029-531-902-766-335; 036-407-521-839-655; 048-938-633-830-864; 056-093-874-815-356; 057-633-179-384-33X; 061-585-349-211-126; 079-088-698-517-859; 081-942-331-002-228; 090-492-905-675-597; 121-657-219-134-382; 130-210-825-116-032; 137-660-064-671-850; 166-368-854-255-695; 187-756-952-743-680,106,true,,green
021-300-456-023-97X,Forensic Analysis of Phone Call Networks,2012-03-11,2012,journal article,Social Network Analysis and Mining,18695450; 18695469,Springer Science and Business Media LLC,Austria,Salvatore Catanese; Emilio Ferrara; Giacomo Fiumara,"In the context of preventing and fighting crime, the analysis of mobile phone traffic, among actors of a criminal network, is helpful in order to reconstruct illegal activities on the base of the relationships connecting those specific individuals. Thus, forensic analysts and investigators require new advanced tools and techniques which allow them to manage these data in a meaningful and efficient way. In this paper we present LogAnalysis, a tool we developed to provide visual data representation and filtering, statistical analysis features and the possibility of a temporal analysis of mobile phone activities. Its adoption may help in unveiling the structure of a criminal network and the roles and dynamics of communications among its components. By using LogAnalysis, forensic investigators could deeply understand hierarchies within criminal organizations, for example discovering central members that provide connections among different sub-groups, etc. Moreover, by analyzing the temporal evolution of the contacts among individuals, or by focusing on specific time windows they could acquire additional insights on the data they are analyzing. Finally, we put into evidence how the adoption of LogAnalysis may be crucial to solve real cases, providing as example a number of case studies inspired by real forensic investigations led by one of the authors.",3,1,15,33,World Wide Web; Forensic science; Dynamics (music); Order (exchange); Structure (mathematical logic); Mobile phone; Context (language use); Phone call; Computer science; External Data Representation; Data science; Specific time,,,,,https://128.84.21.199/abs/1303.1827 http://export.arxiv.org/pdf/1303.1827 https://arxiv.org/pdf/1303.1827 https://arxiv.org/abs/1303.1827 http://arxiv.org/abs/1303.1827,http://dx.doi.org/10.1007/s13278-012-0060-1,,10.1007/s13278-012-0060-1,2075686808; 3102554008,,0,001-807-424-360-645; 005-776-194-490-378; 009-485-094-515-369; 010-153-208-612-656; 013-187-615-097-932; 015-692-170-714-052; 024-085-270-622-915; 032-612-165-019-024; 036-834-710-209-51X; 038-220-182-826-042; 039-195-177-217-458; 039-904-655-395-806; 046-488-264-792-98X; 049-084-289-990-411; 050-652-588-888-626; 059-720-182-718-407; 062-702-511-699-155; 063-930-406-072-95X; 065-443-991-048-364; 067-093-787-724-877; 067-773-321-965-088; 069-552-634-797-138; 071-407-705-435-89X; 073-099-928-352-670; 080-078-333-029-891; 094-010-349-937-445; 104-169-092-280-438; 106-945-295-200-575; 107-189-074-788-315; 110-309-926-544-567; 136-870-805-464-912; 138-270-687-058-342; 157-973-241-664-946; 159-046-766-294-824; 170-017-538-679-939; 174-053-494-133-005; 186-700-564-994-729; 188-332-136-393-173; 193-462-542-142-384,40,true,,green
021-773-264-010-920,Candidate weight method for reassembling BMP image fragments,,2007,journal article,Journal of Computer Applications,10019081,,,Li Bing,"According to the special requirements of computer forensics,a process model was presented to extract the file fragment and reassemble them for digital forensics,and the reassembly of image fragments was also described.Three different methods were proposed based on a k-vertex disjoint graph technique which was applied to the reassembly of image fragments: Similar Coefficient Matching(SCM),Volatility Gradient Matching(VGM) and Prediction Pixel Matching(PPM),to evaluate the candidate weights between any fragments.Extensive experiments show that the highest accuracies of evaluating weights are correspondingly 93.90% and 87.27% about color images and grayscale images,which improves the precision and the efficiency of the image reassembly.",,,,,Algorithm; Artificial intelligence; Pixel; Pattern recognition; Computer science; Disjoint sets; Computer forensics; Grayscale; Digital forensics,,,,,http://en.cnki.com.cn/Article_en/CJFDTotal-JSJY200712058.htm,http://en.cnki.com.cn/Article_en/CJFDTotal-JSJY200712058.htm,,,2382663054,,0,,0,false,,
022-938-117-223-909,Design and implementation of a block-based lossless watermarking scheme,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Fawzy Ibrahim; M. Zaki,"High capacity reversible watermarking method based on block difference expansion is presented. The proposed scheme relies upon redundancy analysis for image authentication and tamper localisation. The performance of such scheme is compared with that of Tian. While Tian's algorithm is a pixel-based embedding scheme, the proposed method is a block-based embedding technique. Thus, it can be used with the following advantages: (1) possibility of providing more capacity for authentication data (2) no compression is needed (as in case of Tian's scheme) and (3) low time cost because of its reasonable complexity. To find out the embedding capacity both information and redundancy are examined for the underlying image. In addition a corresponding difference image is defined, its histogram is determined and its entropy and redundancy are computed. The proposed scheme creates an extra space for the authentication payload by making use of block difference expansion.",3,2,164,185,Algorithm; Digital watermarking; Pixel; Tian; Lossless watermarking; Time cost; Computer science; Embedding; Histogram; Entropy (information theory),,,,,https://www.inderscienceonline.com/doi/10.1504/IJESDF.2010.033784 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#IbrahimZ10,http://dx.doi.org/10.1504/ijesdf.2010.033784,,10.1504/ijesdf.2010.033784,2096003968,,0,010-423-042-177-734; 013-254-182-755-449; 013-959-215-137-824; 016-530-437-620-157; 028-129-947-206-102; 042-769-956-829-507; 043-472-929-547-554; 057-760-744-411-233; 058-722-723-786-764; 070-566-110-940-864; 086-755-606-681-222; 127-453-137-030-102; 169-738-837-701-58X; 178-957-848-232-033; 180-108-399-963-521; 183-373-469-194-34X,0,false,,
023-597-121-798-223,Forensic Extraction of EFS-Encrypted Files in Live System Investigation,2008-03-17,2008,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Ewa Huebner; Derek Bem,"Encrypted files captured by acquiring a bit-by-bit image in the process of conventional forensic investigation are practically impossible to decrypt without knowing the key and the method of encryption. The Windows operating system provides the option to encrypt files using an encryption driver bundled with the New Technology File System (NTFS) file system, the so-called encrypting file system (EFS). EFS files can be manipulated transparently by the owner and the system administrator as long as they reside in an NTFS file system. In this article we demonstrate the methodology of extracting EFS-decrypted files from a live system. The method of extraction is built around a software utility, Robocopy, which does not modify any metadata of the file system during extraction. The hash value for the encrypted data calculated before and after the extraction is identical, so this approach can be considered to be forensically sound. We present a scenario that shows that live system investigation is indispensable in obtaining complete information about the system being examined. This information would be lost if conventional methods were applied, even when supplemented by the capture and analysis of physical memory.",2,1,1,12,File Control Block; Filesystem-level encryption; Unix file types; File system fragmentation; File system; Computer security; Computer science; Virtual file system; Database; Self-certifying File System; Computer file,,,,,https://dl.acm.org/doi/10.1080/15567280701721905 https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HuebnerB08 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HuebnerB08 https://www.tandfonline.com/doi/full/10.1080/15567280701721905 https://dl.acm.org/citation.cfm?id=1451839.1451840,http://dx.doi.org/10.1080/15567280701721905,,10.1080/15567280701721905,2093344556,,0,020-059-232-319-347; 061-139-633-577-862; 080-351-281-760-491; 153-153-144-072-106; 155-310-759-030-139; 172-214-329-616-03X,5,false,,
024-330-963-297-20X,Warriors and Peacekeepers: Testing a Biosocial Implicit Leadership Hypothesis of Intergroup Relations Using Masculine and Feminine Faces,2012-01-20,2012,journal article,PloS one,19326203,Public Library of Science,United States,Brian R. Spisak; Peter H. Dekker; Max Krüger; Mark van Vugt,"This paper examines the impact of facial cues on leadership emergence. Using evolutionary social psychology, we expand upon implicit and contingent theories of leadership and propose that different types of intergroup relations elicit different implicit cognitive leadership prototypes. It is argued that a biologically based hormonal connection between behavior and corresponding facial characteristics interacts with evolutionarily consistent social dynamics to influence leadership emergence. We predict that masculine-looking leaders are selected during intergroup conflict (war) and feminine-looking leaders during intergroup cooperation (peace). Across two experiments we show that a general categorization of leader versus nonleader is an initial implicit requirement for emergence, and at a context-specific level facial cues of masculinity and femininity contingently affect war versus peace leadership emergence in the predicted direction. In addition, we replicate our findings in Experiment 1 across culture using Western and East Asian samples. In Experiment 2, we also show that masculine-feminine facial cues are better predictors of leadership than male-female cues. Collectively, our results indicate a multi-level classification of context-specific leadership based on visual cues imbedded in the human face and challenge traditional distinctions of male and female leadership.",7,1,e30399,,Group conflict; Sensory cue; Social psychology (sociology); Femininity; Masculinity; Affect (psychology); Social dynamics; Social psychology; Biology; Categorization,,Adult; Cues; Face; Female; Femininity; Humans; Leadership; Male; Masculinity; Social Behavior; Visual Perception/physiology; Young Adult,,,https://www.professormarkvanvugt.com/images/files/SpisakvanVugt2012Plos-1.pdf http://europepmc.org/articles/PMC3262824 https://www.narcis.nl/publication/RecordID/oai%3Aresearch.vu.nl%3Apublications%2F70239df4-6a6c-4e7a-bdcb-cf3fbdfac1ce https://pubmed.ncbi.nlm.nih.gov/22276190/ https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0030399 https://research.vu.nl/en/publications/warriors-and-peacekeepers-testing-a-biosocial-implicit-leadership https://paperity.org/p/61146160/warriors-and-peacekeepers-testing-a-biosocial-implicit-leadership-hypothesis-of https://www.mendeley.com/catalogue/5ad9e7dd-3eef-3db9-95f5-0fd78a25f22e/ https://core.ac.uk/display/23152201 https://research.vu.nl/ws/files/3151805/291304.pdf https://ui.adsabs.harvard.edu/abs/2012PLoSO...730399S/abstract https://dx.plos.org/10.1371/journal.pone.0030399 http://dspace.ubvu.vu.nl/bitstream/handle/1871/40023/291304.pdf?sequence=1 http://www.professormarkvanvugt.com/images/files/SpisakvanVugt2012Plos-1.pdf https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3262824/ https://core.ac.uk/download/pdf/15476710.pdf,http://dx.doi.org/10.1371/journal.pone.0030399,22276190,10.1371/journal.pone.0030399,2105294766,PMC3262824,0,000-802-602-950-754; 003-953-953-010-761; 004-154-493-487-934; 011-585-789-570-25X; 015-005-073-195-054; 020-431-221-794-255; 022-318-447-805-808; 022-428-043-008-99X; 024-821-645-767-241; 025-780-253-077-979; 026-876-665-327-383; 027-570-914-990-229; 028-794-073-742-245; 029-513-365-311-300; 029-938-349-681-102; 034-829-643-212-954; 037-235-889-870-173; 038-858-881-186-93X; 039-339-243-770-869; 042-042-342-352-225; 042-843-116-935-721; 047-065-064-274-135; 047-541-274-036-658; 051-926-382-102-474; 052-631-716-597-816; 056-416-168-364-82X; 059-863-664-938-515; 065-479-846-518-256; 074-172-997-323-982; 074-539-042-682-091; 077-068-414-974-548; 077-609-876-814-580; 080-117-297-247-603; 080-836-201-304-302; 083-229-256-315-601; 088-366-399-281-106; 089-033-976-428-106; 092-272-257-130-959; 095-646-325-879-148; 099-632-707-150-545; 106-354-687-680-665; 108-492-873-203-051; 111-390-483-842-967; 113-601-898-961-511; 114-709-993-643-205; 119-676-365-015-455; 120-867-995-204-805; 121-318-283-666-109; 129-976-459-740-604; 140-850-756-330-788; 145-620-023-238-181; 170-689-788-740-407; 175-042-502-723-877; 185-583-432-618-274; 190-145-440-307-303; 190-904-157-956-193,116,true,cc-by,gold
025-413-390-011-47X,How to find exculpatory and inculpatory evidence using a circular digital forensics process model,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Marjan Khatir; Seyed Mahmood Hejazi,"With raising the number of cyber crimes, the need of having a proper digital forensic process also increases. Although digital forensics is practiced in recent years, there is still a big gap between previously suggested digital forensics processes and what is really needed to be done in real cases. Some problems with current processes are lack of flexible transition between phases, not having a clear method or a complete scenario for addressing reliable evidence, and not paying enough attention to management aspects and team roles. This article provides a process model by paying special attention to the team roles and management aspects as well as both exculpatory and inculpatory evidence.",2,1,68,76,Teamwork; Digital forensic process; Exculpatory evidence; Digital evidence; Computer security; Computer science; Process (engineering); Team Role Inventories; Computer forensics; Digital forensics,,,,,https://ui.adsabs.harvard.edu/abs/2008ges..conf...10K/abstract https://link.springer.com/content/pdf/10.1007%2F978-3-540-69403-8_2.pdf https://rd.springer.com/chapter/10.1007%2F978-3-540-69403-8_2 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.023877 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#KhatirH09 http://www.diva-portal.org/smash/record.jsf?pid=diva2:436813 https://www.inderscience.com/link.php?id=23877 https://link.springer.com/chapter/10.1007/978-3-540-69403-8_2,http://dx.doi.org/10.1504/ijesdf.2009.023877,,10.1504/ijesdf.2009.023877,2041229035,,0,001-009-008-665-240; 032-697-093-668-898; 034-916-306-834-918; 035-223-520-491-228; 056-590-277-527-716; 111-741-773-111-021; 184-948-841-629-735; 199-745-676-923-766,1,false,,
025-421-213-608-128,Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery?,,2010,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Graeme Baxter Bell; Richard Boddington,"Digital evidence is increasingly relied upon in computer forensic examinations and legal proceedings in the modern courtroom. The primary storage technology used for digital information has remained constant over the last two decades, in the form of the magnetic disc. Consequently, investigative, forensic, and judicial procedures are well-established for magnetic disc storage devices (Carrier, 2005). However, a paradigm shift has taken place in technology storage and complex, transistor-based devices for primary storage are now increasingly common. Most people are aware of the transition from portable magnetic floppy discs to portable USB transistor flash devices, yet the transition from magnetic hard drives to solid-state drives inside modern computers has so far attracted very little attention from the research community.; ; ; Here we show that it is imprudent and potentially reckless to rely on existing evidence collection processes and procedures, and we demonstrate that conventional assumptions about the behaviour of storage media are no longer valid. In particular, we demonstrate that modern storage devices can operate under their own volition in the absence of computer instructions. Such operations are highly destructive of traditionally recoverable data. This can contaminate evidence; can obfuscate and make validation of digital evidence reports difficult; can complicate the process of live and dead analysis recovery; and can complicate and frustrate the post recovery forensic analysis.; ; Our experimental findings demonstrate that solid-state drives (SSDs) have the capacity to destroy evidence catastrophically under their own volition, in the absence of specific instructions to do so from a computer.",5,3,1,,Garbage collection; Volition (linguistics); Solid-state drive; Digital evidence; Computer security; Computer science; Forensic disk controller; Paradigm shift; USB; Digital forensics,,,,,https://core.ac.uk/display/11234249 https://commons.erau.edu/cgi/viewcontent.cgi?article=1078&context=jdfsl http://graemebell.net/publications/upload/bellbodd2010-preprint.pdf https://commons.erau.edu/jdfsl/vol5/iss3/1/ http://www.123seminarsonly.com/Seminar-Reports/023/50099126-Solid-State-Drives.pdf http://graemebell.net/pubs/bellbodd2010-preprint.pdf http://www.evidencegrade.com/file/Solid%20State%20Drives%20-%20The%20Beginning%20of%20the%20End.pdf https://securit.se/wp-content/uploads/2011/09/JDFSL-V5N3-Bell.pdf https://researchrepository.murdoch.edu.au/id/eprint/3714/ https://core.ac.uk/download/11234249.pdf,http://dx.doi.org/10.15394/jdfsl.2010.1078,,10.15394/jdfsl.2010.1078,1578425966,,2,008-215-658-916-277; 031-309-466-858-480; 046-527-367-793-765; 057-137-063-277-37X; 062-788-502-964-113; 085-214-277-668-01X; 120-697-354-224-33X; 126-044-289-253-635; 129-360-320-775-188; 160-160-097-559-323; 167-592-705-831-583; 185-038-131-679-547; 199-745-676-923-766,53,true,cc-by-nc,gold
026-490-926-488-299,BioVault: biometrically based encryption,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,B. L. Tait; S. H. Von Solms,"Biometric-based token authentication is an asymmetric (von Solms and Tait, 2005) authentication technology. This means that the reference token generated during the enrolment process and stored in the biometric database, will never match any freshly offered biometric token exactly (100%). This is commonly accepted due to the nature of the biometric algorithm (Wayman et al., 2004) central to the biometric environment. A password or pin on the other hand, is a symmetric authentication mechanism. This means that an exact match is expected, and if the offered password deviates ever so slightly from the password stored in the password database file, authenticity is rejected. Encryption technologies rely on symmetric authentication to function, as the password or pin is often used as the seed for a random number that will assist in the generation of the cipher. If the password used to encrypt the cipher is not 100% the same as the password supplied to decrypt, the cipher will not unlock. The asymmetric nature of biometrics traditionally renders biometric tokens unfit to be used as the secret key for an encryption algorithm. This article introduces a system that allows biometric tokens to be used as the secret key in an encryption algorithm. This method relies on the BioVault infrastructure. For this reason, BioVault will briefly be discussed, followed by a discussion of biometrically based encryption.",2,3,269,279,Password; Syskey; Zero-knowledge password proof; Cognitive password; Computer security; Computer science; S/KEY; Password strength; One-time password; Password policy,,,,,https://rd.springer.com/chapter/10.1007/978-3-642-04280-5_4 https://link.springer.com/chapter/10.1007/978-3-642-04280-5_4 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.027522 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#TaitS09 https://link.springer.com/content/pdf/10.1007%2F978-3-642-04280-5_4.pdf https://www.inderscience.com/link.php?id=27522,http://dx.doi.org/10.1504/ijesdf.2009.027522,,10.1504/ijesdf.2009.027522,2091401974,,0,033-175-991-415-698; 073-146-778-270-854; 113-114-063-444-526,0,false,,
026-766-854-469-439,Information Retrieval From Internet Applications For Digital Forensic,2012-08-31,2012,journal article,"International Journal of Security, Privacy and Trust Management",22775498,Academy and Industry Research Collaboration Center (AIRCC),,Ipsita Mohanty; R. Leela Velusamy,"Advanced internet technologies providing services like e-mail, social networking, online banking, online shopping etc., have made day-to-day activities simple and convenient. Increasing dependency on the internet, convenience, and decreasing cost of electronic devices have resulted in frequent use of online services. However, increased indulgence over the internet has also accelerated the pace of digital crimes. The increase in number and complexity of digital crimes has caught the attention of forensic investigators. The Digital Investigators are faced with the challenge of gathering accurate digital evidence from as many sources as possible. In this paper, an attempt was made to recover digital evidence from a system's RAM in the form of information about the most recent browsing session of the user. Four different applications were chosen and the experiment was conducted across two browsers. It was found that crucial information about the target user such as, user name, passwords, etc., was recoverable.",1,3,15,30,Internet privacy; Password; The Internet; World Wide Web; Forensic science; Session (web analytics); Digital evidence; Computer science; Digital forensics; Pace; Frequent use,,,,,https://arxiv.org/pdf/1209.3590 https://ui.adsabs.harvard.edu/abs/2012arXiv1209.3590M/abstract https://arxiv.org/abs/1209.3590 https://core.ac.uk/display/24765074 http://arxiv.org/abs/1209.3590,http://dx.doi.org/10.5121/ijsptm.2012.1302,,10.5121/ijsptm.2012.1302,2033633358; 3100770702,,0,016-926-540-950-809; 037-483-791-552-006; 038-668-970-194-854; 039-774-603-243-832; 068-383-476-721-435; 109-603-269-791-542; 120-462-880-448-150; 123-516-057-579-584; 134-181-885-341-288; 136-745-511-009-321; 171-637-120-942-780,3,true,,green
026-794-402-013-471,Computer Printouts as Legal Evidence,2010-12-15,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Edward H. Freeman,ABSTRACT This article discusses computer--based information and its uses as evidence in legal proceedings. It explains the rules of evidence and their effect on an organization's management of its databases and describes methods of handling requests for production of computerized data.,3,2-4,98,105,Admissible evidence; Law and economics; Production (economics); Rules of evidence; Hearsay; Privilege (computing); Legal evidence; Computer security; Computer science; Best evidence rule,,,,,https://www.tandfonline.com/doi/full/10.1080/15567281.2010.536730 https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#Freeman10,http://dx.doi.org/10.1080/15567281.2010.536730,,10.1080/15567281.2010.536730,1991139163,,0,,0,false,,
026-841-604-936-062,Modelling Infection Spread Using Location Tracking,,2010,journal article,International Journal of Healthcare Technology and Management,13682156; 17415144,Inderscience Publishers,United Kingdom,Andrew Michael Mason; Nicholas J. Dingle; William J. Knottenbelt; Derek Bell; William J Buchanan; Christoph Thuemmler,"The precision of location tracking technology has improved greatly over the last few decades. We aim to show that by tracking the locations of individuals in a closed environment, it is now possible to record the nature and frequency of interactions between them. Further, that it is possible to use such data to predict the way in which an infection will spread throughout such a population, given parameters such as transmission and recovery rates. We accordingly present a software package that is capable of recording and then replaying location data provided by a high-precision location tracking system. The software then employs a combination of SIR modelling and the epidemiological technique of contact tracing in order to predict the spread of an infection. We use this software to conduct a number of experiments using a sample data set, and compare the SIR graphs generated from these to similar graphs generated using the traditional SIR differential equations.",11,6,442,461,Software; Population; Epidemiological Technique; Location tracking; Computer science; Tracking (particle physics); Simulation; Sample (statistics); Data set; Transmission (telecommunications); Real-time computing,,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJHTM.2010.036925 http://eprints.maths.manchester.ac.uk/1552/ http://eprints.ma.man.ac.uk/1552/ https://core.ac.uk/download/74031551.pdf,http://dx.doi.org/10.1504/ijhtm.2010.036925,,10.1504/ijhtm.2010.036925,2162448281,,0,016-506-581-066-525; 022-436-010-397-140; 023-451-489-093-967; 032-803-463-693-019; 036-880-120-434-642; 053-408-811-307-324; 056-411-338-285-401; 059-407-360-728-624; 060-836-586-663-73X; 129-225-278-482-450,0,true,,green
027-021-440-316-686,Common Representation of Information Flows for Dynamic Coalitions,2010-01-29,2010,journal article,Electronic Proceedings in Theoretical Computer Science,20752180,Open Publishing Association,,Igor Mozolevsky; John Fitzgerald,"We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow.",16,,15,25,Information flow (information theory); Translation (geometry); Domain (software engineering); Representation (systemics); Control (linguistics); Computer science; Abstraction (linguistics); Access control; Theoretical computer science; Domain model; Data mining,,,,,https://arxiv.org/abs/1001.4411v1 https://ui.adsabs.harvard.edu/abs/2010arXiv1001.4411M/abstract http://arxiv.org/abs/1001.4411,http://dx.doi.org/10.4204/eptcs.16.2,,10.4204/eptcs.16.2,3151449691; 1998201014,,0,003-730-564-269-878; 005-511-776-877-106; 005-634-501-502-786; 008-542-327-956-336; 011-617-421-221-813; 012-732-074-219-275; 015-517-557-416-684; 020-537-380-848-80X; 027-596-852-424-584; 030-022-441-252-533; 036-259-458-043-168; 037-732-710-835-480; 062-421-316-909-478; 064-051-441-950-282; 087-799-233-941-706; 126-273-514-436-542; 132-682-357-340-268; 137-928-549-888-171; 151-257-142-018-433,0,true,cc-by-nc-nd,gold
027-157-298-260-484,Investigating Modern Communication Technologies: The effect of Internet-based Communication Technologies on the Investigation Process,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Matthew Simon,"Communication technologies are commonplace in modern society. For many years there were only a handful of communication technologies provided by large companies, namely the Public Switched Telephone Network (PSTN) and mobile telephony; these can be referred to as traditional communication technologies . Over the lifetime of traditional communication technologies has been little technological evolution and as such, law enforcement developed sound methods for investigating targets using them. With the advent of communication technologies that use the Internet – I nternet-based or contemporary communication technologies – law enforcement are faced with many challenges. This paper discusses these challenges and their potential impact. It first looks at what defines the two technologies then explores the laws and methods used for their investigation. It then looks at the issues of applying the current methodologies to the newer and fundamentally different technology. The paper concludes that law enforcement will be required to update their methods in order to remain effective against the current technology trends.",6,4,35,62,Technological evolution; The Internet; Order (exchange); Law enforcement; Public switched telephone network; Computer security; Computer science; Process (engineering); Telecommunications; Digital forensics; Mobile telephony,,,,,https://core.ac.uk/display/91840297 https://doaj.org/article/8fbf18d77797452ea411c53cede407ad https://commons.erau.edu/jdfsl/vol6/iss4/4/ https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Simon11 https://commons.erau.edu/cgi/viewcontent.cgi?article=1106&context=jdfsl,http://dx.doi.org/10.15394/jdfsl.2011.1106,,10.15394/jdfsl.2011.1106,2184810167,,0,017-607-059-569-495; 023-265-845-321-577; 061-415-516-656-025; 119-296-717-193-737; 150-691-899-217-974; 175-545-144-287-044,2,true,cc-by-nc,gold
027-570-776-652-466,A Study of Current Trends in Database Forensics,2010-12-15,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Lawrence Suffern,"ABSTRACT The growth of databases as a means of storing critical data has made them an inviting target for criminal activity, which in turn has brought about the emerging area of database forensics. However, research in this area is just beginning, and few methods and tools designed for database forensic analysis exist at this time. Following a database security incident, it is essential to learn what data was exposed or damaged so that steps can be taken to mitigate the situation. The data cache, Structured Query Language (SQL) cache, and transaction log may contain important database forensic information. Research into database forensics has resulted in the development of some practical methods, as well as opened up potential areas for future database design. The future of database forensics lies not just in development of methods and tools but also in developing a thorough knowledge of database processes in order to advance the developing area of database forensics.",3,2-4,67,73,World Wide Web; Database design; Intelligent database; Database security; Database forensics; Database schema; Computer science; Network forensics; View; Database testing,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#Suffern10 https://www.tandfonline.com/doi/abs/10.1080/15567281.2010.500646,http://dx.doi.org/10.1080/15567281.2010.500646,,10.1080/15567281.2010.500646,2024984056,,0,000-853-465-742-472; 001-255-768-346-633; 010-715-519-043-632; 050-308-742-156-878; 065-210-303-569-91X; 085-214-277-668-01X; 106-865-640-867-523,3,false,,
027-822-774-617-518,MIMIC-PPT: Mimicking-based steganography for microsoft power Point document,2008-05-01,2008,journal article,Information Technology Journal,18125638; 18125646,Science Alert,Pakistan,Yuling Liu; Xingming Sun; Yongping Liu; Chang-Tsun Li,"Communications via Microsoft Power Point (PPT for short) documents are commonplace, so it is crucial to take advantage of PPT documents for information security and digital forensics. In this study, we propose a new method of text steganography, called MIMIC-PPT, which combines text mimicking technique with characteristics of PPT documents. Firstly, a dictionary and some sentence templates are automatically created by parsing the body text of a PPT document. Then, cryptographic information is converted into innocuous sentences by using the dictionary and the sentence templates. Finally, the sentences are written into the note pages of the PPT document. With MIMIC-PPT, there is no need for the communication parties to share the dictionary and sentence templates while the efficiency and security are greatly improved.",7,4,654,660,Steganography; Artificial intelligence; Cryptography; Parsing; Natural language processing; Body text; Sentence; Power point; Computer science; Information security; Digital forensics,,,,,https://wrap.warwick.ac.uk/59707/ https://core.ac.uk/display/19760194 https://www.scialert.net/abstract/?doi=itj.2008.654.660 http://dro.deakin.edu.au/view/DU:30125528 http://www.scialert.net/abstract/?doi=itj.2008.654.660 https://researchoutput.csu.edu.au/en/publications/mimic-ppt-mimicking-based-steganography-for-microsoft-power-point,http://dx.doi.org/10.3923/itj.2008.654.660,,10.3923/itj.2008.654.660,2083655907,,0,012-088-388-106-690; 015-296-958-643-814; 016-087-513-482-654; 025-206-112-743-521; 032-675-914-364-30X; 033-063-420-826-550; 042-085-994-956-235; 043-774-046-313-694; 066-810-084-927-507; 068-387-339-895-875; 075-082-533-938-679; 086-073-427-942-871; 097-426-230-860-75X; 113-683-759-006-946; 113-803-165-219-77X; 168-101-567-984-879,9,false,,
027-973-955-547-537,"Media Watermarking, Security, and Forensics - Sensor-fingerprint based identification of images corrected for lens distortion",2012-02-09,2012,journal article,SPIE Proceedings,0277786x,SPIE,,Miroslav Goljan; Jessica Fridrich,"Computational photography is quickly making its way from research labs to the market. Recently, camera manufacturers; started using in-camera lens-distortion correction of the captured image to give users more powerful; range of zoom in compact and affordable cameras. Since the distortion correction (barrel/pincushion) depends; on the zoom, it desynchronizes the pixel-to-pixel correspondence between images taken at two different focal; lengths. This poses a serious problem for digital forensic methods that utilize the concept of sensor fingerprint; (photo-response non-uniformity), such as ""image ballistic"" techniques that can match an image to a specific camera.; Such techniques may completely fail. This paper presents an extension of sensor-based camera identification; to images corrected for lens distortion. To reestablish synchronization between an image and the fingerprint,; we adopt a barrel distortion model and search for its parameter to maximize the detection statistic, which is; the peak to correlation energy ratio. The proposed method is tested on hundreds of images from three compact; cameras to prove the viability of the approach and demonstrate its efficiency.",8303,,132,144,Distortion; Zoom; Computational photography; Artificial intelligence; Fingerprint recognition; Lens (optics); Fingerprint (computing); Computer vision; Computer science; Distortion (optics); Identification (information); Focal length; Camera auto-calibration,,,,,http://ui.adsabs.harvard.edu/abs/2012SPIE.8303E..0HG/abstract https://dblp.uni-trier.de/db/conf/mediaforensics/mediaforensics2012.html#GoljanF12 https://proceedings.spiedigitallibrary.org/proceeding.aspx?doi=10.1117/12.909659 https://proceedings.spiedigitallibrary.org/proceeding.aspx?articleid=1345641 https://core.ac.uk/display/23298690 https://www.spiedigitallibrary.org/conference-proceedings-of-spie/8303/1/Sensor-fingerprint-based-identification-of-images-corrected-for-lens-distortion/10.1117/12.909659.full https://doi.org/10.1117/12.909659,http://dx.doi.org/10.1117/12.909659,,10.1117/12.909659,1990547779,,0,013-766-124-774-712; 014-209-941-360-32X; 083-097-133-928-799; 087-895-411-431-312; 091-336-870-705-937; 095-160-402-119-661; 128-981-158-424-27X; 147-162-392-661-994; 160-685-922-453-820; 184-897-235-429-285,34,true,,green
028-034-242-516-483,The Forensic Curator: Digital Forensics as a Solution to Addressing the Curatorial Challenges Posed by Personal Digital Archives,2012-10-23,2012,journal article,International Journal of Digital Curation,17468256,Edinburgh University Library,,Gareth Knight,"The growth of computing technology during the previous three decades has resulted in a large amount of content being created in digital form. As their creators retire or pass away, an increasing number of personal data collections, in the form of digital media and complete computer systems, are being offered to the academic institutional archive. For the digital curator or archivist, the handling and processing of such digital material represents a considerable challenge, requiring development of new processes and procedures. This paper outlines how digital forensic methods, developed by the law enforcement and legal community, may be applied by academic digital archives. It goes on to describe the strategic and practical decisions that should be made to introduce forensic methods within an existing curatorial infrastructure and how different techniques, such as forensic hashing, timeline analysis and data carving, may be used to collect information of a greater breadth and scope than may be gathered through manual activities.",7,2,40,63,World Wide Web; Digital media; Carving; Archivist; Law enforcement; Scope (project management); Computer science; Timeline; Computer forensics; Digital forensics,,,,,https://doi.org/10.2218/ijdc.v7i2.228 https://researchonline.lshtm.ac.uk/id/eprint/2192853/ http://doi.org/10.2218/ijdc.v7i2.228 https://core.ac.uk/display/42633111 http://www.ijdc.net/article/view/218 https://paperity.org/p/275612301/the-forensic-curator-digital-forensics-as-a-solution-to-addressing-the-curatorial https://dblp.uni-trier.de/db/journals/ijdc/ijdc7.html#Knight12a https://core.ac.uk/download/42633111.pdf,http://dx.doi.org/10.2218/ijdc.v7i2.228,,10.2218/ijdc.v7i2.228,2127988978,,0,019-698-064-288-240; 032-192-641-675-455; 037-647-066-964-858; 038-668-970-194-854; 061-326-248-978-030; 089-550-797-690-956; 132-355-634-397-986; 142-884-607-464-932; 164-812-767-509-816; 170-299-458-679-224; 182-420-694-496-099,2,true,cc-by,gold
028-180-038-189-484,Digital Forensics and Cyber Crime Datamining,,2012,journal article,Journal of Information Security,21531234; 21531242,"Scientific Research Publishing, Inc.",,K. K. Sindhu; Bandu B. Meshram,"Digital forensics is the science of identifying, extracting, analyzing and presenting the digital evidence that has been stored in the digital devices. Various digital tools and techniques are being used to achieve this. Our paper explains forensic analysis steps in the storage media, hidden data analysis in the file system, network forensic methods and cyber crime data mining. This paper proposes a new tool which is the combination of digital forensic investigation and crime data mining. The proposed system is designed for finding motive, pattern of cyber attacks and counts of attacks types happened during a period. Hence the proposed tool enables the system administrators to minimize the system vulnerability.",3,3,196,201,Data mining; File system; Digital evidence; Hidden data; Cyber crime; Digital forensic investigation; Computer security; Computer science; Computer forensics; Digital forensics; Vulnerability (computing),,,,,http://doi.org/10.4236/jis.2012.33024 http://dx.doi.org/10.4236/jis.2012.33024 https://doi.org/10.4236/jis.2012.33024 https://file.scirp.org/Html/3-7800083_21340.htm https://m.scirp.org/papers/21340 https://www.scirp.org/Journal/PaperInformation.aspx?paperID=21340 https://file.scirp.org/pdf/JIS20120300002_13729911.pdf https://www.scirp.org/Journal/PaperDownload.aspx?paperID=21340 http://www.scirp.org/Journal/PaperInformation.aspx?paperID=21340 https://dblp.uni-trier.de/db/journals/jisec/jisec3.html#SindhuM12,http://dx.doi.org/10.4236/jis.2012.33024,,10.4236/jis.2012.33024,1982246970,,0,007-832-595-971-443; 019-698-064-288-240; 055-425-122-624-954; 085-214-277-668-01X; 101-944-590-282-271; 117-626-618-645-095; 136-947-053-479-806; 139-567-850-350-938; 159-584-170-360-868; 177-597-414-067-285,28,true,,gold
029-707-685-271-18X,Extraction of Electronic Evidence from VoIP: Forensic Analysis of A Virtual Hard Disk Vs RAM,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,David Irwin; Jill Slay; Arek Dadej; malcolm shore,"The popularity of Voice over the Internet Protocol (VoIP) is increasing as the cost savings and ease of use is realised by a wide range of home and corporate users. However, the technology is also attractive to criminals. This is because VoIP is a global telephony service, in which it is difficult to verify the user’s identification. The security of placing such calls may also be appealing to criminals, as many implementations use strong encryption to secure both the voice payload as well as to control messages making monitoring such VoIP calls difficult since conventional methods such as wire-tapping is not applicable to VoIP calls. Therefore, other methods of recovering electronic evidence and information from VoIP are required.   This research looks at what protocol evidence remains after a VoIP call has taken place examining both a virtual hard disk and the Random Access Memory (RAM). This paper proposes a set of identifiable credentials based on packet header information contained within the VoIP protocol stack. A series of controlled tests were undertaken whereby these credentials were forensically searched for on a virtual machine which was used to make the VoIP call. This experiment was then repeated by a search for the same protocol credentials within the RAM.",6,1,15,36,The Internet; Voice over IP; Telephony; Mobile communications over IP; Virtual machine; Computer network; Protocol stack; Computer security; Computer science; Computer forensics; Identification (information),,,,,https://commons.erau.edu/jdfsl/vol6/iss1/2/ https://doaj.org/article/8d34d2c90f52470db0eaaed9fd0030d1 https://commons.erau.edu/cgi/viewcontent.cgi?article=1086&context=jdfsl https://core.ac.uk/display/91843253 https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#IrwinSDS11,http://dx.doi.org/10.15394/jdfsl.2011.1086,,10.15394/jdfsl.2011.1086,1590438336,,0,002-117-942-525-428; 008-222-935-687-384; 012-139-507-955-634; 018-847-752-429-414; 049-958-322-737-528; 065-851-415-898-70X; 102-549-430-780-964; 118-300-398-355-438; 124-075-111-976-368,2,true,cc-by-nc,gold
030-753-879-056-130,SECURE NETWORK COMMUNICATION BASED ON TEXT-TO-IMAGE ENCRYPTION,,2012,journal article,International Journal of Cyber-Security and Digital Forensics,23050012,,,Ahmad Abusukhon; Issa Ottoum Mohamad Talib,"Security becomes an important issue when secure or sensitive information is sent over a network where all computers are connected together. In such a network a computer is recognized by its IP address. Unfortunately, an IP address is attacked by hackers; this is where one host claims to have the IP address of another host and thus sends packets to a certain machine causing it to take some sort of action. In order to overcome this problem cryptography is used. In cryptographic application, the data sent are encrypted first at the source machine using an encryption key then the encrypted data are sent to the destination machine. This way the attacker will not have the encryption key which is required to get the original data and thus the hacker is unable to do anything with the session. In this paper, we propose a novel method for data encryption. Our method is based on private key encryption. We call our method Text-To-Image Encryption (TTIE).",1,4,263,271,World Wide Web; Information sensitivity; Encryption; Network packet; Cryptography; Host (network); Public-key cryptography; Session (computer science); Computer security; Computer science; Hacker,,,,,http://sdiwc.net/digital-library/secure-network-communication-based-on-texttoimage-encryption.html,http://sdiwc.net/digital-library/secure-network-communication-based-on-texttoimage-encryption.html,,,1841093983,,0,003-083-159-181-663; 004-642-554-341-481; 012-448-745-874-660; 017-525-190-897-081; 021-404-929-196-448; 034-718-642-864-828; 037-056-017-836-708; 081-580-123-934-439; 084-151-556-299-139; 100-192-224-113-042; 113-605-078-173-147; 122-787-800-970-175; 153-457-845-131-52X; 154-913-829-652-715; 174-194-849-795-489,11,false,,
030-837-615-114-470,Digital forensics and the issues of identity,,2010,journal article,Information Security Technical Report,13634127,Elsevier BV,Netherlands,Andrew Jones; Thomas Martin,"The issue of what we consider to be the identity of a person has become increasingly complex as we have made ever greater use of the facilities and services that have been made available by developing technologies and the Internet. In the past people normally had one identity, while in the current environment it is acceptable to maintain separate 'identities' for different aspects of our on-line interactions. Proving beyond a reasonable doubt that an individual that is suspected of a crime that is based on the technologies that we increasingly rely on was the actual perpetrator has always been problematic. It is relatively easy to determine the device that was used, but proving that the suspect was the person that used it has always been more difficult. This paper looks at a range of issues that have affected what we consider to be reasonable proof of identity and a number of the problems that this causes in identifying the perpetrator of a crime.",15,2,67,71,Internet privacy; The Internet; Reasonable doubt; Identity (social science); Suspect; Computer security; Computer science; Digital forensics,,,,,http://dx.doi.org/10.1016/j.istr.2010.10.008 https://dx.doi.org/10.1016/j.istr.2010.10.008 https://dblp.uni-trier.de/db/journals/istr/istr15.html#JonesM10 http://www.sciencedirect.com/science/article/pii/S1363412710000336 https://ro.ecu.edu.au/ecuworks/6286/ https://core.ac.uk/display/41533570 https://www.sciencedirect.com/science/article/pii/S1363412710000336 https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=7287&context=ecuworks https://core.ac.uk/download/41533570.pdf,http://dx.doi.org/10.1016/j.istr.2010.10.008,,10.1016/j.istr.2010.10.008,1965613142,,0,,7,true,,green
031-190-378-388-014,A Study of Trace for Data Wiping Tools,2010-04-30,2010,journal article,The KIPS Transactions:PartC,15982858,Korea Information Processing Society,,Yeon Soo Kim; Je Wan Bang; Jin Kook Kim; Sang Jin Lee,"The data wiping is a technique which perfectly deletes data in a storage to prevent data recovery. Currently, management of stored data is important because of increasing an accident of personal information leakage. Especially, if you need to discard data contained personal information, using a wiping tool which permanently deletes data to prevent unnecessary personal information leakage. The data wiping is also used for data security and privacy protection. However the data wiping can be used intentionally destruction of evidence. This intentionally destruction of evidence is important clues of forensic investigation. This paper demonstrates the methods for detecting the usage of wiping tools in digital forensic investigation.",17,2,159,164,Data security; Internet privacy; Personally identifiable information; Digital forensic investigation; Privacy protection; Computer security; Computer science; Data recovery; TRACE (psycholinguistics),,,,,http://ktsde.kips.or.kr/journals/ktsde/digital-library/14125 https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART001443618 http://ktccs.kips.or.kr/journals/ktccs/digital-library/14125 http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=JBCRDA_2010_v17Cn2_159,http://dx.doi.org/10.3745/kipstc.2010.17c.2.159,,10.3745/kipstc.2010.17c.2.159,2006523946,,0,001-829-135-644-040; 028-928-192-869-418; 040-393-580-637-973; 041-030-338-346-880; 060-382-239-802-033; 062-345-211-809-639; 079-756-125-507-152; 085-214-277-668-01X; 135-717-892-795-412; 145-993-598-458-216; 148-698-839-036-557,1,true,,bronze
032-192-641-675-455,Detecting file fragmentation point using sequential hypothesis testing,,2008,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Anandabrata Pal; Husrev T. Sencar; Nasir Memon,"File carving is a technique whereby data files are extracted from a digital device without the assistance of file tables or other disk meta-data. One of the primary challenges in file carving can be found in attempting to recover files that are fragmented. In this paper, we show how detecting the point of fragmentation of a file can benefit fragmented file recovery. We then present a sequential hypothesis testing procedure to identify the fragmentation point of a file by sequentially comparing adjacent pairs of blocks from the starting block of a file until the fragmentation point is reached. By utilizing serial analysis we are able to minimize the errors in detecting the fragmentation points. The performance results obtained from the fragmented test-sets of DFRWS 2006 and 2007 show that the method can be effectively used in recovery of fragmented files.",5,,S2,S13,Data mining; Data file; Parallel computing; Fragmentation (computing); File system fragmentation; File carving; Digital device; Computer science; Data recovery; Sequential analysis; Statistical hypothesis testing,,,,,https://dblp.uni-trier.de/db/journals/di/di5.html#PalSM08 https://www.sciencedirect.com/science/article/pii/S174228760800039X https://nyuscholars.nyu.edu/en/publications/detecting-file-fragmentation-point-using-sequential-hypothesis-te-2 https://doi.org/10.1016/j.diin.2008.05.015 https://dl.acm.org/doi/10.1016/j.diin.2008.05.015 https://www.dfrws.org/2008/proceedings/p2-pal.pdf http://www.sciencedirect.com/science/article/pii/S174228760800039X,http://dx.doi.org/10.1016/j.diin.2008.05.015,,10.1016/j.diin.2008.05.015,2143757321,,4,007-901-016-367-02X; 020-569-163-258-930; 023-341-419-324-638; 023-539-140-993-037; 043-093-846-816-675; 078-303-134-163-197; 082-440-435-702-102; 085-214-277-668-01X; 088-996-750-795-806; 132-246-550-138-466; 148-400-423-300-612,83,true,cc-by-nc-nd,hybrid
032-901-405-781-829,Remote Forensics May Bring the Next Sea Change in E-discovery: Are All Networked Computers Now Readily Accessible Under the Revised Federal Rules of Civil Procedure?,,2008,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,AleJoseph J. Schwerha; Scott Inch,"The recent amendments to Rule 26 of the Federal Rules of Civil Procedure created a two-tiered approach to discovery of electronically stored information (“ESI”). Responding parties must produce ESI that is relevant, not subject to privilege, and reasonably accessible. However, because some methods of storing ESI, such as on magnetic backup tapes and within enormous databases, require substantial cost to access and search their contents, the rules permit parties to designate those repositories as “not reasonably accessible” because of undue burden or cost. But even despite the difficulty in searching for ESI, the party’s duty to preserve potentially responsive evidence remains; it simply gains the option to forgo poring over the material. Further, the court might nevertheless compel production if the requesting party demonstrates good cause. Regardless of whether the responding party believes certain documents to be reasonably accessible or not, courts may still require their production.   In such cases, the court may then choose to order production, but shift the costs of doing so to the requesting party.  Throughout this process, the burden and cost of production are central themes.   Their determination is fluid, varying from case to case and even over time in the same situation.   Nowhere is this more evident than where a responding party has numerous, geographically dispersed computers under its control that may contain responsive ESI to a request for production of documents.  Traditionally, a responding party would be forced to make a decision of whether or not to send out computer forensic experts to all of these locations to make forensically sound copies of all of those computers and then analyze each.   This process is time consuming and costly.  Recently, several companies have put forth substantial solutions that facially allow a responding party to capture and analyze data on geographically dispersed computers remotely.  That process, in general, is often defined as remote forensics.  The question is now whether newly available remote forensic solution indicate that all networked computers are readily accessible under the current state of the law.  This article attempts to define remote forensics, examines a selection of applicable court decisions, and then analyzes the currently available commercial software packages that allow remote forensics.",3,3,5,28,Decision-making; Electronically stored information; Duty; Request for production; Privilege (computing); Federal Rules of Civil Procedure; Backup; Computer security; Computer science; Process (engineering),,,,,https://doi.org/10.15394/jdfsl.2008.1043 https://commons.erau.edu/jdfsl/vol3/iss3/1/ https://commons.erau.edu/cgi/viewcontent.cgi?article=1043&context=jdfsl https://doaj.org/article/aead7ed18b7a4d39b50264ebc21ffc93 https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl3.html#SchwerhaI08 https://core.ac.uk/display/91778063,http://dx.doi.org/10.15394/jdfsl.2008.1043,,10.15394/jdfsl.2008.1043,1568546921,,0,,1,true,cc-by-nc,gold
033-524-590-795-557,"RETRACTED: “A Probability Model of Covering Key Trace during Capturing Volatile Memory” Procedia Engineering Volume 29, 2012, Pages 1253–1258",,2012,journal article,Procedia Engineering,18777058,Elsevier BV,,Lianhai Wang; Hengjian Li; Zhen Su,"This article has been retracted: please see Elsevier Policy on Article Withdrawal (http://www.elsevier.com/locate/withdrawalpolicy).This article has been retracted at the request of the Editor.The authors have plagiarized part of a paper that had already appeared in Digital Investigation, 8 (2011) 3 - 22. http://dx.doi.org/10.1016/j.diin.2011.06.002. One of the conditions of submission of a paper for publication is that authors declare explicitly that their work is original and has not appeared in a publication elsewhere. Re-use of any data should be appropriately cited. As such this article represents a severe abuse of the scientific publishing system. The scientific community takes a very strong view on this matter and apologies are offered to readers of the journal that this was not detected during the submission process",29,,1253,1258,Volume (computing); Data mining; Artificial intelligence; Key (cryptography); Trace (semiology); Probability model; Computer science; Volatile memory,,,,,https://core.ac.uk/display/82620494 https://www.sciencedirect.com/science/article/pii/S1877705813003536 https://core.ac.uk/download/pdf/82620494.pdf,http://dx.doi.org/10.1016/j.proeng.2012.01.122,,10.1016/j.proeng.2012.01.122,2058167416,,0,003-412-732-826-511; 017-152-528-840-957; 030-155-118-042-252; 059-727-948-874-975; 070-537-312-031-893; 082-735-133-992-528; 093-448-702-012-591; 097-123-801-131-393; 139-495-561-188-858,1,true,,gold
033-828-616-991-63X,Bayesian based intrusion detection system,2011-11-17,2011,journal article,Journal of King Saud University - Computer and Information Sciences,13191578; 22131248,King Saud University,Saudi Arabia,Hesham Altwaijry; Saeed Algarny,"In this paper intrusion detection using Bayesian probability is discussed. The systems designed are trained a priori using a subset of the KDD dataset. The trained classifier is then tested using a larger subset of KDD dataset. Initially, a system was developed using a naive Bayesian classifier that is used to identify possible intrusions. This classifier was able to detect intrusion with an acceptable detection rate. The classier was then extended to a multi-layer Bayesian based intrusion detection. Finally, we introduce the concept that the best possible intrusion detection system is a layered approach using different techniques in each layer.",24,1,1,6,Bayesian probability; Data mining; Artificial intelligence; Intrusion; Pattern recognition; Bayesian filtering; Naive bayesian classifier; Detection rate; Intrusion detection system; Computer science; A priori and a posteriori; Classifier (UML),,,,,https://link.springer.com/chapter/10.1007/978-94-007-4786-9_3 https://link.springer.com/10.1007%2F978-94-007-4786-9_3 https://rd.springer.com/chapter/10.1007/978-94-007-4786-9_3 https://link.springer.com/chapter/10.1007/978-94-007-4786-9_3/fulltext.html https://www.sciencedirect.com/science/article/abs/pii/S1319157811000292 https://www.sciencedirect.com/science/article/pii/S1319157811000292 https://dblp.uni-trier.de/db/journals/jksucis/jksucis24.html#AltwaijryA12 https://www.researchgate.net/profile/Saeed_Algarny2/publication/257655499_Bayesian_based_intrusion_detection_system/links/0c960525acfa5dc7c6000000.pdf https://core.ac.uk/download/pdf/82513041.pdf,https://link.springer.com/chapter/10.1007/978-94-007-4786-9_3,,,2111873874,,0,003-074-429-408-537; 004-409-263-153-367; 018-055-327-262-822; 022-396-569-796-309; 024-768-074-341-588; 029-278-408-323-997; 030-853-718-820-482; 037-141-626-931-184; 044-140-831-751-480; 054-643-205-855-597; 065-725-525-963-130; 081-003-821-246-879; 085-075-506-809-764; 152-313-879-966-702; 180-519-494-337-090,78,true,"CC BY, CC BY-NC-ND",gold
