ArticleLiterature Review

Can we continue to effectively police digital crime?

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

Now approximately 30 years old, the field of digital forensics is arguably facing some of its greatest challenges to date. Whilst currently supporting law enforcement in numerous criminal cases annually, questions are beginning to emerge regarding whether it can sustain this contribution, with digital crime remaining prevalent. In his first live interview in September 2015, Head of MI5, Andrew Parker indicated that individuals are now engaging in computing acts which are beyond the control of authorities, confirming earlier remarks made by British Prime Minister David Cameron in the wake of the Charlie Hebdo attacks. Such comments cast doubt on the future effectiveness of the digital forensic discipline and its ability to effectively investigate those who implement the latest forms of technology to carry out illicit acts. This article debates the controversial question, could we be facing an era where digital crime can no longer be effectively policed?

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... Criminals are aware of the value of the data and are pursuing data at a rate of $3.1 trillion in 2018 (Wertheim, 2019). With data being valuable and the challenges with prosecution, there is no reason for criminals not to go after the data (De Paoli et al., 2020;Horsman, 2017). ...
Thesis
Full-text available
Cybersecurity remains a global problem, with several trillion dollars per year in stolen money and time. The decisions to protect organizations from cybersecurity risks lie with senior executives and board members. The continued increase in cybercrime indicates that senior business leaders are not addressing the cybersecurity risks. Struggles with understanding the risks due to information asymmetry combined with an affective response may be a reason for the lack of action on cybersecurity risks. Research indicated that speaking in business terms is required to better communicate to business leaders; however, a prescriptive approach is not present in the literature. Several general recommendations exist, but nothing is immediately actionable. The quantitative research effort attempted to provide a prescriptive approach to communicating cybersecurity risk by measuring risk perception of group one, senior executives and board members (n = 93), and group two, senior cybersecurity leaders (n = 108) when using tactical metrics presentation format and aggregated metrics presentation format. The results showed strong positive correlation between tactical and aggregated metrics presentation formats for both group one (ρ = 0.866, p < .001) and group two (r = 0.869, p < .001). However, there was no change in risk perception using either format in both group one (z = -0.205, p = .837) and group two (t(107) = -0.102, p = .919). The results indicate that the presentation format elicits the same amount of risk perception and that using either format may be appropriate when delivering the cybersecurity message.
... The Darknet does not intrinsically breed criminal activities Some media outlets, academic papers, and law enforcement agencies appear to depict the primary purpose of the Darknet as being a place for criminals to conduct their businesses (Décary-Hétu and Giommoni 2017;Fox-Brewster 2017;Horsman 2017;Jeffray and Feakin 2015;McGoogan 2016;Moloney 2016;Weimann 2016). The Darknet has indeed offered new opportunities for criminal activities to flourish. ...
Article
Full-text available
Accepted for publication on the 19th of July 2018 In recent years, the Darknet has become one of the most discussed topics in cyber security circles. Current academic studies and media reports tend to highlight how the anonymous nature of the Darknet is used to facilitate criminal activities. This paper reports on a recent research in four Darknet forums that reveals a different aspect of the Darknet. Drawing on our qualitative findings, we suggest that many users of the Darknet might not perceive it as intrinsically criminogenic, despite their acknowledgement of various kinds of criminal activity in this network. Further, our research participants emphasized on the achievement of constructive socio-political values through the use of the Darknet. This achievement is enabled by various characteristics that are rooted in the Darknet's technological structure, such as anonymity, privacy, and the use of cryptocurrencies. These characteristics provide a wide range of opportunities for good as well as for evil.
