Advances in digital forensics : IFIP International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida

Digital forensics deals with the acquisition, preservation, examination, analysis and presentation of electronic evidence. Networked computing, wireless communications and portable electronic devices have expanded the role of digital forensics beyond traditional computer crime investigations. Practically every crime now involves some aspect of digital evidence; digital forensics provides the techniques and tools to articulate this evidence. Digital forensics also has myriad intelligence applications. Furthermore, it has a vital role in information assurance - investigations of security breaches yield valuable information that can be used to design more secure systems. Advances in Digital Forensics describes original research results and innovative applications in the emerging discipline of digital forensics. In addition, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations. The areas of coverage include: Themes and Issues in Digital Forensics Investigative Techniques Network Forensics Portable Electronic Device Forensics Linux and File System Forensics Applications and Techniques This book is the first volume of a new series produced by the International Federation for Information Processing (IFIP) Working Group 11.9 on Digital Forensics, an international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The book contains a selection of twenty-five edited papers from the First Annual IFIP WG 11.9 Conference on Digital Forensics, held at the National Center for Forensic Science, Orlando, Florida, USA in February 2005. Advances in Digital Forensics is an important resource for researchers, faculty members and graduate students, as well as for practitioners and individuals engaged in research and development efforts for the law enforcement and intelligence communities. Mark Pollitt is President of Digital Evidence Professional Services, Inc., Ellicott City, Maryland, USA. Mr. Pollitt, who is retired from the Federal Bureau of Investigation (FBI), served as the Chief of the FBI's Computer Analysis Response Team, and Director of the Regional Computer Forensic Laboratory National Program. Sujeet Shenoi is the F.P. Walter Professor of Computer Science and a principal with the Center for Information Security at the University of Tulsa, Tulsa, Oklahoma, USA. For more information about the 300 other books in the IFIP series, please visit www.springeronline.com. For more information about IFIP, please visit www.ifip.org.

Themes and Issues.- Dealing with Terabyte Data Sets in Digital Investigations.- Forensics and Privacy-Enhancing Technologies.- A Network-Based Architecture for Storing Digital Evidence.- Digital Forensics: Meeting the Challenges of Scientific Evidence.- Non-Technical Manipulation of Digital Data.- Investigative Techniques.- Detecting Social Engineering.- A Framework for Email Investigations.- The Mitnick Case: How Bayes Could Have Helped.- Applying Forensic Principles to Computer-Based Assessment.- Exploring Forensic Data with Self-Organizing Maps.- Network Forensics.- Integrating Digital Forensics in Network Infrastructures.- Using Peer-to-Peer Technology for Network Forensics.- Forensic Profiling System.- Global Internet Routing Forensics.- Using Signaling Information in Telecom Network Forensics.- Portable Electronic Device Forensics.- Forensic Analysis of Mobile Phone Internal Memory.- Imaging and Analysis of GSM SIM Cards.- Extracting Concealed Data from BIOS Chips.- Linux and File System Forensics.- Recovering Digital Evidence from Linux Systems.- Detecting Hidden Data in Ext2/Ext3 File Systems.- Applications and Techniques.- Forensic Analysis of Digital Image Tampering.- Content-Based Image Retrieval for Digital Forensics.- Making Decisions about Legal Responses to Cyber Attacks.- Applying Filter Clusters to Reduce Search State Space.- In-Kernel Cryptographic Executable Verification.

Digital forensics deals with the acquisition, preservation, examination, analysis and presentation of electronic evidence. Practically every crime now involves some digital evidence; digital forensics provides the techniques and tools to articulate this evidence. This book describes original research results and innovative applications in the emerging discipline of digital forensics. In addition, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations.

Themes and Issues.- Some Challenges in Digital Forensics.- Evidence Collection and Handling.- Advanced Forensic Format: an Open Extensible Format for Disk Imaging.- File System Support for Digital Evidence Bags.- Remote Upload of Evidence over Mobile Ad Hoc Networks.- Applying Machine Trust Models to Forensic Investigations.- Exploring Big Haystacks.- Forensic Techniques.- Countering Hostile Forensic Techniques.- Using PLSI-U To Detect Insider Threats from Email Traffic.- Collusion Detection Using Multimedia Fingerprints.- Authorship Attribution for Electronic Documents.- Linking Individuals to Digital Information.- Use-Misuse Case Driven Analysis of Positive Train Control.- Operating System and File System Forensics.- Mac OS X Forensics.- Detecting Data Concealment Programs Using Passive File System Analysis.- Assessing Trace Evidence Left by Secure Deletion Programs.- Network Forensics.- On the Reliability of Network Eavesdropping Tools.- Active Traffic Capture for Network Forensics.- Logical Traffic Isolation Using Differentiated Services.- Passive Detection of Nat Routers and Client Counting.- Analysis of Web Proxy Logs.- GSM Cell Site Porensics.- An Architecture for SCADA Network Forensics.- Portable Electronic Device Forensics.- Identifying Digital Cameras Using CFA Interpolation.- Forensic Analysis of BIOS Chips.- Training, Governance and Legal Issues.- A Training Tool for Internet Crimes Against Children Cases.- Process Flow Diagrams for Training and Operations.- A Control Framework for Digital Forensics.- Criminal Regulation of Anti-Forensic Tools in Japan.

Practically every crime now involves some aspect of digital evidence. This is the most recent volume in the Advances in Digital Forensics series. It describes original research results and innovative applications in the emerging discipline of digital forensics. In addition, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations.

Calibration Testing of Network Tap Devices.- On the Legality of Analyzing Telephone Call Records.- Survey of Law Enforcement Perceptions Regarding Digital Evidence.- Insider Threat Analysis Using Information-Centric Modeling.- An Integrated System for Insider Threat Detection.- Analysis of Tools for Detecting Rootkits and Hidden Processes.- A Method for Detecting Linux Kernel Module Rootkits.- Future Trends in Authorship Attribution.- The Keyboard Dilemma and Authorship Identification.- Factors Affecting One-Way Hashing of CD-R Media.- Disk Drive I/O Commands and Write Blocking.- A New Process Model for Text String Searching.- Detecting Steganography Using Multi-Class Classification.- Redacting Digital Information from Electronic Devices.- In-Place File Carving.- File System Journal Forensics.- Using Search Engines to Acquire Network Forensic Evidence.- A Framework for Investigating Railroad Accidents.- Forensic Analysis of Xbox Consoles.- Super-Resolution Video Analysis for Forensic Investigations.- Specializing CRISP-DM for Evidence Mining.- Applying the Biba Integrity Model to Evidence Management.- Investigating Computer Attacks Using Attack Trees.- Attack Patterns: A New Forensic and Design Tool.