034-884-693-198-013,A Comparison of the Classification of Disparate Malware Collected in Different Time Periods,2012-06-01,2012,journal article,Journal of Networks,17962056,Academy Publisher,Finland,Rafiqul Islam; Ronghua Tian; Veelasha Moonsamy; Lynn Batten,"It has been argued that an anti-virus strategy based on malware collected at a certain date, will not work at a later date because malware evolves rapidly and an anti-virus engine is then faced with a completely new type of executable not as amenable to detection as the first was. In this paper, we test this idea by collecting two sets of malware, the first from 2002 to 2007, the second from 2009 to 2010 to determine how well the anti-virus strategy we developed based on the earlier set [18] will do on the later set. This anti-virus strategy integrates dynamic and static features extracted from the executables to classify malware by distinguishing between families. We also perform another test, to investigate the same idea whereby we accumulate all the malware executables in the old and new dataset, separately, and apply a malware versus cleanware classification. The resulting classification accuracies are very close for both datasets, with a difference of approximately 5.4% for both experiments, the older malware being more accurately classified than the newer malware. This leads us to conjecture that current anti-virus strategies can indeed be modified to deal effectively with new malware.",7,6,946,955,Data mining; Executable; Set (abstract data type); Computer science; Malware,,,,,https://researchoutput.csu.edu.au/en/publications/a-comparison-of-the-classification-of-disparate-malware-collected https://dro.deakin.edu.au/eserv/DU:30046962/tian-acomparisonofthe-2012.pdf https://dblp.uni-trier.de/db/journals/jnw/jnw7.html#IslamTMB12 http://dblp.uni-trier.de/db/journals/jnw/jnw7.html#IslamTMB12 http://dro.deakin.edu.au/view/DU:30046962 http://hdl.handle.net/10536/DRO/DU:30046962,http://dx.doi.org/10.4304/jnw.7.6.946-955,,10.4304/jnw.7.6.946-955,2147112108,,0,007-595-895-977-525; 008-602-383-572-590; 011-176-116-706-047; 011-766-175-342-343; 018-176-597-776-103; 031-112-270-923-851; 037-456-087-839-878; 039-085-856-314-949; 039-886-239-681-348; 059-432-948-597-842; 091-678-683-731-136; 095-129-346-069-560; 101-747-496-628-966; 126-278-493-189-441; 137-320-213-389-496; 141-867-045-048-118; 182-221-704-359-169,6,true,,green
035-414-084-362-623,Honey Tokens and Web Bugs: Developing Reactive Techniques for Investigating Phishing Scams,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Craig M. McRae; Robert Wesley McGrew; Rayford B. Vaughn,"ABSTRACT This article presents a technique for investigating phishing scams. While most anti-phishing efforts focus on preventative measures, or reactive investigation techniques that are not specific to the domain of phishing, this technique applies the concepts of honeytokens and web bugs in a way that may reveal previously unknown information about the phisher. The objective of this work is to develop new ways of addressing phishing scams by exploiting vulnerabilities in the tools and methods used by the phishers. A review of phishing and current anti-phishing techniques is included, along with an introduction to honeytokens and web bugs. The technique is presented with preliminary data to demonstrate promise of the concept.",1,3,193,199,World Wide Web; Domain (software engineering); Computer security; Computer science; Phishing,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#McRaeMV06 https://www.tandfonline.com/doi/full/10.1080/15567280600995857,http://dx.doi.org/10.1080/15567280600995857,,10.1080/15567280600995857,1983125774,,0,,2,false,,
035-672-281-328-899,Forensic science standards in fast-changing environments.,,2010,journal article,Science & justice : journal of the Forensic Science Society,13550306,Forensic Science Society,United Kingdom,Peter Sommer,"Regulatory trends in forensic science point strongly to the need for exhaustive testing of all findings and tools. At the same time a number of jurisdictions suggest a judicial test for the admissibility of novel scientific evidence. But in fields such as computers and cellphones, the rate of change is faster than the normal times required for peer-reviewed publication. One route to admitting less-than-perfect findings from forensic science is via a re-evaluation of the role of expert evidence and in particular pre-trial meetings between experts.",50,1,12,17,Scientific evidence; Engineering; Forensic science; Point (typography); Law; Data science; Test (assessment),,Computers/trends; Expert Testimony; Forensic Sciences/legislation & jurisprudence; Humans; Professional Competence; Research Design,,,https://www.ncbi.nlm.nih.gov/pubmed/20408377 https://www.sciencedirect.com/science/article/pii/S1355030609001786 https://www.scienceandjusticejournal.com/article/S1355-0306(09)00178-6/abstract http://oro.open.ac.uk/19455/ http://oro.open.ac.uk/19455/4/Forensic_Science_Standards_in_Fast_Changing_Environments.pdf http://www.sciencedirect.com/science/article/pii/S1355030609001786 https://core.ac.uk/download/82912020.pdf,http://dx.doi.org/10.1016/j.scijus.2009.11.006,20408377,10.1016/j.scijus.2009.11.006,2012414703,,0,,15,true,,green
036-412-863-725-881,Forensic Relative Strength Scoring: ASCII and Entropy Scoring.,,2004,journal article,International Journal of Digital Evidence,,,,Matthew M. Shannon,"This paper is the result of an investigation into applying statistical tools and methodologies to the discovery of digital evidence. Multiple statistical methods were reviewed; the two most useful are presented here. It is important to note that this paper represents an inquiry into the value of applied mathematical analysis to digital forensics investigations. Readers are encouraged to explore the concepts and make use of the tools presented here, in the hope that a synergy can be developed and concepts can be expanded to meet future challenges. In addition, this paper contains practical examples using modified Sleuthkit tools containing the proposed statistical measurements.",2,,,,ASCII; Information retrieval; Relative strength; Digital evidence; Computer science; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/ijde/ijde2.html#Shannon04 https://www.utica.edu/academic/institutes/ecii/publications/articles/A0B3DC9E-F145-4A89-36F7462B629759FE.pdf,https://dblp.uni-trier.de/db/journals/ijde/ijde2.html#Shannon04,,,139030970,,0,,31,false,,
036-748-735-878-276,AN IMAGE ENCRYPTION METHOD: SD-ADVANCED IMAGE ENCRYPTION STANDARD: SD-AIES,,2012,journal article,International Journal of Cyber-Security and Digital Forensics,23050012,,,Somdip Dey,"The security of digital information in modern times is one of the most important factors to keep in mind. For this reason, in this paper, the author has proposed a new standard method of image encryption. The proposed method consists of 4 different stages: 1) First, a number is generated from the password and each pixel of the image is converted to its equivalent eight binary number, and in that eight bit number, the number of bits, which are equal to the length of the number generated from the password, are rotated and reversed; 2) In second stage, extended hill cipher technique is applied by using involutory matrix, which is generated by same password used in second stage of encryption to make it more secure; 3) In third stage, generalized modified Vernam Cipher with feedback mechanism is used on the file to create the next level of encryption; 4) Finally in fourth stage, the whole image file is randomized multiple number of times using modified MSA randomization encryption technique and the randomization is dependent on another number, which is generated from the password provided for encryption method. SD-AIES is an upgraded version of SD-AEI Image Encryption Technique. The proposed method, SD-AIES is tested on different image files and the results were far more than satisfactory.",1,2,82,88,Digital image processing; Password; Image (mathematics); Encryption; Hill cipher; Cipher; Computer science; Image file formats; Theoretical computer science; Bit numbering; Arithmetic,,,,,https://sdiwc.net/digital-library/an-image-encryption-method-sdadvanced-image-encryption-standard-sdaies.html,https://sdiwc.net/digital-library/an-image-encryption-method-sdadvanced-image-encryption-standard-sdaies.html,,,1546430064,,0,003-319-548-096-866; 017-758-017-694-296; 033-029-624-613-806; 037-108-845-140-345; 051-549-049-898-885; 059-652-002-507-409; 072-030-540-786-614; 119-096-123-965-211; 151-811-982-921-76X; 167-110-059-840-535; 179-098-068-568-453; 191-085-724-528-428,18,false,,
037-258-902-768-539,Selecting a Research Topic: A Framework for Doctoral Students,,2012,journal article,International Journal of Doctoral Studies,15568881; 15568873,Informing Science Institute,United States,Andy Luse; Brian E. Mennecke; Anthony M. Townsend,"This article provides an explanation of the process for selecting a research topic. The article uses Kuhn’s classic work on scientific revolutions to delineate the steps in developing theoretical research within an area. The paper provides methods for preparing to develop a research topic, steps for approaching a research problem, as well as methods for problem theoretical development. We end the article with pitfalls that can occur when selecting a research topic as well as bright spots with regard to doctoral students beginning research in an area. Our hope is that this research will help beginning doctoral students start the process of developing a research topic by providing assistance with the overall process.",7,,143,152,Development theory; Theoretical research; Research quality; Computer science; Process (engineering); Management science,,,,,https://core.ac.uk/display/38936954 http://ijds.org/Volume7/IJDSv7p143-153Luse330.pdf https://www.informingscience.org/Publications/1572 https://www.questia.com/library/journal/1G1-302402992/selecting-a-research-topic-a-framework-for-doctoral https://works.bepress.com/brian_mennecke/20/ https://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=1002&context=scm_pubs https://lib.dr.iastate.edu/scm_pubs/3/ https://core.ac.uk/download/38936954.pdf,http://dx.doi.org/10.28945/1572,,10.28945/1572,2162875959,,0,001-448-826-471-741; 002-098-094-127-361; 008-720-519-907-263; 019-877-053-907-329; 022-666-327-984-718; 026-679-229-301-504; 032-604-301-192-893; 033-942-166-593-050; 043-752-535-946-145; 061-704-551-018-089; 071-877-026-148-887; 077-841-254-398-793; 093-779-978-973-429; 100-694-242-092-804; 103-801-149-971-759; 104-391-804-483-397; 124-336-028-504-75X; 184-621-092-779-722; 188-549-576-460-277; 194-701-488-982-412; 197-484-732-830-068,28,true,cc-by-nc,green
037-262-511-068-705,A Modeling of Forensics for Mobile IP Spoofing Prevention,2012-04-30,2012,journal article,The Journal of Korea Navigation Institute,12269026,The Korea Navigation Institute,,Sun-Hee Park; Dong-Il Yang; Kwang-Youn Jin; Hyung-Jin Choi,"Abstract Rapid development of the IT technology and mobile communications has increasingly improved many kinds of digital devices arise, as well as the mobile technology. However, the attacks (virus, hacking and Ip spoofing etc) have also increasingly grown dogged on any region including the society security. As the visual data is prone to copy, delete and move etc, it is necessary that attesting to the integrity of forensics evidence is crucial, as well as data transmission security. This paper presents a framework model using digital forensics method and the results of its performance evaluation for mobile security. The results show that the integrity of the visual data can be obtain with high security and make a proposal refer to prevention of Mobile IP Spoofing attack using our hashing data.Key words : IT, Spoofing, Mobile, Forensics, Security I. 서 론 .123N¬8.1­7%23S8®PL’, 5L2 389:t8¯?°tD; q·I. °Y{, ; <567%.tDIPt¸¹VW.1gT?o2{»¼^_ ?½¾„?IP(IP Spoofing)?xA8K ?.1­’58",16,2,307,317,IP address spoofing; Spoofing attack; Computer network; Computer security; Computer science; Network forensics; Mobile technology; Mobile IP; Digital forensics; Mobile telephony; Hash function,,,,,http://koreascience.or.kr/article/ArticleFullRecord.jsp?cn=HHHHBI_2012_v16n2_307,http://dx.doi.org/10.12673/jkoni.2012.16.2.307,,10.12673/jkoni.2012.16.2.307,2012985563,,0,,0,true,,bronze
037-424-549-158-502,A study on block-based recovery of damaged digital forensic evidence image,2011-02-05,2011,journal article,Multimedia Tools and Applications,13807501; 15737721,Springer Science and Business Media LLC,Netherlands,Eun-Gyeom Jang; Byong-Soo Koh; Yong-Rak Choi,"In digital forensic, evidence images are stored on the disk by a forensic tool. However, the stored images can be damaged due to unexpected internal and external electromagnetic effects. Existing forensic tools only provide integrity and authenticity of the evidence images by utilizing legacy cryptographic methods, i.e., applying hash values and digital signatures. Accordingly, such integrity and authenticity applied to those evidence images can be easily corrupted when the disk is damaged. In this paper, we focus on such limitations of the existing forensic tools and introduce a new scheme that can recover and protect the evidence images on the disk. Specifically, evidence images are divided into blocks; linkage relations between those blocks are formed; and a meta-block is applied to restore the damaged blocks. Blocks in the damaged areas detected using CRC information are subject to a multi-dimensional block operation for recovery of damaged blocks and protection for evidence images.",57,2,407,422,Digital signature; Forensic science; Block (data storage); Artificial intelligence; Cryptography; Computer vision; Computer security; Focus (computing); Computer science; Data recovery; Computer forensics; Digital forensics; Hash function,,,,,https://link.springer.com/article/10.1007/s11042-011-0738-9/fulltext.html https://dblp.uni-trier.de/db/journals/mta/mta57.html#JangKC12 https://link.springer.com/article/10.1007%2Fs11042-011-0738-9,http://dx.doi.org/10.1007/s11042-011-0738-9,,10.1007/s11042-011-0738-9,2051930945,,0,020-944-423-224-895; 032-697-093-668-898; 199-172-967-270-034,7,false,,
041-239-448-680-174,The Impact of Hard Disk Firmware Steganography on Computer Forensics,,2009,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Iain Sutherland; Gareth Davies; Nick Pringle; Andrew Blyth,"The hard disk drive is probably the predominant form of storage media and is a primary data source in a forensic investigation. The majority of available software tools and literature relating to the investigation of the structure and content contained within a hard disk drive concerns the extraction and analysis of evidence from the various file systems which can reside in the user accessible area of the disk. It is known that there are other areas of the hard disk drive which could be used to conceal information, such as the Host Protected Area and the Device Configuration Overlay. There are recommended methods for the detection and forensic analysis of these areas using appropriate tools and techniques. However, there are additional areas of a disk that have currently been overlooked.  The Service Area or Platter Resident Firmware Area is used to store code and control structures responsible for the functionality of the drive and for logging failing or failed sectors. This paper provides an introduction into initial research into the investigation and identification of issues relating to the analysis of the Platter Resident Firmware Area. In particular, the possibility that the Platter Resident Firmware Area could be manipulated and exploited to facilitate a form of steganography, enabling information to be concealed by a user and potentially from a digital forensic investigator.",4,2,73,84,Steganography; Operating system; Logical disk; Host protected area; Computer security; Computer science; Forensic disk controller; Computer forensics; Firmware; Identification (information); Digital forensics,,,,,https://core.ac.uk/display/91907499 https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl4.html#SutherlandDPB09 https://commons.erau.edu/jdfsl/vol4/iss2/5/ https://doi.org/10.15394/jdfsl.2009.1059 https://commons.erau.edu/cgi/viewcontent.cgi?article=1059&context=jdfsl https://oaji.net/articles/2014/1095-1407795502.pdf https://doaj.org/article/6406d973de5a414693537704f5a2f61c,http://dx.doi.org/10.15394/jdfsl.2009.1059,,10.15394/jdfsl.2009.1059,1526859224,,0,005-315-601-721-195; 041-030-338-346-880; 122-917-031-078-926; 129-842-013-619-240,4,true,cc-by-nc,gold
041-277-806-049-882,The persistence of memory: Forensic identification and extraction of cryptographic keys,,2009,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Carsten Maartmann-Moe; Steffen E. Thorkildsen; André íRnes,"The increasing popularity of cryptography poses a great challenge in the field of digital forensics. Digital evidence protected by strong encryption may be impossible to decrypt without the correct key. We propose novel methods for cryptographic key identification and present a new proof of concept tool named Interrogate that searches through volatile memory and recovers cryptographic keys used by the ciphers AES, Serpent and Twofish. By using the tool in a virtual digital crime scene, we simulate and examine the different states of systems where well known and popular cryptosystems are installed. Our experiments show that the chances of uncovering cryptographic keys are high when the digital crime scene are in certain well-defined states. Finally, we argue that the consequence of this and other recent results regarding memory acquisition require that the current practices of digital forensics should be guided towards a more forensically sound way of handling live analysis in a digital crime scene.",6,,S132,S140,Encryption; Cryptographic primitive; Crime scene; Key management; Key (cryptography); Cryptographic protocol; Computer security; Computer science; Symmetric-key algorithm; Digital forensics,,,,,http://www.sciencedirect.com/science/article/pii/S1742287609000486 https://www.sciencedirect.com/science/article/abs/pii/S1742287609000486 https://doi.org/10.1016/j.diin.2009.06.002 https://dblp.uni-trier.de/db/journals/di/di6.html#Maartmann-MoeTA09 https://www.sciencedirect.com/science/article/pii/S1742287609000486 https://www.dfrws.org/2009/proceedings/p132-moe.pdf,http://dx.doi.org/10.1016/j.diin.2009.06.002,,10.1016/j.diin.2009.06.002,2136331433,,5,001-304-351-638-313; 020-753-903-845-023; 023-377-728-027-754; 030-121-862-351-330; 032-949-282-040-096; 037-282-902-853-127; 041-030-338-346-880; 042-793-944-798-15X; 058-506-167-305-248; 063-084-969-285-764; 064-388-382-052-645; 080-351-281-760-491; 102-056-552-754-419; 107-374-225-170-104; 141-445-106-549-822; 149-010-267-691-537; 155-302-434-131-038; 159-160-746-436-214; 184-948-841-629-735; 193-083-472-536-950; 197-159-965-693-448,48,true,cc-by-nc-nd,hybrid
041-530-741-342-506,Detecting Digital Image Forgeries Using Re-Sampling by Automatic Region of Interest (ROI),2012-05-01,2012,journal article,ICTACT Journal on Image and Video Processing,09769099; 09769102,ICT Academy,,P. Subathra; A. Baskar; D. Senthil Kumar,"Nowadays, digital images can be easily altered by using highperformance computers, sophisticated photo-editing, computer graphics software, etc. It will affect the authenticity of images in law, politics, the media, and business. In this paper, we proposed a Resampling technique using automatic selection of Region of Interest (ROI) method for finding the authenticity of digitally altered image. The proposed technique provides better results beneath scaling, rotation, skewing transformations, and any of their arbitrary combinations in image. It surmounts the protracted complexity in manual ROI selection.",02,04,405,409,Image (mathematics); Resampling; Artificial intelligence; Region of interest; Software; Computer vision; Computer science; Digital image; Rotation (mathematics); Computer graphics; Selection (genetic algorithm),,,,,https://www.amrita.edu/publication/detecting-digital-image-forgeries-using-re-sampling-automatic-region-interest-roi http://ictactjournals.in/ArticleDetails.aspx?id=647 https://core.ac.uk/display/25533289 https://core.ac.uk/download/pdf/25533289.pdf,http://dx.doi.org/10.21917/ijivp.2012.0057,,10.21917/ijivp.2012.0057,2183067087,,0,016-617-865-487-243; 038-871-926-937-263; 062-840-517-280-190; 078-510-052-383-26X; 124-874-123-332-712; 150-280-000-852-253; 159-132-926-596-284; 166-775-928-209-738; 180-552-666-228-97X,3,true,cc-by-nc-sa,gold
041-838-544-052-666,Image Forgery Localization via Block-Grained Analysis of JPEG Artifacts,,2012,journal article,IEEE Transactions on Information Forensics and Security,15566013; 15566021,Institute of Electrical and Electronics Engineers (IEEE),United States,Tiziano Bianchi; Alessandro Piva,"In this paper, we propose a forensic algorithm to discriminate between original and forged regions in JPEG images, under the hypothesis that the tampered image presents a double JPEG compression, either aligned (A-DJPG) or nonaligned (NA-DJPG). Unlike previous approaches, the proposed algorithm does not need to manually select a suspect region in order to test the presence or the absence of double compression artifacts. Based on an improved and unified statistical model characterizing the artifacts that appear in the presence of both A-DJPG or NA-DJPG, the proposed algorithm automatically computes a likelihood map indicating the probability for each 8 × 8 discrete cosine transform block of being doubly compressed. The validity of the proposed approach has been assessed by evaluating the performance of a detector based on thresholding the likelihood map, considering different forensic scenarios. The effectiveness of the proposed method is also confirmed by tests carried on realistic tampered images. An interesting property of the proposed Bayesian approach is that it can be easily extended to work with traces left by other kinds of processing.",7,3,1003,1017,Algorithm design; Artificial intelligence; Transform coding; Thresholding; JPEG; Quantization (image processing); Discrete cosine transform; Object detection; Quantization (signal processing); Computer vision; Computer science; Compression artifact; Data compression,,,,,https://iris.polito.it/handle/11583/2505892 http://ieeexplore.ieee.org/document/6151134 https://ieeexplore.ieee.org/abstract/document/6151134 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000006151134 https://doi.org/10.1109/TIFS.2012.2187516 http://dx.doi.org/10.1109/TIFS.2012.2187516 http://porto.polito.it/2505892/ https://dl.acm.org/doi/10.1109/TIFS.2012.2187516 https://dblp.uni-trier.de/db/journals/tifs/tifs7.html#BianchiP12a http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000006151134 https://dx.doi.org/10.1109/TIFS.2012.2187516 https://dl.acm.org/citation.cfm?id=2713683 https://core.ac.uk/download/pdf/11432028.pdf,http://dx.doi.org/10.1109/tifs.2012.2187516,,10.1109/tifs.2012.2187516,1994743750,,4,002-978-775-225-739; 004-530-492-547-92X; 004-690-012-680-59X; 005-742-134-161-34X; 014-603-834-804-090; 027-524-182-531-723; 031-876-583-652-183; 039-604-410-537-357; 041-055-817-137-745; 042-324-311-104-451; 049-241-042-800-133; 076-260-513-205-959; 076-346-829-732-533; 077-009-437-168-880; 099-704-481-923-41X; 106-688-419-298-857; 112-077-011-771-30X; 122-001-451-301-450; 127-683-124-382-655; 135-262-782-091-897; 136-713-989-335-402; 143-695-756-474-732; 179-592-213-095-01X,334,true,,
042-216-818-835-386,Removing image artifacts due to dirty camera lenses and thin occluders,,2009,journal article,ACM Transactions on Graphics,07300301; 15577368,Association for Computing Machinery (ACM),United States,Jinwei Gu; Ravi Ramamoorthi; Peter N. Belhumeur; Shree K. Nayar,"Dirt on camera lenses, and occlusions from thin objects such as fences, are two important types of artifacts in digital imaging systems. These artifacts are not only an annoyance for photographers, but also a hindrance to computer vision and digital forensics. In this paper, we show that both effects can be described by a single image formation model, wherein an intermediate layer (of dust, dirt or thin occluders) both attenuates the incoming light and scatters stray light towards the camera. Because of camera defocus, these artifacts are low-frequency and either additive or multiplicative, which gives us the power to recover the original scene radiance pointwise. We develop a number of physics-based methods to remove these effects from digital photographs and videos. For dirty camera lenses, we propose two methods to estimate the attenuation and the scattering of the lens dirt and remove the artifacts -- either by taking several pictures of a structured calibration pattern beforehand, or by leveraging natural image statistics for post-processing existing images. For artifacts from thin occluders, we propose a simple yet effective iterative method that recovers the original scene from multiple apertures. The method requires two images if the depths of the scene and the occluder layer are known, or three images if the depths are unknown. The effectiveness of our proposed methods are demonstrated by both simulated and real experimental results.",28,5,144,10,Digital imaging; Computer graphics (images); Stray light; Computational photography; Artificial intelligence; Iterative method; Attenuation; Lens (optics); Dirt; Computer vision; Digital forensics,,,,Division of Computing and Communication Foundations; National Science Foundation; Office of Naval Research,https://core.ac.uk/display/21800904 https://dl.acm.org/doi/10.1145/1661412.1618490 http://portal.acm.org/citation.cfm?doid=1661412.1618490 https://dl.acm.org/citation.cfm?id=1618490 https://dblp.uni-trier.de/db/journals/tog/tog28.html#GuRBN09,http://dx.doi.org/10.1145/1618452.1618490,,10.1145/1618452.1618490,2165445908,,11,002-619-577-940-753; 004-362-864-983-539; 004-737-133-562-157; 005-761-170-091-741; 009-978-521-281-970; 012-412-270-035-761; 013-636-097-312-364; 014-756-273-588-902; 015-846-202-875-707; 027-535-972-270-71X; 032-680-712-374-215; 033-448-220-175-201; 043-156-904-693-972; 047-338-068-164-129; 050-007-274-906-738; 050-827-198-177-45X; 052-711-061-715-024; 054-001-363-792-793; 063-947-323-779-74X; 064-401-771-203-041; 067-080-949-872-942; 068-969-659-198-198; 080-046-931-205-043; 082-614-649-032-818; 082-889-334-394-85X; 085-908-259-403-583; 101-360-811-627-247; 116-189-540-430-916; 121-274-583-663-59X; 140-518-601-590-089; 148-038-191-941-023; 148-224-993-792-516; 151-732-143-508-661; 154-853-967-755-948; 165-717-460-765-277; 166-259-996-685-305; 169-850-031-401-414; 174-753-740-713-02X; 175-686-561-809-527; 176-970-924-676-001; 188-310-597-775-054; 190-018-241-644-575; 196-552-373-065-872,58,false,,
042-450-851-467-680,Detecting false captioning using common-sense reasoning,,2006,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Sangwon Lee; David A. Shamma; Bruce Gooch,"Detecting manipulated images has become an important problem in many domains (including medical imaging, forensics, journalism and scientific publication) largely due to the recent success of image synthesis techniques and the accessibility of image editing software. Many previous signal-processing techniques are concerned about finding forgery through simple transformation (e.g. resizing, rotating, or scaling), yet little attention is given to examining the semantic content of an image, which is the main issue in recent image forgeries. Here, we present a complete workflow for finding the anomalies within images by combining the methods known in computer graphics and artificial intelligence. We first find perceptually meaningful regions using an image segmentation technique and classify these regions based on image statistics. We then use AI common-sense reasoning techniques to find ambiguities and anomalies within an image as well as perform reasoning across a corpus of images to identify a semantically based candidate list of potential fraudulent images. Our method introduces a novel framework for forensic reasoning, which allows detection of image tampering, even with nearly flawless mathematical techniques.",3,,65,70,Digital image processing; Image segmentation; Feature detection (computer vision); Artificial intelligence; Image retrieval; Commonsense reasoning; Automatic image annotation; Information retrieval; Computer vision; Computer science; Computer graphics; Image processing,,,,,http://www.sciencedirect.com/science/article/pii/S1742287606000685 https://www.sciencedirect.com/science/article/pii/S1742287606000685 https://yonsei.pure.elsevier.com/en/publications/detecting-false-captioning-using-common-sense-reasoning https://doi.org/10.1016/j.diin.2006.06.006 https://dblp.uni-trier.de/db/journals/di/di3.html#LeeSG06 https://dl.acm.org/doi/10.1016/j.diin.2006.06.006,http://dx.doi.org/10.1016/j.diin.2006.06.006,,10.1016/j.diin.2006.06.006,2004711539,,0,006-033-598-743-983; 006-378-581-929-072; 008-633-799-741-257; 013-392-527-828-857; 015-851-827-476-104; 016-617-865-487-243; 019-649-904-231-79X; 031-075-146-866-220; 039-124-264-708-45X; 039-297-839-221-366; 045-568-616-540-617; 045-719-147-837-607; 045-981-655-378-439; 050-007-274-906-738; 051-388-541-746-459; 054-244-556-469-825; 062-480-042-724-512; 062-935-940-297-784; 069-528-465-236-961; 070-701-052-977-077; 075-286-905-404-93X; 076-198-255-092-415; 076-704-896-134-67X; 085-655-932-183-312; 088-324-350-683-491; 094-668-206-694-512; 095-657-818-735-736; 096-717-380-007-985; 098-786-697-583-552; 108-896-114-392-841; 115-858-345-941-648; 117-882-401-522-695; 125-162-036-005-386; 135-262-782-091-897; 138-113-346-753-33X; 173-881-114-277-726; 180-552-666-228-97X,19,true,cc-by-nc-nd,hybrid
043-112-794-493-421,Forensic Analysis of the Windows 7 Registry,,2010,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Khawla Alghafli; Andrew Jones; Thomas Martin,"The recovery of digital evidence of crimes from storage media is an increasingly time consuming process as the capacity of the storage media is in a state of constant growth. It is also a difficult and complex task for the forensic investigator to analyse all of the locations in the storage media. These two factors, when combined, may result in a delay in bringing a case to court. The concept of this paper is to start the initial forensic analysis of the storage media in locations that are most likely to contain digital evidence, the Windows Registry. Consequently, the forensic analysis process and the recovery of digital evidence may take less time than would otherwise be required. In this paper, the Registry structure of Windows 7 is discussed together with several elements of information within the Registry of Windows 7 that may be valuable to a forensic investigator. These elements were categorized into five groups which are system, application, networks, attached devices and the history lists. We have discussed the values of identified elements to a forensic investigator. Also, a tool was implemented to perform the function of extracting these elements and presents them in usable form to a forensics investigator.",5,4,5,30,World Wide Web; Data science; Windows Registry; Task (computing); USable; Digital evidence; Computer science; Process (engineering); State (computer science); Computer forensics; Function (engineering),,,,,https://commons.erau.edu/cgi/viewcontent.cgi?article=1081&context=jdfsl https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl5.html#AlghafliJM10 https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1071&context=adf https://ro.ecu.edu.au/adf/72/ https://commons.erau.edu/jdfsl/vol5/iss4/1/ https://core.ac.uk/display/41529205 https://core.ac.uk/download/41529205.pdf,http://dx.doi.org/10.15394/jdfsl.2010.1081,,10.15394/jdfsl.2010.1081,1512782868,,0,064-388-382-052-645; 141-125-834-658-119,15,true,cc-by-nc,gold
043-333-978-973-998,Using digital logs to reduce academic misdemeanour by students in digital forensic assessments,,2011,journal article,Journal of Information Technology Education: Innovations in Practice,21653151; 2165316x,Informing Science Institute,United States,Harjinder Singh Lallie; Phillip Lawson; David Day,"Identifying academic misdemeanours and actual applied effort in student assessments involving practical work; can be problematic. For instance, it can be difficult to assess the actual effort that a student applied, the; sequence and method applied, and whether there was any form of collusion or collaboration. In this paper we; propose a system of using digital logs generated by selected software tools (such as FTK- Forensic Toolkit and; EnCase), for the purpose of identifying the effort and sequence of events that students followed to complete their; learning activities, (say, arriving at conclusions relating to an assessment question) and thereby determining; whether it is likely that an academic misdemeanour may have occurred. The paper elaborates on an assessment; exercise conducted with a cohort of 67 students in a specific class of disciplinary learning, highlighting the; process that students have to follow, and then proceeds to show in some details how selected logging facilities can; be used to provide evidence that students may have committed an academic misdemeanour.",10,1,255,269,Information technology; World Wide Web; Content analysis; Class (computer programming); Data science; Cheating; Academic achievement; Computer science; Process (engineering); Digital forensics; Discipline,,,,,https://shura.shu.ac.uk/5242/1/Using_digital_logs_to_reduce_academic_misdemeanour_in_digital_forensic_assessment_V4.1_ https://eric.ed.gov/?id=EJ965120 http://www.learntechlib.org/p/71149/ https://www.informingscience.org/Publications/1533 http://www.jite.org/documents/Vol10/JITEv10IIPp255-269Lallie1026.pdf https://core.ac.uk/display/43992727 https://www.learntechlib.org/p/71149/ https://shura.shu.ac.uk/5242/,http://dx.doi.org/10.28945/1533,,10.28945/1533,1786503853,,0,003-126-053-087-131; 005-695-308-125-439; 007-832-595-971-443; 021-417-762-373-619; 032-697-093-668-898; 128-450-652-988-596,0,true,,bronze
043-650-343-580-524,Embedded System for Real-Time Digital Processing of Medical Ultrasound Doppler Signals,2008-04-30,2008,journal article,EURASIP Journal on Advances in Signal Processing,16876180; 16876172,Springer Science and Business Media LLC,Germany,Stefano Ricci; Alessandro Dallai; Enrico Boni; Luca Bassi; Francesco Guidi; Andrea Cellai; Piero Tortoli,"Ultrasound (US) Doppler systems are routinely used for the diagnosis of cardiovascular diseases. Depending on the application, either single tone bursts or more complex waveforms are periodically transmitted throughout a piezoelectric transducer towards the region of interest. Extraction of Doppler information from echoes backscattered from moving blood cells typically involves coherent demodulation and matched filtering of the received signal, followed by a suitable processing module. In this paper, we present an embedded Doppler US system which has been designed as open research platform, programmable according to a variety of strategies in both transmission and reception. By suitably sharing the processing tasks between a state-of-the-art FGPA and a DSP, the system can be used in several medical US applications. As reference examples, the detection of microemboli in cerebral circulation and the measurement of wall _distension_ in carotid arteries are finally presented.",2008,1,418235,,Filter (signal processing); Signal; Electrical engineering; Cerebral circulation; Doppler effect; Ultrasound; Backscatter; Digital signal processor; Demodulation; Region of interest; Waveform; Acoustics; Carotid arteries; Medical ultrasound; Computer science; Matched filter; Transmission (telecommunications); Digital signal processing,,,,,https://link.springer.com/article/10.1155/2008/418235 http://asp.eurasipjournals.springeropen.com/track/pdf/10.1155/2008/418235?site=asp.eurasipjournals.springeropen.com https://asp-eurasipjournals.springeropen.com/articles/10.1155/2008/418235 http://ui.adsabs.harvard.edu/abs/2008EJASP2008...45R/abstract https://paperity.org/p/75264906/embedded-system-for-real-time-digital-processing-of-medical-ultrasound-doppler-signals http://dblp.uni-trier.de/db/journals/ejasp/ejasp2008.html#RicciDBBGCT08 https://www.researchgate.net/profile/Piero_Tortoli/publication/26522881_Embedded_System_for_Real-Time_Digital_Processing_of_Medical_Ultrasound_Doppler_Signals/links/0fcfd5092a3ace8529000000.pdf https://link.springer.com/content/pdf/10.1155%2F2008%2F418235.pdf https://dblp.uni-trier.de/db/journals/ejasp/ejasp2008.html#RicciDBBGCT08 https://dx.doi.org/10.1155/2008/418235 https://core.ac.uk/download/pdf/301559851.pdf,http://dx.doi.org/10.1155/2008/418235,,10.1155/2008/418235,2034694466,,0,014-512-067-930-999; 018-053-908-553-063; 022-611-335-292-879; 029-422-615-714-775; 039-005-393-346-414; 047-420-144-521-742; 051-438-705-146-55X; 053-008-429-333-14X; 071-478-653-972-682; 080-191-739-735-256; 096-822-164-130-449; 102-161-142-572-916; 114-267-185-477-688; 133-825-998-015-117; 179-033-363-639-499,8,true,cc-by,gold
043-705-762-299-193,Vision-based technique for secure recognition of voice-less commands,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Wai Chee Yau; Dinesh Kumar; Hans Weghorn,"This article presents a secure method for identification of voice-less commands using mouth images, without evaluating sound signals. The main limitation in voice recognition technologies for internet applications is that the commands will be audible to other people in the vicinity. The proposed technique identifies the unspoken utterances using support vector machines. The proposed system is based on temporal integration of the video data to generate spatiotemporal templates (STT). Sixty-four Zernike Moments are extracted from each STT. The experimental results demonstrate that the proposed system yields promising in recognising English phonemes. The proposed technique is demonstrated to be invariant to global variations of illumination level. Such a system could be invaluable when it is important to communicate without making a sound, such as giving passwords and internet applications on mobile devices.",1,4,323,335,Password; The Internet; Support vector machine; Artificial intelligence; Mobile device; Speech recognition; Vision based; Computer vision; Computer science; Invariant (mathematics); Zernike polynomials,,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.02145 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#YauKW08 https://www.inderscience.com/link.php?id=21450,http://dx.doi.org/10.1504/ijesdf.2008.021450,,10.1504/ijesdf.2008.021450,2049781730,,0,015-522-377-591-609; 018-834-555-462-191; 018-835-513-079-324; 019-456-633-464-151; 032-281-086-102-256; 033-526-710-233-663; 037-317-510-227-546; 038-967-361-681-315; 060-350-535-366-137; 072-253-529-023-163; 085-543-975-386-420; 128-142-333-725-487; 135-913-430-618-313; 144-828-987-966-083; 149-575-175-018-239; 153-140-332-340-726; 157-838-172-895-801; 187-488-585-098-860,0,false,,
044-658-235-164-307,The threats of social networking: Old wine in new bottles?,,2011,journal article,Information Security Technical Report,13634127,Elsevier BV,Netherlands,George R. S. Weir; Fergus Toolan; Duncan Smeed,"Despite the many potential benefits to its users, social networking appears to provide a rich setting for criminal activities and other misdeeds. In this paper we consider whether the risks of social networking are unique and novel to this context. Having considered the nature and range of applications to which social networks may be applied, we conclude that there are no exploits or fundamental threats inherent to the social networking setting. Rather, the risks and associated threats treat this communicative and social context as an enabler for existing, long established and well-recognised exploits and activities.",16,2,38,43,Internet privacy; Social environment; Business; Exploit; Enabling; Context (language use); Cyber crime; Computer security,,,,,https://dlnext.acm.org/doi/abs/10.1016/j.istr.2011.09.008 https://pure.strath.ac.uk/portal/files/29969970/weir_toolan_smeed.pdf https://strathprints.strath.ac.uk/46448/ https://core.ac.uk/display/19332312 https://dl.acm.org/doi/10.1016/j.istr.2011.09.008 https://pureportal.strath.ac.uk/en/publications/the-threats-of-social-networking-old-wine-in-new-bottles https://www.sciencedirect.com/science/article/abs/pii/S1363412711000598 https://dblp.uni-trier.de/db/journals/istr/istr16.html#WeirTS11 https://www.infona.pl/resource/bwmeta1.element.elsevier-be63b0ae-d97f-3d04-9eb9-f0db23dbf218 http://www.sciencedirect.com/science/article/pii/S1363412711000598 https://doi.org/10.1016/j.istr.2011.09.008 https://core.ac.uk/download/19332312.pdf,http://dx.doi.org/10.1016/j.istr.2011.09.008,,10.1016/j.istr.2011.09.008,2054611115,,0,031-789-022-029-409; 079-761-455-963-755; 128-036-518-878-018; 164-233-751-793-174,37,true,,green
044-834-247-088-997,A study on multimedia file carving method,2011-01-19,2011,journal article,Multimedia Tools and Applications,13807501; 15737721,Springer Science and Business Media LLC,Netherlands,Byeongyeong Yoo; Jungheum Park; Sungsu Lim; Jewan Bang; Sangjin Lee,"File carving is a method that recovers files at unallocated space without any file information and used to recover data and execute a digital forensic investigation. In general, the file carving recovers files using the inherent header and footer in files or the entire file size determined in the file header. The largely used multimedia files, such as AVI, WAV, and MP3, can be exactly recovered using an internal format in files as they are continuously allocated. In the case of the NTFS, which is one of the most widely used file system, it supports an internal data compression function itself, but the NTFS compression function has not been considered in file carving. Thus, a large part of file carving tools cannot recover NTFS compressed files. Also, for carving the multimedia files compressed by the NTFS, a recovery method for such NTFS compressed files is required. In this study, we propose a carving method for multimedia files and represent a recovery plan for deleted NTFS compressed files. In addition, we propose a way to apply such a recovery method to the carving of multimedia files.",61,1,243,261,Operating system; Stub file; Defragmentation; Fork (file system); Versioning file system; Data file; File Control Block; File synchronization; Unix file types; File system fragmentation; File size; File carving; File system; Transactional NTFS; Torrent file; Computer science; Multimedia; Database; Computer file; File format,,,,,https://link.springer.com/content/pdf/10.1007%2Fs11042-010-0704-y.pdf https://koreauniv.pure.elsevier.com/en/publications/a-study-on-multimedia-file-carving-method https://dblp.uni-trier.de/db/journals/mta/mta61.html#YooPLBL12 https://link.springer.com/article/10.1007%2Fs11042-010-0704-y,http://dx.doi.org/10.1007/s11042-010-0704-y,,10.1007/s11042-010-0704-y,2080232059,,0,043-093-846-816-675; 085-214-277-668-01X,24,false,,
045-257-563-698-921,Perceptible watermarking: a promising application,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Malay Kishore Dutta,"This paper proposes an unusual method for perceptible watermarking algorithm based on the commercial requirements. An audio file is hosted in the website for commercial purpose with a removable watermarking on a portion of it. The objective of this watermark is contrary to that of conventional watermarking. The watermark degrades the quality of the audio file such that it becomes annoyingly perceptible to human auditory system. Chaos theory is used to generate millions of audibly similar but numerically different versions of the watermarked signal. On the removal of this perceptible watermark, a new imperceptible watermark is inserted in the audio as per the conventional requirements. This perceptible method of watermarking is termed as ink marking, and it provides a novel method for digital right management control. The subjective quality tests and robustness tests indicate that the audio quality is excellent. The algorithm is also robust to signal processing attacks.",3,4,363,375,Signal processing; Signal; Digital watermarking; Artificial intelligence; Watermark; Sound quality; Quality (business); Computer vision; Computer science; Multimedia; Digital rights management; Robustness (computer science),,,,,https://dl.acm.org/doi/abs/10.1504/IJESDF.2010.038614 https://www.inderscience.com/link.php?id=38614 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#Dutta10 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.038614,http://dx.doi.org/10.1504/ijesdf.2010.038614,,10.1504/ijesdf.2010.038614,2112730791,,0,001-306-724-293-960; 005-531-300-735-581; 009-791-745-094-55X; 030-972-927-246-239; 039-799-150-083-979; 041-437-373-580-036; 047-460-524-314-469; 048-867-353-164-312; 056-012-264-606-429; 101-416-923-138-632; 103-112-984-408-130; 186-280-888-196-303,0,false,,
045-496-560-764-477,An Evaluation of Popular Copy-Move Forgery Detection Approaches,,2012,journal article,IEEE Transactions on Information Forensics and Security,15566013; 15566021,Institute of Electrical and Electronics Engineers (IEEE),United States,Vincent Christlein; Christian Riess; Johannes Jordan; Corinna Riess; Elli Angelopoulou,"A copy-move forgery is created by copying and pasting content within the same image, and potentially post-processing it. In recent years, the detection of copy-move forgeries has become one of the most actively researched topics in blind image forensics. A considerable number of different algorithms have been proposed focusing on different types of postprocessed copies. In this paper, we aim to answer which copy-move forgery detection algorithms and processing steps (e.g., matching, filtering, outlier detection, affine transformation estimation) perform best in various postprocessing scenarios. The focus of our analysis is to evaluate the performance of previously proposed feature sets. We achieve this by casting existing algorithms in a common pipeline. In this paper, we examined the 15 most prominent feature sets. We analyzed the detection performance on a per-image basis and on a per-pixel basis. We created a challenging real-world copy-move dataset, and a software framework for systematic image manipulation. Experiments show, that the keypoint-based features SIFT and SURF, as well as the block-based DCT, DWT, KPCA, PCA and Zernike features perform very well. These feature sets exhibit the best robustness against various noise sources and downsampling, while reliably identifying the copied regions.",7,6,1841,1854,Block (data storage); Artificial intelligence; Pattern recognition; Discrete cosine transform; Computer science; Scale-invariant feature transform; Feature (computer vision); Anomaly detection; Affine transformation; Robustness (computer science); Noise (video); Upsampling; Feature detection (computer vision); Computer vision; Feature extraction; Computer forensics,,,,,http://export.arxiv.org/pdf/1208.3665 https://arxiv.org/abs/1208.3665 https://arxiv.org/pdf/1208.3665.pdf http://arxiv.org/abs/1208.3665,http://dx.doi.org/10.1109/tifs.2012.2218597,,10.1109/tifs.2012.2218597,3121767244; 2149073238,,4,000-840-775-659-807; 002-515-098-916-637; 003-452-747-766-941; 006-620-387-492-332; 014-505-479-140-920; 018-674-519-528-237; 020-083-676-959-695; 021-504-300-978-651; 024-880-026-093-866; 028-462-269-708-347; 028-953-694-298-998; 029-093-526-590-26X; 029-322-330-771-081; 035-902-389-753-687; 042-074-416-956-571; 044-938-059-384-373; 062-007-949-183-546; 069-847-568-544-420; 071-332-829-444-727; 071-583-782-423-553; 076-346-829-732-533; 076-704-896-134-67X; 080-794-266-877-942; 097-461-557-468-286; 104-204-648-490-782; 109-476-603-812-267; 117-609-454-095-415; 119-327-495-983-141; 121-629-470-912-852; 124-354-336-145-903; 124-874-123-332-712; 133-788-221-347-278; 140-241-199-301-269; 151-822-004-554-245; 160-685-922-453-820; 169-067-821-124-904; 171-914-226-715-693; 173-881-114-277-726; 184-003-508-945-774; 185-278-534-528-121; 185-915-249-791-878; 196-251-404-109-016,580,true,,green
045-545-834-607-021,Evaluation of cyber legislations: trading in the global cyber village,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Hamid Jahankhani,"The menace of organised crime and terrorist activity grows ever more sophisticated as the ability to enter, control and destroy our electronic and security systems grows at an equivalent rate. Cyber-crime (organised criminal acts using microchip and software manipulation) is the world's biggest growth industry and is now costing an estimated $220 billion loss to organisations and individuals, every year. There are serious threats to nations, governments, corporations and the most vulnerable group of all, individuals. Cyber-crime combines the same methods of traditional crime identifying targets, using surveillance and psychological profiling but has added-in levels of duplicity in that the perpetrator need never actually be at the scene of the crime. Indeed the traditional idea of a criminal gang is meaningless in that the unit may exist but each member resides on a different continent and never needs to physically meet. The types of attack individuals face include confidence-trick telephone calls or actual encounters calculated to extract bank or personal details, computer spyware that opens on accessing the internet, enticing users with offers of non-existent free gifts while copying confidential files and programmes that can infiltrate networks, operating within them undetected, ultimately causing them to crash. Information and services provided on the internet which can be utilised by any person(s) with access bring to fore the concept of legislations. Thus cyber laws and legislations refers to those guidelines and regulations put in place to ensure that information and services so displayed and acquired on the internet meet a standard within the e-society. This paper aims to review these legislations and showcasing their impact and relevance to the society for which they are formulated. Finally, the question whether the current internet legislation is adequate to protect society is also raised.",1,1,1,11,The Internet; Profiling (information science); Organised crime; Legislation; Copying; Computer security; Computer science; Online advertising; Confidentiality; Hacker,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#Jahankhani07 https://repository.uel.ac.uk/item/866q6 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.013588 https://www.inderscience.com/link.php?id=13588,http://dx.doi.org/10.1504/ijesdf.2007.013588,,10.1504/ijesdf.2007.013588,2166531541,,0,010-913-318-627-137; 027-323-011-044-348; 033-067-103-429-752; 056-927-979-798-650; 152-450-875-308-13X,4,true,cc0,green
045-860-936-644-894,Analysis of Data Remaining on Second Hand ADSL Routers,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Patryk Szewczyk,"In theory an ADSL router is capable of providing immense security capabilities including but not limited to wireless encryption, denial of service prevention through firewall rule sets, and logging facilities for review or analysis of network events. However, most laymen may be unaware of the intricacies of the security measures available to them. As a result a vast array of information could remain on ADSL routers once the device is sold, including the users’ approach to security, Internet usage habits, or more importantly confidential user or account information. This paper presents the findings of data acquired from second hand ADSL routers purchased during the first quarter of 2011. The outcomes demonstrate that individuals are not removing their identity adequately and are leaving confidential data which may lead to detrimental outcomes if misused. The paper also demonstrates that the overall security of these devices is alarmingly low, and thus many consumers may fall victim to new and emergent Internet based crimes.",6,3,17,30,The Internet; Encryption; Asymmetric digital subscriber line; Firewall (construction); Router; Computer security; Denial-of-service attack; Computer science; Data recovery; Confidentiality,,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Szewczyk11 https://core.ac.uk/display/41528625 https://commons.erau.edu/cgi/viewcontent.cgi?article=1098&context=jdfsl https://ro.ecu.edu.au/ecuworks2011/40/ https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1039&context=ecuworks2011 https://commons.erau.edu/jdfsl/vol6/iss3/3/ https://core.ac.uk/download/41528625.pdf,http://dx.doi.org/10.15394/jdfsl.2011.1098,,10.15394/jdfsl.2011.1098,1757056833,,0,000-134-731-347-408; 007-757-088-524-043; 008-008-963-693-557; 013-694-498-376-823; 052-783-938-076-074; 053-036-691-773-923; 058-322-495-375-492; 074-894-144-584-499; 109-603-269-791-542; 120-349-866-287-595; 164-381-518-047-655; 164-543-583-222-359; 175-408-216-808-443,2,true,cc-by-nc,gold
046-973-884-620-547,Treasure and tragedy in kmem_cache mining for live forensics investigation,,2010,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Andrew Case; Lodovico Marziale; Cris Neckar; Golden G. Richard,"This paper presents the first deep investigation of the kmem_cache facility in Linux from a forensics perspective. The kmem_cache is used by the Linux kernel to quickly allocate and deallocate kernel structures associated with processes, files, and the network stack. Our focus is on deallocated information that remains in the cache and the major contribution of this paper is to illustrate what forensically relevant information can be retrieved from the kmem_cache and what information is definitively not retrievable. We show that the kmem_cache contains a wealth of digital evidence, much of which was either previously unavailable or difficult to obtain, requiring ad hoc methods for extraction. Previously executed processes, memory mappings, sent and received network packets, NAT translations, accessed file system inodes, and more can all be recovered through examination of the kmem_cache contents. We also discuss portable methods for erasing this information, to ensure that private data is no longer recoverable.",7,,S41,S47,Operating system; Cache pollution; Cache; Cache coloring; Cache invalidation; Page cache; Cache algorithms; Computer science; Bus sniffing; Linux kernel; Database,,,,,http://www.sciencedirect.com/science/article/pii/S1742287610000332 https://dblp.uni-trier.de/db/journals/di/di7.html#CaseMNR10 https://www.sciencedirect.com/science/article/pii/S1742287610000332 https://dl.acm.org/doi/10.1016/j.diin.2010.05.006,http://dx.doi.org/10.1016/j.diin.2010.05.006,,10.1016/j.diin.2010.05.006,2103956577,,0,001-304-351-638-313; 011-569-292-128-546; 017-152-528-840-957; 019-661-085-144-255; 036-662-510-200-483; 058-448-820-778-759; 080-351-281-760-491; 141-445-106-549-822; 149-010-267-691-537; 150-249-549-372-358; 159-459-723-637-730,15,true,cc-by-nc-nd,hybrid