... For instance, text, email, or social media messages sent between the complainant and the accused before or after an alleged sexual assault, security camera footage or cellphone photographs/video providing context for an alleged sexual assault, or even cellphone video/photo documentation of the alleged assault occurring each document the context or content of criminal activity (Bluett-Boyd, Fileborn, Quadara, & Moore, 2013;Dodge, 2018;Powell, 2010;Powell & Henry, 2018). Digital evidence, once regarded as existing only in a portion of criminal cases, in our digitized world commonly appears within all crime categories (Arnes, 2018;Horsman, 2017;Scanlan, 2011;Yar, 2013) and-according to our interviewees-is a factor in many (arguably most) cases of sexual assault. The notoriously difficult investigative process for sexual assault cases and the well-documented negative impacts of these investigations on victims (Jordan, 2008;Randall, 2010) warrant a better understanding of the particular potential and pitfalls digital evidence creates for sex crimes investigations. ...
Article
Digital evidence, once regarded as existing only in a portion of criminal cases, in our digitized world commonly appears within all crime categories and is a factor in many (or arguably most) cases of sexual assault. In this article, we draw from 70 interviews with sex crime investigators from across Canada to demonstrate that the infusion of digital evidence into sexual assault investigations results in new opportunities and challenges for police and both negative and positive impacts on victims' experiences within the criminal justice system. We show that while digital evidence certainly provides more opportunities for documenting the context and content of acts of sexual assault, police perceive this evidence as a double-edged sword that provides both more evidence and new challenges for police and victims. While officers express that digital evidence may provide more conclusive proof in the notoriously difficult pursuit of proving sexual assault charges, they are also concerned that this evidence provides new challenges for already overburdened sex crime units and makes cases more lengthy and invasive for victims. This article contributes to emerging research on the challenges of policing in the digital age and to the dearth of research on the potential and pitfalls of digital evidence in sexual assault investigations.
... The question remains open. G. Horsman notes that, despite the fact that law enforcement agencies are currently combating digital crime, the question still arises as to whether they can maintain this level in the context of rapid spread of digital crime [15], including in the face of threats to information security in the UK after brexit [16]. In the light of development of the digital economy, some suggestions are made to improve the quality of digital forensics, based on the experience and more established practice of other judicial disciplines [17]. ...
Article
Full-text available
The purpose of this article is to formulate proposals to improve the criminal law of the Russian Federation on liability for digital crimes on the basis of a comparative legal study of the UK legislation in this area. The work provides a detailed comparative legal analysis of the UK legislation in the field of combating digital crimes. Based on the study, we proposed some mechanisms for ensuring the security of relations in the digital field. The cross-border nature of these attacks among the main tasks includes unification of legal norms governing the IT sphere, creation of a single mechanism to hold accountable for attacks in the IT sphere worldwide, regardless of geopolitical boundaries. A separate direction of the internal criminal policy of all countries shall be the creation of effective mechanisms for applying the provisions of legislation in the digital sphere; any legislation, even the most progressive, is useless and only declarative in nature without the necessary mechanism for its application. Evidence of the person's guilt is required in order to prosecute. The informational nature of infringements necessitates expanding the boundaries of the powers of law enforcement agencies, which inextricably leads to the problem of finding a balance between observing the freedoms of citizens in the information space and ensuring the universal information security. In the UK, as in all countries of the world, the answer to this question has not yet been found.
... and time (when did the incident occur?). Likewise, when digital means are used to handle the proceeds of crimes involving animals, the challenges and limitations of digital forensics are similar to those encountered in other cyber-crime and illicit acts [141]. ...
Article
Veterinary forensics is rapidly emerging as a distinct branch of veterinary medicine, especially because of increasing mindfulness about animal cruelty, and of the link between acts of cruelty to animals and violence toward humans. Nevertheless, the application of forensic sciences in veterinary cases lags behind its application in medical cases. Although gaps persist in veterinarians' knowledge of forensics and in how to apply this field to medicolegal cases involving animals, continued research and publication in veterinary forensics are rapidly developing the evidence base in this area. Additionally, educational opportunities in veterinary forensics are also increasing at both undergraduate and postgraduate levels. Together, these changes will continue to improve veterinarians' abilities to investigate cases involving animals. To further strengthen these investigations, veterinarians should also collaborate with the appropriate experts in different disciplines of forensic science.
