Digital evidence

Digital evidence - 16.8.2019


Cybercrime and digital evidence - Tom Dougherty

1. Cyberspace exists on hardware. Location of hardware important to jurisdiction in civil n criminal cases.

2. Cybercrime - any criminal offences involving illegal access of computer data or system; any computer-enabled criminal offences.

3. Digital e.g. confidence= cyber evidence = computer evidence = electric evidence.

4. Broad categories of cybersome

a) acts vs computer data n systems - illegal accesses aka hacking - data interference;

b) computer related acts for personal or financial gain - fraud, ransomware, identity theft, copyright, trademark n secret violations;

c) computer related specific acts - racism.

5. Digital evidence

a) human generated;
b) compete generated - IP logged ISPs;
c) hybrid - meta data - IRC chat logs with time stamps.

6. Location - computer, intranet, internet, external digital storage devices, mobile devices, social media, IOT.

7. Hash value to prove authenticity.

Identify, preserve n analyse digital evidence - ...

1. Pre-search, search, post search n trial phases.

2. On-line file storage.

3. Synchronizing our life with everything we do.

4. Take photo, check time, image RAM, encription, image hard drive.

5. Digital DNA. MD5 Hash, SHA-I hash.

6. Carving deleted files.

7. Common dialog box explorer - recent docs ( last 20 docs) - NS Office reading locations - link files (149) - JumpLists (2000 for each programme).

Mobile devices - understanding the challenges - Daniel Ogden

1. Security features OS, manufacturer, carriers.

2. 114 manufacturers, 17,000 models.