048-120-908-827-402,A new methodology for data coding and embedding for high-capacity transmitting,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Rajesh Kumar Tiwari; Gadadhar Sahoo,"The rapid development of internet opened up unlimited opportunities in the field of computing. However, it brought about a plethora of new issues and concerns, chief among them is the security of information that to be exchanged. Developing information hiding techniques have been seriously taken by many researchers, steganography, the science of embedding secret information into carrier image file is one of the main concern. In the current digital era, the steganographic methods may participate in the field of ultra wideband wireless communication, but the major hurdles is the pre-existing carrier with low embedding capacity. If we create the carrier file based on the transmitting message that will help us in two aspects, first it saves the bandwidth and second it maintains the utmost security as well. Unlike the other steganographic efforts, where data embedding in carrier file works in the principle of pre-existing carrier file, we propose here a method that works on the principle of creating its own carrier file based on the transmitting message. The major advantage of this approach is that there is never a mother carrier file created or exits in order to give a chance to other concerned to suspect the hiding of any secret file and at the same time, we utilise the minimum bandwidth with maximum security protection.",3,1,27,40,Steganography; The Internet; Bandwidth (computing); Information hiding; Computer security; Computer science; Embedding; Information security; Wireless; Image file formats,,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.032329 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#TiwariS10 https://doi.org/10.1504/IJESDF.2010.032329 https://www.inderscience.com/link.php?id=32329,http://dx.doi.org/10.1504/ijesdf.2010.032329,,10.1504/ijesdf.2010.032329,2039920998,,0,002-192-823-632-773; 011-903-574-685-595; 028-038-085-809-431; 044-991-381-861-898; 045-964-724-948-542; 056-052-039-403-330; 059-263-073-614-763; 079-176-207-287-930; 084-935-739-580-981; 089-336-351-701-588; 113-683-759-006-946; 140-531-994-627-167; 142-506-417-981-965; 162-699-394-973-944; 172-727-660-265-210,4,false,,
048-228-308-826-291,The Need for a New Data Processing Interface for Digital Forensic Examination,,2012,journal article,International Journal of Advanced Research in Artificial Intelligence,21654069; 21654050,The Science and Information Organization,,Inikpi O Ademu; Chris Imafidon,"Digital forensic science provides tools, techniques and scientifically proven methods that can be used to acquire and analyze digital evidence. There is a need for law enforcement agencies, government and private organisations to invest in the advancement and development of digital forensic technologies. Such an investment could potentially allow new forensic techniques to be developed more frequently. This research identifies techniques that can facilitates the process of digital forensic investigation, therefore allowing digital investigators to utilize less time and fewer resources. In this paper, we identify the Visual Basic Integrated Development Environment as an environment that provides set of rich features which are likely to be required for developing tools that can assist digital investigators during digital forensic investigation. Establishing a user friendly interface and identifying structures and consistent processes for digital forensic investigation has been a major component of this research.",1,4,,,World Wide Web; Interface (Java); Visual Basic; Law enforcement; Digital evidence; Computer science; Process (engineering); Component (UML); User Friendly; Digital forensics,,,,,https://thesai.org/Publications/ViewPaper?Volume=1&Issue=4&Code=IJARAI&SerialNo=2 https://thesai.org/Downloads/IJARAI/Volume1No4/Paper_2-The_Need_for_a_New_Data_Processing_Interface_for_Digital_Forensic_Examination.pdf,http://dx.doi.org/10.14569/ijarai.2012.010402,,10.14569/ijarai.2012.010402,2135235429,,0,004-872-169-627-620; 015-455-002-340-996; 019-831-293-743-518; 046-867-351-033-973; 048-576-750-040-030; 119-234-785-721-155; 153-153-144-072-106; 157-954-859-648-506; 158-262-072-312-063; 158-630-449-182-358; 168-712-754-489-980; 170-299-458-679-224,0,true,cc-by,hybrid
048-714-219-680-490,A Case Study in Forensic Analysis of Control,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Fred Cohen,"This paper describes a case study in which a method for forensic analysis of control was applied to resolve probative technical issues in a legal action. It describes one instance in which the analysis was successfully applied without challenge, addresses the details of most of the different facets of the analysis method, and demonstrates how such analysis provides a systematic approach to using technical methods to address legal issues as a case study.Â",6,1,37,54,Data science; Control (management); Legal action; Analysis method; Computer security; Computer science; Digital forensics,,,,,https://doi.org/10.15394/jdfsl.2011.1087 https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Cohen11a https://commons.erau.edu/jdfsl/vol6/iss1/3/ https://core.ac.uk/display/91781195 https://oaji.net/articles/2014/1095-1408305935.pdf https://commons.erau.edu/cgi/viewcontent.cgi?article=1087&context=jdfsl,http://dx.doi.org/10.15394/jdfsl.2011.1087,,10.15394/jdfsl.2011.1087,1525560377,,0,031-909-553-637-650; 041-059-041-666-09X; 044-452-432-963-876; 062-032-128-092-406; 114-682-218-128-90X; 116-344-252-215-864; 167-661-662-109-801,1,true,cc-by-nc,gold
048-855-317-249-687,AN EXTENDED DATABASE REVERSE ENGINEERING V A KEY FOR DATABASE FORENSIC INVESTIGATION,2012-03-25,2012,journal article,International Journal of Research in Engineering and Technology,23217308; 23191163,eSAT Publishing House,,P. D. Bodakhe; K. G. Bagde,"The database forensic investigation plays an important role in the field of computer. The data stored in the database is generally stored in the form of tables. However, it is difficult to extract meaningful data without blueprints of database because the table inside the database has exceedingly complicated relation and the role of the table and field in the table are ambiguous. Proving a computer crime require very complicated processes which are based on digital evidence collection, forensic analysis and investigation process. Current database reverse engineering researches presume that the information regarding semantics of attributes, primary keys, and foreign keys in database tables is complete. However, this may not be the case. Because in a recent database reverse engineering effort to derive a data model from a table-based database system, we find the data content of many attributes are not related to their names at all. Hence database reverse engineering researches is used to extracts the information regarding semantics of attributes, primary keys, and foreign keys, different consistency constraints in database tables. In this paper, different database reverse engineering (DBRE) process such as table relationship analysis and entity relationship analysis are described .We can extracts an extended entity-relationship diagram from a table-based database with little descriptions for the fields in its tables and no description for keys. Also the analysis of the table relationship using database system catalogue, joins of tables, and design of the process extraction for examination of data is described. Data extraction methods will be used for the digital forensics, which more easily acquires digital evidences from databases using table relationship, entity relationship, different joins among the tables etc. By acquiring these techniques it will be possible for the database user to detect database tampering and dishonest manipulation of database.",01,03,465,468,Database design; Physical data model; Information retrieval; Database schema; Computer science; Foreign key; View; Database index; Surrogate key; Database; Database testing,,,,,http://esatjournals.net/ijret/2012v01/i03/IJRET20120103045.pdf,http://dx.doi.org/10.15623/ijret.2012.0103045,,10.15623/ijret.2012.0103045,2144285184,,0,001-608-113-861-950; 009-274-078-328-512; 009-372-939-859-569; 010-715-519-043-632; 043-742-356-311-540; 050-308-742-156-878; 125-519-560-533-563; 158-356-518-504-893,0,true,,bronze
048-865-043-238-233,Narrowband AM interference cancellation for broadband multicarrier systems,,2008,journal article,EURASIP Journal on Wireless Communications and Networking,16871499; 16871472,Springer Science and Business Media LLC,Germany,Dieter Van Welden; Heidi Steendam,"We consider an overlay system where narrowband AM signals interfere with a broadband multicarrier system. To reduce the effect of the AM narrowband interference on the multicarrier system, we propose a low-complexity algorithm to estimate the AM narrowband interference. Analytical expressions for the performance of this estimator are derived and verified with simulations. The performance of this estimator, however, degrades when the number of interferers increases. To improve the algorithm, we adapt it such that the interferers are estimated in a successive way. The proposed estimators are able to produce accurate estimates of the frequencies, and track the time-varying amplitudes of the AM signals. The estimators can reduce the power of the AM signal to a level that is approximately 20 dB lower than the multicarrier power, independently of the AM signal power.",2008,1,27,,Signal; Power (physics); Amplitude; Estimator; Electronic engineering; Narrowband; Computer science; Broadband; Real-time computing; Single antenna interference cancellation,,,,,https://telin.ugent.be/~hs/full/j30.pdf https://biblio.ugent.be/publication/430561 http://jwcn.eurasipjournals.com/content/2008/1/354867 https://biblio.ugent.be/publication/430561/file/599879.pdf http://telin.ugent.be/~hs/full/j30.pdf https://dx.doi.org/10.1155/2008/354867 http://dx.doi.org/10.1155/2008/354867 https://dblp.uni-trier.de/db/journals/ejwcn/ejwcn2008.html#WeldenS08 https://core.ac.uk/download/55884893.pdf,http://dx.doi.org/10.1155/2008/354867,,10.1155/2008/354867,1990928821,,0,003-021-088-465-904; 048-064-015-047-341; 049-319-986-512-11X; 057-851-236-595-412; 065-620-579-117-799; 132-617-109-771-64X,0,true,cc-by,gold
049-313-374-093-607,The Acquisition and Analysis of Random Access Memory,2007-06-22,2007,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Timothy Vidas,"ABSTRACT Mainstream operating systems (and the hardware they run on) fail to purge the contents of portions of volatile memory when that portion is no longer required for operation. Similar to how many file systems simply mark a file as deleted instead of actually purging the space that the file occupies on disk, random access memory (RAM) is commonly littered with old information in unallocated space waiting to be reused. Additionally, RAM contains constructs and caching regions that include a wealth of state-related information. The availability of this information, along with techniques to recover it, provides new methods for investigation. This article discusses the benefits and drawbacks of traditional incident response methods compared to an augmented model that includes the capture and subsequent analysis of a suspect system's memory, provides a foundation for analyzing captured memory, and provides suggestions for related work in an effort to encourage forward progress in this relatively new area ...",1,4,315,323,Memory-mapped file; Extended memory; Memory management; Computer science; Volatile memory; Interleaved memory; Memory map; Database; Computer memory; Registered memory,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Vidas06 https://www.tandfonline.com/doi/full/10.1080/15567280701418171,http://dx.doi.org/10.1080/15567280701418171,,10.1080/15567280701418171,2048168101,,0,001-304-351-638-313; 003-919-715-432-564; 026-595-961-209-188; 057-143-267-854-504; 101-378-937-900-179; 105-427-271-392-801; 154-025-503-611-66X; 159-876-071-419-312,33,false,,
049-890-678-110-12X,Problem Reduction in Online Payment System Using Hybrid Model,2011-08-30,2011,journal article,International Journal of Managing Information Technology,09755926,Academy and Industry Research Collaboration Center (AIRCC),,Sandeep Pratap Singh; Shiv Shankar Prasad Shukla; Nitin Rakesh; Vipin Tyagi,"Online auction, shopping, electronic billing etc. all such types of application involves problems of fraudulent transactions. Online fraud occurrence and its detection is one of the challenging fields for web development and online phantom transaction. As no-secure specification of online frauds is in research database, so the techniques to evaluate and stop them are also in study. We are providing an approach with Hidden Markov Model (HMM) and mobile implicit authentication to find whether the user interacting online is a fraud or not. We propose a model based on these approaches to counter the occurred fraud and prevent the loss of the customer. Our technique is more parameterized than traditional approaches and so, chances of detecting legitimate user as a fraud will reduce.",3,3,62,71,Parameterized complexity; Authentication; Hidden Markov model; Online payment; Computer security; Computer science; Electronic billing; Database transaction; Web development; Reduction (complexity),,,,,https://dblp.uni-trier.de/db/journals/corr/corr1109.html#abs-1109-0689 https://arxiv.org/abs/1109.0689 http://arxiv.org/abs/1109.0689,http://dx.doi.org/10.5121/ijmit.2011.3306,,10.5121/ijmit.2011.3306,2964034558,,1,021-669-125-708-042; 035-134-978-716-586; 055-560-058-019-128; 058-130-219-180-027; 086-908-226-893-99X,20,true,,bronze
050-104-121-852-323,Exploring Investigative Methods for Identifying and Profiling Serial Bots,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Robert Lyda; James Hamrock,"ABSTRACT Bots are malicious software programs surreptitiously installed on compromised computers accessible to the Internet. Supporting robust remote control and command capabilities for committing cyber fraud and crimes, bots have emerged in alarming numbers in recent years as one of the most prevalent malicious code threats on the internet. Despite their explosive growth, most bots are variations of a handful of popular bot families, which share a common architectural design and functional capabilities. We posit that many of the same bot authors are contributing to the growth of variants by continuously developing, modifying, and re-deploying the same bot programs. We refer to such bots as serial bots. This article investigates the bot phenomena by exploring methods to identify and profile serial bots. In the course of this examination, we discuss guidelines that digital forensics practitioners can apply to evaluate evidence residing in bots to support their criminal prosecutions and meet evidentiary re...",1,3,165,177,Internet privacy; The Internet; Profiling (computer programming); Architectural design; String analysis; Computer security; Computer science; Malware; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#LydaH06 https://www.tandfonline.com/doi/full/10.1080/15567280600995782,http://dx.doi.org/10.1080/15567280600995782,,10.1080/15567280600995782,2017557624,,0,,1,false,,
050-478-541-231-650,Radio frequency identification (RFID) in pervasive healthcare,,2009,journal article,International Journal of Healthcare Technology and Management,13682156; 17415144,Inderscience Publishers,United Kingdom,Christoph Thuemmler; William J Buchanan; Amir Hesam Fekri; Alistair Lawson,"Active and passive RFID (Radio Frequency Identification) technology are available and licensed for the use in hospitals, and can be used to establish highly reliable pervasive environments within healthcare facilities. They should not be understood as competing technologies and complement each other when intelligently integrated in compact frameworks. This paper describes the state-of-the-art of RFID technology and the current use in the healthcare industry, and points out recent developments and future options.",10,1/2,119,131,Health care; Radio-frequency identification; Health technology; Complement (complexity); Healthcare industry; Pervasive healthcare; Computer security; Computer science,,,,,https://www.inderscienceonline.com/doi/abs/10.1504/IJHTM.2009.023731 https://core.ac.uk/download/74032061.pdf,http://dx.doi.org/10.1504/ijhtm.2009.023731,,10.1504/ijhtm.2009.023731,2104785449,,0,000-122-941-082-948; 004-887-745-022-972; 008-019-366-014-492; 008-342-881-500-276; 012-794-995-387-939; 016-681-840-088-007; 016-806-275-923-562; 017-678-464-074-750; 020-595-656-415-737; 020-981-078-192-185; 025-503-854-146-807; 025-833-958-332-606; 027-785-674-267-098; 029-640-699-834-103; 032-049-487-024-678; 032-195-433-536-526; 032-950-644-932-461; 035-269-307-819-873; 038-813-301-017-496; 039-953-922-152-421; 041-622-507-215-355; 042-143-682-946-364; 045-691-360-592-475; 048-014-229-659-84X; 048-632-093-202-629; 048-734-672-225-267; 049-023-618-632-932; 051-969-824-045-383; 053-795-574-052-665; 053-930-824-035-833; 058-191-004-110-127; 064-116-702-614-960; 065-898-355-065-084; 068-577-253-361-554; 069-065-080-592-211; 069-141-091-297-076; 073-130-928-090-650; 076-042-495-189-856; 079-325-253-621-190; 085-908-620-648-54X; 087-294-737-938-144; 087-889-783-250-861; 088-075-851-199-054; 090-009-664-150-622; 093-552-816-691-481; 093-557-280-892-359; 094-064-743-220-307; 097-980-999-393-204; 100-916-309-787-995; 101-388-191-794-320; 106-816-034-681-728; 107-270-822-873-338; 109-037-839-514-229; 112-254-590-001-127; 113-546-877-938-815; 116-090-488-996-946; 120-051-159-847-408; 121-318-614-327-313; 138-617-708-285-430; 145-881-797-309-946; 147-494-802-982-303; 151-866-267-971-600; 158-967-213-119-348; 162-569-376-398-418,22,true,,green
050-526-626-953-699,A pragmatic approach to temporary payment card numbers,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,David J. Boyd,"With the push towards electronic payments that use a smart card and authenticate the cardholder by his or her personal identification number, much fraud has switched to the residual payment methods that just rely on knowing the card number: card-not-present transactions. There are various countermeasures; notably some issuers allocate temporary card numbers (TCNs). The snag is that this is an online solution that requires the cardholder to be identified and authenticated over a separate and direct link between the cardholder and card issuer each time a number is allocated. Some off-line mechanisms have been proposed but those TCNs do not act as the cardholder's identifier. This paper examines a sample of online and off-line TCN mechanisms and then proposes an off-line mechanism that gives a comparable service to the online mechanisms. The cardholder's privacy is protected whilst still allowing proof of payment.",2,3,253,268,Internet privacy; Smart card; Payment; Card security code; Payment service provider; Issuing bank; Payment card; Personal identification number; Computer security; Computer science; Charge card,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#Boyd09 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.027521 https://dl.acm.org/doi/10.1504/IJESDF.2009.027521,http://dx.doi.org/10.1504/ijesdf.2009.027521,,10.1504/ijesdf.2009.027521,2107616962,,0,028-717-710-228-443; 050-987-791-936-43X; 055-096-678-428-196; 084-279-304-997-283; 084-750-275-122-93X; 187-704-820-243-807,1,false,,
050-904-460-412-248,Low-cost group rekeying for unattended wireless sensor networks,2012-05-25,2012,journal article,Wireless Networks,10220038; 15728196,Springer Science and Business Media LLC,Netherlands,Juan Hernández-Serrano; Juan Vera-del-Campo; Josep Pegueroles; Carlos Gañán,"Wireless sensor networks (WSNs) are made up of large groups of nodes that perform distributed monitoring services. Since sensor measurements are often sensitive data acquired in hostile environments, securing WSN becomes mandatory. However, WSNs consists of low-end devices and frequently preclude the presence of a centralized security manager. Therefore, achieving security is even more challenging. State-of-the-art proposals rely on: (1) attended and centralized security systems; or (2) establishing initial keys without taking into account how to efficiently manage rekeying. In this paper we present a scalable group key management proposal for unattended WSNs that is designed to reduce the rekeying cost when the group membership changes.",19,1,47,67,Rekeying; Wireless sensor network; Computer network; Computer security; Computer science; Scalability; Security management,,,,,https://upcommons.upc.edu/handle/2117/16575 https://link.springer.com/article/10.1007%2Fs11276-012-0450-3 https://core.ac.uk/display/41768670 https://link.springer.com/article/10.1007/s11276-012-0450-3/fulltext.html https://dblp.uni-trier.de/db/journals/winet/winet19.html#Hernandez-SerranoCPG13 https://link.springer.com/content/pdf/10.1007%2Fs11276-012-0450-3.pdf,http://dx.doi.org/10.1007/s11276-012-0450-3,,10.1007/s11276-012-0450-3,2004745021,,0,001-186-777-829-382; 004-167-970-772-328; 005-120-040-814-067; 006-598-983-194-675; 006-664-819-201-418; 009-452-389-564-781; 031-896-755-578-767; 036-266-181-970-844; 038-135-375-617-902; 042-792-168-747-645; 058-688-036-033-035; 064-594-259-403-654; 066-873-800-778-513; 068-987-827-723-107; 077-404-290-650-129; 078-742-432-864-818; 082-452-148-967-333; 083-137-072-558-66X; 083-892-564-563-667; 085-032-666-161-733; 092-199-816-034-528; 095-897-902-063-20X; 098-082-961-533-285; 099-499-486-268-055; 115-191-108-909-035; 115-946-475-642-70X; 129-447-068-107-39X; 135-577-066-353-258; 139-102-028-640-674; 154-351-625-623-080; 154-919-614-270-725; 163-280-853-830-867; 169-114-290-821-127; 169-824-972-024-308; 176-597-371-904-437; 186-437-263-764-932; 197-520-166-086-785,7,true,,
051-621-974-713-458,Who is Reading the Data on Your Old Computer,,2008,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Vivienne Mee,"Researchers at Rits Information Security performed a study in how the Irish population disposes of their old computers. How would you dispose of your old computer, or how would the company you work for dispose of their old computers? The majority of Irish homeowners, would bring their old computers to local civic amenity centres, give it away to a relative or sell it on to another party. Some organisations would give their old equipment to a staff member, as a gift gesture, others may simply discard in the local civic amenity site. What is wrong with the methods currently being used for discarding of our old PCs? With this question in mind, Rits Information Security embarked on a study to highlight the problems home users, and corporate users face when discarding retired PCs. In this paper, Rits Information Security describes research in which a number of hard disks were taken from computers after they had been released for resale on Irish online auction sites. The research that was undertaken involved an analysis of the disks to determine if any information remained on these disks, and whether the information could be easily recovered using commonly available tools and techniques. From this analysis, a number of disks could be traced to specific organisations, including large financial institutions, various consultancy firms, numerous small trade organisation, auctioneers, and insurance brokers. In addition to these, a number of computers were found to have originated from the home environment. The results indicate that careless disposal of computers and storage media in the Republic of Ireland is a significant problem. Very few of the disks tested had undergone a thorough or efficient cleansing process. The level of information that could be recovered from the majority of the disks tested would have proven useful for corporate espionage, identity theft, blackmail, and fraud.",3,1,25,34,Internet privacy; Dispose pattern; Legislation; Irish; Population; Computer security; Computer science; Identity theft; Information security; Data Protection Act 1998; Industrial espionage,,,,,https://doi.org/10.15394/jdfsl.2008.1035 https://commons.erau.edu/jdfsl/vol3/iss1/2/ https://commons.erau.edu/cgi/viewcontent.cgi?article=1035&context=jdfsl https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl3.html#Mee08 https://core.ac.uk/display/92029767,http://dx.doi.org/10.15394/jdfsl.2008.1035,,10.15394/jdfsl.2008.1035,1490791805,,0,,1,true,cc-by-nc,gold
051-846-755-774-83X,An embedded bayesian network hidden markov model for digital forensics,,2006,journal article,Lecture Notes in Computer Science,03029743,,,Olivier de Vel; Nianjun Liu; Terry Caelli; Tibério S. Caetano,In the paper we combine a Bayesian Network model for encoding forensic evidence during a given time interval with a Hidden Markov Model (EBN-HMM) for tracking and predicting the degree of criminal activity as it evolves over time. The model is evaluated with 500 randomly produced digital forensic scenarios and two specific forensic cases. The experimental results indicate that the model fits well with expert classification of forensic data. Such initial results point out the potential of such Dynamical Bayesian Network methods for the analysis of digital forensic data.,,,459,465,Data mining; Forensic science; Artificial intelligence; Markov model; Hidden Markov model; Bayesian network; Computer science; Variable-order Bayesian network; Dynamic Bayesian network; Digital forensics,,,,,,,,,2612635067,,0,,11,false,,
052-052-141-922-342,"Judges' awareness, understanding, and application of digital evidence",,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Marlyn Kemper Littman; Gary C. Kessler,"As digital evidence grows in both volume and importance in criminal and civil courts, judges need to fairly and justly evaluate the merits of the offered evidence. To do so, judges need a general understanding of the underlying technologies and applications from which digital evidence is derived. Due to the relative newness of the computer forensics field, there have been few studies on the use of digital forensic evidence and none about judges’ relationship with digital evidence.; This study addressed judges’ awareness, knowledge, and perceptions of digital evidence, using grounded theory methods. The interaction of judges with digital evidence has a social aspect that makes a study of this relationship well suited to grounded theory. This study gathered data via a written survey distributed to judges in the American Bar Association and National Judicial College, followed by interviews with judges from Massachusetts and Vermont. ; The results indicated that judges generally recognize the importance of evidence derived from digital sources, although they are not necessarily aware of all such sources. They believe that digital evidence needs to be authenticated just like any type of evidence and that it is the role of attorneys rather than of judges to mount challenges to that evidence, as appropriate. Judges are appropriately wary of digital evidence, recognizing how easy it is to alter or misinterpret such evidence. Less technically aware judges appear even more wary of digital evidence than their more knowledgeable peers.; Judges recognize that they need additional training in computer and Internet technology as the computer forensics process and digital evidence, citing a lack of availability of such training. This training would enable judges to better understand the arguments presented by lawyers, testimony offered by technical witnesses, and judicial opinions forming the basis of decisional law. A framework for such training is provided in this report.; This study is the first in the U.S. to analyze judges and digital forensics, thus opening up a new avenue of research. It is the second time that grounded theory has been employed in a digital forensics study, demonstrating the applicability of that methodology to this discipline.",6,1,55,72,Judicial opinion; Internet privacy; The Internet; Grounded theory; Perception; Digital evidence; Computer security; Computer science; Process (engineering); Computer forensics; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Kessler11 https://core.ac.uk/display/91957629 https://commons.erau.edu/cgi/viewcontent.cgi?article=1024&context=db-security-studies https://works.bepress.com/gary_kessler/26/ https://oaji.net/articles/2014/1095-1408306507.pdf https://nsuworks.nova.edu/gscis_etd/196/ https://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1195&context=gscis_etd https://doaj.org/article/525394f7cdf8460cb0572125a8e3bf79 https://commons.erau.edu/jdfsl/vol6/iss1/4/,http://dx.doi.org/10.15394/jdfsl.2011.1088,,10.15394/jdfsl.2011.1088,1533580595,,0,000-226-390-590-140; 000-557-324-827-169; 001-341-383-690-418; 005-392-088-749-603; 008-568-541-949-263; 009-789-829-591-139; 012-051-066-955-690; 014-878-350-846-852; 016-004-336-259-323; 017-335-677-993-203; 018-182-926-340-45X; 020-063-485-019-66X; 020-195-870-396-757; 025-166-882-986-85X; 030-706-989-114-061; 037-102-979-151-536; 038-109-905-911-318; 040-072-998-295-707; 046-010-400-424-32X; 048-645-419-219-088; 050-513-243-638-138; 052-256-274-749-496; 052-320-348-197-350; 056-580-888-214-429; 057-276-332-934-746; 057-991-197-390-530; 059-577-872-928-63X; 068-833-488-459-388; 069-559-732-098-383; 076-346-829-732-533; 077-507-989-797-441; 078-598-867-814-365; 079-196-538-217-628; 080-619-211-902-700; 081-447-017-308-327; 081-740-389-550-950; 085-723-979-354-790; 086-183-355-286-998; 090-582-267-408-193; 092-470-623-967-183; 093-180-137-587-370; 094-295-279-676-447; 095-634-146-634-286; 097-814-827-735-18X; 098-323-575-091-372; 099-953-330-898-859; 101-725-467-004-305; 102-707-705-385-893; 104-314-308-990-999; 105-766-861-752-64X; 110-926-229-290-139; 121-951-797-869-548; 123-140-392-837-736; 124-038-348-278-602; 125-384-800-661-375; 128-055-171-308-254; 129-360-320-775-188; 140-402-089-386-286; 144-672-001-748-904; 147-160-953-972-620; 151-378-930-836-964; 151-851-021-843-818; 157-481-301-540-451; 172-227-575-775-135; 182-962-922-039-081; 191-324-551-329-724; 193-691-238-331-868; 198-033-623-455-32X; 198-428-942-821-207; 198-748-404-535-361,23,true,cc-by-nc,gold
053-350-799-680-353,Hiding traces of double compression in JPEG images based on Tabu Search,2012-01-29,2012,journal article,Neural Computing and Applications,09410643; 14333058,Springer Science and Business Media LLC,Germany,Shen Wang; Xiamu Niu,"With the development of digital forensic techniques, the image disguise (also called image tampering or image manipulation) is challenged greatly. When the tampered JPEG image is saved, it was re-compressed. This progress causes radical change in the histogram of the discrete cosine transformation (DCT) coefficients. The amounts of some coefficient values decrease greatly or even disappear. It is easily to detect this pattern by statistics methods. To remove the fragility of image disguise, we need to revise the abnormal distribution of DCT coefficients. But random change in the coefficient values degrades the image quality. So we established an image disguising evaluation model aims at the JPEG recompression detection which can be solved by Tabu Search algorithm. Under the restraint of the evaluation model, the traces of double compression are removed, and the image quality is well preserved.",22,1,283,291,Tabu search; Artificial intelligence; JPEG; Quantization (image processing); Discrete cosine transform; Double compression; Computer vision; Mathematics; Histogram; Image quality; Digital forensics,,,,,https://link.springer.com/article/10.1007%2Fs00521-012-0841-5 https://dblp.uni-trier.de/db/journals/nca/nca22.html#WangN13 https://link.springer.com/article/10.1007/s00521-012-0841-5/fulltext.html,http://dx.doi.org/10.1007/s00521-012-0841-5,,10.1007/s00521-012-0841-5,2031334625,,0,003-010-190-541-746; 014-344-587-377-12X; 015-330-130-917-703; 016-617-865-487-243; 029-987-525-764-865; 050-276-916-513-051; 055-846-173-386-410; 058-283-767-901-486; 076-704-896-134-67X; 081-914-051-899-968; 083-653-893-431-536; 108-896-114-392-841; 111-190-526-702-790; 121-655-581-368-713; 132-364-047-011-22X; 143-493-307-420-952; 159-771-102-147-698; 173-881-114-277-726; 180-552-666-228-97X,2,false,,
053-515-652-296-042,Tracking online trails,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Man Qi; Denis Edgar-Nevill; Y. Wang; Rongsheng Xu,"Traceability is a key to the investigation of the internet criminal and a cornerstone of internet research. It is impossible to prevent all internet misuse but may be possible to identify and trace the users, and then take appropriate action. This article presents the value of traceability within the e-mail/news posting utilities, current online tracking methods, technologies being used to hide identities, difficulties involved in locating the traceable data and the challenges in tracking online trails. Due to the technological nature of cybercrimes, some unique challenges are involved in tracking sources. Anonymity and falsification are the two key ones. The offenders can take advantage of new advanced technologies to make the tracking more difficult and the investigation more challengeable. People even do not have to be technical to commit cybercrimes with easily mastered tools. Apart from technical solutions, international collaboration and law enforcement are very important to track online trails.",1,4,353,361,Internet privacy; The Internet; Internet research; Commit; Traceability; Anonymity; Key (cryptography); Law enforcement; Cornerstone; Computer security; Computer science,,,,,https://ui.adsabs.harvard.edu/abs/2008ges..conf...48Q/abstract https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.021453 https://link.springer.com/chapter/10.1007%2F978-3-540-69403-8_6 https://rd.springer.com/chapter/10.1007/978-3-540-69403-8_6 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#QiEWX08 https://repository.canterbury.ac.uk/item/84vqy/tracking-online-trails,http://dx.doi.org/10.1504/ijesdf.2008.021453,,10.1504/ijesdf.2008.021453,2121869675,,0,006-509-337-267-158; 006-828-660-980-525; 009-238-360-936-521; 047-350-675-938-618; 095-159-338-945-679; 140-821-103-436-654; 150-674-582-613-771; 175-480-582-509-028; 191-109-327-411-836,0,false,,
053-813-249-469-420,SecLoc – secure localization in WSNs using CDS,2011-04-06,2011,journal article,Security and Communication Networks,19390114; 19390122,Wiley,United Kingdom,Avinash Srinivasan,"Originally, the development of wireless sensor networks (WSNs) was motivated by military applications such as battlefield surveillance and land-mine detection. Over time, however, WSNs have found a wide range of applications in diverse domains such as industrial automation and monitoring, environmental and habitat monitoring, health-care applications, home automation, traffic regulation, smart hospitals, etc. In all these domains, the data sensed by the sensor nodes are reported to a central server called a base station, which then initiates appropriate actions based on the reported data. To this end, the location of sensors is very critical since the monitored event can be detrimental causing irreversible damage – such as forest fire, if the location of sensors is compromised and/or inaccurate. In this paper, we propose SecLoc – a novel localization method for WSNs, which can be easily extended to other wireless and mobile and ad-hoc networks. The proposed method exploits the connected dominating set (CDS) property of a network graph. SecLoc, to the best of our knowledge, is the first localization model to exploit the CDS property for accurate and secure node localization in WSNs. In out proposed method, a set of specialty nodes, called the beacon nodes, with large resource base, assume the role of Dominant nodes. The beacon nodes are responsible for both accurate and secure localization of nodes. We confirm the efficiency and robustness of our model through simulation results. Copyright © 2011 John Wiley & Sons, Ltd.",4,7,763,770,Automation; Wireless sensor network; Computer network; Connected dominating set; Computer science; Key distribution in wireless sensor networks; Home automation; Wireless; Base station; Robustness (computer science),,,,,https://dblp.uni-trier.de/db/journals/scn/scn4.html#Srinivasan11,http://dx.doi.org/10.1002/sec.278,,10.1002/sec.278,2162304516,,0,010-192-313-867-062; 017-550-611-091-831; 062-116-307-761-837; 109-310-409-479-587; 139-827-049-619-08X; 161-559-992-211-834,3,true,cc-by,gold
055-362-686-494-141,Research on Forensic Methods of the Process Behavior Based on CSP,,2009,journal article,Journal of Nanjing University of Posts and Telecommunications,,,,Chen Dan-wei,"For the abnormal process behaviors got in digital forensic process,the paper gives a method of reconstructing the crime process with the process events.In the method,it firstly formally describes dangerous process operations and process communications by CSP theory,and builds a communication state model of process using the process records in system to get the process communication rules,then finds the communication sequence which can form reasonable evidence link after analyzing all possible communication sequences in the model with interpretation algorithm based on path search and excluding communication sequences out of rules.In the last,the paper gives a specific analysis and explanation of process behaviors by formalizing evidences and constructing CSP model,and validates the feasibility and effectiveness of the method with the developed simulation software.",,,,,Data mining; Digital forensic process; State model; Path search; Process behavior; Sequence; Computer security; Computer science; Interpretation (logic); Simulation software; Process (computing),,,,,http://en.cnki.com.cn/Article_en/CJFDTOTAL-NJYD200906009.htm,http://en.cnki.com.cn/Article_en/CJFDTOTAL-NJYD200906009.htm,,,2372611257,,0,,1,false,,
055-915-511-599-512,An introduction to investigating IPv6 networks,,2007,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Bruce J. Nikkel,"This practitioner paper provides an introduction to investigating IPv6 networks and systems. IPv6 addressing, packet structure, and supporting protocols are explained. Collecting information from IPv6 registries and databases such as WHOIS and DNS is demonstrated. Basic concepts and methods relevant for digital forensic investigators are highlighted, including the forensic analysis of IPv6 enabled systems. The enabling of IPv6 capability in a forensics lab is shown, including IPv6 connectivity and the use of IPv6 compatible tools. Collection and analysis of live network evidence from IPv6 networks is discussed, including investigation of remote IPv6 nodes, and promiscuous capture of IPv6 traffic.",4,2,59,67,World Wide Web; Network packet; Structure (mathematical logic); IPv6 address; Computer science; Network forensics; Digital forensics; IPv6,,,,,https://dx.doi.org/10.1016/j.diin.2007.06.001 http://dx.doi.org/10.1016/j.diin.2007.06.001 https://dl.acm.org/doi/10.1016/j.diin.2007.06.001 https://dblp.uni-trier.de/db/journals/di/di4.html#Nikkel07 http://digitalforensics.ch/nikkel07.pdf https://www.sciencedirect.com/science/article/pii/S1742287607000345 https://core.ac.uk/display/23515744,http://dx.doi.org/10.1016/j.diin.2007.06.001,,10.1016/j.diin.2007.06.001,2134992366,,2,015-079-087-627-921; 017-795-503-616-712; 018-467-941-961-210; 032-073-329-966-037; 038-334-024-979-831; 051-364-861-508-410; 068-696-163-691-172; 072-197-472-594-999; 074-781-752-797-737; 080-370-220-950-412; 084-059-496-309-03X; 085-543-239-834-977; 093-445-452-722-748; 100-790-333-753-76X; 103-497-774-754-449; 109-986-916-187-271; 115-592-458-673-939; 115-632-735-404-82X; 119-032-757-533-83X; 120-545-671-006-35X; 129-348-824-646-601; 129-817-022-298-624; 141-893-692-858-327; 150-297-426-194-199; 160-304-884-092-881; 175-588-227-385-360; 186-250-658-254-101; 188-247-906-501-307,20,true,,green
056-330-380-929-835,Reliability Measurement of Digital Forensic Open Source Tools Using Fuzzy Logic,2012-09-25,2012,journal article,National Academy Science Letters,0250541x; 22501754,Springer Science and Business Media LLC,India,Lokendra Kumar Tiwari,"In this paper, a fuzzy logic based optimization technique has been adopted to accurately measure software reliability. In the literature, methods like, multiple linear regression, multivariate adaptive regression splines, back propagation trained neural network, dynamic evolving neuro-fuzzy inference system and TreeNet are available. Even a number of models are predicted for software reliability by ensembling the one or more of the above mentioned methods. It has been seen that software reliability cannot be uniformly treated by any one of the above mentioned method as the parameters of software reliability differs in weights depending upon the type of the application. Any application would need a defined recipe of ingredients like- interoperability, scalability, evolvability, pluggability, dynamicity, accuracy, security, cost optimality etc. One or more elements may prevail upon other and be considered as control variables in the optimization techniques applied. The concept calls for an optimization technique when weight can be changed dynamically in parameters depending on the conditionality of responses of the system or the user. This paper introduces the concept of shifting reliability based on dynamic decision making over the various control variables by changing their weight within time-in period in a real time system. Measurement of software reliability, in particular shifting reliability will make the software reliability prediction much more pragmatic in real time system. Digital forensic is in need for a suitable shifting reliability measurement technique. software reliability in case of DF tools governs the legal use. A number of open source tools are waiting for their professional run for want of reliability testing. This paper suggests software reliability testing, even for testing for shifting reliability. A method which has been adapted from simplex method for fuzzy variable linear programming problem has been applied to the particular case study. Typical formulation of fuzzy optimization depends on piece wise linear membership function. Linear member ship function introduces regions of no differentiability. In fact no deterministic method can be applied for fuzzy optimization, utilization of continuous differentiable membership function permits the use of gradient base methods. An expression for the gradient base decision degree function is available in literature. This formulation has been applied in a case study having a number of control variables using a suitable tool e.g. ProjectSixPap.",35,5,421,432,Software quality; Backpropagation; Reliability engineering; Computer science; Linear programming; Multivariate adaptive regression splines; Reliability (statistics); Membership function; Software reliability testing; Fuzzy logic,,,,,https://link.springer.com/article/10.1007/s40009-012-0072-4 https://link.springer.com/article/10.1007/s40009-012-0072-4/fulltext.html,http://dx.doi.org/10.1007/s40009-012-0072-4,,10.1007/s40009-012-0072-4,1991208120,,0,014-988-752-463-819; 018-882-942-469-672; 019-041-238-490-662; 022-553-942-110-632; 025-895-129-005-724; 032-546-326-552-362; 033-055-838-856-714; 035-463-601-308-256; 037-933-775-285-249; 042-436-738-380-750; 054-004-207-929-544; 054-442-385-238-797; 056-447-465-201-21X; 056-950-246-649-936; 064-540-309-081-267; 066-328-478-903-035; 068-265-601-813-148; 072-496-026-487-245; 072-747-238-552-751; 075-025-620-724-643; 078-856-941-266-248; 080-187-598-566-687; 081-417-164-950-507; 095-711-963-844-079; 102-496-748-953-099; 134-911-163-285-204; 142-930-349-142-598; 145-601-488-958-660; 150-842-946-263-267; 152-136-948-653-810; 153-570-299-725-201; 175-070-153-472-827; 186-356-646-021-998; 189-785-268-606-212; 190-694-973-837-157,0,false,,
056-878-076-381-290,Shrinking the Ocean: Formalizing I/O Methods Modern Operating Systems.,,2002,journal article,International Journal of Digital Evidence,,,,Matthew Gerber; John J. Leeson,"Currently, it is not practical for any single software system to perform forensically acceptable verification of the contents of all possible file systems on a disk, let alone the contents of more esoteric peripherals. Recent court decisions that require judges to restrict testimony based on their understanding of the validity of the science behind it will only make such verification even more difficult. This problem, critical to forensic examiners, is actually symptomatic of a larger problem, which lies partly in the domain of digital forensics and partly in the domain of pure computer science. Lack of verifiability, along with a host of other problems, points to inadequate formal description of file systems and I/O methodology. A review of the literature finds, in fact, that little effort has been put into such formalization. We assert that a constructive formalization of peripheral input and output for a computer can address this and several other concerns.",1,,,,Operating system; Software system; Domain (software engineering); Host (network); Constructive; restrict; Formal description; Computer security; Computer science; Resizing; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/ijde/ijde1.html#GerberL02 https://www.utica.edu/academic/institutes/ecii/publications/articles/A047D15B-DDC4-34F9-BF471EA178A37AC6.pdf,https://dblp.uni-trier.de/db/journals/ijde/ijde1.html#GerberL02,,,191565221,,0,051-242-583-230-897; 088-862-274-137-111; 130-356-050-822-864,5,false,,
057-143-267-854-504,Providing a Foundation for Analysis of Volatile Data Stores,,2007,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Timothy Vidas,"Current threats against typical computer systems demonstrate a need for forensic analysis of memory-resident data in addition to the conventional static analysis common today.  Certain attacks and types of malware exist solely in memory and leave little or no evidentiary information on nonvolatile stores such as a hard disk drive.  The desire to preserve system state at the time of response may even warrant memory acquisition independent of perceived threats and the ability to analyze the acquired duplicate.  Tools capable of duplicating various types of volatile data stores are becoming widely available.  Once the data store has been duplicated, current forensic procedures have no method for extrapolating further useful information from the duplicate.  This paper is focused on providing the groundwork for performing forensic investigations on the data that is typically stored in a volatile data store, such as system RAM. It is intended that, when combined with good acquisition techniques, it will be shown that it is possible to obtain more post incident response information along with less impact to potential evidence when compared to typical incident response procedures.Â",2,3,45,56,Memory acquisition; Incident response; Data store; Computer security; Computer science; Malware; Digital forensics; Computer memory; Static analysis,,,,,https://commons.erau.edu/jdfsl/vol2/iss3/3/ https://commons.erau.edu/cgi/viewcontent.cgi?article=1026&context=jdfsl https://core.ac.uk/display/45464646 https://oaji.net/articles/2014/1095-1407715368.pdf,http://dx.doi.org/10.15394/jdfsl.2007.1026,,10.15394/jdfsl.2007.1026,1505720183,,0,001-304-351-638-313; 048-079-144-626-659; 101-378-937-900-179; 105-427-271-392-801,3,true,cc-by-nc,gold
057-578-679-370-568,Digital Forensic Analysis of E-Mails: A Trusted E-Mail Protocol,,2004,journal article,International Journal of Digital Evidence,,,,Gaurav Gupta; Chandan Mazumdar; M. S. M. Rao,"E-mail has revolutionized business, academic, and personal communication The advantages of e-mail include speedy delivery, ease of communication, cost effectiveness, geographical independence, and the portability of mailboxes. The last two are the biggest advantages over snail mail. However, with e-mail comes the threat of a genuine user being compromised through key loggers, social engineering, shoulder surfing, password guessing and other similar, though less technical, methods. This passive espionage can have a direct impact on the genuine user in terms of denial of information, loss of money, loss of time, mental harassment and an attack of personal privacy. To enable digital forensic analysis of e-mails, we propose behavioral biometric based authentication, which is analogous to a signature in paper documents. In the proposed system, if someone other than a genuine user tries to authenticate himself, then detection and fixing is possible.",2,,,,Internet privacy; Keystroke logging; Authentication; Shoulder surfing; Cost effectiveness; Password cracking; Computer security; Computer science; Software portability; Social engineering (security); Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/ijde/ijde2.html#GuptaMR04 https://www.utica.edu/academic/institutes/ecii/publications/articles/A0B4342D-E76E-F8F2-AC926AB64EC719B8.pdf,https://dblp.uni-trier.de/db/journals/ijde/ijde2.html#GuptaMR04,,,2106136757,,0,106-173-256-061-990,15,false,,
057-773-672-099-692,An Introduction to How Criminal Profiling Could Be Used as a Support for Computer Hacking Investigations,2009-09-09,2009,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Lucas Donato,"ABSTRACT This article presents a review and a critical analysis of the literature and can be considered the initial stage of a study that attempts to improve computer forensics and cybercrime investigation when using criminal profiling. This research is based on the premise that the motivations behind any sort of crimes—and it is no different with cybercrimes, and more specifically in this article with computer hacking crimes—are a product of human society and, even when they present new methods and tools, its human nature that leads criminals to, sooner or later, commit mistakes. Therefore, the objective of this article is to link criminal profiling to computer hacking, identifying expressions of human psychological traits and adding new elements to digital investigation.",2,4,183,195,Internet privacy; Product (category theory); Commit; Premise; Cybercrime; Computer science; Offender profiling; Computer forensics; Hacker; sort,,,,,https://www.tandfonline.com/doi/full/10.1080/15567280903140946 https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Donato08 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Donato08 https://doi.org/10.1080/15567280903140946,http://dx.doi.org/10.1080/15567280903140946,,10.1080/15567280903140946,1858205575,,0,009-325-162-025-802; 015-804-446-233-457; 023-016-686-736-152; 035-349-413-879-941; 038-241-822-624-717; 070-429-471-311-739; 126-300-324-509-916; 128-301-609-429-087; 140-730-540-277-926; 145-062-913-009-934; 196-931-134-971-149; 197-860-668-008-411,3,false,,
057-991-197-390-530,A Grounded Theory Approach to Identifying and Measuring Forensic Data Acquisition Tasks,,2007,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Gregory H. Carlton,"As a relatively new field of study, little empirical research has been conducted pertaining to computer forensics.  This lack of empirical research contributes to problems for practitioners and academics alike. For the community of practitioners, problems arise from the dilemma of applying scientific methods to legal matters based on anecdotal training methods, and the academic community is hampered by a lack of theory in this evolving field.  A research study utilizing a multi-method approach to identify and measure tasks practitioners perform during forensic data acquisitions and lay a foundation for academic theory development was conducted in 2006 in conjunction with a doctoral dissertation. An overview of the study’s findings is presented within this article.",2,1,35,56,Empirical research; Grounded theory; Development theory; Data science; Dilemma; Foundation (evidence); Field (computer science); Computer science; Computer forensics; Digital forensics,,,,,https://commons.erau.edu/jdfsl/vol2/iss1/2/ https://core.ac.uk/display/44492758 https://doaj.org/article/e36c9c79123b4ff9999bc8e0c7a7b949 https://oaji.net/articles/2014/1095-1407714383.pdf,http://dx.doi.org/10.15394/jdfsl.2007.1015,,10.15394/jdfsl.2007.1015,1509586082,,0,048-645-419-219-088; 114-883-197-306-99X; 137-844-681-220-912; 157-481-301-540-451,9,true,cc-by-nc,gold
058-233-865-055-863,Verification of the Parameterization Methods in the Context of Automatic Recognition of Sounds Related to Danger,2010-03-18,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Pawel Zwan; Andrrzej Czyzewski,"Digital signal processing of sound is a domain with numerous applications in the telecommunications and informatics. These well-developed algorithms of the analysis of sound can be also applied in the field of security systems, where traditional monitoring is still based mainly on video cameras. The commonly used monitoring cameras can be equipped with additional microphones and the audio content can be analyzed by a monitoring program running on a dedicated hardware. This application can automatically detect in the audio stream events like a broken window, gunshot, explosion, or scream. One of the main parts of this system is a parameterization block. In this article two parameterization methods are proposed for this purpose. The first is based on the frequency analysis of the examples of the sound events. The second is based on using a standardized set of audio MPEG-7 and cepstral descriptors. The feature vectors calculated by these two methods have been used for the training of two intelligent classifiers: a support vector machines classifier (SVM) and a neural networks perceptron (NNP). The classifiers have been verified using of the cross-validation method. The results have been compared and conclusions derived. The application of the results in a system working in real conditions is presented and discussed at the end of the article. The work has been done in the frame of the international project “INDECT” (Intelligent Information System Supporting Observation, Searching and Detection for Security of Citizens in Urban Environment).",3,1,33,45,Support vector machine; Data mining; Monitoring program; Computer science; Artificial neural network; Perceptron; Feature vector; Digital signal processing; Cepstrum; Classifier (UML),,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#ZwanC10 https://www.tandfonline.com/doi/full/10.1080/15567280903493881 https://doi.org/10.1080/15567280903493881,http://dx.doi.org/10.1080/15567280903493881,,10.1080/15567280903493881,2082300639,,0,002-979-636-221-791; 003-978-064-785-082; 007-141-734-571-464; 008-165-518-918-577; 020-616-459-451-632; 025-104-304-145-57X; 037-515-569-371-662; 038-730-677-443-019; 046-361-628-402-594; 053-704-982-016-78X; 070-769-908-889-658; 089-128-870-296-485; 093-789-981-387-147; 094-336-360-386-20X; 101-186-433-128-510; 102-376-433-879-959; 102-774-489-477-83X; 103-781-224-853-520; 104-853-579-778-896; 118-890-868-713-328; 123-743-830-835-216; 149-807-967-082-765,5,false,,
058-712-149-085-63X,Can Fabricated Evidence Induce False Eyewitness Testimony,2009-08-20,2009,journal article,Applied Cognitive Psychology,08884080; 10990720,Wiley,United States,Kimberley A. Wade; Sarah L. Green; Robert A. Nash,"False information can influence people's beliefs and memories. But can fabricated evidence induce individuals to accuse another person of doing something they never did? We examined whether exposure to a fabricated video could produce false eyewitness testimony. Subjects completed a gambling task alongside a confederate subject, and later we falsely told subjects that their partner had cheated on the task. Some subjects viewed a digitally manipulated video of their partner cheating; some were told that video evidence of the cheating exists; and others were not told anything about video evidence. Subjects were asked to sign a statement confirming that they witnessed the incident and that their corroboration could be used in disciplinary action against the accused. See-video subjects were three times more likely to sign the statement than Told-video and Control subjects. Fabricated evidence may, indeed, produce false eyewitness testimony; we discuss probable cognitive mechanisms. Copyright (C) 2009 John Wiley & Sons, Ltd.",24,7,899,908,Sign (semiotics); Psychology; Statement (logic); Cheating; False memory; Eyewitness testimony; Disciplinary action; Poison control; Suggestibility; Social psychology,,,,,https://surrey.eprints-hosting.org/7042/ https://research.aston.ac.uk/en/publications/can-fabricated-evidence-induce-false-eyewitness-testimony https://www.safetylit.org/citations/index.php?fuseaction=citations.viewdetails&citationIds[]=citjournalarticle_371877_38 https://research.aston.ac.uk/portal/en/researchoutput/can-fabricated-evidence-induce-false-eyewitness-testimony(473fd52e-5d17-4648-8b60-2b6014325f8f).html https://wrap.warwick.ac.uk/5111/ https://onlinelibrary.wiley.com/doi/full/10.1002/acp.1607 http://onlinelibrary.wiley.com/doi/10.1002/acp.1607/abstract https://epubs.surrey.ac.uk/7042/ https://onlinelibrary.wiley.com/doi/pdf/10.1002/acp.1607 https://core.ac.uk/download/20371011.pdf,http://dx.doi.org/10.1002/acp.1607,,10.1002/acp.1607,2161690517,,0,002-276-330-964-532; 003-920-942-875-312; 007-645-631-812-818; 011-603-935-068-724; 012-062-561-344-700; 018-528-297-078-81X; 023-539-174-866-167; 029-572-881-661-892; 034-265-456-397-614; 044-185-007-173-503; 045-266-825-185-291; 056-336-604-126-255; 058-377-803-408-902; 058-510-013-984-622; 060-783-885-724-858; 079-639-995-023-837; 080-681-163-642-779; 081-945-568-681-402; 082-480-793-044-02X; 098-767-319-842-71X; 099-902-945-140-876; 102-639-466-518-342; 118-851-779-064-977; 174-279-015-322-434,20,true,,green
059-044-795-147-28X,A Survey of Digital Forensic Techniques for Digital Libraries,,2011,journal article,International Journal of Digital Library Systems,19479077; 19479085,IGI Global,,Yue Li,"Today, many digital forensic techniques for digital images are developed to serve the purpose of the origin identification and integrity verification for security reasons. Generally speaking, these methods can be divided into two classes, the methods based on the extracted features, which are usually the high frequency noise inside the investigating images and the methods based on the contents of the images. Different techniques may be developed specially against different forging attacks, while be vulnerable to other malicious manipulations on the images. This paper reviews the most popular techniques in order to help the user to understand the techniques and find the most proper methods for variety forensic purpose in different situations.",2,3,49,66,Variety (cybernetics); World Wide Web; Information retrieval; Frequency noise; Origin identification; Computer science; Digital image; Digital library; Feature extraction; Digital forensics,,,,,https://econpapers.repec.org/RePEc:igg:jdls00:v:2:y:2011:i:3:p:49-66 https://www.igi-global.com/article/survey-digital-forensic-techniques-digital/59888 http://dblp.uni-trier.de/db/journals/ijdls/ijdls2.html#Li11a,http://dx.doi.org/10.4018/jdls.2011070106,,10.4018/jdls.2011070106,2094813998,,0,002-192-509-600-853; 005-661-166-776-07X; 012-685-452-760-319; 014-079-494-188-077; 014-847-580-152-416; 015-717-506-603-742; 019-377-544-491-945; 029-093-526-590-26X; 036-765-218-735-060; 038-644-447-649-846; 045-159-494-902-933; 045-812-091-260-656; 052-352-341-097-919; 056-817-850-080-480; 058-346-284-170-397; 062-840-517-280-190; 064-788-467-649-400; 072-165-552-534-80X; 074-016-367-199-505; 076-704-896-134-67X; 079-458-616-165-307; 083-097-133-928-799; 083-495-328-826-18X; 084-628-400-392-981; 087-895-411-431-312; 098-768-111-046-209; 116-101-178-008-931; 122-164-403-164-304; 125-162-036-005-386; 136-142-790-447-785; 144-920-871-189-384; 177-224-162-036-316; 181-797-068-816-79X; 182-366-212-343-942; 184-897-235-429-285; 189-809-867-041-413,0,false,,
059-473-744-320-279,Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials,2010-03-18,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Alfred Christopher Bogen; David A. Dampier; Rayford B. Vaughn; Donna S. Reese; Edward B. Allen; Jeffrey C. Carver,"In any forensic investigation, planning and analysis activities are required in order to determine what digital media will be seized, what types of information will be sought in the examination, and how the examination will be conducted. Existing literature and suggested practices indicate that such planning should occur, but few tools provide support for such activities. Planning an examination may be an essential activity when investigators and technicians are faced with unfamiliar case types or unusually complex, large-scale cases. This article reports the results of empirical studies that evaluate two planning methods for planning computer forensics examinations: an experimental methodology that includes domain modeling and a typical planning method that does not include domain modeling. These studies were conducted to evaluate two research questions: Will the domain modeling of a computer forensics case during the planning phase result in an increased amount of evidence found in a digital forensics examination? Will an experimental “case domain modeling” methodology require a significant amount of additional effort when compared to a typical approach? Three experiment trials were conducted to evaluate the effectiveness of case domain modeling on simulated case scenarios. Analysis of the experiments indicates that case domain modeling in forensics planning requires an additional time investment and it can result in more evidence found during an examination and more effective keyword searches. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available.",3,1,23,32,Empirical research; Domain analysis; Digital media; Data science; Planning method; Computer science; Experimental data; Computer forensics; Digital forensics; Domain model,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#BogenDVRAC10 https://doi.org/10.1080/15567280903376896 https://www.tandfonline.com/doi/abs/10.1080/15567280903376896,http://dx.doi.org/10.1080/15567280903376896,,10.1080/15567280903376896,1978153659,,0,022-797-221-610-777; 033-419-371-275-223; 062-217-186-853-075; 071-269-562-942-065; 079-298-788-238-808; 103-314-900-915-828; 116-012-834-677-312; 118-095-530-189-407; 120-697-354-224-33X; 179-703-555-795-891; 194-615-309-709-20X,1,false,,
060-061-004-848-558,Defining a Forensic Audit,,2009,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,G. S. Smith; D. L. Crumbley,"Disclosures about new financial frauds and scandals are continually appearing in the press.  As a consequence, the accounting profession's traditional methods of monitoring corporate financial activities are under intense scrutiny.  At the same time, there is recognition that principles-based GAAP from the International Accounting Standards Board will become the recognized standard in the U.S.  The authors argue that these two factors will change the practices used to fight corporate malfeasance as investigators adapt the techniques of accounting into a forensic audit engagement model.",4,1,61,80,Accounting; Accounting standard; Business; Accounting information system; Audit; Forensic accounting; International accounting; Financial accounting; Accounting management,,,,,https://core.ac.uk/display/91855324 https://commons.erau.edu/jdfsl/vol4/iss1/3/ https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl4.html#SmithC09 https://commons.erau.edu/cgi/viewcontent.cgi?article=1054&context=jdfsl https://doi.org/10.15394/jdfsl.2009.1054,http://dx.doi.org/10.15394/jdfsl.2009.1054,,10.15394/jdfsl.2009.1054,1598674256,,0,018-441-189-476-923; 073-630-297-155-884; 080-156-119-823-147; 166-280-368-217-910; 167-766-820-603-321; 195-062-910-995-058,16,true,cc-by-nc,gold
060-216-749-561-870,Compatible or Incompatible? Intelligence and Human Rights in Terrorist Trials,,2011,journal article,Terrorism and Counter-Terrorism Studies,24680664,The International Centre for Counter-Terrorism (ICCT),,Quirine Eijkman; Bibi van Ginkel,"This article focuses on the special criminal procedures for the use of intelligence in terrorist trials in Canada, France, the Netherlands and the United Kingdom. Since 9/11 and the terror attacks in London and Madrid, gathering intelligence as well as the prosecution of suspects of terrorist crimes have become strategic tools in countering terrorism. By reviewing the special procedures for the use of intelligence, their compatibility with human rights standards, including the right to fair trial, is discussed. Concerns include the extent to which disclosure is made possible and to whom. The differences in criminal procedures for the use of intelligence in terrorist trials also raises questions if intelligence origins from a third state, in which different regulations with regard to disclosure of information apply.",,,2,3,Human rights; Political science; Law; Terrorism; State (polity); Fair trial,,,,,https://doaj.org/article/997cb6a5d0104d158a33b98ddd3f2ade https://core.ac.uk/download/15607850.pdf,http://dx.doi.org/10.19165/2011.1.03,,10.19165/2011.1.03,3184905471,,0,,1,true,cc-by-nc-nd,gold
060-664-132-894-324,Developing a Process Model for the Forensic Extraction of Information from Desktop Search Applications,2008-03-31,2008,journal article,"The Journal of Digital Forensics, Security and Law",15587215,,,Timothy Pavlic; Jill Slay; Benjamin Turnbull,"Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of each. This work represents a more structured approach than other forms of current research.",3,1,35,56,Cache; Information extraction; Information retrieval; Desktop search; File system; Potential source; Computer science; Process (engineering),,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl3.html#PavlicST08,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl3.html#PavlicST08,,,2992894912,,0,008-769-224-564-600; 037-521-095-659-71X; 038-668-970-194-854; 039-209-076-376-817; 051-396-487-896-017; 094-699-125-545-55X; 140-821-103-436-654; 150-889-498-461-021; 157-441-602-786-23X; 184-948-841-629-735,0,true,cc-by-nc,gold
061-326-248-978-030,A correlation method for establishing provenance of timestamps in digital evidence,,2006,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Bradley Schatz; George M. Mohay; Andrew Clark,"Establishing the time at which a particular event happened is a fundamental concern when relating cause and effect in any forensic investigation. Reliance on computer generated timestamps for correlating events is complicated by uncertainty as to clock skew and drift, environmental factors such as location and local time zone offsets, as well as human factors such as clock tampering. Establishing that a particular computer's temporal behaviour was consistent during its operation remains a challenge. The contributions of this paper are both a description of assumptions commonly made regarding the behaviour of clocks in computers, and empirical results demonstrating that real world behaviour diverges from the idealised or assumed behaviour. We present an approach for inferring the temporal behaviour of a particular computer over a range of time by correlating commonly available local machine timestamps with another source of timestamps. We show that a general characterisation of the passage of time may be inferred from an analysis of commonly available browser records.",3,,98,107,Timestamp; Data mining; Range (mathematics); Reverse engineering; Digital evidence; Computer science; Event (computing); Clock skew; Event correlation; Real-time computing; Digital forensics,,,,,https://www.sciencedirect.com/science/article/abs/pii/S1742287606000715 https://core.ac.uk/display/10887632 https://www.sciencedirect.com/science/article/pii/S1742287606000715 https://eprints.qut.edu.au/20576/ https://doi.org/10.1016/j.diin.2006.06.009 https://dblp.uni-trier.de/db/journals/di/di3.html#SchatzMC06 https://core.ac.uk/download/10887632.pdf,http://dx.doi.org/10.1016/j.diin.2006.06.009,,10.1016/j.diin.2006.06.009,1976107019,,2,000-537-535-465-34X; 006-710-976-927-25X; 007-714-095-251-936; 014-595-195-942-667; 046-505-599-865-150; 071-095-858-265-422; 088-676-229-893-621; 159-876-071-419-312,37,true,cc-by-nc-nd,hybrid
061-529-672-595-522,Forensic data recovery from the Windows Search Database,,2011,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Howard Chivers; Christopher Hargreaves,"Windows Search maintains a single database of the files, emails, programmes and Internet history of all the users of a personal computer, providing a potentially valuable source of information for a forensic investigator, especially since some information within the database is persistent, even if the underlying data are not available to the system (e.g. removable or encrypted drives). However, when files are deleted from the system their record is also deleted from the database. Existing tools to extract information from Windows Search use a programmatic interface to the underlying database, but this approach is unable to recover deleted records that may remain in unused space within the database or in other parts of the file system. This paper explores when unavailable files are indexed, and therefore available to an investigator via the search database, and how this is modified by the indexer scope and by attributes that control the indexing of encrypted content. Obtaining data via the programmatic interface is contrasted with a record carving approach using a new database record carver (wdsCarve); the strengths and weaknesses of the two approaches are reviewed, and the paper identifies several different strategies that may be productive in recovering deleted database records.",7,3,114,126,Database tuning; Hierarchical database model; Database design; Intelligent database; Desktop search; Database schema; Computer science; View; Database; Database testing,,,,,https://www.sciencedirect.com/science/article/abs/pii/S1742287611000028 https://dl.acm.org/doi/10.1016/j.diin.2011.01.001 https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf https://core.ac.uk/download/pdf/13505082.pdf https://core.ac.uk/display/13505082 https://doi.org/10.1016/j.diin.2011.01.001 https://dx.doi.org/10.1016/j.diin.2011.01.001 https://www.infona.pl/resource/bwmeta1.element.elsevier-65c9331d-2988-3343-b752-bfc69c8c4cf0 http://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf https://dl.acm.org/citation.cfm?id=2296265 https://dblp.uni-trier.de/db/journals/di/di7.html#ChiversH11 http://www.sciencedirect.com/science/article/pii/S1742287611000028 http://dx.doi.org/10.1016/j.diin.2011.01.001 https://core.ac.uk/download/13505082.pdf,http://dx.doi.org/10.1016/j.diin.2011.01.001,,10.1016/j.diin.2011.01.001,2102573472,,3,040-092-459-357-823,18,true,,green
062-202-545-220-180,A Data Mining Approach for Data Generation and Analysis for Digital Forensic Application,,2010,journal article,International Journal of Engineering and Technology,17938236,IACSIT Press,,Veena H. Bhat; Prasanth G. Rao; R V Abhilash; P. Deepa Shenoy; K R Venugopal; L M Patnaik,"With the rapid advancements in information and communication technology in the world, crimes committed are becoming technically intensive. When crimes committed use digital devices, forensic examiners have to adopt practical frameworks and methods to recover data for analysis which can pose as evidence. Data Generation, Data Warehousing and Data Mining, are the three essential features involved in the investigation process. This paper proposes a unique way of generating, storing and analyzing data, retrieved from digital devices which pose as evidence in forensic analysis. A statistical approach is used in validating the reliability of the pre-processed data. This work proposes a practical framework for digital forensics on flash drives.",2,3,313,319,Data mining; Engineering; Data warehouse; Reliability (computer networking); Data science; Process (engineering); Test data generation; Information and Communications Technology; Digital forensics,,,,,http://ijetch.org/papers/140-L045.pdf http://www.ijetch.org/show-31-458-1.html,http://dx.doi.org/10.7763/ijet.2010.v2.140,,10.7763/ijet.2010.v2.140,2327759298,,0,010-086-703-646-194; 013-568-998-603-466; 021-486-901-460-202; 038-668-970-194-854; 047-630-600-014-492; 062-032-128-092-406; 092-827-221-228-520; 111-090-978-711-139; 125-384-800-661-375; 133-397-275-695-990; 146-773-338-621-314,22,true,,green
062-559-952-740-134,"Computer Forensics, Search Strategies, and the Particularity Requirement",2007-04-01,2007,journal article,Pittsburgh Journal of Technology Law and Policy,2164800x,"University Library System, University of Pittsburgh",,Wayne Jekot,"Assuming that a person subject to a search and seizure of his or her computer has a reasonable expectation of privacy in the contents of the computer, and thus a warrant is required, should the warrant outline a “search strategy”? Or should comprehensive computer searches be permitted? In other words, how should the particularity requirement be applied to computer searches? Correspondingly, what can a forensic examiner do under a warrant while collecting potential evidence from a computer? [...]",7,,,,Warrant; Subject (documents); Expectation of privacy; Computer security; Computer science; Computer forensics; Search and seizure,,,,,https://tlp.law.pitt.edu/ojs/tlp/article/download/29/29 https://tlp.law.pitt.edu/ojs/index.php/tlp/article/view/29 https://core.ac.uk/download/234044835.pdf,http://dx.doi.org/10.5195/tlp.2007.29,,10.5195/tlp.2007.29,2072974680,,0,,2,true,cc-by-nc-nd,hybrid
062-883-928-100-414,Discovering Hidden Evidence,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Chet Hosmer,"ABSTRACT Over the past decade, the advancement of a myriad of methods, techniques and technologies to conceal digital evidence and covertly communicate have increased at an alarming rate. In addition, new information suggests that the download of an arsenal of software tools that perform these functions further suggests greater interest and usage of such cyber weapons. Steganography is here, and combined with the Internet and peer to peer networking, it provides criminals, gangs and terrorists with a viable and covert method of communication with guaranteed evidence concealment. This article discusses, in detail, the state-of-the-art in the most advanced Steganography tools and techniques available to perpetrators today. We include statistics regarding Steganography expansion, growth and usage, and discuss the specific digital forensic artifacts that help lead to discovery and extraction. All of the image files used to develop this article are available for free download from the publisher's online editio...",1,1,47,56,Steganalysis; Steganography; The Internet; Steganography tools; Covert; Digital evidence; Computer security; Computer science; Peer-to-peer; Digital forensics,,,,,https://www.tandfonline.com/doi/abs/10.1080/15567280500541447 https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Hosmer06,http://dx.doi.org/10.1080/15567280500541447,,10.1080/15567280500541447,2069422663,,0,,22,false,,
063-303-534-045-46X,Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context,2010-07-08,2010,journal article,Wireless Personal Communications,09296212; 1572834x,Springer Science and Business Media LLC,Netherlands,Nils Ulltveit-Moe; Vladimir A. Oleshchuk; Geir M. Køien,"The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mobile devices will be attractive targets for malicious software, and this threat will in some cases change with location. Mobile devices will store more sensitive information and will also be used to a larger extent for sensitive transactions than they typically do today. In addition, a distributed execution environment in itself gives raise to some new security challenges. In order to handle these security challenges, we have proposed the location-aware mIPS architecture, which benefits from a distributed execution environment where processor intensive services can be outsourced to Cloud hosting providers. The mIPS supports querying location threat profiles in a privacy-preserving way, and ensures that mIPS alerts sent to the the first-line MSS are anonymised. We finally perform an analysis of potential strengths and weaknesses of the proposed approach.",57,3,317,338,Information sensitivity; Mobile device; Virtual machine; Intrusion prevention system; Context (language use); Managed security service; Computer network; Intrusion detection system; Computer security; Computer science; Malware; Cloud computing,,,,,http://dx.doi.org/10.1007/s11277-010-0069-6 https://doi.org/10.1007/s11277-010-0069-6 https://dl.acm.org/doi/10.1007/s11277-010-0069-6 https://brage.bibsys.no/xmlui/handle/11250/137763 https://core.ac.uk/display/154603839 https://dblp.uni-trier.de/db/journals/wpc/wpc57.html#Ulltveit-MoeOK11 https://link.springer.com/article/10.1007/s11277-010-0069-6 https://core.ac.uk/download/pdf/52058936.pdf,http://dx.doi.org/10.1007/s11277-010-0069-6,,10.1007/s11277-010-0069-6,2061790016,,0,001-767-369-568-529; 006-229-453-249-356; 007-675-587-566-433; 008-427-496-931-275; 013-835-760-361-165; 021-432-670-158-44X; 021-964-212-885-794; 026-939-236-856-856; 032-792-071-763-777; 037-676-138-737-383; 038-914-873-897-532; 039-396-335-651-956; 040-208-966-048-066; 048-139-816-690-998; 076-456-315-513-680; 083-887-368-633-254; 094-787-955-499-302; 097-869-394-037-797; 107-606-781-909-600; 110-809-342-702-892; 130-531-778-524-662; 145-365-341-195-855; 149-855-338-542-884; 157-077-351-214-246; 165-052-229-618-967,26,true,,green
064-351-581-797-616,Auditing Hash Sets: Lessons Learned from Jurassic Park,2008-12-09,2008,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Jesse D. Kornblum,"Auditing a set of cryptographic hashes allows a forensic examiner to determine the state of a target directory as compared to those hashes. Unlike traditional hash comparison methods, an audit takes into account all of the files in the target directory and their relative paths. Not taking these data into account can impair examinations and tool certifications. An audit examines each file in the target directory, computes its hash, and compares it to a file containing the known hash values. Any file not in the set of known hashes is flagged as being inserted. When all of the files in the target directory have been examined, any known hashes that have not been matched are flagged as being missing. The result is a complete picture comparing the set of known hashes and the target directory.",2,3,108,112,Hash chain; Hash list; Set (abstract data type); SHA-2; Merkle tree; Hash tree; Directory; Computer science; Database; Hash function,,,,,https://www.tandfonline.com/doi/full/10.1080/15567280802385477 https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Kornblum08 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#Kornblum08 http://dx.doi.org/10.1080/15567280802385477 https://dl.acm.org/doi/10.1080/15567280802385477 https://dx.doi.org/10.1080/15567280802385477,http://dx.doi.org/10.1080/15567280802385477,,10.1080/15567280802385477,2049487832,,0,023-597-121-798-223; 058-205-117-706-853,2,false,,
064-608-732-369-725,Encryption safe harbours and data breach notification laws,,2010,journal article,Computer Law & Security Review,02673649,Elsevier BV,United Kingdom,Mark Burdon; Jason Reid; Rouhshi Low,"Data breach notification laws require organisations to notify affected persons or regulatory authorities when an unauthorised acquisition of personal data occurs. Most laws provide a safe harbour to this obligation if acquired data has been encrypted. There are three types of safe harbour: an exemption; a rebuttable presumption and factor-based analysis. We demonstrate, using three condition-based scenarios, that the broad formulation of most encryption safe harbours is based on the flawed assumption that encryption is the silver bullet for personal information protection. We then contend that reliance upon an encryption safe harbour should be dependent upon a rigorous and competent risk-based review that is required on a case-by-case basis. Finally, we recommend the use of both an encryption safe harbour and a notification trigger as our preferred choice for a data breach notification regulatory framework.",26,5,520,534,Business; Encryption; Information security management; Data breach; Personally identifiable information; Law; Silver bullet; Obligation; Rebuttable presumption; Data Protection Act 1998,,,,,https://eprints.qut.edu.au/37693/ https://www.sciencedirect.com/science/article/pii/S0267364910001056 https://dblp.uni-trier.de/db/journals/clsr/clsr26.html#BurdonRL10 https://espace.library.uq.edu.au/view/UQ:239168 http://www.sciencedirect.com/science/article/pii/S0267364910001056 https://core.ac.uk/download/10900776.pdf,http://dx.doi.org/10.1016/j.clsr.2010.07.002,,10.1016/j.clsr.2010.07.002,3124985924,,3,,4,true,,
065-452-675-566-99X,Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework,,2005,journal article,International Journal of Digital Evidence,,,,Ruibin Gong; Tony Kai Yun Chan; Mathias Gaertner,"Computer Forensics has grown rapidly in recent years. The current computer forensic investigation paradigm is laborious and requires significant expertise on the part of the investigators. This paper proposes a highly automatic and efficient framework to provide the Case-Relevance information, by binding computer intelligence technology to the current computer forensic framework. Computer intelligence is expected to offer more assistance in the investigation procedures and better knowledge reuse and sharing in computer forensics. Background Cybercrime is a mirror of the dark side of human society in the cyberworld. Its countermeasure, Computer Forensics, also referred as Digital Forensic Science, has been explicitly defined as, The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. [14] The process of ""identifying, preserving, analyzing, and presenting digital evidence in a manner that is legally acceptable via the application of computer technology to the investigation of computer based crime"" is called Forensic Computing [11] or Digital Evidence Investigation. As almost every piece of digital evidence could be challenged, computer forensic investigators are required to follow a rigorous process path. The work of the First Digital Forensics Research Workshop (DFRWS) [14] established a solid ground and allowed",4,,,,Computational intelligence; Computational criminology; Data science; Cybercrime; Digital evidence; Computer technology; Computer security; Computer science; Computer forensics; Documentation; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/ijde/ijde4.html#RuibinYG05 https://www.utica.edu/academic/institutes/ecii/publications/articles/B4A6A102-A93D-85B1-96C575D5E35F3764.pdf,https://dblp.uni-trier.de/db/journals/ijde/ijde4.html#RuibinYG05,,,2159280848,,0,020-944-423-224-895; 032-697-093-668-898; 035-448-415-847-226; 038-668-970-194-854; 085-669-579-012-375; 124-418-163-035-203; 145-900-307-293-904; 167-153-240-063-830; 179-703-555-795-891; 199-745-676-923-766,46,false,,
066-533-656-318-326,Children and geotagged images: quantitative analysis for security risk assessment,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Joanne Kuzma,"This paper investigates the levels of geocoding images with children pictures and discusses privacy and safety issues that may affect children. This study analysed the number of geocoded images of children's pictures on Flickr, a popular image-sharing site. For 50 of the top most expensive residential zip codes in the USA, the number of images that had geolocation tags was counted. Results showed significant number of images with children's faces that had geotagged information. The location information could possibly be used to locate a child's home or other location based on information publicly available on Flickr. Publishing geolocation data raises concerns about privacy and security of children when such personalised information is available to internet users who may have dubious reasons for accessing this data. People should understand the implications of this technology and post only appropriate data to protect themselves and their children.",4,1,54,64,Internet privacy; Risk assessment; World Wide Web; Publishing; Geolocation; Quantitative analysis (finance); Zip code; Internet users; Computer science; Geocoding; Geotagging,,,,,https://eprints.worc.ac.uk/1547/ https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#Kuzma12 http://www.inderscience.com/link.php?id=45390 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2012.045390 https://eprints.worc.ac.uk/1547/2/geocodenov2011ijesdf.pdf https://core.ac.uk/download/1915186.pdf,http://dx.doi.org/10.1504/ijesdf.2012.045390,,10.1504/ijesdf.2012.045390,2019957373,,0,008-606-469-426-189; 011-549-614-417-394; 015-369-189-468-277; 015-434-933-841-825; 016-127-926-558-745; 043-770-460-496-301; 051-668-591-619-606; 052-017-342-524-873; 077-977-456-868-338; 091-031-581-667-113; 188-117-754-943-206,4,true,cc0,green
066-602-804-060-133,The importance and the role of forensics of mobile,,2012,journal article,Facta universitatis - series: Electronics and Energetics,03533670; 22175997,National Library of Serbia,,Zaklina Spalevic; Zeljko Bjelajac; Marko Caric,"Scientific-technological development, along with initiating integrative;  forces that offer improvement of the quality of human life, concurrently;  created prerequisites for individuals to exploit certain innovations for;  performing criminal activities. Modern criminals wander through electronic;  networks, and assisted by high technology, perform a variety of criminal acts;  and “launder” large sums of money. Computer forensics is a technological,;  systemic control of the computer system and its content for the purpose of;  gathering evidence of a criminal act or other abuse that it has been used;  for. Digital forensics requires particular expertise that goes beyond;  traditional data collection, as well as employment of techniques available to;  the final user or system support personnel. In this context, this article;  examines principles, methods and procedures in mobile device investigation,;  which nowadays represent a multifunctional, powerful computer weapon, and;  considers the necessity to update concrete procedures in accordance with the;  development and growth of IT.",25,2,121,136,Engineering; Variety (cybernetics); Exploit; Mobile device; Quality (business); Context (language use); Computer security; Network forensics; Computer forensics; Digital forensics,,,,,http://www.doiserbia.nb.rs/Article.aspx?ID=0353-36701202121S http://www.doiserbia.nb.rs/ft.aspx?id=0353-36701202121S,http://dx.doi.org/10.2298/fuee1202121s,,10.2298/fuee1202121s,2055545391,,0,,2,true,cc-by-nc-nd,gold
067-044-937-238-014,The general age of leadership: Older-looking presidential candidates win elections during war,2012-05-23,2012,journal article,PloS one,19326203,Public Library of Science,United States,Brian R. Spisak,"As nation-state leaders age they increasingly engage in inter-state militarized disputes yet in industrialized societies a steady decrease in testosterone associated with aging is observed – which suggests a decrease in dominance behavior. The current paper points out that from modern societies to Old World monkeys increasing both in age and social status encourages dominant strategies to maintain acquired rank. Moreover, it is argued this consistency has shaped an implicit prototype causing followers to associate older age with dominance leadership. It is shown that (i) faces of older leaders are preferred during intergroup conflict and (ii) morphing U.S. Presidential candidates to appear older or younger has an overriding effect on actual election outcomes. This indicates that democratic voting can be systematically adjusted by activating innate biases. These findings appear to create a new line of research regarding the biology of leadership and contextual cues of age.",7,5,e36945,,Group conflict; Social status; Presidential system; Consistency (negotiation); Voting; Democracy; Medicine; Social psychology; Dominance (ethology); Politics,,"Age Factors; Conflict, Psychological; Democracy; Face; Female; Humans; Leadership; Male; Photic Stimulation; Politics",,,https://paperity.org/p/61338249/the-general-age-of-leadership-older-looking-presidential-candidates-win-elections-during https://dx.plos.org/10.1371/journal.pone.0036945 https://www.narcis.nl/publication/RecordID/oai%3Aresearch.vu.nl%3Apublications%2F718f804f-cf29-4807-a488-c07acb4ca7e8 https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0036945 https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3359335 http://dare.ubvu.vu.nl/handle/1871/40021?show=full https://research.vu.nl/ws/files/3151738/291303.pdf https://research.vu.nl/en/publications/the-general-age-of-leadership-older-looking-presidential-candidat https://europepmc.org/abstract/MED/22649504 http://core.ac.uk/display/15476708 https://core.ac.uk/download/pdf/15476708.pdf,http://dx.doi.org/10.1371/journal.pone.0036945,22649504,10.1371/journal.pone.0036945,1996128364,PMC3359335,0,000-592-446-642-051; 004-154-493-487-934; 007-038-072-322-77X; 010-697-497-547-701; 016-595-637-795-346; 017-873-774-014-730; 022-318-447-805-808; 025-780-253-077-979; 029-327-306-828-407; 037-411-318-666-70X; 043-465-462-377-321; 047-541-274-036-658; 051-926-382-102-474; 052-860-256-429-027; 059-863-664-938-515; 063-312-054-775-257; 065-870-300-634-353; 082-779-543-083-137; 103-066-423-242-762; 106-354-687-680-665; 113-601-898-961-511; 123-602-200-817-807; 130-619-690-246-289; 135-594-606-624-421; 153-815-804-615-699,36,true,cc-by,gold
067-675-478-830-924,Extracting Evidence from Filesystem Activity using Bayesian Networks,,2007,journal article,The International Journal of Forensic Computer Science,18099807; 19807333,ABEAT - Associacao Brasileira de Especialistas em Alta Tecnologia,,Muhammad Naeem Ahmed Khan; Chris Chatwin; Rupert Young,"This research aims to ascertain fi lesystem access patterns produced by different application programs, and evaluates their potential utility in improving digital forensic analyses. The access patterns produced by the proposed methodology can serve as a decision support system for determining the possible execution of certain applications in the event of computer misuse. For this purpose, we propose the use of a causal Bayesian network that summarizes the most important relationships among integral parameters relating to fi lesystem activities such as access, creation, modifi cation, fi le deletion, audit logs, registry entries and the manner in which the applications manipulate these parameters. Determining the state of a fi lesystem at a particular period of time is vital for conducting digital forensic analyses. Herein, we describe a Bayesian network-based technique to determine the state of a computer fi lesystem in terms of the program execution and fi les manipulated during some specific time period. Specifi cally, we discuss the construction of a Bayesian network from our prior knowledge of the manipulation of the fi lesystem and metadata information by a set of applications. The variations among the execution patterns of different applications indicate that the Bayesian network-based model is an appropriate tool, due to its ability to enable pattern learning and detection, even from an incomplete dataset. The focus of this paper is to highlight the merits of the Bayesian methods for learning, with regard to the techniques used for supervised learning in ordinary neural networks.",,,50,64,Decision support system; Bayesian probability; Data mining; Supervised learning; Bayesian network; Computer science; Artificial neural network; Event (computing); Digital forensics; Metadata,,,,,http://sro.sussex.ac.uk/id/eprint/27586/ http://srodev.sussex.ac.uk/id/eprint/27586/ http://www.ijofcs.org/V02N1-P04%20-%20Extracting%20Evidence%20from%20Filesystem.pdf https://www.ijofcs.org/abstract-v02n1-pp04.html,http://dx.doi.org/10.5769/j200701004,,10.5769/j200701004,1990058702,,0,002-479-677-540-966; 007-648-632-822-878; 007-790-059-029-953; 008-190-100-893-119; 013-441-842-090-74X; 031-661-643-699-664; 043-395-009-848-761; 050-340-870-980-087; 056-675-257-380-334; 057-429-060-353-036; 077-077-492-587-441; 081-750-398-716-413; 094-321-255-598-655; 094-332-505-126-057; 099-049-784-243-130; 108-681-692-730-365; 116-240-922-480-952; 116-299-850-471-630; 118-182-126-106-206; 118-347-856-286-336; 159-605-097-916-929; 163-463-595-909-442; 193-236-480-355-230,20,false,,
068-558-695-475-467,Dilemmas in Digital Forensics for Computer Equipment Security and Maintenance in Remote Ships,,2012,journal article,Advanced Materials Research,16628985,"Trans Tech Publications, Ltd.",,Hu Chen,"As remote ships have equipped a large number of computer equipments, the maintenance of such equipments confronts a great challenge. Since some embedded devices among them may be hacked by attackers or disabled by Byzantine failure, to discover the attacking originality and fault source present foremost importance. In this article, we discuss digital investigation and forensics as a general viewpoint. We point out some dilemmas that hinder the development of digital forensics, some of which may be fundamental problems. We propose to expand the concept of digital forensics to a wider scope so as to include digital investigation for information instead of only evidence. We also argue that the fostering of novel contributions should be relied on technical experts instead of law experts as emerging new techniques always result in new digital crimes. We promote the divorce between the technical experts who focus on the contribution of technologies, and legal authorities who are responsible to bridge the gap between technologies and standard/formalization. Digital forensics methods are encouraged to be publicly available, but the contributors should be aware of the possibility of anti-forensics.",490-495,,1382,1386,Forensic science; Bridge (nautical); Point (typography); Originality; Scope (project management); Computer security; Focus (computing); Computer science; Computer forensics; Digital forensics,,,,,https://www.scientific.net/AMR.490-495.1382,http://dx.doi.org/10.4028/www.scientific.net/amr.490-495.1382,,10.4028/www.scientific.net/amr.490-495.1382,2025495556,,0,030-359-893-882-572; 042-230-817-975-353; 045-243-807-828-458; 049-216-276-407-671; 081-933-261-712-915; 134-927-490-231-285,0,false,,
068-573-357-666-979,Bluepipe: A Scalable Architecture for On-the-Spot Digital Forensics,,2004,journal article,International Journal of Digital Evidence,,,,Yun Gao; Golden G. Richard; Vassil Roussev,"Traditional digital forensics methods are based on the in-depth examination of computer systems in a lab setting. Such methods are standard practice in acquiring digital evidence and are indispensable as an investigative approach. However, they are also relatively heavyweight and expensive and require significant expertise on part of the investigator. Thus, they cannot be applied on a wider scale and, in particular, they cannot be used as a tool by regular law enforcement officers in their daily work. This paper argues for the need for on-the-spot digital forensics tools that supplement lab methods and discuss the specific user and software engineering requirements for such tools. The authors present the Bluepipe architecture for on-the-spot investigation and the Bluepipe remote forensics protocol that they have developed and relate them to a set of requirements. They also discuss some of the details of their ongoing prototype implementation.",3,,,,Software engineering; Architecture; World Wide Web; Law enforcement; Scale (chemistry); Digital evidence; Computer science; Network forensics; Computer forensics; Digital forensics; Protocol (object-oriented programming),,,,,http://www.cs.uno.edu/~golden/Papers/bluepipe-ijde.pdf https://www.utica.edu/academic/institutes/ecii/publications/articles/A0B57A8C-B6FD-092A-4D06F7039867505D.pdf https://dblp.uni-trier.de/db/journals/ijde/ijde3.html#GaoRR04,https://dblp.uni-trier.de/db/journals/ijde/ijde3.html#GaoRR04,,,39046966,,0,,9,false,,
068-897-559-627-004,‘Nothing is the same as something else’: significant properties and notions of identity and originality,2010-06-10,2010,journal article,Archival Science,13890166; 15737519,Springer Science and Business Media LLC,Netherlands,Geoffrey Yeo,"What does it mean to claim that one record, one archival object, is identical to another? Questions of identity (or ‘sameness’) often arise in the fields of digital preservation, imaging, transcription and editing. Experts in these fields sometimes assert that success in their mission depends on the ability to define the ‘significant’ or ‘essential’ properties of records and that, if these can be protected, the identity of records will be preserved across episodes of migration or conversion. However, the determination of ‘significant properties’ is no less problematical than the debate about notions of ‘value’ in appraisal theory, not least because different user communities will bring different perceptions of what constitutes significance. The sameness of discrete entities, the concept of significance and the methods by which sameness or significance might be assessed are all open to dispute; opinions will inevitably depend on the contexts in which judgements are made. Originality is also a frequently contested notion, especially in the digital world, but must not be dismissed as meaningless. The copies that emerge from acts of migration, conversion or transcription are neither incontrovertibly identical to their originals nor carriers of properties that are objectively significant.",10,2,85,116,Epistemology; Nothing; Sociology; Transcription (linguistics); Law; Value (ethics); Originality; Digital preservation; Identity (philosophy); Object (philosophy); Appraisal theory,,,,,https://link.springer.com/article/10.1007%2Fs10502-010-9119-9/fulltext.html https://link.springer.com/content/pdf/10.1007%2Fs10502-010-9119-9.pdf https://link.springer.com/article/10.1007/s10502-010-9119-9 https://discovery.ucl.ac.uk/id/eprint/1318039 https://core.ac.uk/download/pdf/1883059.pdf,http://dx.doi.org/10.1007/s10502-010-9119-9,,10.1007/s10502-010-9119-9,2155269741,,0,000-683-933-780-180; 000-948-822-247-157; 007-346-327-861-13X; 010-170-763-684-610; 011-844-323-795-768; 014-566-476-942-628; 016-958-727-000-068; 020-143-782-126-453; 022-250-300-795-993; 022-979-583-124-124; 023-430-067-794-736; 024-698-137-772-836; 025-165-424-119-543; 029-091-880-903-442; 031-024-778-698-210; 032-960-619-192-843; 034-561-214-345-260; 034-968-497-632-861; 035-720-634-541-120; 037-046-582-591-345; 037-546-216-565-279; 037-781-590-817-608; 039-546-492-219-703; 039-657-957-944-430; 039-800-551-937-475; 040-076-670-791-772; 041-066-232-929-572; 043-230-620-542-884; 043-951-928-078-221; 046-570-475-470-545; 048-903-270-688-212; 049-065-153-926-791; 049-845-753-465-113; 050-296-636-280-378; 050-310-590-710-181; 056-697-080-198-429; 056-907-835-744-559; 057-986-332-547-515; 058-146-970-039-157; 058-626-588-911-824; 058-636-190-579-728; 058-971-741-283-260; 060-486-631-843-063; 067-470-740-680-724; 068-037-885-681-540; 069-689-937-128-684; 069-959-789-917-16X; 070-115-662-113-450; 072-969-810-112-145; 075-191-514-746-586; 078-232-974-684-440; 078-944-278-265-053; 079-107-836-482-959; 081-942-219-158-265; 082-887-637-643-543; 084-109-436-617-973; 085-502-390-386-408; 087-826-666-586-632; 089-471-489-482-607; 094-069-824-119-270; 094-208-053-784-48X; 094-919-894-543-85X; 095-070-261-084-792; 096-263-073-814-599; 096-514-179-092-137; 097-248-904-863-81X; 101-845-998-244-320; 103-328-270-001-112; 107-591-146-740-86X; 111-685-276-532-817; 114-861-212-122-287; 120-286-653-218-734; 120-440-203-353-739; 120-447-723-907-67X; 121-098-780-472-16X; 122-921-718-059-918; 123-763-716-904-490; 124-780-156-885-076; 125-643-385-990-30X; 127-182-261-022-837; 128-447-451-611-007; 128-825-952-518-498; 129-360-283-892-747; 133-053-709-996-16X; 135-009-139-201-306; 136-297-620-681-305; 137-218-757-438-400; 141-629-372-908-10X; 146-485-032-917-300; 148-571-180-308-199; 148-783-116-770-957; 156-185-814-078-781; 158-370-815-252-486; 158-934-891-832-563; 159-789-728-103-828; 166-482-133-121-581; 167-375-606-992-866; 173-874-962-369-142; 174-790-701-665-275; 176-003-285-438-416; 177-814-438-785-351; 178-187-641-931-971; 179-188-884-115-363; 184-448-015-162-474; 196-217-629-351-306,37,true,,green
069-267-487-675-364,Avoiding Sanctions at the E-Discovery Meet-And- Confer in Common Law Countries,,2010,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Milton Luoma; Vicki Luoma,"The rules of civil procedure in common law countries have been amended to better deal with the requirements of electronic discovery. One of the key changes in case management is the scheduling of a meet-and-confer session where the parties to litigation must meet early in the case before any discovery procedures have begun to exchange information regarding the nature, location, formats, and pertinent facts regarding custody and control of a party’s electronically stored information (ESI). Failure to abide by the rules and participate in good faith at the meet-and-confer session can have dire consequences for the parties and lawyers involved. The authors discuss the importance of creating and maintaining an ESI data map as a means to demonstrate good faith and effectively comply with the requirements of the meet-and-confer.",5,4,65,80,Internet privacy; Business; Common law; Electronically stored information; Key (cryptography); Control (management); Sanctions; Electronic discovery; Session (computer science); Computer security; Civil procedure,,,,,https://core.ac.uk/display/22166752 http://igneous.scis.ecu.edu.au/proceedings/2010/adf/luoma.pdf https://commons.erau.edu/cgi/viewcontent.cgi?article=1084&context=jdfsl https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl5.html#LuomaL10 https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1081&context=adf https://doi.org/10.15394/jdfsl.2010.1084 https://ro.ecu.edu.au/adf/82/ https://commons.erau.edu/jdfsl/vol5/iss4/4/ https://core.ac.uk/download/41527705.pdf,http://dx.doi.org/10.15394/jdfsl.2010.1084,,10.15394/jdfsl.2010.1084,1505606280,,0,037-576-680-061-477,0,true,cc-by-nc,gold
070-054-261-247-654,Analyzing Spoofed E-mail Headers,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Bob Radvanovsky,"ABSTRACT This document hopes to provide a fundamental understanding about how to read and interpret electronic mail headers, and what tools and methods may be utilized to interpret if they are legitimate or artificial. Some of the examples used within this document were taken from real-life electronic mail messages received by the author, and were felt to be authentic enough for inclusion for this topic. The document begins with a single example, and presents analysis, from start to finish, drawing any possible conclusion as to how to decipher the analysis.",1,3,231,243,World Wide Web; Inclusion (education); DECIPHER; Spoofing attack; Electronic mail; Computer science,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Radvanovsky06 https://doi.org/10.1080/15567280601142178 https://www.tandfonline.com/doi/abs/10.1080/15567280601142178,http://dx.doi.org/10.1080/15567280601142178,,10.1080/15567280601142178,2057450754,,0,135-342-148-906-091,6,false,,
071-070-563-268-81X,PhishScope: Tracking Phish Server Clusters,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,John S. Quarterman,"ABSTRACT Phishing often seems an intractable problem, because phishers go to such lengths to hide their tracks by staging attacks through multiple countries and legal regimes. Targets of phishing and law enforcement thus have few levers to use against phishing. This article demonstrates one such lever: a method (PhishScope) for pinpointing a cluster of active phishing servers that are all connected to the same part of the same Internet service provider (ISP) and are thus located in the same legal regime. Targets of phishing can use information about phishing server clusters to encourage ISPs to take appropriate action such as taking down rogue servers. An ISP infested by a phishing cluster may be unaware of its presence, so the receipt of such information may be all it takes to persuade an ISP to take action. Law enforcement agencies (LEAs) may not want to expend any effort on a single phishing report, but a cluster of phishing servers, especially one that involves multiple targets of phishing, may be wor...",1,2,103,114,Internet privacy; Exploit; Botnet; Receipt; Law enforcement; Computer security; Computer science; Spoofed URL; Phishing; Server; Vulnerability (computing),,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#Quarterman06,http://dx.doi.org/10.1080/15567280600995808,,10.1080/15567280600995808,2027063184,,0,,4,false,,
071-525-719-873-484,Provenance-Based Reproducibility in the Semantic Web,,2011,journal article,Journal of Web Semantics,15708268,Elsevier BV,Netherlands,Luc Moreau,"Reproducibility is a crucial property of data since it allows users to understand and verify how data was derived, and therefore allows them to put their trust in such data. Reproducibility is essential for science, because the reproducibility of experimental results is a tenet of the scientific method, but reproducibility is also beneficial in many other fields, including automated decision making, visualization, and automated data feeds. To achieve the vision of reproducibility, the workflow-based community has strongly advocated the use of provenance as an underpinning mechanism for reproducibility, since a rich representation of provenance allows steps to be reproduced and all intermediary and final results checked and validated. Concurrently, multiple ontology-based representations of provenance have been devised, to be able to describe past computations, uniformly across a variety of technologies. However, such Semantic Web representations of provenance do not have any formal link with execution. Even assuming a faithful and non-malicious environment, how can we claim that an ontology-based representation of provenance enables reproducibility, since it has not been given any execution semantics, and therefore has no formal way of expressing the reproduction of computations? This is the problem that this paper tackles by defining a denotational semantics for the Open Provenance Model, which is referred to as the reproducibility semantics. This semantics is used to implement a reproducibility service, leveraging multiple Semantic Web technologies, and offering a variety of reproducibility approaches, found in the literature. A series of empirical experiments were designed to exhibit the range of reproducibility capabilities of our approach; in particular, we demonstrate the ability to reproduce computations involving multiple technologies, as is commonly found on the Web.",9,2,202,221,Semantics; Ontology (information science); Workflow; Denotational semantics; Semantic Web; Information retrieval; Visualization; Service (systems architecture); Computer science; Property (programming),,,,,http://www.sciencedirect.com/science/article/pii/S1570826811000163 https://dx.doi.org/10.1016/j.websem.2011.03.001 https://www.sciencedirect.com/science/article/pii/S1570826811000163 https://eprints.soton.ac.uk/271554/1/reproducibility.pdf http://dx.doi.org/10.1016/j.websem.2011.03.001 https://dblp.uni-trier.de/db/journals/ws/ws9.html#Moreau11 https://core.ac.uk/display/1511258 https://eprints.soton.ac.uk/271554/,http://dx.doi.org/10.1016/j.websem.2011.03.001,,10.1016/j.websem.2011.03.001,2064235063,,1,000-220-804-849-777; 003-180-067-846-095; 006-218-506-495-822; 007-862-353-501-50X; 011-727-965-707-886; 011-760-255-307-129; 012-347-334-882-049; 013-618-362-603-877; 014-432-607-846-238; 015-878-600-369-806; 025-806-670-032-344; 026-562-441-118-206; 027-894-609-985-723; 029-697-886-543-763; 030-371-496-223-778; 030-439-404-001-915; 030-785-519-991-500; 032-150-492-398-988; 032-876-432-166-23X; 033-292-300-474-828; 036-595-285-518-411; 039-807-307-685-44X; 045-456-632-871-831; 049-481-165-627-556; 049-710-651-071-73X; 051-049-950-941-590; 052-712-601-180-281; 053-614-938-318-618; 054-041-083-496-419; 054-440-494-713-631; 054-510-590-101-871; 055-273-720-158-666; 058-017-521-666-98X; 059-112-511-613-974; 059-423-995-030-713; 060-617-362-872-807; 063-810-810-137-114; 067-822-704-991-10X; 069-520-860-818-746; 069-774-794-388-871; 082-149-187-419-792; 087-064-638-468-411; 088-688-896-865-534; 093-924-528-715-586; 099-533-968-894-485; 100-303-223-246-184; 104-758-205-558-797; 106-738-117-826-979; 112-873-054-773-601; 130-033-756-755-441; 137-292-579-653-532; 144-243-209-420-89X; 153-518-262-292-889; 157-559-320-366-337; 159-434-820-647-606; 161-592-600-557-647; 162-998-170-549-634; 166-130-153-003-727; 171-324-140-110-79X; 175-803-269-723-769; 176-353-055-276-319; 176-733-540-784-32X; 181-457-788-117-099; 181-566-126-729-873; 184-849-170-291-898; 192-872-380-513-589; 198-862-301-079-227,39,true,,green
071-834-390-116-996,Supporting security against SYN flooding attacks in distributed denial-of-service via measuring internet protocol flow information export-based traffic,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,H. Alipour; M. Esmaeili; Kashefi Kia,"Distributed denial-of-service (DDoS) attacks on public servers after 2000 have became a serious problem. In the DDoS attacks often seen recently, multiple distributed nodes concurrently attack a single server. To assure that essential network services will not be interrupted, faster and more effective defence mechanisms are needed to protect against malicious traffics, especially SYN floods. One of the problems in detecting SYN flood traffics is that server nodes or firewalls cannot distinguish the SYN packets of normal TCP connections from those of a SYN flood attack. Our method, FDFIX, relies on the use of monitoring and measurement techniques to evaluate the impact of denial-of-service (DoS) attacks. It uses flow-based measurements. Capturing flow information is very important for detecting DoS and other kinds of attacks. Flow monitoring allows detecting suspicious traffics, and in the next step can analyse attacking flows and the results can be used for defence methods. Our method provides required information for many mechanisms that use traffic measurement as its input.",2,1,49,57,SYN flood; Network packet; IP Flow Information Export; Flow monitoring; Computer network; Internet Protocol; Flow (mathematics); Computer security; Denial-of-service attack; Computer science; Server,,,,,https://www.inderscience.com/link.php?id=23875 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2009.023875 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#AlipourEK09,http://dx.doi.org/10.1504/ijesdf.2009.023875,,10.1504/ijesdf.2009.023875,2036321923,,0,000-714-572-360-752; 004-854-649-797-398; 030-970-826-117-48X; 045-166-622-882-339; 055-552-112-151-921; 055-649-885-312-572; 057-084-364-633-175; 061-203-150-269-869; 083-902-287-420-92X; 113-759-186-080-61X; 128-208-113-384-341; 146-364-198-604-813; 152-366-033-629-234; 152-422-722-505-804; 161-828-727-465-510; 162-598-911-610-12X; 164-100-855-943-668; 165-512-916-414-493,1,false,,
072-447-630-272-055,Building Foundations for Digital Records Forensics: A Comparative Study of the Concept of Reproduction in Digital Records Management and Digital Forensics,2011-09-01,2011,journal article,The American Archivist,03609081,Society of American Archivists,United States,Sherry L. Xie,"The Digital Records Forensics project is a research collaboration among the fields of digital records management, law, and police investigation. It seeks to develop concepts and methods for determining the authenticity of digital records when they no longer exist in their originating environment. The project began with comparative studies of scholarly literature in each field to lay a conceptual foundation on which other research methodologies, such as analysis of case law, case study, and ethnography, can be designed and executed. The project expects that this conceptual foundation, along with findings from the other methodologies, will facilitate the proposal of a new discipline called digital records forensics, which will be beneficial to all relevant professions, with complementary strengths deriving from each participating field. This article reports on one of the comparative studies, which examined the concept of reproduction in the fields of digital records management and digital forensics. It pres...",74,2,576,599,Engineering; World Wide Web; Common law; Data science; Reproduction (economics); Police investigation; Digital records; Conceptual foundation; Field (computer science); Computer forensics; Digital forensics,,,,,https://www.jstor.org/stable/23079051 https://meridian.allenpress.com/american-archivist/article/74/2/576/24199/Building-Foundations-for-Digital-Records-Forensics https://americanarchivist.org/doi/10.17723/aarc.74.2.e088666710692t3k,http://dx.doi.org/10.17723/aarc.74.2.e088666710692t3k,,10.17723/aarc.74.2.e088666710692t3k,2191650818,,0,,7,true,,bronze
072-532-879-804-973,Kindle Forensics: Acquisition & Analysis,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Peter Hannay,"The Amazon Kindle eBook reader supports a wide range of capabilities beyond reading books. This functionality includes an inbuilt cellular data connection known as Whispernet. The Kindle provides web browsing, an application framework, eBook delivery and other services over this connection. The historic data left by user interaction with this device may be of forensic interest. Analysis of the Amazon Kindle device has resulted in a method to reliably extract and interpret data from these devices in a forensically complete manner.",6,2,17,24,World Wide Web; Application framework; Cellular data; Computer science; Multimedia; Reading (process); Web navigation; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Hannay11 https://commons.erau.edu/jdfsl/vol6/iss2/3/ https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1810&context=ecuworks2011 http://data.openduck.com/wp-posts/2011/05/paper-kindle/reader.pdf https://core.ac.uk/display/91760741 https://commons.erau.edu/cgi/viewcontent.cgi?article=1093&context=jdfsl https://ro.ecu.edu.au/ecuworks2011/811/,http://dx.doi.org/10.15394/jdfsl.2011.1093,,10.15394/jdfsl.2011.1093,1837775972,,0,,4,true,cc-by-nc,gold
072-734-762-754-349,Radio frequency fingerprinting commercial communication devices to enhance electronic security,,2008,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,William Suski; Michael A. Temple; Michael J. Mendenhall; Robert F. Mills,"There is a current shift toward protecting against unauthorised network access at the open systems interconnection physical layer by exploiting radio frequency characteristics that are difficult to mimic. This work addresses the use of RF 'fingerprints' to uniquely identify emissions from commercial devices. The goal is to exploit inherent signal features using a four step process that includes: 1. feature generation, 2. transient detection, 3. fingerprint extraction and 4. classification. Reliable transient detection is perhaps the most important step and is addressed here using a variance trajectory approach. Following transient detection, two fingerprinting and classification methods are considered, including 1. power spectral density (PSD) fingerprints with spectral correlation and 2. statistical fingerprints with multiple discriminant analysis-maximum likelihood (MDA-ML) classification. Each of these methods is evaluated using the 802.11a orthogonal frequency-division multiplexing (OFDM) signal. For minimal transient detection error, results show that amplitude-based detection is most effective for 802.11a OFDM signals. It is shown that MDA-ML classification provides approximately 8.5-9.0% better classification performance than spectral correlation over a range of analysis signal-to-noise ratios (SNRA) using three hardware devices from two manufacturers. Overall, greater than 80% classification accuracy is achieved for spectral correlation at SNRA > 6 dB and for MDA-ML classification at SNRA > -3 dB.",1,3,301,322,Artificial intelligence; Spectral density; Pattern recognition; Physical layer; Multiplexing; Fingerprint (computing); Transient (oscillation); Computer security; Orthogonal frequency-division multiplexing; Computer science; Multiple discriminant analysis; Radio frequency,,,,,https://www.inderscience.com/link.php?id=20946 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#SuskiTMM08 https://dl.acm.org/doi/10.1504/IJESDF.2008.020946 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2008.020946 https://dl.acm.org/citation.cfm?id=1454749,http://dx.doi.org/10.1504/ijesdf.2008.020946,,10.1504/ijesdf.2008.020946,2112338171,,0,007-141-734-571-464; 017-668-647-489-677; 022-090-881-787-210; 026-439-192-253-875; 041-813-551-001-233; 043-302-311-711-648; 052-879-573-132-964; 056-424-577-469-112; 064-340-074-573-948; 066-472-065-950-737; 085-391-765-861-326; 092-793-180-974-822; 106-142-719-531-708; 109-911-470-516-07X; 116-372-807-748-09X; 142-472-382-550-977; 143-935-087-533-984; 185-006-664-998-296; 193-966-320-077-213,59,false,,
073-140-033-457-49X,Understanding the multiframe caricature advantage for recognizing facial composites,,2012,journal article,Visual Cognition,13506285; 14640716,Informa UK Limited,United Kingdom,Charlie D. Frowd; Faye Collette Skelton; Chris J Atherton; Melanie Pitchford; Vicki Bruce; Rebecca Atkins; Carol Gannon; David Ross; Fern Young; Laura Nelson; Gemma Hepton; Alex H. McIntyre; Peter J. B. Hancock,"Eyewitnesses often construct a “composite” face of a person they saw commit a crime, a picture that police use to identify suspects. We described a technique (Frowd, Bruce, Ross, McIntyre, & Hancock, 2007) based on facial caricature to facilitate recognition of these images: Correct naming substantially improves when composites are seen with progressive positive caricature, where distinctive information is enhanced, and then with progressive negative caricature, the opposite. Over the course of four experiments, the underpinnings of this mechanism were explored. Positive-caricature levels were found to be largely responsible for improving naming of composites, with some benefit from negative-caricature levels. Also, different frame-presentation orders (forward, reverse, random, repeated) facilitated equivalent naming benefit relative to static composites. Overall, the data indicate that composites are usually constructed as negative caricatures.",20,10,1215,1241,Commit; Psychology; Composite material; Construct (philosophy); Face (geometry); Facial composite; Face space,,,,,https://www.tandfonline.com/doi/abs/10.1080/13506285.2012.743936 http://core.ac.uk/display/340342 https://core.ac.uk/download/74030196.pdf,http://dx.doi.org/10.1080/13506285.2012.743936,,10.1080/13506285.2012.743936,1990383467,,0,003-630-924-057-601; 004-482-736-001-023; 004-488-760-823-382; 004-519-964-582-911; 005-365-786-759-805; 006-287-178-739-443; 011-451-705-196-579; 015-248-252-251-775; 017-291-181-540-065; 020-958-136-943-173; 022-679-802-612-642; 024-977-549-038-461; 032-734-950-377-914; 035-112-872-126-951; 039-735-333-325-923; 043-083-550-735-99X; 045-614-132-250-503; 045-722-904-169-683; 049-044-363-871-220; 051-113-936-879-78X; 054-777-390-684-868; 055-193-988-249-171; 055-772-997-217-493; 059-530-848-117-441; 060-271-888-762-615; 066-575-685-694-983; 067-959-746-978-621; 070-029-086-733-641; 071-263-907-353-761; 073-288-159-448-303; 080-321-035-100-124; 084-187-182-476-405; 089-161-900-719-544; 096-653-618-285-783; 106-354-687-680-665; 111-696-213-935-874; 117-771-288-284-397; 120-629-213-873-390; 134-260-039-666-484; 139-702-529-828-105; 183-621-525-648-394; 193-566-877-632-824,11,true,,green
073-634-485-520-605,The Foundations for Provenance on the Web,,2010,journal article,Foundations and Trends® in Web Science,1555077x; 15550788,Now Publishers,United States,Luc Moreau,"Provenance, i.e., the origin or source of something, is becoming an important concern, since it offers the means to verify data products, to infer their quality, to analyse the processes that led to them, and to decide whether they can be trusted. For instance, provenance enables the reproducibility of scientific results; provenance is necessary to track attribution and credit in curated databases; and, it is essential for reasoners to make trust judgements about the information they use over the Semantic Web. As the Web allows information sharing, discovery, aggregation, filtering and flow in an unprecedented manner, it also becomes very difficult to identify, reliably, the original source that produced an information item on the Web. Since the emerging use of provenance in niche applications is undoubtedly demonstrating the benefits of provenance, we contend that provenance can and should reliably be tracked and exploited on the Web, and we survey the necessary foundations to achieve such a vision. Using multiple data sources, we have compiled the largest bibliographical database on provenance so far. This large corpus allows us to analyse emerging trends in the research community. Specifically, using the CiteSpace tool, we identify clusters of papers that constitute research fronts, from which we derive characteristics that we use to structure our foundational framework for provenance on the Web. We note that such an endeavour requires a multi-disciplinary approach, since it requires contributions from many computer science sub-disciplines, but also other non-technical fields given the human challenge that is anticipated. To develop our vision, it is necessary to provide a definition of provenance that applies to the Web context. Our conceptual definition of provenance is expressed in terms of processes, and is shown to generalise various definitions of provenance commonly encountered. Furthermore, by bringing realistic distributed systems assumptions, we refine our definition as a query over assertions made by processes. Given that the majority of work on provenance has been undertaken by the database, workflow and e-science communities, we review some of their work, contrasting approaches, and focusing on important topics we believe to be crucial for bringing provenance to the Web, such as abstraction, collections, storage, queries, workflow evolution, semantics and activities involving human interactions. However, provenance approaches developed in the context of databases and workflows essentially deal with closed systems. By that, we mean that workflow or database management systems are in full control of the data they manage, and track their provenance within their own scope, but not beyond. In the context of the Web, a broader approach is required by which chunks of provenance representation can be brought together to describe the provenance of information flowing across multiple systems. This is the specific purpose of the Open Provenance Vision, which is an approach that consists of controlled vocabulary, serialization formats and interfaces that allow the provenance of individual systems to be expressed, connected in a coherent fashion, and queried seamlessly. In this context, the Open Provenance Model is an emerging community-driven representation of provenance, which has been actively used by some twenty teams to exchange provenance information according to the Open Provenance Vision. Having identified an open approach and a model for provenance, we then look at techniques that have been proposed to expose provenance over the Web. We also study how Semantic Web technologies have been successfully exploited to express, query and reason over provenance. Symmetrically, we also identify how Semantic Web technologies such as RDF underpinning the Linked Data effort bring their own difficulties with respect to provenance. A powerful argument for provenance is that it can help make systems transparent, so that it becomes possible to determine whether a particular use of information is appropriate under a set of rules. Such capability helps make systems and information accountable. To offer accountability, provenance itself must be authentic, and rely on security approaches that we review. We then discuss systems where provenance is the basis of an auditing mechanism to check past processes against rules or regulations. In practice, not all users want to check and audit provenance, instead, they may rely on measures of quality or trust; hence, we review emerging provenance-based approaches to compute trust and quality of data",2,2-3,99,241,Provenance; World Wide Web; Computer science; Geology; Paleontology,,,,,,http://dx.doi.org/10.1561/1800000010,,10.1561/1800000010,,,2,,132,true,,green
073-695-675-203-95X,REGAP: A Tool for Unicode-Based Web Identity Fraud Detection,,2006,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Anthony Y. Fu; Xiaotie Deng; Liu Wenyin,"ABSTRACT We anticipate the widespread usage of an internationalized resource identifier (IRI) 1 or internationalized domain name (IDN) 2 on the web as complement to universal resource identifier (URI). IRI/IDN is composed of characters in a subset of Unicode, such that a Unicode attack 3 to IRI/IDN could happen. Hence, visually or semantically, certain phishing IRI/IDNs may show high similarity to the real ones. The potential phishing attacks based on this strategy are very likely to happen in the near future with the boosting utilization of IRI/IDN. We invented a method to detect such phishing attack. We constructed a unicode character similarity list (UC-SimList) based on char-char visual and semantic similarities and use a nondeterministic finite automaton (NFA) 4 to identify the potential IRI/IDN-based phishing patterns. We implemented a phishing IRI/IDN pattern generation tool, REGAP, by which phishing IRI/IDN patterns can be generated into regular expressions (RE) for phishing IRI/IDN detection. We ...",1,2,83,97,Regular expression; World Wide Web; Nondeterministic finite automaton; Information retrieval; Identity fraud; Internationalized Resource Identifier; Uniform resource identifier; Pattern generation; Computer science; Unicode; Phishing,,,,,https://dx.doi.org/10.1080/15567280600995501 http://dx.doi.org/10.1080/15567280600995501 https://doi.org/10.1080/15567280600995501 https://dblp.uni-trier.de/db/journals/jdfp/jdfp1.html#FuDW06 https://www.tandfonline.com/doi/abs/10.1080/15567280600995501,http://dx.doi.org/10.1080/15567280600995501,,10.1080/15567280600995501,2072123701,,0,,11,false,,
074-807-554-462-816,Real time DDoS detection using fuzzy estimators,,2012,journal article,Computers & Security,01674048,Elsevier BV,United Kingdom,Stavros Shiaeles; Vasilios Katos; Alexandros Karakos; Basil K. Papadopoulos,"We propose a method for DDoS detection by constructing a fuzzy estimator on the mean packet inter arrival times. We divided the problem into two challenges, the first being the actual detection of the DDoS event taking place and the second being the identification of the offending IP addresses. We have imposed strict real time constraints for the first challenge and more relaxed constraints for the identification of addresses. Through empirical evaluation we confirmed that the detection can be completed within improved real time limits and that by using fuzzy estimators instead of crisp statistical descriptors we can avoid the shortcomings posed by assumptions on the model distribution of the traffic. In addition we managed to obtain results under a 3 sec detection window.",31,6,782,790,Data mining; Network packet; Estimator; Event (probability theory); Denial-of-service attack; Computer science; Fuzzy logic; Identification (information),,,,,https://pearl.plymouth.ac.uk/bitstream/10026.1/12691/1/1-s2.0-S0167404812000922-main.pdf http://sphinx.vtrip.net/wp-content/uploads/2013/pdf/publications/SPHINX_Paper_1.3_COSE.pdf http://dx.doi.org/10.1016/j.cose.2012.06.002 https://www.researchgate.net/profile/Stavros_Shiaeles/publication/235926911_Real_time_DDoS_detection_using_fuzzy_estimators/links/0c9605154e469183c3000000.pdf https://dblp.uni-trier.de/db/journals/compsec/compsec31.html#ShiaelesKKP12 http://www.sciencedirect.com/science/article/pii/S0167404812000922 https://puredev.port.ac.uk/en/publications/real-time-ddos-detection-using-fuzzy-estimators https://www.sciencedirect.com/science/article/pii/S0167404812000922 https://pearl.plymouth.ac.uk/handle/10026.1/12691 https://dx.doi.org/10.1016/j.cose.2012.06.002 https://core.ac.uk/download/161509134.pdf,http://dx.doi.org/10.1016/j.cose.2012.06.002,,10.1016/j.cose.2012.06.002,2037515642,,2,004-958-418-263-168; 007-570-930-783-996; 010-077-540-414-916; 012-676-277-376-007; 016-069-293-695-818; 017-251-546-879-162; 018-852-890-761-008; 022-539-133-857-655; 024-997-981-512-466; 035-031-752-285-232; 037-666-847-172-232; 041-715-189-572-148; 044-207-303-448-297; 048-307-990-352-820; 055-649-885-312-572; 057-973-382-980-410; 058-251-506-273-681; 058-488-795-152-493; 061-217-786-470-362; 062-381-889-734-86X; 062-545-984-689-970; 063-919-540-397-600; 065-954-726-530-728; 067-619-029-405-889; 069-369-641-479-431; 070-772-931-001-802; 077-041-992-329-604; 111-153-330-938-483; 111-390-107-410-466; 116-581-228-904-79X; 120-325-088-511-397; 121-925-707-429-807; 122-892-275-693-708; 124-161-928-981-963; 132-961-812-650-738; 143-585-663-061-202; 145-448-398-515-665; 148-998-524-403-839; 167-376-785-292-308; 172-755-574-664-088; 189-367-665-347-996; 193-431-185-074-798,68,true,cc-by-nc,green
076-409-723-198-972,Detection Method of Digital Forensics Based on Double-JPEG Compression Statistical Characteristics,,2009,journal article,Journal of Nanjing Institute of Technology,,,,Huang Jian,"In order to identify and detect digital forensics effectively,this paper puts forward a new detection method based on double-JPEG compression statistical characteristics.The detection was conducted by detecting the previous quantification coefficients of double-JPEG compressed image pieces.To begin with,features of DCT histograms of particular coefficients of double compression were examined.Then support vector machines were used to estimate the original quantification coefficients from double-compressed images and the image areas with different quantification coefficients are of concern.Finally,a series of experiments was carried out to verify the performance and reliability of this method based on various double-JPEG compressed images.",,,,,Image (mathematics); Series (mathematics); Support vector machine; Artificial intelligence; Pattern recognition; Discrete cosine transform; Compression (functional analysis); Computer vision; Computer science; Reliability (statistics); Histogram; Digital forensics,,,,,https://en.cnki.com.cn/Article_en/CJFDTOTAL-NJGC200902009.htm,https://en.cnki.com.cn/Article_en/CJFDTOTAL-NJGC200902009.htm,,,2368304063,,0,,0,false,,
077-891-475-444-920,Network forensic for web JPEG image transmission,,2010,journal article,Journal of Statistics and Management Systems,09720510; 21690014,Informa UK Limited,,Che-Jen Hsieh; Jung-Shian Li; Wei-Cheng Liu,"Abstract Nowadays, web transmission is common and JPEG image are widespread on the Internet. But digital distribution may suffer problems including illegal duplication, piracy and pornographic inundation. Pictures circulating on the Internet are mostly in JPEG format. It is important for digital forensic measure to provide evidences of illegal distribution. In this paper, a digital feature retrieval scheme for JPEG images is proposed to avoid disseminating unlawful JPEG images. The scheme could extract JPEG binary data at the packet level using a DC feature to search for suspicious files. According to the experiment results, our method could reduce the storage volume of JPEG image files and retrieve effective features quickly from the network.",13,4,689,699,The Internet; Artificial intelligence; Network packet; JPEG; Binary data; Computer vision; Computer science; Volume (compression); Feature (computer vision); Transmission (telecommunications); Digital forensics,,,,,https://www.tandfonline.com/doi/abs/10.1080/09720510.2010.10701496,http://dx.doi.org/10.1080/09720510.2010.10701496,,10.1080/09720510.2010.10701496,2322591934,,0,003-668-914-408-512; 005-663-388-424-669; 143-258-961-799-311; 144-318-037-199-44X; 184-897-235-429-285,0,false,,
079-560-154-656-697,Identification of inpainted images and natural images for digital forensics,2009-05-27,2009,journal article,Journal of Electronics (China),02179822; 19930615,Springer Science and Business Media LLC,China,Qiong Wu; Shaojie Sun; Wei Zhu; Guo-Hui Li,"Image forensics is a form of image analysis for finding out the condition of an image in the complete absence of any digital watermark or signature. It can be used to authenticate digital images and identify their sources. While the technology of exemplar-based inpainting provides an approach to remove objects from an image and play visual tricks. In this paper, as a first attempt, a method based on zero-connectivity feature and fuzzy membership is proposed to discriminate natural images from inpainted images. Firstly, zero-connectivity labeling is applied on block pairs to yield matching degree feature of all blocks in the region of suspicious, then the fuzzy memberships are computed and the tampered regions are identified by a cut set. Experimental results demonstrate the effectiveness of our method in detecting inpainted images.",26,3,341,345,Inpainting; Digital watermarking; Artificial intelligence; Image analysis; Computer vision; Computer science; Digital image; Cut; Fuzzy logic; Feature (computer vision); Digital forensics,,,,,https://link.springer.com/article/10.1007/s11767-007-0219-5 https://rd.springer.com/article/10.1007/s11767-007-0219-5,http://dx.doi.org/10.1007/s11767-007-0219-5,,10.1007/s11767-007-0219-5,2145245821,,0,037-423-792-391-123; 041-566-224-917-775; 062-277-230-762-299; 069-528-465-236-961; 092-648-730-279-314; 127-001-239-843-174; 131-161-724-039-419; 135-262-782-091-897; 170-969-810-504-627,4,false,,
081-032-497-600-401,A System for Formal Digital Forensic Investigation Aware of Anti-Forensic Attacks,,2012,journal article,IEEE Transactions on Information Forensics and Security,15566013; 15566021,Institute of Electrical and Electronics Engineers (IEEE),United States,Slim Rekhis; Noureddine Boudriga,"To defeat the process of investigation and make the analysis and reconstruction of attack scenarios difficult, challenging, or even impossible, attackers are motivated by conducting anti-forensic attacks. Several methods were proposed by the literature to formally reconstruct the sequence of events executed during the incident using theoretical and scientifically proven methods. However, these methods are not tailored to cope with anti-forensic attacks, as they assume that the collected evidence is trusted, do not model anti-forensic actions, and do not characterize provable anti-forensic attacks based on the knowledge of attacks, security solutions, and forms of evidence expected to be generated. We develop in this work a theoretical approach of digital investigation aware of anti-forensic attacks. After describing an investigation process which is able to address these attacks, we develop a state-based logic to describe the investigated system, the deployed security solution, the evidence they provide, and the library of attacks. An inference system is proposed to mitigate anti-forensic attacks and generate potential scenarios starting from traces that were targeted by these attacks. To exemplify the proposal, we provide a case study related to the investigation of an incident that exhibited anti-forensic attacks.",7,2,635,650,Forensic science; Digital forensic investigation; Computer security; Computer science; Process (engineering); State (computer science); Computer forensics; Digital forensics,,,,,https://ieeexplore.ieee.org/document/6081933/ http://ieeexplore.ieee.org/document/6081933/ https://doi.org/10.1109/TIFS.2011.2176117 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000006081933 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000006081933 https://dblp.uni-trier.de/db/journals/tifs/tifs7.html#RekhisB12,http://dx.doi.org/10.1109/tifs.2011.2176117,,10.1109/tifs.2011.2176117,2001436649,,0,001-009-008-665-240; 005-102-962-333-180; 005-859-821-142-158; 007-832-595-971-443; 008-475-550-011-549; 010-086-703-646-194; 032-192-641-675-455; 032-875-845-675-054; 035-403-390-260-816; 043-187-906-113-750; 043-499-798-259-789; 045-935-396-341-342; 054-507-171-824-189; 062-032-128-092-406; 078-598-867-814-365; 085-300-731-185-861; 087-868-527-983-406; 098-666-081-238-973; 098-944-026-156-091; 116-344-252-215-864; 133-397-275-695-990; 144-145-473-017-363; 157-954-859-648-506; 183-855-428-130-288; 184-948-841-629-735; 199-745-676-923-766,35,false,,
081-075-040-457-06X,Digital crime – A review article,2010-01-06,2010,journal article,Journal of Forensic Medicine,24721026,,,C.R. Vasudeva Murthy; P.S. Chidananda; Manisa Mohanty; Natasha Nambia; K.P. Harsha,"As computers become more integrated into people's daily lives, investigators are encountering an increasing amount of evidence of criminal activity in the digital form. There is growing need of understanding these methods and trained experts to process digital evidence. So training and laws related must keep pace with advances in computer technology making digital forensics an exciting field.",4,1,58,60,Internet privacy; Review article; Pace; Digital evidence; Computer technology; Mathematics; Field (computer science); Process (engineering); Digital forensics,,,,,http://www.i-scholar.in/index.php/ijfmt/article/view/45843 http://www.indianjournals.com/ijor.aspx?target=ijor:ijfmt&volume=4&issue=1&article=020,http://www.i-scholar.in/index.php/ijfmt/article/view/45843,,,3038072372,,0,,0,false,,
082-038-706-094-28X,Exploring the iPhone Backup Made by iTunes,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Mario Piccinelli; Paolo Gubian,"The iPhone mobile from Apple Inc. is one of the most notable phones on the market thanks to its simple and user-friendly interface and ever growing pool of available high quality applications for both personal and business use. The increasing use of iPhone mobiles leads forensics practitioners towards the need for tools to access and analyze the information stored in the device. This research aims at describing how to forensically analyze a logical backup of an iPhone made by the Apple iTunes utility, understanding its structure and creating a simple tool to automate the process of decoding and analyzing the data. It was found that significant data of forensic value such as e-mail messages, text and multimedia messages, calendar events, browsing history, GPRS locations, contacts, call history and voicemail recordings can be retrieved using this method of iPhone acquisition.",6,3,31,62,Interface (computing); World Wide Web; Voicemail; SIMPLE (military communications protocol); Quality (business); Backup; Computer science; Process (engineering); Dumb pipe; General Packet Radio Service,,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#PiccinelliG11 https://commons.erau.edu/jdfsl/vol6/iss3/4/ https://commons.erau.edu/cgi/viewcontent.cgi?article=1099&context=jdfsl https://oaji.net/articles/2014/1095-1408805394.pdf https://core.ac.uk/display/53620383,http://dx.doi.org/10.15394/jdfsl.2011.1099,,10.15394/jdfsl.2011.1099,1787226260,,9,066-718-492-512-253; 075-268-039-596-63X,4,true,cc-by-nc,gold
082-643-248-806-379,Investigating the Privacy Policy Adoption among Malaysia E-Government Websites: Towards Conceptualizing the E-Privacy Assessment Framework,,2011,journal article,"International Journal on Advanced Science, Engineering and Information Technology",24606952; 20885334,Insight Society,Indonesia,Nor Asiakin Hasbullah; Nor Laila Md Noor; Wan Abdul Rahim Wan Mohd Isa; Nor Farizma Manaf,"Malaysia E-government had improved the government services and overcome barriers faced by the public in the offline environment. The government initiatives to safeguard the interest of the public had transcended to include privacy protection. The Personal Data Protection Act 2009 is considered as  one of the initiatives that had been  successfully  passed by  the  Malaysia Government  by April 2010. However, the implementation and governance of the Act is still subjected to minister’s  decision. This study  aims in parallel with the government initiatives by investigating the  adoption of  privacy policy  among the  Malaysia's  egovernment  websites. This study is importance towards examining the  current  level of awareness for the importance for privacy protection being provided for the  public,  before the full  enforcement of the  Act. Samples of 154 websites were selected by using convenient sampling from Malaysia government portal (http://www.malaysia.gov.my), which comprises  of federal and state governments. The evaluation process was done by using personal observation through an adopted indicators of privacy policies from Jamal Maier and Sunder in 2002 by observing the links provided for 'privacy policy statements', 'privacy policy notice' and 'privacy policy'. The study revealed several issues pertaining privacy policy adoption among Malaysia e-government site and highlights few recommendations and future works towards conceptualization of e-privacy assessment framework in Malaysia e-government context.",1,3,311,316,Privacy policy; Information privacy; Business; Government; Management; Privacy by Design; Context (language use); Corporate governance; Public relations; Data Protection Act 1998; Information privacy law,,,,,http://ijaseit.insightsociety.org/index.php?option=com_content&view=article&id=9&Itemid=1&article_id=65 https://core.ac.uk/download/pdf/296922136.pdf,http://dx.doi.org/10.18517/ijaseit.1.3.65,,10.18517/ijaseit.1.3.65,1545476266,,0,,1,true,cc-by-sa,hybrid
082-775-557-914-116,WiFi networks and malware epidemiology.,2009-01-26,2009,journal article,Proceedings of the National Academy of Sciences of the United States of America,10916490; 00278424,Proceedings of the National Academy of Sciences,United States,Hao Hu; Steven Myers; Vittoria Colizza; Alessandro Vespignani,"In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attacks. In this article, we consider several scenarios for the deployment of malware that spreads over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for georeferenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little as 2 weeks, with the majority of the infections occurring in the first 24–48 h. We indicate possible containment and prevention measures and provide computational estimates for the rate of encrypted routers that would stop the spreading of the epidemics by placing the system below the percolation threshold.",106,5,1318,1323,Software deployment; Encryption; Communication channel; Computer network; Computer security; Computer science; Malware; Wireless; Georeference,,"Computer Security; Internet; Models, Theoretical; Radio Waves",,NIDA NIH HHS (R21 DA024259) United States; NIDA NIH HHS (R21-DA024259) United States,https://arxiv.org/pdf/0706.3146.pdf https://www.pnas.org/content/106/5/1318.full.pdf https://arxiv.org/abs/0706.3146 https://dblp.uni-trier.de/db/journals/corr/corr0706.html#abs-0706-3146 https://www.jstor.org/stable/40272375 https://ui.adsabs.harvard.edu/abs/2007arXiv0706.3146H/abstract https://www.pnas.org/content/106/5/1318 http://www.pnas.org/content/early/2009/01/26/0811973106.abstract https://www.epicx-lab.com/uploads/9/6/9/4/9694133/pnas-2009-hu-0811973106.pdf https://www.pnas.org/content/pnas/106/5/1318.full.pdf https://www.ncbi.nlm.nih.gov/pubmed/19171909 http://europepmc.org/articles/PMC2635807 http://arxiv.org/abs/0706.3146,http://dx.doi.org/10.1073/pnas.0811973106,19171909,10.1073/pnas.0811973106,2057541707,PMC2635807,0,000-203-627-584-442; 001-143-989-871-830; 004-523-537-851-007; 008-499-990-780-364; 024-387-638-894-876; 028-912-795-337-481; 039-491-996-707-094; 042-495-334-732-596; 044-345-261-905-116; 057-498-126-693-56X; 063-190-811-897-241; 063-872-911-277-769; 064-299-895-727-973; 064-354-379-549-444; 070-258-869-018-15X; 091-481-548-909-094; 100-877-865-143-446; 104-883-306-292-441; 106-143-468-845-036; 115-315-697-698-96X; 117-890-360-795-426; 120-373-824-017-845; 121-423-763-457-589; 126-009-592-182-880; 127-606-420-011-665; 135-803-465-914-166; 135-968-239-606-232; 147-839-588-881-755; 171-442-735-828-167; 179-729-483-673-013; 196-347-228-081-216; 197-411-692-357-263,87,true,,green
082-849-036-283-530,Technology Corner: Analysing E-Mail Headers for Forensic Investigation,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,M. Tariq Banday,"Electronic Mail (E-Mail), which is one of the most widely used applications of Internet, has become a global communication infrastructure service.  However, security loopholes in it enable cybercriminals to misuse it by forging its headers or by sending it anonymously for illegitimate purposes, leading to e-mail forgeries. E-mail messages include transit handling envelope and trace information in the form of structured fields which are not stripped after messages are delivered, leaving a detailed record of e-mail transactions.  A detailed header analysis can be used to map the networks traversed by messages, including information on the messaging software and patching policies of clients and gateways, etc. Cyber forensic e-mail analysis is employed to collect credible evidence to bring criminals to justice. This paper projects the need for e-mail forensic investigation and lists various methods and tools used for its realization. A detailed header analysis of a multiple tactic spoofed e-mail message is carried out in this paper. It also discusses various possibilities for detection of spoofed headers and identification of its originator. Further, difficulties that may be faced by investigators during forensic investigation of an e-mail message have been discussed along with their possible solutions.",6,2,49,64,The Internet; World Wide Web; Spoofing attack; Software; Realization (linguistics); Electronic mail; Computer security; Computer science; Header; TRACE (psycholinguistics); Identification (information),,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Banday11 https://doi.org/10.15394/jdfsl.2011.1095 https://commons.erau.edu/cgi/viewcontent.cgi?article=1095&context=jdfsl https://core.ac.uk/display/92113181 https://commons.erau.edu/jdfsl/vol6/iss2/5/,http://dx.doi.org/10.15394/jdfsl.2011.1095,,10.15394/jdfsl.2011.1095,1594771085,,0,006-828-660-980-525; 009-342-159-773-994; 024-381-049-056-789; 025-133-963-800-833; 029-543-295-199-700; 042-417-058-634-055; 066-418-632-421-51X; 070-054-261-247-654; 078-935-926-461-358; 088-934-374-787-875; 091-852-245-492-922; 111-878-613-551-48X; 115-192-727-768-90X; 120-257-424-137-321; 122-425-714-955-923; 141-243-112-061-502; 144-089-463-339-461; 159-584-170-360-868,8,true,cc-by-nc,gold
083-097-133-928-799,Determining Image Origin and Integrity Using Sensor Noise,,2008,journal article,IEEE Transactions on Information Forensics and Security,15566013,Institute of Electrical and Electronics Engineers (IEEE),United States,Mo Chen; Jessica Fridrich; Miroslav Goljan; Jan Lukás,"In this paper, we provide a unified framework for identifying the source digital camera from its images and for revealing digitally altered images using photo-response nonuniformity noise (PRNU), which is a unique stochastic fingerprint of imaging sensors. The PRNU is obtained using a maximum-likelihood estimator derived from a simplified model of the sensor output. Both digital forensics tasks are then achieved by detecting the presence of sensor PRNU in specific regions of the image under investigation. The detection is formulated as a hypothesis testing problem. The statistical distribution of the optimal test statistics is obtained using a predictor of the test statistics on small image blocks. The predictor enables more accurate and meaningful estimation of probabilities of false rejection of a correct camera and missed detection of a tampered region. We also include a benchmark implementation of this framework and detailed experimental validation. The robustness of the proposed forensic methods is tested on common image processing, such as JPEG compression, gamma correction, resizing, and denoising.",3,1,74,90,Artificial intelligence; Noise reduction; Fingerprint recognition; Gamma correction; Digital camera; Computer vision; Computer science; Image sensor; Image processing; Robustness (computer science),,,,,http://ieeexplore.ieee.org/document/4451084 https://dblp.uni-trier.de/db/journals/tifs/tifs3.html#ChenFGL08 https://dl.acm.org/doi/10.1109/TIFS.2007.916285 http://dx.doi.org/10.1109/TIFS.2007.916285 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000004451084 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000004451084 https://dx.doi.org/10.1109/TIFS.2007.916285 https://ieeexplore.ieee.org/document/4451084,http://dx.doi.org/10.1109/tifs.2007.916285,,10.1109/tifs.2007.916285,2096754397,,24,005-826-410-065-126; 006-715-003-756-565; 013-766-124-774-712; 014-209-941-360-32X; 016-617-865-487-243; 019-298-660-018-682; 035-491-956-504-991; 039-909-224-291-709; 040-008-392-568-081; 040-425-146-348-064; 045-812-091-260-656; 047-197-420-161-829; 056-817-850-080-480; 060-510-472-523-253; 064-189-799-565-495; 067-192-574-918-890; 068-419-065-330-87X; 069-528-465-236-961; 073-101-904-398-447; 073-843-574-944-320; 075-737-442-687-063; 076-704-896-134-67X; 077-417-527-557-313; 084-206-568-186-081; 088-756-740-481-093; 108-896-114-392-841; 114-683-350-855-519; 125-162-036-005-386; 128-981-158-424-27X; 129-818-534-707-094; 135-262-782-091-897; 135-323-514-589-740; 139-720-476-501-860; 140-400-621-815-704; 155-899-306-652-415; 173-881-114-277-726; 180-088-494-514-913; 180-552-666-228-97X; 184-897-235-429-285,744,true,,green
083-366-581-383-158,The Trojan Made Me Do It: A First Step in Statistical Based Computer Forensics Event Reconstruction,,2004,journal article,International Journal of Digital Evidence,,,,Megan Carney; Marc Rogers,"The current study was exploratory and represents a first attempt at a standardized method for digital forensics event reconstruction based on statistical significance at a given error rate (α = .01). The study used four scenarios to test the ability to determine whether contraband images located on a system running Windows XP were intentionally downloaded or downloaded without the user’s consent or knowledge. Seven characteristics or system variables were identified for comparison; using a stepwise discriminant analysis, the seven characteristics were reduced to four. It was determined that a model consisting of two characteristics-- the average of the difference between file creation times and the median of the difference between file creation times -- was the best model for discriminating the intentional action at α = .01. The implications of this finding and suggestions for future research are discussed.",2,,,,Data mining; Trojan; Event reconstruction; Test (assessment); Stepwise discriminant analysis; Word error rate; Computer science; Computer forensics; Digital forensics,,,,,https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2004-15.pdf https://www.utica.edu/academic/institutes/ecii/publications/articles/A0B2CCCB-E6FC-6840-AF4A01356B9B687A.pdf https://dblp.uni-trier.de/db/journals/ijde/ijde2.html#CarneyR04,https://dblp.uni-trier.de/db/journals/ijde/ijde2.html#CarneyR04,,,2121504725,,0,058-205-117-706-853; 064-461-905-099-548; 100-436-172-024-424; 138-097-495-143-351; 151-378-930-836-964; 199-745-676-923-766,29,false,,
085-343-554-667-033,High-speed search using Tarari content processor in digital forensics,,2008,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Jooyoung Lee; Sung-Kyong Un; Dowon Hong,"Recently, ''Speed'' is one of the hot issues in digital forensics. Thanks to a recent advanced technology, today we can get bigger hard drive disks at a lower price than previously. But unfortunately, it means for forensic investigators that they need tremendous time and effort in the sequence of process of creating forensic images, searching into them and analyzing them. In order to solve this problem, some methods have been proposed to improve performance of forensic tools. One of them getting attention is a hardware-based approach. However, such a way is limited in the field of evidence cloning or password cracking while it is rarely used in searching and analysis of the digital evidence. In this paper, we design and implement a high-speed search engine using a Tarari content processor. Furthermore, we show feasibility of our approach by comparing its performance and features to those of a popular forensic tool currently on the market.",5,,S91,S95,Cloning (programming); World Wide Web; Order (exchange); Content processor; Digital evidence; Field (computer science); Password cracking; Computer science; Process (engineering); Multimedia; Digital forensics,,,,,https://www.sciencedirect.com/science/article/pii/S1742287608000388 https://www.dfrws.org/2008/proceedings/p91-lee_pres.pdf https://dl.acm.org/doi/10.1016/j.diin.2008.05.006 http://www.sciencedirect.com/science/article/pii/S1742287608000388 https://dblp.uni-trier.de/db/journals/di/di5.html#LeeUH08 https://doi.org/10.1016/j.diin.2008.05.006,http://dx.doi.org/10.1016/j.diin.2008.05.006,,10.1016/j.diin.2008.05.006,1990797171,,0,052-665-370-203-554; 102-602-192-826-532; 113-264-745-950-390; 196-787-983-201-436,14,true,cc-by-nc-nd,hybrid
085-816-961-933-906,Temporal Forensics and Anti-Forensics for Motion Compensated Video,,2012,journal article,IEEE Transactions on Information Forensics and Security,15566013; 15566021,Institute of Electrical and Electronics Engineers (IEEE),United States,Matthew C. Stamm; W. S. Lin; K.J.R. Liu,"Due to the ease with which digital information can be altered, many digital forensic techniques have been developed to authenticate multimedia content. Similarly, a number of anti-forensic operations have recently been designed to make digital forgeries undetectable by forensic techniques. However, like the digital manipulations they are designed to hide, many anti-forensic operations leave behind their own forensically detectable traces. As a result, a digital forger must balance the trade-off between completely erasing evidence of their forgery and introducing new evidence of anti-forensic manipulation. Because a forensic investigator is typically bound by a constraint on their probability of false alarm (P_fa), they must also balance a trade-off between the accuracy with which they detect forgeries and the accuracy with which they detect the use of anti-forensics. In this paper, we analyze the interaction between a forger and a forensic investigator by examining the problem of authenticating digital videos. Specifically, we study the problem of adding or deleting a sequence of frames from a digital video. We begin by developing a theoretical model of the forensically detectable fingerprints that frame deletion or addition leaves behind, then use this model to improve upon the video frame deletion or addition detection technique proposed by Wang and Farid. Next, we propose an anti-forensic technique designed to fool video forensic techniques and develop a method for detecting the use of anti-forensics. We introduce a new set of techniques for evaluating the performance of anti-forensic operations and develop a game theoretic framework for analyzing the interplay between a forensic investigator and a forger. We use these new techniques to evaluate the performance of each of our proposed forensic and anti-forensic techniques, and identify the optimal actions of both the forger and forensic investigator.",7,4,1315,1329,Frame (networking); Forensic science; Message authentication code; Set (psychology); Information retrieval; False alarm; Computer security; Computer science; Computer forensics; Data compression; Digital forensics,,,,,http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000006222325 https://dblp.uni-trier.de/db/journals/tifs/tifs7.html#StammLL12 http://dx.doi.org/10.1109/TIFS.2012.2205568 https://ieeexplore.ieee.org/document/6222325/ https://dl.acm.org/doi/10.1109/TIFS.2012.2205568 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000006222325 https://dx.doi.org/10.1109/TIFS.2012.2205568 http://ieeexplore.ieee.org/document/6222325/ http://sig.umd.edu/publications/Stamm_TIFS_201208.pdf,http://dx.doi.org/10.1109/tifs.2012.2205568,,10.1109/tifs.2012.2205568,2016828421,,0,006-715-003-756-565; 012-624-635-540-803; 015-717-506-603-742; 018-172-332-749-013; 023-624-827-239-301; 024-242-565-906-946; 024-793-013-451-77X; 031-876-583-652-183; 040-639-509-253-00X; 041-796-476-831-023; 045-294-718-031-754; 051-035-217-903-949; 055-256-082-961-475; 056-148-934-103-963; 068-413-789-098-79X; 077-218-726-181-521; 079-709-089-662-769; 083-097-133-928-799; 092-522-060-753-940; 106-688-419-298-857; 120-453-234-664-794; 122-164-403-164-304; 135-262-782-091-897; 140-408-113-219-371; 166-999-959-693-14X,162,true,,green
085-818-796-196-55X,Ossification Degrees of Cranial Sutures Determined with Flat-Panel Computed Tomography: Narrowing the Age Estimate with Extrema,2010-03-15,2010,journal article,Journal of forensic sciences,15564029; 00221198,Wiley-Blackwell,United States,S Harth; Martin Obert; Frank Ramsthaler; Christina Reuss; Horst Traupe; Marcel A. Verhoff,"Since Broca's time (1824-1880), ossification of the neurocranial sutures has been used as a characteristic of age. Current approaches include the visual macroscopic examination of ecto and endocranial sutures. The evaluation of the cross-section of sutures usually necessitates the destruction of the neurocranium. In a nondestructive alternative approach that was tested within the context of the ""Digital Forensic Osteology"" project that ran in cooperation with the Virtopsy-Project, it emerged that the resolution of conventional multi-slice computed tomography data sets was not high enough to image sutures. Thus for the experiments presented here, the eXplore Locus Ultra flat-panel computed tomography scanner from GE Healthcare was used. Calottes were scanned during autopsy and then immediately returned to the corpse. So far, the skullcaps of 221 individuals have been scanned. The cross-sections of 14 suture segments could be assessed for seven previously defined stages of ossification. In a converse step, the 14 highest and lowest age estimate values corresponding to the individual stages of suture closure found were estimated for each calotte. The obtained ranges narrowing down the age estimate were evaluated with statistics. A mean value of 43.31 years for the range of narrowed age estimates shows that this method can be a useful aid in estimating age. The results of intra- and inter-observer tests showed good overall agreement between the findings of three observers. This method is suitable for a nondestructive age estimation and can be used for the entire calotte.",55,3,690,694,Biomedical engineering; Tomography; Forensic anthropology; Maxima and minima; Ossification; Neurocranium; Cranial sutures; Orthodontics; Mathematics; Computed tomography; Osteology,,"Adolescent; Adult; Age Determination by Skeleton/methods; Aged; Aged, 80 and over; Child; Child, Preschool; Cranial Sutures/anatomy & histology; Female; Forensic Anthropology/methods; Humans; Image Processing, Computer-Assisted; Imaging, Three-Dimensional; Infant; Male; Middle Aged; Osteogenesis; Tomography, X-Ray Computed; Young Adult",,,https://onlinelibrary.wiley.com/doi/10.1111/j.1556-4029.2010.01342.x https://onlinelibrary.wiley.com/doi/10.1111/j.1556-4029.2010.01342.x/pdf https://europepmc.org/abstract/MED/20345795 https://pubmed.ncbi.nlm.nih.gov/20345795/,http://dx.doi.org/10.1111/j.1556-4029.2010.01342.x,20345795,10.1111/j.1556-4029.2010.01342.x,2022996424,,0,002-554-004-317-169; 011-400-430-560-879; 011-437-447-262-957; 020-357-660-304-120; 021-482-884-779-722; 024-457-262-232-102; 027-081-885-888-403; 029-078-630-519-839; 031-056-855-501-837; 033-819-041-231-845; 036-164-642-351-53X; 039-958-405-349-958; 041-312-562-189-221; 043-290-644-526-680; 045-058-312-924-021; 046-871-011-732-526; 057-599-446-529-382; 058-480-533-339-462; 059-817-360-623-824; 064-763-080-472-427; 066-425-497-512-624; 067-749-584-427-994; 070-013-598-429-874; 079-946-445-629-586; 080-288-596-378-300; 083-011-234-201-409; 087-131-928-334-443; 119-930-123-785-861,36,false,,
085-859-710-144-099,Steganalysis Using Color Model Conversion,2011-12-31,2011,journal article,Signal & Image Processing : An International Journal,22293922,Academy and Industry Research Collaboration Center (AIRCC),,P. Thiyagarajan; Gnanasekaran Aghila; V. Prasanna Venkatesan,"The major threat in cyber crime for digital forensic examiner is to identify, analyze and interpret the concealed information inside digital medium such as image, audio and video. There are strong indications that hiding information inside digital medium has been used for planning criminal activities. In this way, it is important to develop a steganalysis technique which detects the existence of hidden messages inside digital medium. This paper focuses on universal image steganalysis method which uses RGB to HSI colour model conversion. Any Universal Steganalysis algorithm developed should be tested with various stego-images to prove its efficiency. The developed Universal Steganalysis algorithm is tested in stego-image database which is obtained by implementing various RGB Least Significant Bit Steganographic algorithms. Though there are many stego-image sources available on the internet it lacks in the information such as how many rows has been infected by the steganography algorithms, how many bits have been modified and which channel has been affected. These parameters are important for Steganalysis algorithms and it helps to rate its efficiency. Proposed Steganalysis using Colour Model has been tested with our Image Database and the results were affirmative.",2,4,201,211,Steganalysis; Steganography; The Internet; Image (mathematics); Artificial intelligence; Pattern recognition; Computer science; Least significant bit; RGB color model; Digital forensics; Channel (digital image),,,,,https://dblp.uni-trier.de/db/journals/corr/corr1206.html#abs-1206-2914 https://arxiv.org/abs/1206.2914 http://dblp.uni-trier.de/db/journals/corr/corr1206.html#abs-1206-2914 https://arxiv.org/pdf/1206.2914.pdf,http://dx.doi.org/10.5121/sipij.2011.2417,,10.5121/sipij.2011.2417,2963662902,,0,,4,true,,bronze
086-348-717-781-367,Fast digital video forensics method based on object detection,,2009,journal article,Application Research of Computers,,,,Wang Wei,"It is very difficult for the digital forensics investigators to find out the evidences and clues of the case from huge numbers of video data automaticaly,accuratly and quickly.This paper focused on the digital video about drop or left object in public places,and presented a fast method which was suitable for massive video data forensics.The experimental result proves the effectiveness of the method.",,,,,AdaBoost; Artificial intelligence; Video tracking; Object detection; Digital video; Computer vision; Background subtraction; Computer science; Scale-invariant feature transform; Object (computer science); Digital forensics,,,,,http://en.cnki.com.cn/Article_en/CJFDTOTAL-JSYJ200903091.htm,http://en.cnki.com.cn/Article_en/CJFDTOTAL-JSYJ200903091.htm,,,2376995120,,0,,0,false,,
086-606-552-361-098,"CSI: Hard Drive: Hate Groups, Terrorist Activity, Pimping. A Day in the Life of Local Law Enforcement? No, Just a Routine Sweep of School Computers. Digital Forensic Technology Is Uncovering the Bad, Sometimes Criminal Behavior Students and Faculty Are Guilty Of",,2008,journal article,T.H.E. Journal Technological Horizons in Education,,,,Julie Sturgeon,"ACTING ON INFORMATION from students who report seeing a classmate looking at inappropriate material on a school computer, school officials use forensics software to plunge the depths of the PC's hard drive, searching for evidence of improper activity. Images are found in a deleted Internet Explorer cache as well as deleted file space. Additional evidence collected from log files is joined with the software-gathered evidence to identify the student who was logged on at the time the images appeared on the computer. Once the investigation concludes the offending student is suspended for three days. Later, in a suit brought by the student's parents, the district successfully defends its position by showing the use of proven evidence-collecting methods and procedures--and providing a written appropriate use policy that the student is shown to have violated. So is the story told by Brent Williams, an educational technology specialist at Kennesaw State University in Georgia. He says there are many more where that came from. ""It's happening at school systems everywhere now,"" Williams says. ""The variety [of offenses] is almost endless. If you can think of a technology, someone has figured out a way to abuse it within a school system."" Remember the rumor about Coach Henderson and the cheerleader? Did they or didn't they? Before the advent of the information age, such prurient school gossip never got past the whispering stage. Today, as in the case Williams recounted, such transgressions usually leave a digital trail, where they are dead meat for the investigative powers of computer forensic technology. Forensic software tools can root the truth out of any misappropriated computer, often generating unsettling findings for school administrators when they learn what members of their staff, faculty, and student body have been up to. The worst the kids are usually caught doing are acts of cyberbullying--dissing each other on MySpace or using e-mail to send profanity-laced notes, etc. Posting, in addition to viewing, raunchy photos on MySpace is also a common student offense. That's small potatoes versus what file searches are coming up with on the grown-ups. A gym coach's dalliance with a cheerleader can seem positively nostalgic compared to the array of untoward activities that experts say forensic tools are unearthing: harassment, participation in hate groups, gun purchases, terrorist activity, pimping. On top of that, Williams says there is a ""huge problem with staff or faculty surfing pornography during school hours or on school equipment-actually having child pornography on their PC, or carrying on an inappropriate relationship with a student, using school computers for e-mail or chat."" [ILLUSTRATION OMITTED] Because of the danger this kind of behavior presents to schools and the community at large, districts need to have at least basic forensic capabilities in order to bring the culprits to light. Williams says that means ""being prepared with the right technical expertise and software to address the situations."" He estimates you could call officials in any decent-sized school district with sufficient resources and learn they have invested in computer forensic tools and are currently putting them to work on solving a particular case. Assembling a Team School IT professionals are fortunate that they can count on software to do the heavy lifting at every point of an investigation. Software can not only collect forensic evidence, but also help users write the subsequent report to submit to an attorney or the courts. But the real strength of forensic technology is its ability to slice and dice the data it retrieves to help school districts find the needle in the haystack. According to Brian Karney, senior vice president of the corporate division at AccessData in Lindon, UT, the ability of forensic tools to find evidence is so sophisticated, their credibility goes unquestioned in court proceedings. …",35,1,22,,Internet privacy; The Internet; Sociology; Educational technology; Law; Child pornography; Law enforcement; Rumor; Pornography; Digital forensics; Information Age,,,,,https://www.questia.com/library/journal/1G1-174101678/csi-hard-drive-hate-groups-terrorist-activity,https://www.questia.com/library/journal/1G1-174101678/csi-hard-drive-hate-groups-terrorist-activity,,,236050184,,0,,0,false,,
086-705-619-249-214,Preparing for the age of the digital palimpsest,2012-08-31,2012,journal article,Library Hi Tech,07378831,Emerald,United Kingdom,Jason Bengtson,"Purpose – The purpose of this paper is to define and stimulate interest in a potential new specialty within the information science field.Design/methodology/approach – Sources on digital forensics and digital archeology are discussed, and the topic is examined critically from a librarian perspective. The author examines the possibility of an information science specialty pursuing the reconstruction of “digital palimpsests”, where data that later becomes historically significant has been deleted or partially overwritten on digital media.Findings – The author identifies at least one key incident (the NASA moon landing tapes) where this potential field has already started to be defined. Examination of the literature indicates that emphasis in data recovery to this point has centered on the needs of law enforcement and disaster recovery rather than on the considerations of manuscript preservation, recovery, and curation. The author emphasizes the need for librarians to bring together the skills of multiple fi...",30,3,513,522,Information technology; Disaster recovery; Data management; Data science; Law enforcement; Computer science; Digital library; Engineering ethics; Digital forensics; Data curation; Information science,,,,,https://dblp.uni-trier.de/db/journals/lht/lht30.html#Bengtson12 https://www.emerald.com/insight/content/doi/10.1108/07378831211266636/full/html https://core.ac.uk/display/33381889 https://www.emeraldinsight.com/doi/abs/10.1108/07378831211266636 https://core.ac.uk/download/33381889.pdf,http://dx.doi.org/10.1108/07378831211266636,,10.1108/07378831211266636,2042602410,,0,016-983-559-523-04X; 040-576-453-232-211; 044-834-247-088-997; 074-933-143-629-826; 081-056-635-953-384; 113-785-550-473-284; 149-881-992-194-908,2,true,,green
086-797-454-184-758,Developing a Process Model for the Forensic Extraction of Information from Desktop Search,,2008,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Timothy Pavlic; Jill Slay; Benjamin Turnbull,"Desktop search applications can contain cached copies of files that were deleted from the file system. Forensic investigators see this as a potential source of evidence, as documents deleted by suspects may still exist in the cache. Whilst there have been attempts at recovering data collected by desktop search applications, there is no methodology governing the process, nor discussion on the most appropriate means to do so. This article seeks to address this issue by developing a process model that can be applied when developing an information extraction application for desktop search applications, discussing preferred methods and the limitations of each. This work represents a more structured approach than other forms of current research.",3,1,3,,Cache; World Wide Web; Information extraction; Information retrieval; Desktop search; File system; Digital evidence; Potential source; Computer science; Process (engineering),,,,,https://commons.erau.edu/jdfsl/vol3/iss1/3/ https://commons.erau.edu/cgi/viewcontent.cgi?article=1036&context=jdfsl,http://dx.doi.org/10.15394/jdfsl.2008.1036,,10.15394/jdfsl.2008.1036,2484169089,,0,008-769-224-564-600; 037-521-095-659-71X; 038-668-970-194-854; 039-209-076-376-817; 051-396-487-896-017; 140-821-103-436-654; 157-441-602-786-23X; 184-948-841-629-735,1,true,cc-by-nc,gold
086-938-632-051-111,A novel time-memory trade-off method for password recovery,,2009,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Vrizlynn L. L. Thing; Hwei-Ming Ying,"As users become increasingly aware of the need to adopt strong password, it hinders the digital forensics investigations due to the password protection of potential evidence data. In this paper, we analyse and discuss existing password recovery methods, and identify the need for a more efficient and effective method to aid the digital forensics investigation process. We show that our new time-memory trade-off method is able to achieve up to a 50% reduction in terms of the storage requirement in comparison to the well-known rainbow table method while maintaining the same success rate. Even when taking into consideration the effect of collisions, we are able to demonstrate a significant increase (e.g. 13.28% to 19.14%, or up to 100% based on considering total plaintext-hash pairs generation) in terms of the success rate of recovery if the storage requirement and the computational complexity are to remain the same.",6,,S114,S120,Password; Computational complexity theory; Cryptanalysis; Computer security; Computer science; Rainbow table; Password strength; Digital forensics; Effective method; Reduction (complexity),,,,,https://www.sciencedirect.com/science/article/pii/S1742287609000462#! https://dl.acm.org/doi/10.1016/j.diin.2009.06.004 https://www.sciencedirect.com/science/article/pii/S1742287609000462 http://dfrws.org/2009/proceedings/p114-thing.pdf https://doi.org/10.1016/j.diin.2009.06.004 https://www.sciencedirect.com/science/article/abs/pii/S1742287609000462 https://isiarticles.com/bundles/Article/pre/pdf/23068.pdf https://dblp.uni-trier.de/db/journals/di/di6.html#ThingY09,http://dx.doi.org/10.1016/j.diin.2009.06.004,,10.1016/j.diin.2009.06.004,2108933516,,0,044-610-933-081-979; 047-765-581-706-060; 064-864-523-451-530; 067-293-008-185-082; 152-507-755-318-418; 157-968-198-734-606; 163-165-789-113-826; 163-705-108-545-565; 177-425-768-444-606,16,true,cc-by-nc-nd,hybrid
087-108-271-246-434,The Analysis and Detection of Double JPEG2000 Compression Based on Statistical Characterization of DWT Coefficients,,2012,journal article,Energy Procedia,18766102,Elsevier BV,,Wang Wei; Wang Rangding,"Abstract Detection of double image compression is all the world to the analysis of tampered image and image steganalysis. In order to detect double JPEG2000 compression, through the comparison with JPEG double compression, we analysis the different statistical characterization of DWT coefficients’ frequency histogram under single and double compression because of post compression rate distortion optimization(PCRD-opt algorithm)in JPEG2000 codec. We find a new statistical characterization which is different form double JPEG compression. Under certain conditions, experimental results show that such features can be used to detect whether the JPEG2000 image is double compressed or not.",17,,623,629,Image compression; Artificial intelligence; Lossy compression; Pattern recognition; JPEG; Quantization (image processing); Computer science; Texture compression; Data compression; Lossless compression; Data compression ratio,,,,,https://www.sciencedirect.com/science/article/pii/S187661021200481X#! https://www.sciencedirect.com/science/article/abs/pii/S187661021200481X https://www.sciencedirect.com/science/article/pii/S187661021200481X https://core.ac.uk/display/82155429 https://core.ac.uk/download/pdf/82155429.pdf,http://dx.doi.org/10.1016/j.egypro.2012.02.145,,10.1016/j.egypro.2012.02.145,2071052539,,0,012-872-281-930-072; 035-553-793-028-476; 107-987-755-788-616; 118-919-714-032-825; 135-262-782-091-897; 145-679-425-497-692,2,true,cc-by-nc-nd,gold
087-895-411-431-312,Digital image forensics,,2009,journal article,IEEE Signal Processing Magazine,10535888,Institute of Electrical and Electronics Engineers (IEEE),United States,J. Fridrich,"The article explains how photo-response nonuniformity (PRNU) of imaging sensors can be used for a variety of important digital forensic tasks, such as device identification, device linking, recovery of processing history, and detection of digital forgeries. The PRNU is an intrinsic property of all digital imaging sensors due to slight variations among individual pixels in their ability to convert photons to electrons. Consequently, every sensor casts a weak noise-like pattern onto every image it takes. This pattern, which plays the role of a sensor fingerprint, is essentially an unintentional stochastic spread-spectrum watermark that survives processing, such as lossy compression or filtering. This tutorial explains how this fingerprint can be estimated from images taken by the camera and later detected in a given image to establish image origin and integrity. Various forensic tasks are formulated as a two-channel hypothesis testing problem approached using the generalized likelihood ratio test. The performance of the introduced forensic methods is briefly illustrated on examples to give the reader a sense of the performance.",26,2,26,37,Digital image processing; Digital imaging; Digital watermarking; Artificial intelligence; Watermark; Fingerprint recognition; Computer vision; Computer science; Digital image; Image sensor; Digital forensics,,,,,https://ui.adsabs.harvard.edu/abs/2009ISPM...26...26F/abstract https://ieeexplore.ieee.org/abstract/document/4806203 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000004806203 https://dblp.uni-trier.de/db/journals/spm/spm26.html#Fridrich09 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000004806203 http://ieeexplore.ieee.org/document/4806203,http://dx.doi.org/10.1109/msp.2008.931078,,10.1109/msp.2008.931078,2038425697,,13,011-291-694-500-933; 014-209-941-360-32X; 018-276-309-945-450; 023-566-566-656-381; 029-142-693-425-956; 040-008-392-568-081; 047-197-420-161-829; 055-890-361-218-041; 060-510-472-523-253; 069-184-474-173-724; 070-260-337-691-258; 073-101-904-398-447; 083-097-133-928-799; 088-756-740-481-093; 095-160-402-119-661; 128-981-158-424-27X; 135-323-514-589-740; 139-720-476-501-860; 184-383-682-403-230,246,false,,
088-597-318-557-237,Towards the Development of a Test Corpus of Digital Objects for the Evaluation of File Format Identification Tools and Signatures,2012-03-09,2012,journal article,International Journal of Digital Curation,17468256,Edinburgh University Library,,Andrew Fetherston; Tim Gollins,"The digital preservation community currently utilises a number of tools and automated processes to identify and validate digital objects. The identification of digital objects is a vital first step in their long-term preservation, but the results returned by tools used for this purpose are lacking in transparency, and are not easily tested or verified. This paper suggests that a test corpus of digital objects is one way of providing this verification and validation, ultimately improving trust in the tools, and providing further stimulus to their development. Issues to be considered are outlined, and attention is drawn to particular examples of existing digital corpora which could conceivably provide a useable framework or starting point for our own communities needs. This paper does not seek to answer all questions in this area, but merely attempts to set out areas for consideration in any next step that is taken.",7,1,16,26,World Wide Web; Information retrieval; Digital preservation; Computer science; File format,,,,,http://www.ijdc.net/index.php/ijdc/article/download/201/270 http://www.ijdc.net/index.php/ijdc/article/view/201 https://core.ac.uk/display/91041797 https://dblp.uni-trier.de/db/journals/ijdc/ijdc7.html#FetherstonG12 https://dx.doi.org/10.2218/ijdc.v7i1.211 http://dx.doi.org/10.2218/ijdc.v7i1.211 https://core.ac.uk/download/pdf/162675717.pdf,http://dx.doi.org/10.2218/ijdc.v7i1.211,,10.2218/ijdc.v7i1.211,2132913549,,0,004-652-388-189-304; 084-728-993-518-663; 120-072-322-429-12X,2,true,cc-by,gold
090-068-713-572-857,Forensic Twitter,2010-03-18,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Mark Pollitt,"One of the most interesting aspects of Web 2.0 technologies is how they have been adapted by users in ways not anticipated by the creators of the technology. We, as digital forensic practitioners, have to evolve our methods and approaches in response to both the technologies and their use. But that is “old hat” to us. After all, constant change and challenge are what attract most of us to this field.",3,1,1,3,Data science; Constant (mathematics); Field (Bourdieu); Digital evidence; Computer science; Digital forensics,,,,,http://dl.acm.org/citation.cfm?id=1805223.1805224,http://dx.doi.org/10.1080/15567280903171024,,10.1080/15567280903171024,2914274485,,0,,0,false,,
091-619-263-117-914,Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics,2012-04-01,2012,journal article,International Journal of Digital Crime and Forensics,19416210; 19416229,IGI Global,United States,George Grispos; Tim Storer; William Bradley Glisson,"Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed.",4,2,28,48,Information technology; Information technology management; Audit; Key (cryptography); Context (language use); Law enforcement; Computer security; Computer science; Cloud computing; Digital forensics; Context (archaeology); Key (lock); Data science,,,,,https://arxiv.org/pdf/1410.2123 https://dblp.uni-trier.de/db/journals/corr/corr1410.html#GrisposSG14 http://eprints.gla.ac.uk/68013/1/ID68013.pdf http://eprints.gla.ac.uk/68013/ https://digitalcommons.unomaha.edu/cgi/viewcontent.cgi?article=1043&context=interdiscipinformaticsfacpub https://ui.adsabs.harvard.edu/abs/2014arXiv1410.2123G/abstract https://shsu-ir.tdl.org/handle/20.500.11875/3196 https://experts.nebraska.edu/en/publications/calm-before-the-storm-the-challenges-of-cloud-computing-in-digita-2 https://dx.doi.org/10.4018/jdcf.2012040103 http://www.dcs.gla.ac.uk/~grisposg/Papers/calm.pdf https://www.igi-global.com/article/calm-before-storm/68408 https://arxiv.org/abs/1410.2123 https://works.bepress.com/george-grispos/2/ https://digitalcommons.unomaha.edu/interdiscipinformaticsfacpub/44/ https://core.ac.uk/download/pdf/296143974.pdf,http://dx.doi.org/10.4018/jdcf.2012040103,,10.4018/jdcf.2012040103,3102095724; 1971580317,,0,002-288-358-355-198; 002-506-228-487-750; 005-221-029-321-635; 006-994-826-441-382; 012-295-616-254-09X; 015-264-924-343-905; 021-039-461-635-181; 021-850-998-857-676; 024-695-810-060-22X; 030-341-862-818-724; 032-609-573-479-049; 032-697-093-668-898; 038-668-970-194-854; 042-653-566-399-199; 047-630-600-014-492; 049-446-135-635-21X; 050-618-920-212-97X; 051-278-209-038-859; 051-368-118-380-383; 052-152-063-024-042; 052-320-348-197-350; 053-666-953-083-583; 056-122-492-187-163; 056-294-265-787-418; 059-697-278-686-056; 062-712-470-776-220; 064-707-477-630-693; 075-976-616-114-109; 086-185-263-136-078; 086-365-780-774-340; 096-416-027-558-541; 097-567-011-227-46X; 110-010-690-717-911; 113-264-745-950-390; 119-385-247-230-234; 123-304-888-889-490; 155-855-942-114-621; 158-468-997-833-921; 168-819-441-615-181; 181-755-184-835-108; 184-948-841-629-735; 199-745-676-923-766,125,true,,green
091-812-839-578-217,A Framework for Data Recovery and Analysis from Digital Forensics Point of View,2010-10-31,2010,journal article,The KIPS Transactions:PartC,15982858,Korea Information Processing Society,,Jin Kook Kim; Jungheum Park; Sangjin Lee,"Most of digital forensics tools focus on file analysis of allocated area on storage. So, there is a lack of recovery methods for deleted files by suspects or previously used files. To efficiently analyze deleted files, digital forensic tools depend on data recovery tools. These process not appropriate for quick and efficient responses the incident or integrity preservation. This paper suggests the framework for data recovery and analysis tools from digital forensics point of view and presents implementation results.",17,5,391,398,World Wide Web; Point (typography); Analysis tools; Recovery method; Focus (computing); Computer science; Process (engineering); Network forensics; Data recovery; Database; Digital forensics,,,,,http://ktsde.kips.or.kr/journals/ktsde/digital-library/14150 https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART001492698 https://www.researchgate.net/profile/Sangjin_Lee6/publication/263639494_A_Framework_for_Data_Recovery_and_Analysis_from_Digital_Forensics_Point_of_View/links/540da82b0cf2df04e755dada.pdf http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=JBCRDA_2010_v17Cn5_391,http://dx.doi.org/10.3745/kipstc.2010.17c.5.391,,10.3745/kipstc.2010.17c.5.391,2091598982,,0,018-618-238-562-758; 020-944-423-224-895; 021-850-998-857-676; 026-810-683-474-561; 038-668-970-194-854; 041-030-338-346-880; 043-093-846-816-675; 051-165-387-606-715; 085-214-277-668-01X; 184-948-841-629-735; 198-900-201-375-787,1,true,,green
091-848-747-540-654,IEEE 802.11 user fingerprinting and its applications for intrusion detection,,2010,journal article,Computers & Mathematics with Applications,08981221,Elsevier BV,United Kingdom,Daisuke Takahashi; Yang Xiao; Yan Zhang; Periklis Chatzimisios; Hsiao-Hwa Chen,"Easy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user's privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors.",60,2,307,318,Network security; Network Access Device; Network architecture; Network traffic control; Virtual LAN; IEEE 802.1X; Computer network; Computer security; Computer science; Network forensics; Intelligent computer network,,,,,http://www.sciencedirect.com/science/article/pii/S0898122110000131 https://www.sciencedirect.com/science/article/pii/S0898122110000131 https://core.ac.uk/display/82829446 https://dl.acm.org/doi/10.1016/j.camwa.2010.01.002 https://dblp.uni-trier.de/db/journals/cma/cma60.html#TakahashiXZCC10 https://core.ac.uk/download/pdf/82829446.pdf,http://dx.doi.org/10.1016/j.camwa.2010.01.002,,10.1016/j.camwa.2010.01.002,2016998885,,0,000-140-999-614-563; 004-865-436-016-440; 008-144-274-674-437; 009-441-581-976-037; 010-060-664-450-192; 012-865-828-633-43X; 015-277-278-241-973; 018-925-246-845-766; 024-285-675-943-932; 024-855-006-563-045; 032-194-687-091-286; 033-051-368-356-388; 046-648-323-064-289; 046-761-165-043-937; 048-977-060-617-581; 054-978-657-393-367; 056-749-794-838-442; 063-830-115-695-155; 064-557-652-878-987; 076-993-439-747-343; 079-335-830-501-80X; 088-552-827-001-318; 101-152-455-491-892; 105-871-751-239-858; 108-668-951-530-442; 114-288-660-292-475; 145-650-733-220-530; 149-984-104-390-727; 156-143-041-750-963,38,true,elsevier-specific: oa user license,
093-292-564-843-275,Decomposed PRNU Library for Forensics on Photos,,2011,journal article,International Journal of Digital Library Systems,19479077; 19479085,IGI Global,,Yue Li,"Today, the digital forensic techniques for digital images are developed with the origin identification and integrity verification functions for security reasons. Methods based on photo-response-non-uniform PRNU are widely studied and proved to be effective to serve the forensic purposes. However, due to the interpolation noise, caused by the colour filtering and interpolation function the accuracy of the PRNU-based forensic method has been degraded. Meanwhile, the tremendous physical storage requirement and computation consumption limit the applications of PRNU-based method. Therefore, an innovative DPRNU-based forensic method has been proposed in order to solve the above problems. In the method, the artificial component and physical component are separated according to the colour filtering array CFA and the PRNU are only extracted from the physical component in order to remove the interference caused by the interpolation noise, which increases the accuracy of the camera identification and integrity verification. Meanwhile, due to the separation, the DPRNU are only 1/3 of the size of the traditional PRNU, which saves considerable physical storage in setting up the digital library and fasters the comparison speed between the fingerprints.",2,1,38,51,Artificial intelligence; Interpolation; Interpolation function; Computer vision; Interference (communication); Computer science; Digital image; Computation; Component (UML); Digital forensics; Noise (video),,,,,https://dblp.uni-trier.de/db/journals/ijdls/ijdls2.html#Li11 https://www.igi-global.com/article/decomposed-prnu-library-forensics-photos/51651 https://econpapers.repec.org/RePEc:igg:jdls00:v:2:y:2011:i:1:p:38-51 https://ideas.repec.org/a/igg/jdls00/v2y2011i1p38-51.html,http://dx.doi.org/10.4018/jdls.2011010102,,10.4018/jdls.2011010102,2016352517,,0,000-737-046-616-756; 004-217-703-126-930; 008-448-075-469-433; 013-766-124-774-712; 014-079-494-188-077; 015-717-506-603-742; 025-030-015-067-422; 038-644-447-649-846; 045-812-091-260-656; 051-422-357-135-574; 056-817-850-080-480; 062-840-517-280-190; 064-788-467-649-400; 079-458-616-165-307; 083-097-133-928-799; 087-895-411-431-312; 098-768-111-046-209; 179-834-398-565-338; 182-366-212-343-942; 184-897-235-429-285,0,false,,
093-936-853-997-730,Trends in Virtualized User Environments,,2008,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Diane Barrett,"Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will explain how virtualization affects the basic forensic process. Finally, it will describe the common methods to find virtualization artifacts and identify virtual activities that affect the examination process of certain virtualized user environments.",3,2,5,16,Operating system; Application virtualization; Service virtualization; Desktop virtualization; Storage virtualization; Computer science; Full virtualization; Virtualization; Hardware virtualization; Data virtualization,,,,,https://commons.erau.edu/jdfsl/vol3/iss2/1/ https://doi.org/10.15394/jdfsl.2008.1038 https://commons.erau.edu/cgi/viewcontent.cgi?article=1038&context=jdfsl https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl3.html#Barrett08 https://core.ac.uk/display/91724319,http://dx.doi.org/10.15394/jdfsl.2008.1038,,10.15394/jdfsl.2008.1038,2119926397,,0,,0,true,cc-by-nc,gold
095-494-589-771-296,High capacity and secured methodologies for steganography,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Rajesh Kumar Tiwari,"In current digital era, people are using e-devices such as ipods, iphones and cell phones for capturing the static and dynamic images. However, these images have a compromised size and quality due to fixed memory dimension. But, in the multi-media messaging service (MMS) of cell phones and iphones, they may participate as a cover medium, strengthening the steganography communication. The different methods of steganography are mostly applied on image files to embed the data. In all these cases, the principle of replacing the entire or some parts of the chosen pixel may not be able to utilise all the available memory area of an image for the purpose of the secret data. This paper presents a new high capacity steganographic technique to hide information. Three different techniques out of which two are to embed the plain text and one is for all type of data to embed in image. Based on these methods, we have constructed secured MMS creator and short message service creator viewer in Microsoft platform for providing data embedding in new e-devices.",4,1,1,18,Steganography; Steganography tools; Pixel; Dimension (data warehouse); Cover (telecommunications); Computer security; Computer science; Plain text; Multimedia; Image file formats; Short Message Service,,,,,https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#Tiwari12 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2012.045387 https://www.inderscience.com/link.php?id=45387,http://dx.doi.org/10.1504/ijesdf.2012.045387,,10.1504/ijesdf.2012.045387,2015470678,,0,011-903-574-685-595; 022-460-401-266-674; 028-038-085-809-431; 041-795-515-599-761; 044-991-381-861-898; 045-964-724-948-542; 048-120-908-827-402; 049-973-730-444-279; 056-052-039-403-330; 078-972-379-181-172; 079-176-207-287-930; 084-935-739-580-981; 089-336-351-701-588; 108-086-708-688-274; 113-683-759-006-946; 140-531-994-627-167; 172-727-660-265-210,1,false,,
097-723-876-253-714,New Model for Cyber Crime Investigation Procedure,2011-05-31,2011,journal article,Journal of Next Generation Information Technology,20928637; 22339388,AICIT,South Korea,Yong-Dal Shin,"In this paper, we presented a new model for cyber crime investigation procedure which is as follows: readiness phase, consulting with profiler, cyber crime classification and investigation priority decision, damaged cyber crime scene investigation, analysis by crime profiler, suspects tracking, injurer cyber crime scene investigation, suspect summon, cyber crime logical reconstruction, writing report. Computer forensics emerged in response to the escalation of crimes committed by the use of computer systems either as an object of crime, an instrument used to commit a crime or a repository of evidence related to a crime. Computer forensics can be traced back to as early as 1984 when the FBI laboratory and order law enforcement agencies begun developing programs to examine computer evidence. Digital forensics has been defined as the use of scientifically derived and proven methods towards the preservation, collection, validation, identification, analysis, interpretation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be crime or helping to anticipate the unauthorized actions shown to be disruptive to planned operations. Digital evidence includes computer evidence, digital audio, digital video, cell phones, digital fax machines etc. The U.S. Department of Justice published a process model in the Electronic Crime Scene Investigation: A guide to first responders that consists of four phases: collection, examination, analysis, reporting. The analysis phase of this model is improperly defined and ambiguous. Brian Carrier (5) proposed integrated digital investigation process. It (5) was consisted of 5 phase like readiness phase, deployment phase, physical crime scene investigation phase, cyber crime scene investigation phase, review phase. The Brian Carrier (5) procedure didn't include which classifying cyber crime and deciding investigation priority, psychological profiling investigation method, and so on. In this paper, we presented a new model for cyber crime investigation procedure. The proposed procedure model is as follows readiness phase, consulting with profiler, cyber crime classification and investigation priority decision, damaged cyber crime scene investigation, analysis by crime profiler, suspects tracking, injurer cyber crime scene investigation, suspect summon, cyber crime logical reconstruction, writing report. This paper presented a new methodology of a digital forensic investigation procedure. Section 2 shows previous cyber crime investigation model. We present our method for cyber crime investigation procedure model in section 3.",2,2,1,7,Profiling (information science); Crime scene; Suspect; Law enforcement; Digital evidence; Computer security; Computer science; Computer forensics; Digital forensics; Digital audio,,,,,http://www.aicit.org/jnit/ppl/1_JNIT_MAY.pdf http://www.aicit.org/jnit/paper_detail.html?q=48 http://www.globalcis.org/jnit/ppl/1_JNIT_MAY.pdf,http://dx.doi.org/10.4156/jnit.vol2.issue2.1,,10.4156/jnit.vol2.issue2.1,2329840676,,0,007-532-413-242-967; 016-661-251-213-668; 032-697-093-668-898; 058-205-117-706-853; 109-482-615-363-500; 120-697-354-224-33X; 122-880-373-616-302; 152-634-216-234-620; 199-745-676-923-766,15,false,,
098-570-643-235-402,BitCurator: Tools and Techniques for Digital Forensics in Collecting Institutions,,2012,journal article,D-Lib Magazine,10829873,CNRI Acct,United States,Christopher A. Lee; Alexandra Chassanoff; Kam Woods; Matthew G. Kirschenbaum; Porter Olsen,"This paper introduces the BitCurator Project, which aims to incorporate digital forensics tools and methods into collecting institutions' workflows. BitCurator is a collaborative effort led by the School of Information and Library Science (SILS) at the University of North Carolina at Chapel Hill and Maryland Institute for Technology in the Humanities (MITH) at the University of Maryland. The project arose from a perceived need in the library/archives community to develop digital forensics tools with interfaces, documentation, and functionality that can support the workflows of collecting institutions. This paper describes current efforts, ongoing work, and implications for future development of forensic-based, analytic software for born-digital materials.",18,5,3,,World Wide Web; Work (electrical); Workflow; Data science; Software; Chapel; Computer science; Documentation; Digital forensics,,,,,http://www.dlib.org/dlib/may12/lee/05lee.html https://dblp.uni-trier.de/db/journals/dlib/dlib18.html#LeeCWKO12 https://dialnet.unirioja.es/servlet/articulo?codigo=3992216,http://dx.doi.org/10.1045/may2012-lee,,10.1045/may2012-lee,2077832206,,0,037-647-066-964-858; 067-629-806-155-212; 072-447-630-272-055; 074-028-601-448-433; 134-927-490-231-285; 151-783-042-648-550,12,true,,gold
098-578-411-642-427,The Trace Analysis of SaaS from a Client`s Perspective,2012-02-29,2012,journal article,The KIPS Transactions:PartC,15982858,Korea Information Processing Society,,Sung Lim Kang; Jung Heum Park; Sang Jin Lee,"Recently, due to the development of broadband, there is a significant increase in utilizing on-demand Saas (Software as a Service) which takes advantage of the technology. Nevertheless, the academic and practical levels of digital forensics have not yet been established in cloud computing environment. In addition, the data of user behavior is not likely to be stored on the local system. The relevant data may be stored across the various remote servers. Therefore, the investigators may encounter some problems in performing digital forensics in cloud computing environment. it is important to analysis History files, Cookie files, Temporary Internet Files, physical memory, etc. in a viewpoint of client, since the SaaS basically uses the web to connects the internet service. In this paper, we propose the method that analysis the usuage trace of the Saas which is the one of the most popular cloud computing services.",19,1,1,8,The Internet; World Wide Web; Software as a service; Service (systems architecture); Computer science; Broadband; TRACE (psycholinguistics); Cloud computing; Digital forensics; Server,,,,,http://ktccs.kips.or.kr/digital-library/14218 http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=JBCRDA_2012_v19Cn1_1,http://dx.doi.org/10.3745/kipstc.2012.19c.1.001,,10.3745/kipstc.2012.19c.1.001,3013480488,,0,002-449-146-256-491; 015-264-924-343-905; 123-304-888-889-490,0,true,,bronze
098-857-083-857-534,Scientific underpinnings and background to standards and accreditation in digital forensics,,2011,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Jason Beckett; Jill Slay,"Abstract With its use highlighted in many high profile court cases around the world, Digital forensics over the last decade has become an integral part of the modern legal system and corporate investigations. As the discipline grows and it use becomes widely accepted, there is a need to align it with traditional forensic sciences and move towards strengthening an accreditation regime for the discipline. This paper examines the origins of science and scientific method to form the core premises for establishing criteria to assess digital forensics as a science and hence justifying the basis for standards and accreditation.",8,2,114,121,Computer security; Computer science; Engineering ethics; Accreditation; Scientific method; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/di/di8.html#BeckettS11 https://www.sciencedirect.com/science/article/pii/S1742287611000661 https://dx.doi.org/10.1016/j.diin.2011.08.001 http://dx.doi.org/10.1016/j.diin.2011.08.001 http://www.sciencedirect.com/science/article/pii/S1742287611000661,http://dx.doi.org/10.1016/j.diin.2011.08.001,,10.1016/j.diin.2011.08.001,2077656476,,0,000-557-324-827-169; 002-702-684-301-487; 003-623-861-051-599; 008-201-414-319-938; 012-723-051-030-715; 018-804-658-663-933; 020-856-140-900-988; 024-066-562-741-584; 028-103-684-022-268; 029-160-529-912-567; 030-359-893-882-572; 038-668-970-194-854; 043-083-546-914-143; 046-015-348-618-436; 047-310-841-930-720; 055-846-648-067-457; 064-881-578-398-364; 067-938-325-014-282; 082-662-595-257-435; 085-379-403-609-164; 098-119-729-918-419; 099-260-308-235-782; 100-226-961-489-480; 101-440-319-450-443; 102-475-675-632-290; 103-327-744-686-658; 109-435-258-852-67X; 111-741-773-111-021; 114-791-371-428-899; 116-585-073-059-277; 122-988-175-691-701; 134-281-875-742-22X; 134-927-490-231-285; 138-927-365-940-299; 139-709-872-302-081; 145-743-906-992-348; 152-265-820-213-454; 159-021-500-439-319; 170-801-816-294-529; 172-214-329-616-03X; 189-598-793-297-549,11,true,,green
099-632-361-714-066,Tamper Detection in the EPC Network Using Digital Watermarking,,2011,journal article,IEEE Security & Privacy,15407993; 15584046,Institute of Electrical and Electronics Engineers (IEEE),United States,Shuihua Han; Chao-Hsien Chu; Zongwei Luo,One of the most relevant problems in radio frequency identification (RFID) technology is the lack of security measures in its wireless communication channel between the reader and tag. This article analyzes potential data tampering threats in the electronic product code (EPC) network and proposes solutions using fragile watermarking technologies.,9,5,62,69,Digital watermarking; Communication channel; Radio-frequency identification; Scheme (programming language); Electronic Product Code; Computer security; Computer science; Wireless; XML,,,,,http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000005871580 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000005871580 https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=2774&context=sis_research https://pennstate.pure.elsevier.com/en/publications/tamper-detection-in-the-epc-network-using-digital-watermarking https://ieeexplore.ieee.org/document/5871580 https://dblp.uni-trier.de/db/journals/ieeesp/ieeesp9.html#HanLL11 https://ink.library.smu.edu.sg/sis_research/1775/ https://www.computer.org/csdl/mags/sp/2011/05/msp2011050062.html https://core.ac.uk/download/13245915.pdf,http://dx.doi.org/10.1109/msp.2011.71,,10.1109/msp.2011.71,2087501598,,4,001-160-024-110-095; 022-116-838-060-975; 027-059-086-282-842; 028-889-804-792-820; 030-165-802-829-587; 035-900-423-047-059; 036-733-793-702-525; 044-197-634-350-810; 046-371-265-093-575; 072-719-429-027-302; 080-870-065-951-95X; 101-995-628-959-787; 106-645-775-472-612; 120-032-326-018-225; 132-832-215-469-200,4,true,cc-by-nc-nd,green
100-365-041-674-499,DNS in Computer Forensics,,2012,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Neil Fowler Wright,"The Domain Name Service (DNS) is a critical core component of the global Internet and integral to the majority of corporate intranets. It provides resolution services between the human-readable name-based system addresses and the machine operable Internet Protocol (IP) based addresses required for creating network level connections. Whilst structured as a globally dispersed resilient tree data structure, from the Global and Country Code Top Level Domains (gTLD/ccTLD) down to the individual site and system leaf nodes, it is highly resilient although vulnerable to various attacks, exploits and systematic failures.  This paper examines the history along with the rapid growth of DNS up to its current critical status. It then explores the often overlooked value of DNS query data; from packet traces, DNS cache data, and DNS logs, with its use in System Forensics and more frequently in Network Forensics, extrapolating examples and experiments that enhance knowledge. Continuing on, it details the common attacks that can be used directly against the DNS systems and services, before following on with the malicious uses of DNS in direct system attacks, Distributed Denial of Service (DDoS), traditional Denial of Service (DOS) attacks and malware. It explores both cyber-criminal activities and cyber-warfare based attacks, and also extrapolates from a number of more recent attacks the possible methods for data exfiltration. It explores some of the potential analytical methodologies including; common uses in Intrusion Detection Systems (IDS), as well as infection and activity tracking in malware traffic analysis, and covers some of the associated methods around technology designed to defend against, mitigate, and/or manage these and other risks, plus the effect that ISP and nation states can have by direct manipulation of DNS queries and return traffic. This paper also investigates potential behavioural analysis and time-lining, which can then be used for the development of automated analysis methods during forensic investigations and as DNS is a network protocol, there is a predomination towards network based attacks and discovery. It shows the breadth of possible attacks and the scope of investigative approaches that can be employed. Overall it is an exploration of the area of DNS in Computer Forensics, additionally providing a foundation for educational exploration and further subject research:  it concludes by bringing together all these aspects to support the importance of DNS analysis in Computer Forensics.",7,2,11,42,The Internet; Domain Name System; Computer security; Denial-of-service attack; DNS hijacking; Computer science; Network forensics; Malware; Computer forensics; Fully qualified domain name,,,,,https://doaj.org/article/832fd4fb8b1f4f849a95c0ed7b1a4ab6 https://core.ac.uk/display/91854950 https://commons.erau.edu/jdfsl/vol7/iss2/2/ https://commons.erau.edu/cgi/viewcontent.cgi?article=1117&context=jdfsl,http://dx.doi.org/10.15394/jdfsl.2012.1117,,10.15394/jdfsl.2012.1117,2098398536,,1,029-869-149-828-054; 069-559-732-098-383; 088-642-763-479-388; 183-307-547-606-827,1,true,cc-by-nc,gold
101-894-461-425-579,A New Digital Evidence Retrieval Model for Gambling Machine Forensic Investigation,2012-01-20,2012,journal article,Jurnal Teknologi,21803722; 01279696,Penerbit UTM Press,Malaysia,Pritheega Magalingam; Azizah Abdul Manaf; Zuraimi Yahya; Rabiah Ahmad,"Analisis forensik perkakasan melibatkan proses menganalisa data yang di perolehi secara elektronik untuk menunjukkan bukti sama ada peralatan elektronik adalah digunakan untuk melakukan jenayah, mengandungi bukti jenayah atau ia adalah satu sasaran jenayah. Penyalahgunaan mesin permainan merupakan sumber utama permainan haram dijalankan. Kerja penyelidikan ini memperkenalkan kaedah mendapatkan maklumat dari satu mesin permainan yang telah dirampas oleh PDRM dan menganalisis data yang diterjemahkan untuk membuktikan bahawa mesin permainan tersebut digunakan secara haram. Prosedur mendapatkan bukti digital ini dibina untuk membantu pihak polis atau penyiasat dalam penganalisaan maklumat digital dan ia boleh dijadikan sebagai satu garis panduan untuk mengenalpasti bukti yang relevan untuk menunjukan aktiviti perjudian haram dijalankan.;  Kata kunci: Forensik digital, analisis forensik, mesin judi, kaedah pengambilan informasi, penterjemahan, pencarian kata;  Hardware forensic analysis involves the process of analyzing digital evidence derived from digital sources. The analysis is done to facilitate and prove either the device is used to commit crime, whether it contains evidence of a crime or is the target of a crime. Gambling machines serve as the main source by which illegal games are conducted. This paper presents a method for retrieving information from a seized gaming machine, along with an analysis of the interpreted information to prove that the gaming machine was used illegally. The proposed procedures for the gambling machine forensic process will be important for forensic investigators (e.g., the police or private investigators), as they will assist these individuals in the digital forensic evidence analysis necessary to produce evidence relevant to illegal gambling.;  Key words: digital forensic, forensic analysis, gambling machine, information retrieval method, interpretation, string search",54,1,55,69,Forensic science; Psychology; Information retrieval; Digital evidence; Computer security; Digital forensics,,,,,http://jurnalteknologi.utm.my/index.php/jurnalteknologi/article/view/91 https://www.researchgate.net/profile/Pritheega_Magalingam/publication/269758697_A_New_Digital_Evidence_Retrieval_Model_For_Gambling_Machine_Forensic_Investigation/links/557a3f2108ae75363756ffdf.pdf https://core.ac.uk/display/42912128 https://journals.utm.my/jurnalteknologi/article/view/91 http://www.ijofcs.org/V04N1-PP05%20-%20A%20New%20Digital%20Evidence%20Retrieval%20Model%20for%20Gambling%20Machine.pdf http://eprints.utm.my/id/eprint/44692/,http://dx.doi.org/10.11113/jt.v54.91,,10.11113/jt.v54.91,2039523489,,0,026-810-683-474-561; 074-933-143-629-826; 087-705-894-476-40X; 105-427-271-392-801; 107-096-001-312-874; 126-338-081-626-731,0,false,,
104-096-578-552-005,Leaving timing-channel fingerprints in hidden service log files,,2010,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Bilal Shebaro; Fernando Pérez-González; Jedidiah R. Crandall,"Hidden services are anonymously hosted services that can be accessed over an anonymity network, such as Tor. While most hidden services are legitimate, some host illegal content. There has been a fair amount of research on locating hidden services, but an open problem is to develop a general method to prove that a physical machine, once confiscated, was in fact the machine that had been hosting the illegal content. In this paper we assume that the hidden service logs requests with some timestamp, and give experimental results for leaving an identifiable fingerprint in this log file as a timing channel that can be recovered from the timestamps. In 60 min, we are able to leave a 36-bit fingerprint that can be reliably recovered. The main challenges are the packet delays caused by the anonymity network that requests are sent over and the existing traffic in the log from the actual clients accessing the service. We give data to characterize these noise sources and then describe an implementation of timing-channel fingerprinting for an Apache web server based hidden service on the Tor network, where the fingerprint is an additive channel that is superencoded with a Reed-Solomon code for reliable recovery. Finally, we discuss the inherent tradeoffs and possible approaches to making the fingerprint more stealthy.",7,,S104,S113,Web server; Timestamp; Network packet; Anonymity; Host (network); Fingerprint (computing); Service (business); Computer security; Computer science; Channel (programming),,,,National Science Foundation; Xunta de Galicia; Spanish Ministry of Science and Innovation,http://www.comonsens.org/documents/conferences/144_ShebaroPerezCrandallDFRWS10.pdf https://doi.org/10.1016/j.diin.2010.05.013 http://www.sciencedirect.com/science/article/pii/S174228761000040X https://www.cs.unm.edu/~treport/tr/10-03/paper-2010-07.pdf https://core.ac.uk/display/21298566 http://www.cs.unm.edu/~treport/tr/10-03/paper-2010-07.pdf https://asu.pure.elsevier.com/en/publications/leaving-timing-channel-fingerprints-in-hidden-service-log-files https://dl.acm.org/doi/10.1016/j.diin.2010.05.013 https://www.sciencedirect.com/science/article/pii/S174228761000040X https://dblp.uni-trier.de/db/journals/di/di7.html#ShebaroPC10,http://dx.doi.org/10.1016/j.diin.2010.05.013,,10.1016/j.diin.2010.05.013,2058833769,,0,000-843-681-726-566; 002-829-051-910-424; 004-059-240-572-860; 006-975-372-306-771; 012-366-618-716-37X; 016-294-225-270-667; 019-479-220-584-720; 022-044-509-953-211; 026-462-639-811-374; 027-118-763-097-706; 027-876-079-722-23X; 042-526-085-995-238; 043-932-637-044-685; 069-914-656-150-082; 070-621-820-806-968; 072-568-774-701-411; 117-489-517-385-484; 122-825-872-738-871; 131-202-833-260-858; 146-858-886-380-913; 166-401-695-821-726,14,true,cc-by-nc-nd,hybrid
104-312-006-226-689,An Australian Perspective On The Challenges For Computer And Network Security For Novice End-Users,,2012,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Patryk Szewczyk,It is common for end-users to have difficulty in using computer or network security appropriately and thus have often been ridiculed when misinterpreting instructions or procedures. This discussion paper details the outcomes of research undertaken over the past six years on why security is overly complex for end-users. The results indicate that multiple issues may render end-users vulnerable to security threats and that there is no single solution to address these problems. Studies on a small group of senior citizens has shown that educational seminars can be beneficial in ensuring that simple security aspects are understood and used appropriately.,7,4,51,72,Security information and event management; Internet privacy; Security through obscurity; Computer security model; Logical security; Cloud computing security; Security service; Computer security; Computer science; Human-computer interaction in information security; Asset (computer security),,,,,https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1670&context=ecuworks2012 https://commons.erau.edu/cgi/viewcontent.cgi?article=1133&context=jdfsl https://oaji.net/articles/2014/1095-1408808294.pdf https://ro.ecu.edu.au/ecuworks2012/670/ https://core.ac.uk/display/41529586 https://commons.erau.edu/jdfsl/vol7/iss4/3/ https://core.ac.uk/download/41529586.pdf,http://dx.doi.org/10.15394/jdfsl.2012.1133,,10.15394/jdfsl.2012.1133,1531219417,,0,004-581-850-965-583; 008-008-963-693-557; 061-110-635-253-723; 063-109-252-183-048; 081-940-633-390-327; 088-896-951-724-838; 107-738-778-813-936; 114-556-841-480-844; 127-531-338-793-81X; 134-287-809-759-215; 134-552-650-658-408; 135-141-717-537-687; 157-731-023-142-056; 164-381-518-047-655; 171-270-111-514-049; 183-224-970-521-747,0,true,cc-by-nc,gold
105-173-610-661-23X,A Fast Practical Method for Recovery of Lost Files in Digital Forensics,2009-10-01,2009,journal article,Journal of Internet Technology,16079264,,,Kenan Kalajdzic; Ahmed Patel,"In this paper, we present a practical method for recovery of lost files from locally accessible data storage, such as an HDD. Our approach puts strong emphasis on the practical aspect of file recovery and accessibility of recovery tools, which can be of great importance as a first action in the process of lost file recovery. It has applications, not only in file recovery, but also in digital forensic processes.",10,5,575,581,Operating system; Emphasis (telecommunications); Computer data storage; Action (philosophy); Computer science; Multimedia; Digital forensics; Process (computing),,,,,http://jit.ndhu.edu.tw/ojs/index.php/jit/article/view/541 http://www.airitifile.com/al/16079264/89117/16079264-200910-10-5-575-581-a.pdf http://www.airitilibrary.com/Publication/index/?docid=16079264-200910-10-5-575-581-a,http://www.airitifile.com/al/16079264/89117/16079264-200910-10-5-575-581-a.pdf,,,2462741705,,0,,3,false,,
109-765-047-229-038,SVM-based anti-forensic method for spread-spectrum fingerprinting,2012-02-29,2012,journal article,Security and Communication Networks,19390114; 19390122,Wiley,United Kingdom,Hui Feng; Hefei Ling; Fuhao Zou; Zhengding Lu,"Digital fingerprinting is an emerging digital forensic technology that has been developed to detect digital forgeries and identify the pirates who leak the copies. Understanding the weaknesses and limitations of existing fingerprinting schemes and designing anti-forensic approaches play an important role in the development of digital fingerprinting. In this paper, we propose a support vector machine SVM-based anti-forensic method capable of removing the fingerprints from the previously marked images for spread-spectrum fingerprinting. We first estimate the parameters of the embedded fingerprint superposed on the frequency coefficients of the original signal. Then, we select the best basis through wavelet packet decomposition for thresholding the fingerprinted coefficients. Furthermore, an SVM-based classifier is used to measure the existence of the pirates' fingerprints. The experimental results show that the proposed method is more effective than the other examined approaches. About three pieces of fingerprinted content are able to interrupt the fingerprinting system that accommodates thousands of users. Meanwhile, high fidelity of the attacked content is retained. Copyright © 2012 John Wiley & Sons, Ltd.",8,16,2624,2634,Spread spectrum; High fidelity; Support vector machine; Data mining; Wavelet packet decomposition; Thresholding; Computer science; Interrupt; Digital forensics; Classifier (UML),,,,National Science Foundation; National Science Foundation,https://dblp.uni-trier.de/db/journals/scn/scn8.html#FengLZL15 http://dx.doi.org/10.1002/sec.503,http://dx.doi.org/10.1002/sec.503,,10.1002/sec.503,1549790000,,0,001-824-300-434-299; 003-746-240-221-954; 005-757-309-359-844; 011-083-553-056-983; 013-418-454-336-466; 015-000-804-196-26X; 016-580-035-993-837; 017-823-654-117-246; 024-607-379-725-550; 025-387-175-456-998; 028-752-726-431-335; 031-730-585-291-615; 033-721-035-793-846; 035-133-719-940-909; 036-680-436-735-373; 044-137-762-461-297; 048-741-954-323-485; 052-025-624-398-430; 068-082-205-208-585; 068-742-419-018-497; 071-366-373-135-066; 071-479-911-343-200; 076-493-134-387-622; 081-251-647-441-240; 083-370-735-601-034; 094-760-470-146-509; 099-320-185-781-565; 110-082-327-738-374; 112-577-277-282-985; 123-110-663-181-576; 123-917-666-025-381; 141-407-151-682-991; 144-156-968-700-74X; 146-533-160-825-711; 163-711-218-262-188; 173-093-453-716-132,2,true,cc-by,gold
112-077-011-771-30X,Detection of Nonaligned Double JPEG Compression Based on Integer Periodicity Maps,,2012,journal article,IEEE Transactions on Information Forensics and Security,15566013; 15566021,Institute of Electrical and Electronics Engineers (IEEE),United States,Tiziano Bianchi; Alessandro Piva,"In this paper, a simple yet reliable algorithm to detect the presence of nonaligned double JPEG compression (NA-JPEG) in compressed images is proposed. The method evaluates a single feature based on the integer periodicity of the blockwise discrete cosine transform (DCT) coefficients when the DCT is computed according to the grid of the previous JPEG compression. Even if the proposed feature is computed relying only on DC coefficient statistics, a simple threshold detector can classify NA-JPEG images with improved accuracy with respect to existing methods and on smaller image sizes, without resorting to a properly trained classifier. Moreover, the proposed scheme is able to accurately estimate the grid shift and the quantization step of the DC coefficient of the primary JPEG compression, allowing one to perform a more detailed analysis of possibly forged images.",7,2,842,848,Algorithm; Artificial intelligence; Transform coding; JPEG; Quantization (image processing); Discrete cosine transform; Quantization (signal processing); Computer vision; Computer science; Digital image; Compression artifact; Data compression; Lossless JPEG,,,,,http://dx.doi.org/10.1109/TIFS.2011.2170836 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000006041029 https://dblp.uni-trier.de/db/journals/tifs/tifs7.html#BianchiP12 https://ieeexplore.ieee.org/document/6041029/ http://ieeexplore.ieee.org/document/6041029/ https://iris.polito.it/handle/11583/2505891 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000006041029 https://dx.doi.org/10.1109/TIFS.2011.2170836 https://core.ac.uk/download/pdf/11432027.pdf,http://dx.doi.org/10.1109/tifs.2011.2170836,,10.1109/tifs.2011.2170836,2050991548,,4,004-690-012-680-59X; 027-524-182-531-723; 039-604-410-537-357; 042-324-311-104-451; 049-241-042-800-133; 052-907-252-374-570; 057-687-416-723-555; 059-786-079-109-47X; 076-346-829-732-533; 077-009-437-168-880; 097-485-318-728-585; 112-750-451-336-413; 122-001-451-301-450; 136-713-989-335-402; 143-695-756-474-732; 179-592-213-095-01X,163,true,,
112-091-654-781-49X,Flash vulnerabilities analysis of US educational websites,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Joanne Kuzma; Colin Price; Richard Henson,"With the increase in online and web learning, schools are building the number of web-based applications using media like Flash. However, sites that use Flash and other types of media encounter problems with security. Issues are raised with how to protect personal data that are entered via these sites. The purpose of this study is to determine if Flash-based web application at US educational institutions protect the personal data of their consumers, and what levels of security vulnerability are shown. The research also shows the main types of security problems that are shown in the schools sites. To mitigate these vulnerabilities and provide a higher level of security during development, technical, procedural and managerial recommendations are presented.",3,2,95,107,Web application; Higher education; E-learning (theory); Flash (photography); Web learning; Online learning; Computer security; Computer science; Web application security; Data Protection Act 1998,,,,,https://eprints.worc.ac.uk/912/ https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#KuzmaPH10 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.033779 https://dl.acm.org/doi/10.1504/IJESDF.2010.033779 https://eprints.worc.ac.uk/912/1/01_Kuzma.pdf https://core.ac.uk/download/1914692.pdf,http://dx.doi.org/10.1504/ijesdf.2010.033779,,10.1504/ijesdf.2010.033779,2151339826,,0,042-822-027-898-815; 070-891-748-532-391; 120-330-517-409-742; 133-142-617-519-31X; 154-577-824-024-066; 184-876-532-625-511,1,true,,green
112-327-460-108-019,Continuous Fraud Detection in Enterprise Systems through Audit Trail Analysis,,2009,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Peter Best; Pall Rikhardsson; Mark Toleman,"Enterprise systems, real time recording and real time reporting pose new and significant challenges to the accounting and auditing professions. This includes developing methods and tools for continuous assurance and fraud detection. In this paper we propose a methodology for continuous fraud detection that exploits security audit logs, changes in master records and accounting audit trails in enterprise systems. The steps in this process are: (1) threat monitoring-surveillance of security audit logs for ‘red flags’, (2) automated extraction and analysis of data from audit trails, and (3) using forensic investigation techniques to determine whether a fraud has actually occurred. We demonstrate how mySAP, an enterprise system, can be used for audit trail analysis in detecting financial frauds; afterwards we use a case study of a suspected fraud to illustrate how to implement the methodology.",4,1,39,60,Internal audit; Information technology audit; Joint audit; Audit; Computer security; Information security audit; Computer science; Audit plan; Enterprise system; Audit trail,,,,,https://core.ac.uk/display/91981741 https://research-repository.griffith.edu.au/handle/10072/47590 https://eprints.usq.edu.au/5856/ https://oaji.net/articles/2014/1095-1407794553.pdf https://commons.erau.edu/cgi/viewcontent.cgi?article=1053&context=jdfsl http://eprints.usq.edu.au/5856/ https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl4.html#BestRT09 https://research-repository.griffith.edu.au/bitstream/10072/47590/1/80839_1.pdf http://www98.griffith.edu.au/dspace/handle/10072/47590 https://commons.erau.edu/jdfsl/vol4/iss1/2/ https://doaj.org/article/46f45ff792d74677a0923569372e7a56,http://dx.doi.org/10.15394/jdfsl.2009.1053,,10.15394/jdfsl.2009.1053,1605593527,,10,003-584-646-419-435; 004-000-011-085-448; 009-544-052-195-245; 012-092-664-857-418; 014-279-563-798-167; 018-323-839-448-194; 020-191-472-414-106; 022-040-883-999-588; 026-735-057-277-598; 038-931-562-393-083; 040-908-143-240-652; 049-298-012-618-303; 054-786-420-990-730; 056-947-539-469-990; 066-278-403-820-478; 073-984-768-883-836; 098-067-679-653-931; 098-276-733-322-238; 109-045-511-050-045; 120-134-771-852-100; 129-882-121-435-445; 141-808-936-160-365; 149-607-059-892-686; 150-406-072-439-231; 150-438-483-120-643,16,true,cc-by-nc,gold
112-422-399-550-523,Book Review: Computer Forensics: Principles and Practices,2007-09-30,2007,journal article,"The Journal of Digital Forensics, Security and Law",15587215,,,Jigang Liu,"Linda Volonino, Reynaldo Anzaldua, and Jana Godwin (2007). Computer Forensics: Principles and Practices. Pearson/Prentice Hall. 534 pages, ISBN: 0-13-154727-5 (paper), US$85.33 Reviewed by Jigang Liu (Jigang.Liu@metrostate.edu), Department of Information and Computer Sciences, College of Arts and Sciences, Metropolitan State University, St. Paul, MN 55106 “Computer Forensics: Principles and Practices” by Linda Volonino, Reynaldo Anzaldua, and Jana Godwin, published by Pearson/Prentice Hall in 2007 is one of the newest computer forensics textbooks on the market. The goal of the book, as the authors put it, is to teach “students who want to learn about electronic evidence – including what types exist and where it may be found – and the computer forensics methods to investigate it” so that they will be prepared “in a career in information security, criminal justice, accounting, law enforcement, and federal investigations – as well as computer forensics.” Linda, Reynaldo, and Jana are not only experienced college professors, but also industry bounded professionals. All of them have substantial working experience with law firms or law enforcement in dealing with both civil and criminal cases. They are all certified information system security professionals (CISSP). Their teaching experience at the college level and their working experience on real cases make this book a must-read book for a college professor. (see PDF for full review)",2,3,57,60,Criminal justice; Library science; Certified Information Systems Security Professional; State (polity); Law enforcement; Computer security; Computer science; Certification; Information security; Computer forensics; The arts,,,,,https://doi.org/10.15394/jdfsl.2007.1027 http://dblp.uni-trier.de/db/journals/jdfsl/jdfsl2.html#Liu07,https://doi.org/10.15394/jdfsl.2007.1027,,,1580454600,,0,,0,true,cc-by-nc,gold
112-559-922-892-139,A Survey of Contemporary Enterprise Storage Technologies from a Digital Forensics Perspective,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Gregory H. Carlton; Joseph Matsumoto,"As the proliferation of digital computational systems continue to expand, increasingly complex technologies emerge, including those regarding large, enterprise-wide, information storage and retrieval systems. Within this study, we examine four contemporary enterprise storage technologies. Our examination of these technologies is presented with an overview of the technological features of each offering and then followed with a discussion of the impact of these technologies on digital forensics methods, particularly regarding forensic data acquisition. We offer a general opinion concerning a recommended data acquisition method when faced with the task of obtaining a forensic image of data contained within these technologies, we discuss limitations of our study, and lastly, we suggest areas in which additional research would benefit the field of digital forensics.",6,3,63,74,Internet privacy; Data acquisition; Enterprise storage; Perspective (graphical); Data science; Task (project management); Information storage; Additional research; Field (computer science); Computer science; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#CarltonM11 https://commons.erau.edu/cgi/viewcontent.cgi?article=1100&context=jdfsl https://core.ac.uk/display/91845196 https://commons.erau.edu/jdfsl/vol6/iss3/5/ https://doaj.org/article/8b9539b1813a43e78b4402ac2029cc77,http://dx.doi.org/10.15394/jdfsl.2011.1100,,10.15394/jdfsl.2011.1100,1562788053,,0,030-912-633-104-433; 089-048-294-489-077; 157-481-301-540-451; 197-704-009-248-599,1,true,cc-by-nc,gold
116-136-918-261-896,The Cyber Threat to National Critical Infrastructures: Beyond Theory,2010-12-15,2010,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Kenneth Geers,"ABSTRACT Adversary threats to critical infrastructures have always existed during times of conflict, but threat scenarios now include peacetime attacks from anonymous computer hackers. Current events, including examples from Israel and Estonia, prove that a certain level of real-world disorder can be achieved from hostile data packets alone. The astonishing achievements of cyber crime and cyber espionage – to which law enforcement and counterintelligence have found little answer – hint that more serious cyber attacks on critical infrastructures are only a matter of time. Still, national security planners should address all threats with method and objectivity. As dependence on IT and the Internet grow, governments should make proportional investments in network security, incident response, technical training, and international collaboration.",3,2-4,124,130,Internet privacy; Network security policy; Business; Counterintelligence; Law enforcement; Security service; Computer security; Adversary; Critical security studies; National security; Security studies,,,,,https://www.tandfonline.com/doi/full/10.1080/15567281.2010.536735 https://dblp.uni-trier.de/db/journals/jdfp/jdfp3.html#Geers10 https://doi.org/10.1080/15567281.2010.536735,http://dx.doi.org/10.1080/15567281.2010.536735,,10.1080/15567281.2010.536735,2162118087,,0,,5,false,,
116-191-444-772-142,Automated Windows Memory File Extraction for Cyber Forensics Investigation,2008-12-09,2008,journal article,Journal of Digital Forensic Practice,15567281; 15567346,Informa UK Limited,United States,Seyed Mahmood Hejazi; Mourad Debbabi; Chamseddine Talhi,"In digital forensics, the first step to conducting an investigation is to acquire evidence that is most related to the case. Containing most recently accessed data and information about the status of a system, physical memory is a valuable source of digital evidence. When a process runs or accesses a file, all or some parts of the process's executable or accessed data file are mapped into the physical memory. In this article, we propose various methods to find files and extract them from memory in order to rebuild executable and data files that existed in physical memory at the time of incident. We developed a memory analysis plug-in that uses this automated memory file extraction. Using this tool, we have been able to extract a wide range of data file types, including text, PDF, Java Archives (JAR), various logs, EVT (system event-log files, used by the system event viewer), HTML and many more. Investigators can use the result of this research in order to (1) compare the files found on disk with those extracted from memory to find possible tampering or (2) reconstruct those files that no longer exist on the disk. In addition, they can find the last file modifications that have not been mapped out to the corresponding files on the disk. Memory extracted files can be used for the purpose of correlation analysis along with other sources of evidence such as application or network log files, E-mail files, and data files found on disks.",2,3,117,131,Memory-mapped file; Data file; File Control Block; File synchronization; Unix file types; File system fragmentation; Flash file system; Computer science; Database; Computer file,,,,,https://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HejaziDT08 https://espace2.etsmtl.ca/id/eprint/13707/ https://doi.org/10.1080/15567280802552829 https://www.tandfonline.com/doi/full/10.1080/15567280802552829 http://dblp.uni-trier.de/db/journals/jdfp/jdfp2.html#HejaziDT08 https://dl.acm.org/doi/10.1080/15567280802552829,http://dx.doi.org/10.1080/15567280802552829,,10.1080/15567280802552829,2016650184,,1,003-412-732-826-511; 017-152-528-840-957; 024-314-616-027-58X; 030-121-862-351-330; 043-416-692-708-842; 069-231-379-706-894; 075-060-008-987-440; 102-822-532-339-461; 105-427-271-392-801; 127-444-480-388-473; 135-682-482-440-347; 142-816-347-811-541; 149-010-267-691-537,1,false,,
116-286-231-130-308,An integrated view of data quality in Earth observation,2012-12-10,2012,journal article,"Philosophical transactions. Series A, Mathematical, physical, and engineering sciences",1364503x,Royal Society of London,United Kingdom,X. Yang; J. D. Blower; Lucy Bastin; Victoria Lush; Alaitz Zabala; Joan Masó; Dan Cornford; Paula Díaz; Jo Lumsden,"Data quality is a difficult notion to define precisely, and different communities have different views and understandings of the subject. This causes confusion, a lack of harmonization of data across communities and omission of vital quality information. For some existing data infrastructures, data quality standards cannot address the problem adequately and cannot fulfil all user needs or cover all concepts of data quality. In this study, we discuss some philosophical issues on data quality. We identify actual user needs on data quality, review existing standards and specifications on data quality, and propose an integrated model for data quality in the field of Earth observation (EO). We also propose a practical mechanism for applying the integrated quality information model to a large number of datasets through metadata inheritance. While our data quality management approach is in the domain of EO, we believe that the ideas and methodologies for data quality management can be applied to wider domains and disciplines to facilitate quality-enabled scientific research.",371,1983,20120072,20120072,Data mining; Data management; Data governance; Data quality; Data science; Environmental informatics; Field (computer science); Earth observation; Computer science; Information quality; Metadata,,"Database Management Systems/standards; Databases, Factual/standards; Earth, Planet; Environmental Monitoring/methods; Information Storage and Retrieval/standards; Meta-Analysis as Topic; Systems Integration",,,https://paperity.org/p/48641320/an-integrated-view-of-data-quality-in-earth-observation https://royalsocietypublishing.org/doi/pdf/10.1098/rsta.2012.0072 https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3538291/ http://ui.adsabs.harvard.edu/abs/2012RSPTA.37120072Y/abstract https://core.ac.uk/display/16394882 https://centaur.reading.ac.uk/30716/ http://rsta.royalsocietypublishing.org/content/371/1983/20120072 https://europepmc.org/articles/PMC3538291 https://research.aston.ac.uk/en/publications/an-integrated-view-of-data-quality-in-earth-observation https://royalsocietypublishing.org/doi/10.1098/rsta.2012.0072 https://rsta.royalsocietypublishing.org/content/371/1983/20120072 https://core.ac.uk/download/188183657.pdf,http://dx.doi.org/10.1098/rsta.2012.0072,23230156,10.1098/rsta.2012.0072,2128392156,PMC3538291,1,003-521-953-056-015; 004-520-114-570-242; 020-885-011-437-897; 029-394-766-959-627; 041-772-402-885-620; 054-490-037-348-056; 062-654-807-638-235; 070-685-787-852-26X; 092-813-942-982-497; 111-302-112-600-042; 112-077-422-191-684; 117-389-122-252-216; 146-736-794-898-234; 164-826-910-354-405; 179-133-773-651-691; 180-813-779-294-458,29,true,cc-by,hybrid
117-065-920-586-287,A recovery method of deleted record for SQLite database,2011-07-24,2011,journal article,Personal and Ubiquitous Computing,16174909; 16174917,Springer Science and Business Media LLC,Germany,Sang-Jun Jeon; Jewan Bang; Keun-Duck Byun; Sangjin Lee,"SQLite is a small-sized database engine largely used in embedded devices and local application software. The availability of portable devices, such as smartphones, has been extended over the recent years and has contributed to growing adaptation of SQLite. This implies a high likelihood of digital evidences acquired during forensic investigations to include SQLite database files. Where intentional deletion of sensitive data can be made by a suspect, forensic investigators need to recover deleted records in SQLite at the best possible. This study analyzes data management rules used by SQLite and the structure of deleted data in the system and in turn suggests a recovery tool of deleted data. Further, the study examines major SQLite suited software as it validates feasible possibility of deleted data recovery.",16,6,707,715,Application software; Data management; Database engine; Recovery method; Computer science; Data recovery; Database; Adaptation (computer science),,,,,https://doi.org/10.1007/s00779-011-0428-7 https://koreauniv.pure.elsevier.com/en/publications/a-recovery-method-of-deleted-record-for-sqlite-database https://link.springer.com/article/10.1007%2Fs00779-011-0428-7 https://dblp.uni-trier.de/db/journals/puc/puc16.html#JeonBBL12 https://dl.acm.org/doi/10.1007/s00779-011-0428-7 https://dx.doi.org/10.1007/s00779-011-0428-7 https://dl.acm.org/citation.cfm?id=2425017.2425078 https://link.springer.com/article/10.1007/s00779-011-0428-7/fulltext.html http://dx.doi.org/10.1007/s00779-011-0428-7,http://dx.doi.org/10.1007/s00779-011-0428-7,,10.1007/s00779-011-0428-7,2047240059,,5,005-594-976-962-141; 171-083-956-573-469,53,false,,
119-538-961-150-586,"Rogue insiders, signature loopholes, and fraud rings",2012-10-19,2012,journal article,International Journal of Accounting & Information Management,18347649; 17589037,Emerald,United Kingdom,Chengqi Guo; Xiaorui Hu,"Purpose – The purpose of this paper is to report the findings and lessons learned from a case study that is based on Alibaba's business‐to‐business (B2B) fraud in China. The influence of such incidents and post‐hoc solutions are research worthy in today's booming digital business world.Design/methodology/approach – The paper uses a case study approach and practice‐driven method that rely on user behaviors, corporate policies, and financial data. The taxonomic framework of online fraud and corresponding countermeasures arise from digital forensic reports, policy reviews, data analysis, and a literature review.Findings – The key findings are indigenous to the Chinese B2B landscape, yet they help international stakeholders understand and address fraudulent issues. The paper finds beside the traditional customer‐based account signature, internal employees must be assigned their own signature systems to track malicious activities. Meanwhile, digital signature systems can be enhanced by reducing the record inte...",20,4,348,362,Digital signature; Accounting; Business; Signature (logic); China; Key (cryptography); Computer fraud; Indigenous; Digital forensics; Constructive fraud,,,,,https://EconPapers.repec.org/RePEc:eme:ijaipp:v:20:y:2012:i:4:p:348-362 https://ideas.repec.org/a/eme/ijaipp/v20y2012i4p348-362.html https://www.emerald.com/insight/content/doi/10.1108/18347641211272704/full/pdf?title=rogue-insiders-signature-loopholes-and-fraud-rings-lessons-learned-by-a-chinese-b2b-mogul https://www.emerald.com/insight/content/doi/10.1108/18347641211272704/full/html,http://dx.doi.org/10.1108/18347641211272704,,10.1108/18347641211272704,1576745358,,0,006-539-348-588-720; 012-749-721-964-978; 030-985-676-526-342; 032-869-895-384-158; 038-300-604-053-570; 046-279-420-554-641; 048-099-497-479-533; 059-258-996-113-290; 070-935-005-752-82X; 072-196-609-368-948; 081-502-077-573-308; 090-194-533-672-604; 097-473-581-825-253; 100-221-310-249-990; 121-134-364-598-228; 122-000-876-353-569; 122-575-399-863-650; 124-497-505-757-109; 127-260-768-525-186; 131-005-597-897-618; 140-873-066-044-831; 141-191-638-630-480,3,false,,
120-462-880-448-150,Live Analysis: Progress and Challenges,,2009,journal article,IEEE Security & Privacy Magazine,15407993; 15584046,Institute of Electrical and Electronics Engineers (IEEE),United States,Brian Hay; Kara Nance; Matt Bishop,"As computer technologies become increasingly ubiquitous, so must supporting digital forensics tools and techniques for efficiently and effectively analyzing associated systems' behavior. Live analysis is a logical and challenging step forward in this area and a method that has recently received increased R&D focus. This article describes some live analysis approaches as well as tools and techniques for live analysis on real and virtual machines. The discussion includes research challenges and open problems.",7,2,30,37,World Wide Web; Forensic science; Cryptography; Data science; Virtual machine; Live analysis; Focus (computing); Computer science; Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/ieeesp/ieeesp7.html#HayBN09 http://dx.doi.org/10.1109/MSP.2009.43 http://yadda.icm.edu.pl/yadda/element/bwmeta1.element.ieee-000004812154 https://doi.org/10.1109/MSP.2009.43 https://www.infona.pl/resource/bwmeta1.element.ieee-art-000004812154 http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4812154 https://www.computer.org/csdl/magazine/sp/2009/02/msp2009020030/13rRUxbCbrJ https://ieeexplore.ieee.org/document/4812154/ https://dx.doi.org/10.1109/MSP.2009.43,http://dx.doi.org/10.1109/msp.2009.43,,10.1109/msp.2009.43,1979319057,,0,002-495-833-326-831; 010-241-132-069-684; 014-821-022-292-339; 026-810-683-474-561; 038-914-873-897-532; 043-416-692-708-842; 054-507-171-824-189; 099-717-679-430-808; 105-427-271-392-801; 141-445-106-549-822,59,false,,
121-931-608-998-802,Identification of User Ownership in Digital Forensic using Data Mining Technique,2012-07-28,2012,journal article,International Journal of Computer Applications,09758887,Foundation of Computer Science,,KM Kumar; Sanjeev Sofat; Naveen Aggarwal; Shreyans K. Jain,"As existing technology used by criminal rapidly changes and growing, digital forensics is also growing and important fields of research for current intelligence, law enforcement and military organizations today. As huge information is stored in digital form, the need and ability to analyze and process this information for relevant evidence has grown in complexity. During criminal activities crime committed use digital devices, forensic examiners have to adopt practical frameworks and methods to recover data for analysis which can comprise as evidence. Data Preparation/ Generation, Data warehousing and Data Mining, are the three essential features involved in the investigation process. The purpose of data mining technique is to find the valuable relationships between data items. This paper proposes an approach for preparation, generation, storing and analyzing of data, retrieved from digital devices which pose as evidence in forensic analysis. Attribute classification model has been presented to categorized user files. The data mining tools has been used to identify user ownership and validating the reliability of the pre-processed data. This work proposes a practical framework for digital forensics on hard drives.",50,4,1,5,Data mining; Data warehouse; Forensic science; Reliability (computer networking); Work (electrical); Data preparation; Law enforcement; Computer science; Process (engineering); Identification (information); Digital forensics,,,,,https://ui.adsabs.harvard.edu/abs/2012IJCA...50d...1K/abstract https://www.ijcaonline.org/archives/volume50/number4/7756-0818 https://research.ijcaonline.org/volume50/number4/pxc3880818.pdf,http://dx.doi.org/10.5120/7756-0818,,10.5120/7756-0818,2099922782,,0,003-448-142-212-67X; 003-868-023-351-977; 009-101-513-978-03X; 037-927-986-476-095; 062-202-545-220-180; 083-366-581-383-158; 094-999-990-049-790; 096-459-953-942-294; 115-547-184-477-216; 125-658-973-713-722; 128-983-879-520-615; 132-355-634-397-986; 136-606-982-080-327,5,true,,green
124-701-191-448-666,Investigating Information Structure of Phishing Emails Based on Persuasive Communication Perspective,,2007,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Ki Jung Lee; Il-Yeol Song,"Current approaches of  phishing filters depend on classifying messages based on textually discernable features such as IP-based URLs or domain names as those features that can be easily extracted from a given phishing message. However, in the same sense, those easily perceptible features can be easily manipulated by sophisticated phishers. Therefore, it is important that universal patterns of phishing messages should be identified for feature extraction to serve as a basis for text classification. In this paper, we demonstrate that user perception regarding phishing message can be identified in central and peripheral routes of information processing. We also present a method of formulating quantitative model that can represent persuasive information structure in phishing messages. This paper makes contribution to phishing classification research by presenting the idea of universal information structure in terms of persuasive communication theories.",2,3,29,44,World Wide Web; Domain (software engineering); Perspective (graphical); Information structure; Quantitative model; Persuasive communication; Computer science; Feature extraction; Phishing; Information processing,,,,,https://core.ac.uk/display/91832093 https://commons.erau.edu/jdfsl/vol2/iss3/2/ https://doaj.org/article/93c27a8e410b4502908d323661254d31 https://commons.erau.edu/cgi/viewcontent.cgi?article=1028&context=jdfsl https://oaji.net/articles/2014/1095-1407715302.pdf,http://dx.doi.org/10.15394/jdfsl.2007.1028,,10.15394/jdfsl.2007.1028,1927643704,,0,002-479-677-540-966; 025-031-373-146-600; 027-232-817-278-713; 037-489-494-639-233; 081-287-678-177-387; 086-788-563-715-269; 090-187-899-389-648; 094-434-378-456-391; 102-911-010-041-945; 114-154-086-962-409; 133-122-582-195-678; 148-737-901-319-742; 159-990-369-093-473; 174-429-099-375-71X,4,true,cc-by-nc,gold
126-325-282-083-259,A Design Methodology and Implementation for Corporate Network Security Visualization: A Modular-Based Approach,2011-06-30,2011,journal article,AIS Transactions on Human-Computer Interaction,19443900,Association for Information Systems,,Andy Luse; Brian E. Mennecke; Janea L. Triplett; Nate Karstens; Doug Jacobson,"Research surrounding visualization for computer and network security has produced differing accepted methods for adequately developing security visualization products. The current work proposes a design methodology that melds the research of the three competing frameworks for security visualization development. In addition, a product that incorporates the proposed design methodology is developed, used, and evaluated. Findings show that users of the system believe the system has increased their effectiveness at performing network security tasks and are likely to use such a system in the future",3,2,104,132,Modular design; Computer engineering; Software engineering; Engineering; Design methods; Design science; Corporate network; Multi method; Visualization,,,,,https://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=1009&context=scm_pubs https://aisel.aisnet.org/thci/vol3/iss2/4/ https://works.bepress.com/brian_mennecke/1/download/ https://core.ac.uk/display/38936955 https://lib.dr.iastate.edu/scm_pubs/10/ https://works.bepress.com/douglas-jacobson/3/ https://core.ac.uk/download/38936955.pdf,http://dx.doi.org/10.17705/1thci.00029,,10.17705/1thci.00029,2159208842,,0,001-549-868-945-426; 002-205-483-637-075; 009-651-773-709-422; 012-424-199-177-051; 014-047-830-858-038; 018-718-591-703-847; 019-602-574-953-045; 020-967-715-177-527; 021-691-357-247-178; 025-144-524-031-191; 027-299-299-899-996; 033-776-919-813-29X; 036-376-652-380-240; 043-332-502-140-099; 047-193-864-235-114; 051-328-171-170-469; 053-417-165-638-878; 054-764-606-824-75X; 064-639-576-329-685; 065-293-896-050-035; 066-421-385-755-551; 072-492-840-757-192; 074-104-790-366-817; 076-734-650-965-454; 080-453-821-483-446; 093-779-978-973-429; 096-417-312-916-058; 096-441-595-983-612; 104-392-548-898-423; 106-376-117-430-442; 106-466-160-381-34X; 113-758-307-276-172; 117-277-569-149-278; 129-994-159-364-677; 141-601-200-804-924; 143-875-130-007-110; 147-117-297-573-555; 154-554-926-462-997; 162-574-139-860-644; 178-384-778-047-100; 195-442-802-984-09X; 198-421-736-276-787,2,true,,green
126-882-144-515-967,Extending the boundaries of IQ: Can collaboration with information management improve corporate governance,,2008,journal article,International Journal of Information Quality,17510457; 17510465,Inderscience Publishers,United Kingdom,Heather Maguire,"The increasing volume of information handled by organisations has increased pressure on boards to ensure that legislative, accountability, business and cultural requirements are met. Recent negative media coverage has increased this pressure for improved accountability and transparency. Concurrently, agency theory has highlighted problems, such as moral hazards and adverse selection, resulting from information asymmetry between boards and CEOs. Effective records management can assist organisations in meeting demands for accountability, transparency and compliance and in reducing information asymmetry. This paper proposes that organisations incorporate records management functionality into criteria used to assess information quality in order to improve corporate governance mechanisms.",2,1,16,38,Data mining; Information management; Information asymmetry; Business; Information governance; Process management; Accountability; Business continuity; Transparency (behavior); Corporate governance; Information quality,,,,,https://dblp.uni-trier.de/db/journals/ijiq/ijiq2.html#Maguire08 https://www.inderscience.com/link.php?id=19561 https://eprints.usq.edu.au/3826/ http://eprints.usq.edu.au/3826/ https://eprints.usq.edu.au/id/eprint/3826 https://eprints.usq.edu.au/3826/1/Maguire_International_Journal_of_Information_Quality_Special_Issue_2008_Authorversion.pdf https://www.inderscienceonline.com/doi/abs/10.1504/IJIQ.2008.019561 https://core.ac.uk/download/11037312.pdf,http://dx.doi.org/10.1504/ijiq.2008.019561,,10.1504/ijiq.2008.019561,2070447213,,0,005-446-469-718-30X; 014-562-734-936-098; 030-440-194-597-412; 049-814-277-642-614; 050-690-207-044-09X; 060-193-898-345-54X; 072-779-164-090-553; 073-258-752-191-37X; 084-430-842-663-36X; 093-464-341-881-758; 106-212-757-280-023; 129-992-561-618-365; 138-178-065-130-176; 182-439-382-859-452; 198-845-481-672-196,9,true,,green
128-315-885-884-18X,ASIST - Integrating digital forensics into born-digital workflows: The BitCurator project,,2012,journal article,Proceedings of the American Society for Information Science and Technology,00447870,Wiley,,Martin Gengenbach; Alexandra Chassanoff; Porter Olsen,"There is a growing body of work investigating the needs and desires of collecting institutions as they adapt to the acquisition of born-digital materials. The incorporation of digital forensics tools and techniques into digital curation workflows offers great promise for addressing the complexities bound up in ingesting and preserving digital objects at multiple levels of representation. This poster presents preliminary results from ongoing research conducted as part of the BitCurator project, a two-year grant funded initiative to build, test, and analyze systems and software for incorporating digital forensics methods into collecting institutions' workflows. The project arose out of a perceived need in the library, archives, and museum (LAM) communities for better documentation, interfaces, and functionality in processing born-digital archival materials.",49,1,1,4,Engineering; World Wide Web; Work (electrical); Workflow; Digital curation; Born-digital; Software; Documentation; Digital forensics,,,,,https://dblp.uni-trier.de/db/conf/asist/asist2012.html#GengenbachCO12 https://asistdl.onlinelibrary.wiley.com/doi/pdf/10.1002/meet.14504901343 https://asistdl.onlinelibrary.wiley.com/doi/abs/10.1002/meet.14504901343 http://onlinelibrary.wiley.com/doi/10.1002/meet.14504901343/abstract https://onlinelibrary.wiley.com/doi/abs/10.1002/meet.14504901343,http://dx.doi.org/10.1002/meet.14504901343,,10.1002/meet.14504901343,2114988520,,0,022-250-300-795-993; 037-647-066-964-858; 067-629-806-155-212; 074-028-601-448-433; 081-235-060-337-938,0,true,,bronze
129-615-754-884-164,Privacy Please: A Privacy Curriculum Taxonomy (PCT) For The Era Of Personal Intelligence,2011-07-22,2011,journal article,College Teaching Methods & Styles Journal (CTMS),2157880x; 15489566,Clute Institute,,E. Vincent Carter,"This paper extends forward thinking by information ethics and business education scholars to introduce a Privacy Curriculum Taxonomy (PCT) that repurposes business curricula around the emerging personal information privacy paradigm. The seminal challenge confronting business education leaders is to respond to the ontological paradigm shift from a physical society driven by material and monetary processes, towards a digital society driven by information supply and the growing demand for information privacy. The PCT is advanced as an initial framework for engaging business curriculum planners in the considerations required to repurpose existing disciplines around digital society information and privacy processes. After a current literature review, the PCT is developed using a foundational set of information assurance principles. The PCT is business discipline specific, to catalyze incubation and further development within and across functional areas.",3,3,11,24,Privacy policy; Information privacy; Personally identifiable information; Privacy by Design; Information assurance; Computer science; Curriculum; Business education; Engineering ethics; Knowledge management; Information ethics,,,,,http://www.cluteinstitute.com/ojs/index.php/CTMS/article/view/5284/5369 https://core.ac.uk/download/pdf/268109669.pdf,http://dx.doi.org/10.19030/ctms.v3i3.5284,,10.19030/ctms.v3i3.5284,2138904549,,0,000-145-025-899-751; 000-970-475-149-659; 001-017-327-328-081; 001-841-050-679-801; 002-347-326-250-014; 002-745-219-059-226; 008-677-132-842-046; 009-294-459-957-177; 009-917-585-658-707; 010-115-748-057-350; 013-125-236-805-00X; 014-462-150-305-331; 016-097-163-251-686; 021-389-527-629-930; 022-071-196-462-115; 025-871-990-626-070; 026-365-275-868-526; 027-980-170-808-86X; 028-042-196-945-884; 028-499-720-514-176; 033-403-461-107-470; 036-121-048-330-496; 036-807-550-941-934; 042-150-976-376-446; 042-483-465-846-86X; 048-777-260-529-619; 049-592-217-731-059; 050-405-450-488-904; 051-366-278-012-628; 051-375-016-180-378; 052-196-937-150-029; 053-032-786-467-63X; 054-984-470-637-633; 055-475-689-910-172; 056-007-912-734-781; 056-495-796-264-131; 056-842-188-873-957; 056-863-400-252-035; 058-542-042-895-756; 060-262-042-744-750; 062-893-630-629-939; 068-051-795-105-452; 068-354-116-073-734; 069-562-583-792-052; 070-963-094-320-057; 072-779-164-090-553; 073-889-042-338-083; 073-924-628-232-586; 080-033-497-003-701; 084-109-436-617-973; 086-677-463-148-47X; 087-061-365-567-41X; 087-511-723-437-11X; 089-965-196-288-106; 090-302-684-125-304; 093-371-767-154-088; 101-442-155-142-418; 107-104-671-850-660; 109-582-386-062-920; 110-904-278-042-513; 115-326-344-973-915; 116-053-728-519-08X; 116-135-844-464-062; 117-059-256-976-71X; 117-927-575-901-309; 118-880-665-129-472; 119-461-212-225-648; 119-995-271-167-413; 120-451-016-579-488; 124-680-912-109-753; 126-633-662-228-071; 127-028-418-983-295; 129-022-141-005-768; 130-005-498-223-021; 131-882-603-203-964; 133-252-792-572-756; 134-899-140-734-581; 135-937-192-295-067; 137-412-053-295-172; 142-510-881-567-735; 143-075-625-083-347; 147-422-029-171-489; 148-784-898-448-966; 151-752-638-757-094; 152-863-702-811-357; 155-521-107-053-60X; 158-375-756-705-395; 168-706-819-086-330; 178-229-318-329-051; 185-185-694-643-281; 187-443-389-739-502; 190-644-223-379-390; 190-668-139-764-508; 192-524-405-434-393; 192-721-060-876-155; 195-226-778-954-133; 196-424-509-019-239,0,true,,bronze
132-835-798-589-274,Telecommunications Liberalisation in Africa: Proposed Regulatory Model for the SADC Region,,2009,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Z. Ntozintle Jobodwana,"The liberalisation of the telecommunication industry in Africa, and the further development of the region’s physical infrastructure was accompanied by the further development of Africa’s information, communication and technology infrastructure. Competition within the industry stimulated heavy economic investment in other sectors of the economy. The outcome of liberalisation also included the establishment of community-based structures that continue to enable communities to manage their own development and gain access to information and communication technologies (ICTs) in an unprecedented manner. The telecommunication infrastructure further stimulated the fast development of other related services, for example, e-commerce and mobile commerce (m-commerce), e-government, internet banking, mobile banking etcetera. Latest reports and statistics disclose that in Africa m-commerce is set to even overtake the development of e-commerce, through the popular use and penetration of mobile telephony whilst e-commerce development is constrained by difficulties in rolling out speedily fixed telephone lines. These new methods of communication have so intensified that there is hope that further penetration of mobile telephony would leap-frog economic growth and development in Africa, especially in rural communities. Therefore, innovations and investment in ICT’s are changing the world in a number of ways, resulting in a globally connected digital economy.  However, there are regulatory challenges that need to be addressed as a matter of urgency. Certain sections of the continent’s population, especially those in rural areas, have very limited access to ICT’s. This prevents them from exploiting opportunities offered by ICT’s. The main barriers to ICT access relate to inadequate regimes and their supporting legal frameworks, high cost of internet access, connectivity problems, the lack of technical skills to support maintenance and low number of computers with internet connectivity at schools, libraries and other public places. In this paper such challenges are identified and further reforms suggested. The ultimate recommendation is the one that states that a SADC telecommunication independent regulatory agency be established, independent of any government ministry, though consulting with a SADC Ministerial Council. Already, some countries in West Africa have developed a harmonized regulatory framework designed to integrate the Acts covering ICT markets in the sub-region and to keep policy and regulatory frameworks in line with the constant evolution of technologies, applications and services.",4,4,73,94,The Internet; Telephone line; Business; Government; Mobile commerce; Mobile banking; Population; Information and Communications Technology; Telecommunications; Internet access,,,,,https://commons.erau.edu/jdfsl/vol4/iss4/4/ https://core.ac.uk/display/92105711 https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl4.html#Jobodwana09 https://commons.erau.edu/cgi/viewcontent.cgi?article=1067&context=jdfsl https://doaj.org/article/216b22679acd480c98285bf655cc2180,http://dx.doi.org/10.15394/jdfsl.2009.1067,,10.15394/jdfsl.2009.1067,2162992815,,0,,1,true,cc-by-nc,gold
133-634-862-467-024,Information Technology Act 2000 in India - Authentication of E-Documents,,2007,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,R. G. Pawar; B. S. Sawant; Abhijeet Kaiwade,"The Information Technology Act 2000 has enacted in India on 9th June 2000. This Act has mentioned provision of authentication of electronic document. It is the need of hour at that time that such provision is needed in the Indian Law system, especially for electronic commerce and electronic governance. Electronic commerce”, which involve the use of alternatives to paper based methods of communication and storage information. To do electronic commerce there should be authentication of particular document. The working of internet is the documents are traveling in terms of bits from one destination to other destination, through various media like – Co-axial cable, fiber optic, satellite etc. While traveling this document there is probability of making changes in that document by any third party is high or some document may get changed due to noise/disturbance in communication media. This Act required to provide legal recognition carried out by means of electronic data interchange and other means of electronic communication. In this paper researchers studied technological aspects of Information Technology Act 2000 like hash function, encryption, decryption, public key, private key etc. and its process. This paper gives details about certifying authority in detail. There should be some mechanism that will take care of document, that what ever the document is received should be the authentic one and it would not get changed in any manner due to any cause.",2,2,57,66,The Internet; Information technology; Authentication (law); Encryption; Public-key cryptography; Electronic document; Computer security; Computer science; Electronic data interchange; Hash function,,,,,https://commons.erau.edu/cgi/viewcontent.cgi?article=1023&context=jdfsl https://commons.erau.edu/jdfsl/vol2/iss2/4/ https://doaj.org/article/117cad44d4994eb99568afa44b560f47 https://oaji.net/articles/2014/1095-1407714947.pdf https://core.ac.uk/display/92150253,http://dx.doi.org/10.15394/jdfsl.2007.1023,,10.15394/jdfsl.2007.1023,1492380650,,0,003-014-549-906-472; 026-251-687-758-643; 104-898-382-341-446; 119-526-675-777-11X; 179-258-636-296-223; 194-808-339-355-503,3,true,cc-by-nc,gold
134-271-291-397-152,Digital Forensic Technology of Solaris,,2012,journal article,Advanced Materials Research,16628985,"Trans Tech Publications, Ltd.",,Fei Zhao; Jing Sheng Zhang; Zhong Xia Wang,"The UFS file system of Solaris is not supported undelete operation, so it is a difficult thing to digital forensic. This paper based on the UFS documents of 10 Solaris’ the log file system and the physical structure of UFS file system’s storage, putting forward the method of digital forensic for it. In cases of actual digital forensic for Solaris 10, it can restore the required documents, so this method has good effect",601,,342,346,Unix file types; File system; Physical structure; Computer science; Database; Digital forensics,,,,,https://www.scientific.net/AMR.601.342,http://dx.doi.org/10.4028/www.scientific.net/amr.601.342,,10.4028/www.scientific.net/amr.601.342,2019721255,,0,,0,false,,
134-879-839-097-549,A framework for the forensic investigation of unstructured email relationship data,2011-07-01,2011,journal article,International Journal of Digital Crime and Forensics,19416210; 19416229,IGI Global,United States,John Haggerty; Alexander J. Karran; David Lamb; Mark Taylor,"Our continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. Moreover, email investigations may involve many hundreds of actors and thousands of messages. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation.",3,3,1,18,Social network analysis; World Wide Web; Key (cryptography); Unstructured data; Power relations; Visualization; Computer science; Data set (IBM mainframe); Identification (information),,,,,https://usir.salford.ac.uk/18157/1/Published_paper.pdf https://doi.org/10.4018/jdcf.2011070101 https://www.igi-global.com/article/framework-forensic-investigation-unstructured-email/58405 https://dblp.uni-trier.de/db/journals/ijdcf/ijdcf3.html#HaggertyKLT11 https://usir.salford.ac.uk/18157/ http://doi.org/10.4018/jdcf.2011070101 https://core.ac.uk/download/1666855.pdf,http://dx.doi.org/10.4018/jdcf.2011070101,,10.4018/jdcf.2011070101,1990628890,,0,005-893-121-581-140; 006-383-903-682-209; 015-586-822-938-491; 018-033-105-547-227; 035-464-359-596-29X; 046-841-674-135-16X; 052-061-925-688-034; 053-474-306-239-960; 060-811-689-677-148; 061-887-537-570-816; 064-076-404-078-983; 068-247-232-838-884; 077-485-466-836-574; 083-007-771-970-738; 086-804-371-613-070; 097-567-011-227-46X; 098-849-439-721-700; 110-212-753-356-881; 110-309-926-544-567; 114-691-985-425-74X; 121-057-159-845-799; 123-581-145-533-990; 141-364-891-269-644; 148-338-977-232-362; 158-363-867-842-044; 161-803-264-979-062; 182-321-439-589-438; 188-332-136-393-173; 190-930-425-551-184; 193-085-309-526-807,21,true,,green
135-846-709-699-328,Mining Criminal Networks from Unstructured Text Documents,,2012,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Rabeah Al-Zaidy; Benjamin C. M. Fung; Amr M. Youssef; Francis Fortin,"Digital data collected for forensics analysis often contain valuable information about the suspects’ social networks. However, most collected records are in the form of unstructured textual data, such as e-mails, chat messages, and text documents. An investigator often has to manually extract the useful information from the text and then enter the important pieces into a structured database for further investigation by using various criminal network analysis tools. Obviously, this information extraction process is tedious and errorprone. Moreover, the quality of the analysis varies by the experience and expertise of the investigator. In this paper, we propose a systematic method to discover criminal networks from a collection of text documents obtained from a suspect’s machine, extract useful information for investigation, and then visualize the suspect’s criminal network. Furthermore, we present a hypothesis generation approach to identify potential indirect relationships among the members in the identified networks. We evaluated the effectiveness and performance of the method on a real-life cybercrimine case and some other datasets. The proposed method, together with the implemented software tool, has received positive feedback from the digital forensics team of a law enforcement unit in Canada.",8,3,147,160,Information extraction; Data science; Suspect; Digital data; Quality (business); Enforcement; Network analysis; Computer science; Process (engineering); Digital forensics,,,,,http://dmas.lab.mcgill.ca/fung/pub/AFYF12diin.pdf https://core.ac.uk/display/11081272 https://spectrum.library.concordia.ca/974920/1/mining_criminal_networks.pdf https://www.sciencedirect.com/science/article/abs/pii/S1742287612000023 https://dblp.uni-trier.de/db/journals/di/di8.html#Al-ZaidyFYF12,http://dx.doi.org/10.1016/j.diin.2011.12.001,,10.1016/j.diin.2011.12.001,2149260931,,1,001-381-793-304-07X; 001-978-314-030-895; 010-918-932-001-620; 012-350-773-697-360; 014-761-788-507-645; 021-352-326-159-603; 021-401-271-433-019; 037-038-397-047-452; 037-927-986-476-095; 072-391-331-317-989; 103-391-142-802-697; 113-317-142-937-273; 119-224-149-775-874; 126-424-116-981-962; 127-767-955-792-282,55,true,,green
137-166-264-059-953,Data Acquisition from Cell Phone using Logical Approach,2007-08-27,2007,journal article,"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering",,,,Keonwoo Kim; Dowon Hong; Kyoil Chung; Jae-Cheol Ryou,"Abstract — Cell phone forensics to acquire and analyze data in the cellular phone is nowadays being used in a national investigation organization and a private company. In order to collect cellular phone flash memory data, we have two methods. Firstly, it is a logical method which acquires files and direct ories from the file system of the cell phone flash memory. Secondly, we can get all data from bit-by-bit copy of entire physical memory using a low level access method. In this paper, we describe a forensic tool to acquire cell phone flash memory data using a logical level approach. By our tool, we can get EFS file system and peek memory data with an arbitrary region from Korea CDMA cell phone. Keywords — Forensics, logical method, acquisition, cell phone, flash memory.I. I NTRODUCTION S digital evidence that kept in the various electronic media such as a computer and a mobile device in the digital crime is recently increasing, digital forensic technology to prove the crime is being more and more important. Especially, if the critical evidence is stored in the mobile devices, mobile forensic technology is demanded to find out the evidence without damage of the evidence. Mobile devices include small scale digital devices, embedded system, portable storage devices, and obscure devices. And, as to the small scale digital devices, there are various types of cell phones, USIM, PDA, navigation system, game player, and so on. In this paper, we are focusing in acquiring and analyzing data in the cell phone. User data such as phonebook, call history, SMS, and photo and hardware-related data such as IMSI, MIN, and ESN are mainly stored in the NAND flash memory and the NOR flash memory of the cell phone. In case of Korea, most of",1,8,1105,1108,Mobile device; GSM services; Flash file system; Flash memory; Phone; Digital evidence; Computer science; Mobile device forensics; Digital forensics; Computer hardware,,,,,https://www.researchgate.net/profile/Mehmet_Sandikkaya/publication/224674256_Agent-Based_Offline_Electronic_Voting/links/53e0ce6d0cf2235f35270766.pdf,https://www.researchgate.net/profile/Mehmet_Sandikkaya/publication/224674256_Agent-Based_Offline_Electronic_Voting/links/53e0ce6d0cf2235f35270766.pdf,,,1592146700,,0,010-363-166-478-035; 048-141-687-795-752; 048-778-071-128-829; 074-933-143-629-826; 179-503-171-644-756,22,false,,
140-705-226-428-031,A new spread spectrum watermarking method using two levels DCT,,2010,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Amir Hossein Taherinia; Mansour Jamzad,,3,1,1,1,Computer science; Digital watermarking; Discrete cosine transform; Computer security; Spread spectrum; Spectrum (functional analysis); Computer vision; Artificial intelligence; Algorithm; Telecommunications; Image (mathematics); Channel (broadcasting); Physics; Quantum mechanics,,,,,,http://dx.doi.org/10.1504/ijesdf.2010.032328,,10.1504/ijesdf.2010.032328,,,0,,1,false,,
141-334-270-311-38X,Cloud law and contract negotiation,2012-09-01,2012,journal article,El Profesional de la Informacion,13866710; 16992407,Ediciones Profesionales de la Informacion SL,Netherlands,Charles Oppenheim,"The main characteristics of cloud computing services are explained and the clauses typically included in contracts between suppliers and customers of such services are discussed. Storing data on a cloud service can be more comfortable for an organization and cheaper than local storage, but it involves several risks. Recommendations are given on how to negotiate contracts. A list of questions to be asked of cloud service suppliers is provided so that a potential client can take an informed decision and avoid unpleasant surprises.",21,5,453,457,Business; Negotiation; Cloud computing services; Contract negotiation; Computer security; Cloud computing,,,,,https://recyt.fecyt.es/index.php/EPI/article/view/epi.2012.sep.02 http://www.elprofesionaldelainformacion.com/contenidos/2012/septiembre/02_eng.pdf https://core.ac.uk/display/15151105 https://espace.library.uq.edu.au/view/UQ:286231 https://espace.library.uq.edu.au/view/UQ:286231/UQ286231_OA.pdf https://www.scipedia.com/public/Oppenheim_2012a https://dialnet.unirioja.es/servlet/articulo?codigo=4935802 https://core.ac.uk/download/15151105.pdf,http://dx.doi.org/10.3145/epi.2012.sep.02,,10.3145/epi.2012.sep.02,2104530754,,0,016-379-256-014-597; 020-437-724-098-742; 026-223-603-350-854; 052-152-063-024-042; 073-545-912-961-452; 086-106-092-435-437; 093-179-411-090-01X,0,true,cc-by-nc-sa,green
143-171-832-110-416,The Influence of Technology on Social Network Analysis and Mining - Enhancing Child Safety in MMOGs,2012-12-21,2012,journal article,Lecture Notes in Social Networks,21905428; 21905436,Springer Vienna,,Lyta Penna; Andrew Clark; George M. Mohay,"This paper presents a method for improving child safety in Massively Multiplayer Online Games (MMOGs). The focus is to monitor and detect relationships forming with a child in online games, and to alert if the relationship indicates that an offline meeting with the child has been arranged or has the potential to occur. The research problem involves determining contextual meaning of messages in MMOGs which is addressed by use of a ranking system. The paper extends previous work (Penna L, Clark A, Mohay G (2010) A framework for improved adolescent and child safety in MMOs. In: Memon N, Alhajj R (eds) 2010 international conference on advances in social network analysis and mining (ASONAM 2010), IEEE Computer Society, University of Southern Denmark, Odense, pp 33–40; Penna L, Clark A, Mohay G (2005) Challenges of automating the detection of paedophile activity on the internet. In: Proceedings of Systematic Approaches to Digital Forensic Engineering (SADFE’2005), Taiwan, pp 206–222) by providing a systematic and comprehensive evaluation using World of Warcraft as a case study MMOG and a prototype of the design.",,,471,495,The Internet; Social network analysis; World Wide Web; Computer society; Child safety; Computer science; Meaning (linguistics); Digital forensics,,,,,https://link.springer.com/chapter/10.1007%2F978-3-7091-1346-2_21 https://dblp.uni-trier.de/db/series/lnsn/lnsn6.html#PennaCM13 https://link.springer.com/10.1007/978-3-7091-1346-2_21 https://rd.springer.com/chapter/10.1007/978-3-7091-1346-2_21 https://link.springer.com/chapter/10.1007/978-3-7091-1346-2_21/fulltext.html,http://dx.doi.org/10.1007/978-3-7091-1346-2_21,,10.1007/978-3-7091-1346-2_21,54126157,,0,006-129-139-443-62X; 033-850-168-297-900; 039-048-633-029-46X; 042-351-305-285-659; 057-604-236-066-360; 070-680-303-502-069; 072-713-835-260-495; 074-562-102-859-887; 103-753-091-216-14X; 109-135-424-904-881; 115-913-867-402-691; 119-845-541-270-661; 134-269-071-139-992,0,false,,
144-018-685-233-04X,Identification of source cameras based on CFA interpolation algorithm detection using covariance matrix,,2009,journal article,Journal of Optoelectronics·laser,,,,You Xin-gang,"Focusing on the problem of source camera identification,which is an important branch of digital forensices,a novel approach is proposed in this paper.By solving the covariance matrix equation,a statistical estimation of CFA interpolation coefficients is applied to reducethe bias.The feature selection process is implemented with SFFS method to construct a vector of 36 features selected from 240 coefficients,and the vector is then fed to the SVM classifier.The experiments,including 22 cameras consist of different makes and models,show a higher accuracy of 96.5% of our method on source camera identification,compared with the existing ones.",,,,,Algorithm; Support vector machine; Feature selection; Artificial intelligence; Interpolation; Pattern recognition; Covariance matrix; Construct (python library); Camera identification; Mathematics; Identification (information); Process (computing),,,,,http://en.cnki.com.cn/Article_en/CJFDTOTAL-GDZJ200904025.htm,http://en.cnki.com.cn/Article_en/CJFDTOTAL-GDZJ200904025.htm,,,2382294724,,0,,0,false,,
145-100-325-255-658,Amalgamation of cyclic bit operation in SD-EI image encryption method: an advanced version of SD-EI method: SD-EI ver-2,2012-07-01,2012,journal article,International Journal of Cyber-Security and Digital Forensics,23050012,,,Somdip Dey,"In this paper, the author presents an advanced version of image encryption technique, which is itself an upgraded version of SD-EI image encryption method. In this new method, SD-EI Ver-2, there are more bit wise manipulations compared to original SD-EI method. The proposed method consist of three stages: 1) First, a number is generated from the password and each pixel of the image is converted to its equivalent eight binary number, and in that eight bit number, the number of bits, which are equal to the length of the number generated from the password, are rotated and reversed; 2) In second stage, extended hill cipher technique is applied by using involutory matrix, which is generated by same password used in second stage of encryption to make it more secure; 3) In last stage, we perform modified Cyclic Bit manipulation. First, the pixel values are again converted to their 8 bit binary format. Then 8 consecutive pixels are chosen and a 8X8 matrix is formed out of these 8 bit 8 pixels. After that, matrix cyclic operation is performed randomized number of times, which is again dependent on the password provided for encryption. After the generation of new 8 bit value of pixels, they are again converted to their decimal format and the new value is written in place of the old pixel value. SD-EI Ver-2 has been tested on different image files and the results were very satisfactory.",1,3,221,225,Password; Bitwise operation; Encryption; Pixel; Bit manipulation; Computer science; Binary number; Image file formats; Theoretical computer science; Bit numbering; Arithmetic,,,,,https://sdiwc.net/digital-library/amalgamation-of-cyclic-bit-operation-in-sdei-image-encryption-method-an-advanced-version-of-sdei-method-sdei-ver2.html,https://sdiwc.net/digital-library/amalgamation-of-cyclic-bit-operation-in-sdei-image-encryption-method-an-advanced-version-of-sdei-method-sdei-ver2.html,,,131030797,,0,003-319-548-096-866; 017-758-017-694-296; 033-029-624-613-806; 059-652-002-507-409; 072-030-540-786-614; 119-096-123-965-211; 151-811-982-921-76X; 167-110-059-840-535; 191-085-724-528-428,9,false,,
145-942-251-429-723,Automated unsupervised authorship analysis using evidence accumulation clustering,2011-11-21,2011,journal article,Natural Language Engineering,13513249; 14698110,Cambridge University Press (CUP),United Kingdom,Robert Layton; Paul A. Watters; Richard Dazeley,"Authorship Analysis aims to extract information about the authorship of documents from features within those documents. Typically, this is performed as a classification task with the aim of identifying the author of a document, given a set of documents of known authorship. Alternatively, unsupervised methods have been developed primarily as visualisation tools to assist the manual discovery of clusters of authorship within a corpus by analysts. However, there is a need in many fields for more sophisticated unsupervised methods to automate the discovery, profiling and organisation of related information through clustering of documents by authorship. An automated and unsupervised methodology for clustering documents by authorship is proposed in this paper. The methodology is named NUANCE, for n-gram Unsupervised Automated Natural Cluster Ensemble. Testing indicates that the derived clusters have a strong correlation to the true authorship of unseen documents.",19,1,95,120,Profiling (information science); Set (abstract data type); Information retrieval; Task (project management); Visualization; Computer science; Cluster analysis; Identification (information),,,,,https://dx.doi.org/10.1017/S1351324911000313 http://dro.deakin.edu.au/view/DU:30109326 https://dblp.uni-trier.de/db/journals/nle/nle19.html#LaytonWD13 https://doi.org/10.1017/S1351324911000313 https://www.cambridge.org/core/journals/natural-language-engineering/article/automated-unsupervised-authorship-analysis-using-evidence-accumulation-clustering/E21F0E0D442E1FAC13C220D9F1E20F8E https://core.ac.uk/download/pdf/213009990.pdf,http://dx.doi.org/10.1017/s1351324911000313,,10.1017/s1351324911000313,2135345655,,0,004-810-422-788-564; 006-461-237-333-939; 008-947-497-867-315; 009-295-080-835-372; 011-192-566-903-056; 011-417-534-712-719; 015-856-788-685-714; 017-092-684-395-187; 018-533-734-929-341; 022-964-874-465-605; 023-266-990-795-458; 023-741-984-041-844; 024-087-530-736-185; 028-753-100-233-577; 029-172-479-961-704; 029-985-443-782-542; 030-379-787-798-551; 033-686-283-184-328; 036-932-179-250-92X; 037-950-654-186-716; 038-629-101-513-057; 040-862-950-566-842; 045-543-764-247-753; 046-982-188-186-534; 048-309-416-010-956; 051-775-248-895-922; 053-712-456-757-975; 056-115-860-579-369; 063-976-673-171-817; 069-077-112-180-368; 070-054-261-247-654; 070-431-256-441-47X; 075-494-645-094-547; 077-012-736-488-54X; 081-847-920-787-056; 082-274-054-270-018; 094-159-592-916-885; 097-803-807-224-039; 101-604-510-533-229; 117-323-338-420-539; 118-674-757-097-300; 139-027-929-591-18X; 139-710-979-313-889; 142-412-906-815-290; 149-410-697-955-152; 152-793-298-471-782; 153-826-237-509-69X; 163-348-131-058-279; 173-039-426-863-631; 173-481-259-509-249; 179-614-464-453-023; 186-908-026-121-093; 192-104-586-137-716,44,true,,green
146-975-962-360-352,An authentication and validation mechanism for analyzing syslogs forensically,,2008,journal article,ACM SIGOPS Operating Systems Review,01635980,Association for Computing Machinery (ACM),,Steena D. S. Monteiro; Robert F. Erbacher,"This research proposes a novel technique for authenticating and validating syslogs for forensic analysis. This technique uses a modification of the Needham Schroeder protocol, which uses nonces (numbers used only once) and public keys. Syslogs, which were developed from an event-logging perspective and not from an evidence-sustaining one, are system treasure maps that chart out and pinpoint attacks and attack attempts. Over the past few years, research on securing syslogs has yielded enhanced syslog protocols that focus on tamper prevention and detection. However, many of these protocols, though efficient from a security perspective, are inadequate when forensics comes into play. From a legal perspective, any kind of evidence found at a crime scene needs to be validated. In addition, any digital forensic evidence when presented in court needs to be admissible, authentic, believable, and reliable [4]. Currently, a patchy log on the server side and client side cannot be considered as formal authentication of a wrong doer [5]. This paper presents a method that ties together, authenticates, and validates all the entities involved in the crime scene---the user using the application, the system that is being used, and the application being used on the system by a user. This means that instead of merely transmitting the header and the message, which is the standard syslog protocol format, the syslog entry along with the user fingerprint, application fingerprint, and system fingerprint are transmitted to the logging server. The assignment of digital fingerprints and the addition of a challenge response mechanism to the underlying syslogging mechanism aim to validate generated syslogs forensically.",42,3,41,50,Authentication; Crime scene; Public-key cryptography; Fingerprint (computing); Needham–Schroeder protocol; Computer security; Computer science; syslog; Digital forensics; Cryptographic nonce,,,,,https://dl.acm.org/citation.cfm?id=1368513 https://dl.acm.org/doi/10.1145/1368506.1368513 https://digitalcommons.usu.edu/cgi/viewcontent.cgi?article=1195&context=etd https://digitalcommons.usu.edu/etd/198/,http://dx.doi.org/10.1145/1368506.1368513,,10.1145/1368506.1368513,1970199874,,1,009-284-801-057-774; 009-498-739-814-124; 018-182-926-340-45X; 020-195-870-396-757; 021-417-762-373-619; 038-850-020-383-951; 046-707-962-539-911; 046-855-338-320-507; 047-393-336-324-064; 051-355-292-672-16X; 064-042-103-421-236; 102-707-705-385-893; 105-126-222-909-334; 107-745-435-451-959; 122-880-373-616-302; 124-390-294-484-066; 138-851-840-986-301,6,false,,
150-957-964-090-611,Digital Forensics Formats: Seeking a Digital Preservation Storage Container Format for Web Archiving,2012-10-23,2012,journal article,International Journal of Digital Curation,17468256,Edinburgh University Library,,Yunhyong Kim; Seamus Ross,"In this paper we discuss archival storage container formats from the point of view of digital curation and preservation, an aspect of preservation overlooked by most other studies. Considering established approaches to data management as our jumping off point, we selected seven container format attributes that are core to the long term accessibility of digital materials. We have labeled these core preservation attributes. These attributes are then used as evaluation criteria to compare storage container formats belonging to five common categories: formats for archiving selected content (e.g. tar, WARC), disk image formats that capture data for recovery or installation (partimage, dd raw image), these two types combined with a selected compression algorithm (e.g. tar+gzip), formats that combine packing and compression (e.g. 7-zip), and forensic file formats for data analysis in criminal investigations (e.g. aff – Advanced Forensic File format). We present a general discussion of the storage container format landscape in terms of the attributes we discuss, and make a direct comparison between the three most promising archival formats: tar, WARC, and aff. We conclude by suggesting the next steps to take the research forward and to validate the observations we have made.",7,2,21,39,Container (abstract data type); Digital curation; Web archiving; Digital preservation; Computer science; Image file formats; Database; Data compression; Digital forensics; File format,,,,,http://www.ijdc.net/index.php/ijdc/article/download/217/286 https://dblp.uni-trier.de/db/journals/ijdc/ijdc7.html#KimR12 http://eprints.gla.ac.uk/79800/ http://www.ijdc.net/index.php/ijdc/article/view/217 http://eprints.gla.ac.uk/79800/1/79800.pdf https://doaj.org/article/dc9449a8a7b6440785206318421de124 https://core.ac.uk/display/16458809 https://core.ac.uk/download/pdf/296152550.pdf,http://dx.doi.org/10.2218/ijdc.v7i2.227,,10.2218/ijdc.v7i2.227,2062133553,,0,017-215-239-686-426; 024-216-399-693-64X; 024-775-073-655-919; 025-421-213-608-128; 051-457-536-845-758; 056-211-020-434-992; 126-176-453-947-183; 133-053-709-996-16X; 152-008-550-136-841; 168-394-204-709-730,3,true,cc-by,gold
151-061-311-529-230,A framework for attack patterns' discovery in honeynet data,,2008,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Olivier Thonnard; Marc Dacier,"Collecting data related to Internet threats has now become a relatively common task for security researchers and network operators. However, the huge amount of raw data can rapidly overwhelm people in charge of analyzing such data sets. Systematic analysis procedures are thus needed to extract useful information from large traffic data sets in order to assist the analyst's investigations. This work describes an analysis framework specifically developed to gain insights into honeynet data. Our forensics procedure aims at finding, within an attack data set, groups of network traces sharing various kinds of similar patterns. In our exploratory data analysis, we seek to design a flexible clustering tool that can be applied in a systematic way on different feature vectors characterizing the attacks. In this paper, we illustrate the application of our method by analyzing one specific aspect of the honeynet data, i.e. the time series of the attacks. We show that clustering attack patterns with an appropriate similarity measure provides very good candidates for further in-depth investigation, which can help us to discover the plausible root causes of the underlying phenomena. The results of our clustering on time series analysis enable us to identify the activities of several worms and botnets in the collected traffic.",5,,S128,S139,Knowledge extraction; Exploratory data analysis; Data mining; Raw data; Honeypot; Botnet; Attack patterns; Traffic analysis; Computer science; Cluster analysis,,,,,http://www.eurecom.fr/en/publication/2574 https://dblp.uni-trier.de/db/journals/di/di5.html#ThonnardD08 https://www.sciencedirect.com/science/article/pii/S1742287608000431 https://www.sciencedirect.com/science/article/abs/pii/S1742287608000431 https://www.eurecom.fr/en/publication/2574/download/ce-thonol-080612.pdf,http://dx.doi.org/10.1016/j.diin.2008.05.012,,10.1016/j.diin.2008.05.012,2150142104,,2,005-731-357-809-621; 007-260-783-794-308; 010-912-328-171-01X; 017-711-734-592-577; 018-948-184-541-960; 019-618-174-825-497; 025-187-611-382-07X; 033-354-890-852-411; 035-653-329-222-636; 037-001-023-279-866; 040-998-758-107-489; 054-939-016-070-814; 062-375-745-567-299; 062-972-456-275-842; 067-362-108-057-578; 081-976-760-675-020; 103-708-212-759-464; 108-755-120-697-343; 114-115-555-079-976; 146-975-888-739-515; 168-493-303-499-04X; 168-868-239-824-634; 193-350-189-986-335; 193-533-346-018-867; 197-496-754-063-355,83,true,cc-by-nc-nd,hybrid
151-672-577-814-250,Minimising Collateral Damage: Privacy-Preserving Investigative Data Acquisition Platform,2011-07-01,2011,journal article,International Journal of Information Technologies and Systems Approach,1935570x; 19355718,IGI Global,United States,Zbigniew Kwecka; William J Buchanan,"Investigators often define invasion of privacy as collateral damage. Inquiries that require gathering data from third parties, such as banks, Internet Service Providers ISPs or employers are likely to impact the relationship between the data subject and the data controller. In this research a novel privacy-preserving approach to mitigate collateral damage during the acquisition process is presented. This approach is based on existing Private Information Retrieval PIR protocols, which cannot be employed in an investigative context. This paper provides analysis of the investigative data acquisition process and proposes three modifications that can enable existing PIR protocols to perform investigative enquiries on large databases, including communication traffic databases maintained by ISPs. IDAP is an efficient Symmetric PIR SPIR protocol optimised for the purpose of facilitating public authorities' enquiries for evidence. It introduces a semi-trusted proxy into the PIR process in order to gain the acceptance of the general public. In addition, the dilution factor is defined as the level of anonymity required in a given investigation. This factor allows investigators to restrict the number of records processed, and therefore, minimise the processing time, while maintaining an appropriate level of privacy.",4,2,12,31,Privacy laws of the United States; Anonymity; restrict; Context (language use); Protocol (science); Register of data controllers; Computer security; Computer science; Data retrieval; Private information retrieval,,,,,https://www.igi-global.com/article/minimising-collateral-damage/55801 https://dblp.uni-trier.de/db/journals/ijitsa/ijitsa4.html#KweckaB11 https://doi.org/10.4018/jitsa.2011070102 http://researchrepository.napier.ac.uk/id/eprint/3898 https://core.ac.uk/download/74031027.pdf,http://dx.doi.org/10.4018/jitsa.2011070102,,10.4018/jitsa.2011070102,2074951158,,0,012-020-726-493-697; 012-448-745-874-660; 021-071-515-579-147; 021-702-441-880-364; 032-026-204-596-00X; 034-616-542-776-487; 039-568-806-507-829; 040-203-924-626-515; 044-424-468-612-017; 046-704-219-384-497; 061-339-706-230-349; 070-014-585-232-698; 072-707-085-246-481; 079-797-747-201-626; 086-188-922-014-714; 097-548-573-130-295; 109-299-869-427-724; 116-975-798-104-892; 126-295-171-387-378; 140-604-137-153-504; 150-273-095-083-323; 154-913-829-652-715; 159-160-746-436-214; 179-660-636-733-468; 197-159-965-693-448,4,true,,
152-334-928-197-034,Reliability assessment of digital forensic tools,,2010,journal article,Forensic Science and Technology,,,,Yang Yong-chuan,"In this paper,bases on analysis of existing tools evaluation methods,the writer offers a system for reliability assessment of digital forensic tools,the basic recognition,qualitative examination and operating procedures were included.",,,,,Reliability engineering; Operating procedures; Evaluation methods; Computer science; Reliability (statistics); Digital forensics,,,,,http://en.cnki.com.cn/Article_en/CJFDTOTAL-XSJS201002008.htm,http://en.cnki.com.cn/Article_en/CJFDTOTAL-XSJS201002008.htm,,,2383069320,,0,,0,false,,
152-634-216-234-620,A Study on the Chain of Custody for Securing the Faultlessness of Forensic Data,,2006,journal article,Journal of the Korea Society of Computer and Information,1598849x,,,Gyu-An Lee; Young-Tae Shin; Dea-Woo Park,"Computer Forensics functions by defending the effects and extracting the evidence of the side effects for production at the court. Has the faultlessness of the digital evidence been compromised during the investigation, a critical evidence may be denied or not even be presented at the trial. The presented monograph will deliberate the faultlessness-establishing chain procedures in disk forensics, system forensics, network forensics, mobile forensics and database forensics. Once the faultlessness is established by the methods proposed, the products of investigation will be adopted as a leading evidence. Moreover, the issues and alternatives in the reality of digital investigation are presented along with the actual computer forensics cases, hopefully contributing to the advances in computer digital forensics and the field research of information security.",11,6,175,184,Chain of custody; Engineering; Database forensics; Digital evidence; Computer security; Network forensics; Information security; Computer forensics; Mobile device forensics; Digital forensics,,,,,http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=CPTSCQ_2006_v11n6s44_175,http://www.koreascience.or.kr/article/ArticleFullRecord.jsp?cn=CPTSCQ_2006_v11n6s44_175,,,872258296,,0,,3,false,,
153-311-765-915-285,Image encryption using HC-128 and HC-256 stream ciphers,,2012,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Alireza Jolfaei; Ahmadreza Vizandan; Abdolrasoul Mirghadri,"In this paper, we surveyed HC-128 and HC-256 as methods for protecting the distribution of digital images in an efficient and secure way. We proposed the Hongjun Cipher (HC) image encryption algorithm based on column-wise raster scanning of the plain image. Then, we performed a series of tests and some comparisons to justify the efficiency of surveyed algorithms for image encryption. These tests included key space analysis, visual test and histogram analysis, randomness analysis, information entropy, encryption quality, correlation analysis, differential analysis, sensitivity analysis and performance analysis. Based on all analysis and experimental results, it can be concluded that the two variants of HC scheme are efficient, feasible and trustworthy to be adopted for image encryption.",4,1,19,42,Key space; Algorithm; Disk encryption theory; Encryption; Cipher; HC-256; Computer science; Digital image; Deterministic encryption; Theoretical computer science; Stream cipher,,,,,https://researchers.mq.edu.au/en/publications/image-encryption-using-hc-128-and-hc-256-stream-ciphers http://www.inderscience.com/link.php?id=45388 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf4.html#JolfaeiVM12 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2012.045388,http://dx.doi.org/10.1504/ijesdf.2012.045388,,10.1504/ijesdf.2012.045388,2150544065,,0,000-779-529-267-883; 002-264-541-100-082; 006-247-595-060-531; 010-423-042-177-734; 018-470-140-612-237; 020-059-232-319-347; 030-341-379-300-730; 035-388-915-226-942; 047-123-462-306-158; 051-335-018-195-77X; 061-881-749-976-837; 062-950-078-832-455; 063-540-073-611-21X; 073-265-669-526-55X; 074-273-848-019-787; 086-122-528-303-321; 086-360-523-286-132; 108-866-156-781-418; 113-319-769-711-103; 124-923-667-201-479; 125-974-340-625-516; 131-078-473-399-307; 137-388-877-442-991; 152-943-382-263-119; 153-462-002-045-339; 158-261-575-945-749; 164-572-426-685-58X,10,false,,
154-458-239-198-266,STATISTICIAN’S NEW ROLE AS A DETECTIVE – TESTING DATA FOR FRAUD,,2012,journal article,Revista de Ciencias Economicas,02529521,,,Alex Ely Kossovsky,"The objective of this paper is to provide the statistician with a method for the challenging task of deciding whether a given data set might have been invented in a fraudulent way or appearing authentic. This is done not by examining the numbers themselves, but surprisingly, rather by investigating the digital language utilized in writing those numbers! What letters are to words, digits are to numbers. The technique relies on Benford’s Law, a statistical law referring to the consistent and predictable relative proportions of digits occurring in typical real-life data, stating that low digits are much more frequent than high digits. The law is immensely useful as a tool to detect fraud, especially tax fraud, since cheaters inventing fake data mistakenly write them with all digits having about the same proportion due to the erroneous intuition that all digits come with equal chances. By comparing theoretical Benford digit distribution to the actual digit distribution within the accounting data provided by companies, the statistician can easily discover fraud relating to fake and invented data. These digital forensic tests are now standard procedures in most of the Tax Revenue Departments of governments worldwide, as well as in large accounting and auditing companies.",30,2,179,200,Advertising; Tax revenue; Intuition; Benford's law; Actuarial science; Test data; Audit; Statistician; Computer science; Digital forensics,,,,,https://intersedes.ucr.ac.cr/index.php/economicas/article/view/8015 https://ideas.repec.org/a/rce/rvceco/8015.html https://revista-ciencia-tecnologia.ucr.ac.cr/index.php/economicas/article/download/8015/7634 https://doaj.org/article/9df8f262d7c045839c982b427261cee0 https://revistas.ucr.ac.cr/index.php/economicas/article/viewFile/8015/7634 https://www.kerwa.ucr.ac.cr/handle/10669/18606 https://dialnet.unirioja.es/servlet/articulo?codigo=4298423 https://econpapers.repec.org/article/rcervceco/8015.htm,https://intersedes.ucr.ac.cr/index.php/economicas/article/view/8015,,,1488420910,,0,009-318-522-009-158; 028-004-296-701-118; 047-770-790-879-554; 059-261-201-460-529; 064-695-359-521-394; 067-610-320-034-12X; 068-500-728-757-806; 072-855-056-129-651; 080-056-165-194-101; 094-151-586-028-332; 095-694-312-576-945; 111-795-828-773-668; 128-283-873-734-308; 132-037-012-784-216; 138-939-352-314-473; 143-890-037-555-441; 158-544-687-139-653,0,true,cc-by-nc-nd,gold
154-517-106-328-503,An automated timeline reconstruction approach for digital forensic investigations,,2012,journal article,Digital Investigation,17422876,Elsevier BV,Netherlands,Christopher Hargreaves; Jonathan Patterson,"Existing work on digital forensics timeline generation focuses on extracting times from a disk image into a timeline. Such an approach can produce several million ‘low-level’ events (e.g. a file modification or a Registry key update) for a single disk. This paper proposes a technique that can automatically reconstruct high-level events (e.g. connection of a USB stick) from this set of low-level events. The paper describes a framework that extracts low-level events to a SQLite backing store which is automatically analysed for patterns. The provenance of any high-level events is also preserved, meaning that from a high-level event it is possible to determine the low-level events that caused its inference, and from those, the raw data that caused the low-level event to be initially created can also be viewed. The paper also shows how such high-level events can be visualised using existing tools.",9,,S69,S79,Timestamp; Automation; Data mining; Set (abstract data type); Event reconstruction; Visualization; Computer science; Timeline; Event (computing); Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/di/di9.html#HargreavesP12 http://dspace.lib.cranfield.ac.uk/bitstream/1826/8103/1/DFRWS_2012_RC5c.pdf https://www.sciencedirect.com/science/article/pii/S174228761200031X https://www.sciencedirect.com/science/article/abs/pii/S174228761200031X https://dspace.lib.cranfield.ac.uk/handle/1826/8103 https://core.ac.uk/display/19542424 https://dspace.lib.cranfield.ac.uk/bitstream/1826/8103/1/DFRWS_2012_RC5c.pdf,http://dx.doi.org/10.1016/j.diin.2012.05.006,,10.1016/j.diin.2012.05.006,2009229022,,0,000-537-535-465-34X; 012-649-691-693-493; 024-503-401-931-849; 054-507-171-824-189; 060-650-561-577-338; 064-170-716-528-26X; 087-690-831-820-163; 162-201-727-094-331; 177-965-894-694-179,95,true,cc-by-nc-nd,hybrid
155-736-239-239-834,The Evolution of Internet Legal Regulation in Addressing Crime and Terrorism,,2007,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Murdoch Watney,"Internet regulation has evolved from self-regulation to the criminalization of conduct to state control of information available, accessed and submitted. Criticism has been leveled at the different forms of state control and the methods employed to enforce state control. After the terrorist attack on the USA on 11 September 2001, governments justify Internet state control as a law enforcement and national security tool against the abuse and misuse of the Internet for the commission of serious crimes, such as phishing, child pornography; terrorism and copyright infringement. Some Internet users and civil rights groups perceive state control as an abomination which results in an unjustifiable infringement of civil rights. Since countries worldwide are focusing attention on the control of information on the Internet, the debate in respect of state control and the consequences of state control is relevant on a global level as it impacts on all Internet-connected countries.",2,2,41,56,Internet privacy; The Internet; Political science; Terrorism; Child pornography; Copyright infringement; Enforcement; Criminalization; Computer security; National security; Phishing,,,,,https://commons.erau.edu/jdfsl/vol2/iss2/3/ https://doi.org/10.15394/jdfsl.2007.1022 https://core.ac.uk/display/44133110 https://commons.erau.edu/cgi/viewcontent.cgi?article=1022&context=jdfsl http://commons.erau.edu/jdfsl/vol2/iss2/3/,http://dx.doi.org/10.15394/jdfsl.2007.1022,,10.15394/jdfsl.2007.1022,1480790053,,0,000-261-915-562-067; 006-028-417-503-790; 015-316-137-360-900; 016-321-299-698-915; 029-287-647-054-258; 067-440-345-808-372; 093-975-422-071-022; 103-406-408-786-479; 114-215-028-246-355; 125-369-230-448-234; 149-590-953-326-103; 181-568-526-031-553,0,true,cc-by-nc,gold
158-180-006-109-965,Integrating security and usability into the requirements and design process,,2007,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Ivan Flechais; Cecilia Mascolo; M. Angela Sasse,"According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these.",1,1,12,26,Security through obscurity; Computer security model; Usability; Cloud computing security; Security testing; Security service; Computer security; Computer science; Information security; Human-computer interaction in information security,,,,,https://www.cs.ox.ac.uk/publications/publication2325-abstract.html https://www.researchgate.net/profile/Angela_Sasse/publication/228748337_Integrating_security_and_usability_into_the_requirements_and_design_process/links/0912f50be96992e57b000000.pdf?disableCoverPage=true https://dx.doi.org/10.1504/IJESDF.2007.013589 https://dl.acm.org/doi/10.1504/IJESDF.2007.013589 https://discovery.ucl.ac.uk/20264/1/20264.pdf https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2007.013589 http://www.inderscience.com/link.php?id=13589 http://discovery.ucl.ac.uk/id/eprint/20264/ https://dl.acm.org/citation.cfm?id=1359299 https://www.cl.cam.ac.uk/~cm542/papers/icges.pdf http://dx.doi.org/10.1504/IJESDF.2007.013589 https://discovery.ucl.ac.uk/id/eprint/20264/ https://doi.org/10.1504/IJESDF.2007.013589 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf1.html#FlechaisMS07 https://core.ac.uk/download/pdf/1688780.pdf,http://dx.doi.org/10.1504/ijesdf.2007.013589,,10.1504/ijesdf.2007.013589,2106798436,,0,005-766-603-760-836; 010-545-910-576-280; 015-556-494-609-324; 023-377-728-027-754; 027-573-087-958-471; 029-998-604-573-710; 036-283-357-098-856; 038-395-829-222-050; 039-587-992-216-489; 046-761-971-051-974; 071-057-675-287-939; 074-675-142-857-668; 081-940-633-390-327; 106-376-117-430-442; 109-932-529-571-755; 129-306-358-088-685; 130-471-532-794-599; 135-667-336-473-575; 168-673-379-743-852,88,true,,green
159-631-295-415-593,Chat mining: Predicting user and message attributes in computer-mediated communication,,2008,journal article,Information Processing & Management,03064573; 18735371,Elsevier BV,United Kingdom,Tayfun Kucukyilmaz; B. Barla Cambazoglu; Cevdet Aykanat; Fazli Can,"The focus of this paper is to investigate the possibility of predicting several user and message attributes in text-based, real-time, online messaging services. For this purpose, a large collection of chat messages is examined. The applicability of various supervised classification techniques for extracting information from the chat messages is evaluated. Two competing models are used for defining the chat mining problem. A term-based approach is used to investigate the user and message attributes in the context of vocabulary use while a style-based approach is used to examine the chat messages according to the variations in the authors' writing styles. Among 100 authors, the identity of an author is correctly predicted with 99.7% accuracy. Moreover, the reverse problem is exploited, and the effect of author attributes on computer-mediated communications is discussed.",44,4,1448,1466,Computer-mediated communication; Writing style; World Wide Web; Content analysis; Information retrieval; Vocabulary; Identity (object-oriented programming); Context (language use); Focus (computing); Computer science; Term (time),,,,,https://core.ac.uk/display/52922554 https://www.sciencedirect.com/science/article/pii/S0306457308000046 https://dblp.uni-trier.de/db/journals/ipm/ipm44.html#KucukyilmazCAC08 http://www.cs.bilkent.edu.tr/~aykanat/papers/08IPM.pdf https://doi.org/10.1016/j.ipm.2007.12.009 https://core.ac.uk/download/52922554.pdf,http://dx.doi.org/10.1016/j.ipm.2007.12.009,,10.1016/j.ipm.2007.12.009,2033630049,,10,006-169-257-799-439; 006-461-237-333-939; 012-404-677-081-137; 014-385-097-463-27X; 014-523-690-983-957; 014-605-846-064-279; 018-606-032-998-099; 020-587-550-598-58X; 020-996-143-133-555; 031-514-235-393-041; 033-686-283-184-328; 038-552-424-054-489; 038-661-388-898-125; 041-970-131-073-58X; 043-838-827-997-021; 043-862-881-755-63X; 046-418-116-266-968; 050-119-400-415-849; 052-030-436-524-360; 054-701-113-269-331; 067-328-564-955-743; 068-451-762-504-61X; 081-847-920-787-056; 082-238-534-504-591; 082-597-956-517-75X; 084-657-188-794-715; 089-335-035-225-044; 094-859-593-917-377; 096-239-462-922-956; 097-596-260-460-230; 097-627-440-942-164; 105-665-244-767-771; 110-803-437-205-218; 113-609-652-384-634; 115-547-184-477-216; 115-624-796-335-127; 116-797-753-950-818; 117-844-644-279-91X; 121-001-950-491-969; 121-793-586-330-904; 122-778-269-226-928; 125-909-354-995-488; 132-871-753-128-122; 137-946-563-656-202; 142-144-401-472-749; 144-639-914-354-120; 145-780-575-095-564; 145-870-138-948-230; 153-564-983-723-850; 156-665-759-629-503; 161-711-642-638-292; 164-711-389-940-429; 165-059-297-438-548; 177-175-750-040-989; 179-614-464-453-023; 185-482-319-272-782; 189-931-101-126-287; 189-994-491-175-321; 194-911-026-061-286,70,true,,green
160-920-692-704-627,A robust spread spectrum watermarking method using two levels DCT,,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Publishers,United Kingdom,Amir Hossein Taherinia; Mansour Jamzad,,2,3,280,,,,,,,,http://dx.doi.org/10.1504/ijesdf.2009.027523,,10.1504/ijesdf.2009.027523,,,0,,5,false,,
164-160-608-982-875,TECHNICAL SECURITY METRICS MODEL IN COMPLIANCE WITH ISO/IEC 27001 STANDARD,,2012,journal article,International Journal of Cyber-Security and Digital Forensics,23050012,,,Azuwa M.P. Azuwa; Rabiah Ahmad; Shahrin Sahib; Solahuddin Shamsuddin,"Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). The methodology used is Plan-Do-Check-Act process model. The proposed technical security metrics provide guidance for organizations in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should also be able to provide a comprehensive measurement and guide to use ISO/IEC 27004 ISMS Measurement standard.",1,4,280,288,Security information and event management; Information security management system; ITIL security management; Computer security model; Security controls; Cloud computing security; Security service; Computer security; Computer science; Information security,,,,,http://eprints.utem.edu.my/id/eprint/6600/,http://eprints.utem.edu.my/id/eprint/6600/,,,2120798051,,0,022-600-838-838-243; 025-201-445-698-228; 026-805-526-589-983; 031-117-938-444-029; 055-657-811-951-363; 057-173-896-088-31X; 061-679-758-073-489; 076-862-146-542-600; 101-147-246-490-15X; 124-605-993-046-917; 135-592-726-581-228; 172-855-203-513-940,9,false,,
164-381-518-047-655,Insecurity by Obscurity: A Review of SoHo Router Literature from a Network Security Perspective,,2009,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Patryk Szewczyk; Craig Valli,"Because of prevalent threats to SoHo based ADSL Routers, many more devices are compromised. Whilst an end-user may be at fault for not applying the appropriate security mechanisms to counter these threats, vendors should equally share the blame. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and willingness to implement security controls on their ADSL router. It argues that whilst the number of threats circulating the Internet is increasing, vendors are not improving their product literature.",4,3,5,16,The Internet; Security through obscurity; Business; Security controls; Network security; Asymmetric digital subscriber line; Router; Blame; Computer security; Product (business),,,,,https://ro.ecu.edu.au/ecuworks/533/ https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1532&context=ecuworks https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl4.html#ValliS09 https://works.bepress.com/craig_valli/72/ https://commons.erau.edu/cgi/viewcontent.cgi?article=1060&context=jdfsl https://commons.erau.edu/jdfsl/vol4/iss3/1/ https://core.ac.uk/download/41533382.pdf,http://dx.doi.org/10.15394/jdfsl.2009.1060,,10.15394/jdfsl.2009.1060,1670744230,,0,018-202-150-962-432; 048-679-592-715-347; 063-125-975-353-59X; 088-896-951-724-838; 164-387-358-715-577; 171-270-111-514-049,7,true,cc-by-nc,gold
166-120-929-678-264,Proving Method for Validity of Computer Data Forensics,,2009,journal article,Computer Engineering,10003428,,,Chen Dan-wei; Sun Guo-zi; Tang Juan; Wang Hai-ping,"After describing the basic demands of computer forensics, this paper puts forward a system of proving the reliability of computer forensics. Thought of digital forensics and its system is studied. With the definitions and illations of the forensic methods and gained data, it investigates a formalized method of proving the validity of computer forensics. The method is put forward to proving the reliability of a computer forensics as an example. [",,,,,Software engineering; Forensic science; Data; Computer security; Computer science; Reliability (statistics); Computer forensics; Digital forensics,,,,,https://en.cnki.com.cn/Article_en/CJFDTotal-JSJC200908008.htm,https://en.cnki.com.cn/Article_en/CJFDTotal-JSJC200908008.htm,,,2349706938,,0,140-821-103-436-654,2,false,,
174-918-011-613-793,Radial Basis Function Neural Network for Image Steganalysis in Computer Forensics,,2012,journal article,Digital Image Processing,09749691,,,P. Sujatha; S. Purushothaman; R. Rajeswari,"The covert communication based on steganography is a challenging technology for governments. Using this most powerful technique terrorists and spies communicate with each other to exchange their plan which is not detected by law enforcement. In order to avoid the misusage of steganographic technique, the government needs to find out some powerful techniques to detect the existence of the hidden data in the digital media. This leads to the concept of steganalysis that is used in many fields such as digital forensics, medical imaging, and journalism. Apart from all modern sciences and technologies, Artificial Neural Network (ANN) plays a vital role in capturing and representing both linear and non-linear relationships. ANN is an intelligent system which enables machines to solve problems like human by extracting and storing the knowledge. Hence to incorporate intelligent method for steganalysis, this paper implements Artificial Neural Network to overcome the drawbacks of the conventional methods. The most powerful Radial basis function algorithm is proposed in this paper since it is more suitable for non-linear data. This paper concentrates on detecting the hidden information for digital forensics application.",4,18,984,988,Steganalysis; Steganography; Image (mathematics); Machine learning; Data mining; Artificial intelligence; Digital media; Computer science; Artificial neural network; Computer forensics; Digital forensics; Radial basis function,,,,,http://www.ciitresearch.org/dl/index.php/dip/article/view/DIP122012005/0,http://www.ciitresearch.org/dl/index.php/dip/article/view/DIP122012005/0,,,1794268175,,0,,0,false,,
177-032-114-032-832,A robust spread spectrum watermarking method using two levels DCT,2009-07-01,2009,journal article,International Journal of Electronic Security and Digital Forensics,1751911x; 17519128,Inderscience Enterprises Ltd.,United Kingdom,Amir Hossein Taherinia; Mansour Jamzad,"In this paper, a discrete cosine transform (DCT) based blind watermarking scheme based on spread spectrum communications is proposed. We perform block-based DCT (BDCT) on the host image; then using the DC coefficients of each block, we construct a low-resolution approximation image. We apply BDCT on this approximation image, then watermark is embedded by adding a pseudo random noise sequence into its high frequencies. In detection stage, we extract the approximation image from the watermarked image, then the same pseudo random noise sequence is generated, and its correlation is computed with high frequencies of the watermarked approximation image. In our method, higher robustness is obtained because of embedding the watermark in low frequencies. In addition, higher imperceptibility is gained by scattering the watermark's bit in different blocks. Compared with related works, our method proved to be highly resistant in cases of many common attacks, while preserving high peak signal to noise ratio for the watermarked images.",2,1,280,305,Spread spectrum; Algorithm; Digital watermarking; Pseudorandom noise; Block (data storage); Watermark; Discrete cosine transform; Computer science; Signal-to-noise ratio; Theoretical computer science; Robustness (computer science),,,,,https://www.inderscience.com/link.php?id=32328 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf3.html#TaheriniaJ10 https://dblp.uni-trier.de/db/journals/ijesdf/ijesdf2.html#TaheriniaJ09 https://www.inderscienceonline.com/doi/abs/10.1504/IJESDF.2010.032328,https://www.inderscience.com/link.php?id=32328,,,2018530450,,0,001-281-186-149-612; 003-185-713-494-438; 007-139-665-375-888; 019-104-252-306-759; 022-029-330-458-020; 039-153-412-687-64X; 039-164-713-508-477; 041-928-975-226-09X; 057-263-797-627-84X; 058-344-830-088-51X; 059-424-418-237-292; 059-768-301-400-796; 077-080-603-747-004; 081-233-076-740-677; 081-689-624-355-119; 086-036-670-149-74X; 092-639-699-909-482; 092-653-735-289-542; 098-710-797-991-050; 102-478-462-148-538; 106-190-018-166-388; 115-844-893-847-68X; 130-064-368-166-25X; 137-685-737-469-763,10,false,,
177-971-050-315-766,GENETIC ALGORITHM APPROACH FOR RISK REDUCTION OF INFORMATIONSECURITY,,2012,journal article,International Journal of Cyber-Security and Digital Forensics,23050012,,,Alireza Tamjidyamcholo; Rawaa Dawoud Al-Dabbagh,"Nowadays, information systems constitute a crucial part of organizations; by losing security, these organizations will lose plenty of competitive advantages as well. The core point of information security (InfoSecu) is risk management. There are a great deal of research works and standards in security risk management (ISRM) including NIST 80030 and ISO/IEC 27005. However, only few works of research focus on InfoSecu risk reduction, while the standards explain general principles and guidelines. They do not provide any implementation details regarding ISRM; as such reducing the InfoSecu risks in uncertain environments is painstaking. Thus, this paper applied a genetic algorithm (GA) for InfoSecu risk reduction in uncertainty. Finally, the effectiveness of the applied method was verified through an example.",1,1,59,66,NIST; Risk analysis (engineering); Information system; Point (typography); Risk management; Computer science; Information security; Management science; Competitive advantage; Genetic algorithm; Reduction (complexity),,,,,http://sdiwc.net/digital-library/genetic-algorithm-approach-for-risk-reduction-of-informationrnsecurity,http://sdiwc.net/digital-library/genetic-algorithm-approach-for-risk-reduction-of-informationrnsecurity,,,2154331329,,0,006-412-732-620-037; 010-806-135-547-042; 023-274-564-437-308; 028-281-214-192-061; 029-904-289-035-188; 030-870-470-875-256; 031-939-580-925-487; 034-412-019-445-590; 045-200-386-940-053; 062-522-167-917-150; 069-414-402-537-390; 081-087-997-150-265; 082-391-749-236-628; 086-131-894-877-186; 113-336-160-311-016; 119-274-818-086-853; 126-407-552-681-558; 131-635-154-559-181; 186-976-204-963-993,14,false,,
178-883-713-153-793,Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers.,,2003,journal article,International Journal of Digital Evidence,,,,Brian D. Carrier,"This paper uses the theory of abstraction layers to describe the purpose and goals of digital forensic analysis tools. Using abstraction layers, we identify where tools can introduce errors and provide requirements that the tools must follow. Categories of forensic analysis types are also defined based on the abstraction layers. Abstraction layers are not a new concept, but their usage in digital forensic analysis is not well documented. What does it mean to be a Digital Forensic Analysis Tool? How do we categorize the different types of analysis tools? For example, an investigator can view the files and directories of a suspect system by using either specialized forensic software or by using the operating system (OS) of an analysis system and viewing the files by mounting the drive. Both methods allow the investigator to view evidence in allocated files, but only the specialized forensic software allows him to easily view unallocated files. Additional tools are required if he is relying on the OS. Clearly both allow the investigator to find evidence and therefore should be considered forensic tools, but it is unclear how we should compare and categorize them. The high-level process of digital forensics includes the acquisition of data from a source, analysis of the data and extraction of evidence, and preservation and presentation of the evidence. Previous work has been done on the theory and requirements of data acquisition [7] and the preservation of evidence [4]. This paper addresses the tools that are used for the analysis of data and extraction of evidence. This paper examines the nature of tools in digital forensics and proposes definitions and requirements. Current digital forensic tools produce results that have been successfully used in prosecutions, but lack designs that were created with forensic science needs. They provide the investigator with access to evidence, but typically do not provide access to methods for verifying that the evidence is reliable. This is necessary when approaching digital forensics from a scientific point of view and could be a legal requirement in the future. The core concept of this paper is the basic notion of abstraction layers. Abstraction layers exist in all forms of digital data and therefore in the tools used to analyze them. The idea of using tools for layers of abstraction is not new, but a discussion of the definitions, properties, and error types of abstraction layers when used with digital",1,,,,Software engineering; World Wide Web; Abstraction layer; Data acquisition; Data analysis; Software; Digital data; Computer science; Process (engineering); Abstraction (linguistics); Digital forensics,,,,,https://dblp.uni-trier.de/db/journals/ijde/ijde1.html#Carrier03 https://www.utica.edu/academic/institutes/ecii/publications/articles/A04C3F91-AFBB-FC13-4A2E0F13203BA980.pdf,https://dblp.uni-trier.de/db/journals/ijde/ijde1.html#Carrier03,,,2116666322,,0,018-182-926-340-45X; 041-030-338-346-880; 072-245-054-212-971; 188-762-236-378-448,168,false,,
183-846-407-339-205,Developing a Forensic Continuous Audit Model,,2011,journal article,"Journal of Digital Forensics, Security and Law",15587223,Embry-Riddle Aeronautical University/Hunt Library,,Grover S. Kearns; Katherine J. Barker; Stephen P. Danese,"Despite increased attention to internal controls and risk assessment, traditional audit approaches do not seem to be highly effective in uncovering the majority of frauds. Less than 20 percent of all occupational frauds are uncovered by auditors. Forensic accounting has recognized the need for automated approaches to fraud analysis yet research has not examined the benefits of forensic continuous auditing as a method to detect and deter corporate fraud. The purpose of this paper is to show how such an approach is possible. A model is presented that supports the acceptance of forensic continuous auditing by auditors and management as an effective tool to support the audit function, meet management’s regulatory objectives, and to combat fraud. An approach to developing such a system is presented.",6,2,25,48,Risk analysis (engineering); Operational auditing; Business; Internal audit; Joint audit; Internal control; Audit; Continuous auditing; Forensic accounting; Computer security; Function (engineering),,,,,https://commons.erau.edu/cgi/viewcontent.cgi?article=1094&context=jdfsl https://core.ac.uk/display/92158557 https://dblp.uni-trier.de/db/journals/jdfsl/jdfsl6.html#Kearns11 https://doaj.org/article/0e2a60da2ebf43d19af487619302b16f https://commons.erau.edu/jdfsl/vol6/iss2/4/ https://works.bepress.com/grover-kearns/10/,http://dx.doi.org/10.15394/jdfsl.2011.1094,,10.15394/jdfsl.2011.1094,2140745887,,0,009-544-052-195-245; 009-935-231-527-469; 017-681-352-007-294; 038-931-562-393-083; 047-819-297-738-20X; 048-861-467-174-458; 056-528-934-685-97X; 079-578-413-281-54X; 104-540-826-122-142; 120-134-771-852-100; 144-151-735-660-334; 149-607-059-892-686,8,true,cc-by-nc,gold
190-057-990-668-138,POWER AMOUNT ANALYSIS: AN EFFICIENT MEANS TO REVEAL THE SECRETS IN CRYPTOSYSTEMS,,2012,journal article,International Journal of Cyber-Security and Digital Forensics,23050012,,,Qizhi Tian; Sorin A. Huss,"In this paper we propose a novel approach to reveal the information leakage of cryptosystems by means of a side-channel analysis of their power consumption. We therefore introduce first a novel power trace model based on communication theory to better understand and to efficiently exploit power traces in side-channel attacks. Then, we discuss a dedicated attack method denoted as Power Amount Analysis, which takes more time points into consideration compared to many other attack methods. We use the well-known Correlation Power Analysis method as the reference in order to demonstrate the figures of merit of the advocated analysis method. Then we perform a comparison of these analysis methods at identical attack conditions in terms of run time, traces usage, misalignment tolerance, and internal clock frequency effects. The resulting advantages of the novel analysis method are demonstrated by mounting both mentioned attack methods for an FPGA-based AES-128 encryption module.",1,2,99,114,Computer engineering; Encryption; Power (physics); Exploit; Clock rate; Information leakage; Communication theory; Computer science; Wireless; Cryptosystem; Theoretical computer science,,,,,http://sdiwc.net/digital-library/power-amount-analysis-an-efficient-means-to-reveal-the-secrets-in-cryptosystems,http://sdiwc.net/digital-library/power-amount-analysis-an-efficient-means-to-reveal-the-secrets-in-cryptosystems,,,1591026016,,0,001-799-840-106-411; 019-643-018-002-231; 025-563-455-129-377; 026-468-304-733-535; 073-492-827-297-79X; 080-768-528-456-605; 085-868-644-488-858; 088-105-001-473-402; 118-286-558-259-165; 123-849-648-539-627; 125-896-955-747-092; 128-743-569-530-575; 137-332-291-214-614; 153-276-656-873-492; 163-280-853-830-867; 179-853-761-981-349,1,false,,
190-302-994-867-747,Study on incident response process model based on risk assessment,,2010,journal article,Computer Engineering and Design,,,,Song Ru-shun,"To improve the accuracy and efficiency of computer crime forensics,the incident response process model based on risk as-sessment is represented.Firstly,the incident response process model is analyzed,it is pointed out that the model is mainly in allusion to suspected network system for digital forensics,and is incomplete and lack of detailed analysis in the preparation phase.Then,the risk assessment method is proposed to evaluate the network system synthetically,by the use of information entropy to obtain the entropy weight of the risk factors,it determines the risk level of networks,which can identify and collect evidence of suspicious network effec-tively.Finally,the involved technologies in the process of digital forensics are illustrated.",,,,,Risk assessment; Data mining; Forensic science; Incident response; Computer science; Entropy (information theory); Digital forensics,,,,,http://en.cnki.com.cn/Article_en/CJFDTOTAL-SJSJ201007009.htm,http://en.cnki.com.cn/Article_en/CJFDTOTAL-SJSJ201007009.htm,,,2392064597,,0,,0,false,,
199-499-376-144-516,"A COMPARATIVE STUDY OF THE PERCEPTIONS OF END USERS IN THE EASTERN, WESTERN, CENTRAL, SOUTHERN AND NORTHERN REGIONS OF SAUDI ARABIA ABOUT EMAIL SPAM AND DEALING WITH IT",,2012,journal article,International Journal of Cyber-Security and Digital Forensics,23050012,,,Hasan Alkahtani; Paul Gardner-Stephen Robert Goodwin,"This paper presents the results of a survey of email users in different regions of Saudi Arabia about email SPAM. The survey investigated the nature of email SPAM, how email users in the eastern, western, central, southern and northern dealt with it, and the efforts made to combat it. It also investigated the effectiveness of existing Anti-SPAM filters in detecting Arabic and English email SPAM. 1,500 participants located in the eastern, western, central, southern and northern regions of Saudi Arabia were surveyed and completed surveys were collected from 1,020 of the participants. The results showed that there were different definitions for email SPAM based on different users’ opinions in Saudi Arabia. The results showed that the participants in the central and western regions were more aware of SPAM than the participants in other regions. The results revealed that the volume of email SPAM was different from region to another and the volume of SPAM received by the participants in the northern and central regions was larger than that received in other regions. The results indicated that the majority of email SPAM received by the participants in different regions was written in English. The results showed that the most common type of email SPAM received in Arabic was emails related to forums and in English was phishing and fraud, and business advertisements. The results also showed that a few participants in all regions responded to SPAM and the average of the participants who responded to SPAM was larger in the southern region than other regions. The results showed that most of the participants were not aware of Anti-SPAM programs and the participants in the central region were more aware of Anti-SPAM programs than the participants in other regions. The results showed that the participants in all regions estimated that the existing Anti-SPAM programs were more effective in detecting English SPAM than Arabic SPAM. The results showed that most of the participants in all regions were not aware of the government efforts to combat SPAM and the participants in the central region were more aware of the government efforts than the participants in other regions. The results also showed that most of the participants in all regions were not aware of the ISPs efforts to combat SPAM and the participants in the central and western regions were more aware of the ISPs efforts than the participants in other regions. International Journal of Cyber-Security and Digital Forensics (IJCSDF) 1(4): 297-310 The Society of Digital Information and Wireless Communications, 2012 (ISSN: 2305-0012) also use many methods to bypass SPAM filters such as tokenization and obfuscation [27]. Email SPAM is defined as ""Unsolicited, unwanted email that is sent indiscriminately, directly or indirectly, by a sender having no current relationship with the recipient"" [12], [13]. It is also defined as Unsolicited Bulk Email (UBE) that is sent to a large number of recipients who were not asked if they wanted to receive it [4], [14], [18]. Some studies [6], [7], [25] defined email SPAM as Unsolicited Commercial Email (UCE) that contains business advertisements sent to a large number of recipients. There are legal and technical methods [2] to combat SPAM. Legally, some countries enacted laws against SPAM. Examples of these countries include the United States of America [26], European Union countries and Australia [5]. However, there are no laws in Saudi Arabia to combat SPAM although research and projects were conducted to assess the problem of SPAM in the country. Technically, there exist many filters to combat SPAM. Examples of these filters include content based filters such as Bayesian [24], keywords [11] and genetic algorithms [15], and origin based filters like black lists [11], white lists [22], origin diversity analysis [16] and challenge response systems [21]. However, some of these techniques need to be updated to detect new types of email SPAM due to spammers developing ways to bypass these techniques. This study aimed to gain an understanding about: a. The nature of email SPAM, its definition based on email users’ opinions, its volume and its types in different regions of Saudi Arabia. b. Differences between Arabic SPAM and English SPAM received by the participants in different regions of Saudi Arabia. c. The effects of email SPAM on email users in different regions of Saudi Arabia. d. How email users in the eastern, western, central, southern and northern deal with email SPAM. e. The efforts of government to combat email SPAM. f. The efforts of ISPs to combat email SPAM. g. Evaluation of email users’ perception in different regions of Saudi Arabia for the effectiveness of Anti-SPAM filters in detecting Arabic and English email SPAM. 2. METHODOLOGY 2.1. Measures It was decided that the best way to answer the research questions was through a questionnaire. Therefore, a questionnaire was distributed to the participants in different region of Saudi Arabia and the responses were analyzed. Initially a pilot questionnaire was prepared and distributed to a few participants to get their comments about the questions. Then all the participants completed the 10 page questionnaire which included both yes/no answers and open ended answers. The questionnaire consisted of three main parts as follows. 2.1.1. General information questions In this part, the participants were asked for the following information: gender, age, nationality, speaking language, highest level of education, major area of study, work status and the nature of the work. These questions helped in understanding and comparing the level of awareness of users about email SPAM. Examples for the first part of questions of the survey can be seen in Figure 1.",1,4,297,310,Internet privacy; World Wide Web; Government; Area studies; Communication source; Tokenization (data security); Email spam; European union; Computer science; Phishing; End user,,,,,http://sdiwc.net/digital-library/a-comparative-study-of-the-perceptions-of-end-users-in-the-eastern-western-central-southern-and-northern-regions-of-saudi-arabia-about-email-spam-and-dealing-with-it,http://sdiwc.net/digital-library/a-comparative-study-of-the-perceptions-of-end-users-in-the-eastern-western-central-southern-and-northern-regions-of-saudi-arabia-about-email-spam-and-dealing-with-it,,,1593029691,,0,004-776-845-856-059; 006-435-374-013-916; 009-404-779-845-590; 014-395-254-737-617; 017-424-979-417-708; 028-908-493-971-928; 041-908-389-863-194; 049-169-069-417-317; 060-171-586-293-106; 088-861-671-192-515; 101-019-474-320-842; 113-508-723-339-249; 120-970-356-864-626; 127-233-229-573-230; 151-316-340-680-062; 159-807-300-275-473; 169-419-098-179-717,0,false,,