Article
Full-text available
Purpose Building on the findings of a British Academy-funded project on the development of digital forensics (DF) in England and Wales, the purpose of this paper is to explore how triage, a process that helps prioritise digital devices for in-depth forensic analysis, is experienced by DF examiners and police officers in four English police forces. It is argued that while as a strategy triage can address the increasing demand in the examination of digital exhibits, careful consideration needs to be paid to the ways in which its set-up, undertaking and outcomes impact on the ability of law enforcement agencies to solve cases. Design/methodology/approach The methodological approach adopted here builds on the ethnographic turn in criminology. The analysis draws on 120 h of ethnographic observations and 43 semi-structured interviews. Observational data of the working DF environment at each location and a systematic evaluation of internal documents, organisational settings and police priorities helped refine emergent analysis threads, which were analytically compared between sites and against the testimonies of members of different occupational groups to identify similarities and differences between accounts. Findings The findings emphasise the challenges in the triage of digital exhibits as they are encountered in everyday practice. The discussion focusses on the tensions between the delivery of timely and accurate investigation results and current gaps in the infrastructural arrangements. It also emphasises the need to provide police officers with a baseline understanding of the role of DF and the importance of clearly defined strategies in the examination of digital devices. Originality/value This paper aims to bridge policy and practice through an analysis of the ways in which DF practitioners and police officers in four English constabularies reflect on the uses of triage in DF to address backlogs and investigative demands. Highlighting the importance of digital awareness beyond the technical remit of DF units, it offers new insights into the ways in which police forces seek to improve the evidential trail with limited resources.
Chapter
Cyberspace and the existence of the internet allows different types of crimes to appear. Hence, there is a need for new laws to be set with a collective, comprehensive, view of crime and a global understanding. This article studies 5 different countries' laws pertaining to cybercrimes namely: Jordan, Oman, Kuwait, Qatar, and Saudi Arabia. These different countries issued different laws at different times, some in 2007 others are as new as 2015. The article looks at the laws from an academic definition of different crimes, and also describes the laws from a perspective of each country.
Chapter
Cyberspace and the existence of the internet allows different types of crimes to appear. Hence, there is a need for new laws to be set with a collective, comprehensive, view of crime and a global understanding. This article studies 5 different countries' laws pertaining to cybercrimes namely: Jordan, Oman, Kuwait, Qatar, and Saudi Arabia. These different countries issued different laws at different times, some in 2007 others are as new as 2015. The article looks at the laws from an academic definition of different crimes, and also describes the laws from a perspective of each country.
Article
As the majority of dwellings now maintain some form of Internet connectivity, the examination of routers at crime scenes is an increasing requirement. Due to cost and resourcing constraints, police forces are looking to transfer responsibility for carrying out this task to front line crime scene investigators, despite such staff typically lacking specialist training for this type of examination. Such strategies are potentially high-risk, as the mishandling of home routers can result in the oversight or destruction of potentially evidential information denoting home network usage, configuration and connected devices. This information can support scene examiners with their searching practices, ensuring all connected devices within the vicinity of a scene are accounted for or seized, whilst also supporting further technical investigations. This work documents the forensic examination of Sky, BT, Virgin, EE and TalkTalk routers and analysis of relevant evidence content including records of attached and currently connected devices, and, network configuration settings. A standard operating procedures has been developed and offered, to support crime scene investigation staff carry out router investigations.
Chapter
Full-text available
Cyberspace and the existence of the internet allows different types of crimes to appear. Hence, there is a need for new laws to be set with a collective, comprehensive, view of crime and a global understanding. This article studies 5 different countries' laws pertaining to cybercrimes namely: Jordan, Oman, Kuwait, Qatar, and Saudi Arabia. These different countries issued different laws at different times, some in 2007 others are as new as 2015. The article looks at the laws from an academic definition of different crimes, and also describes the laws from a perspective of each country.
Article
As digital devices play an increasing role in criminal investigations, where in some cases the data they contain may describe events where few other sources of information exist, there is an increasing concern regarding potential privacy invasion caused by their examination. ICO, 2020, the Information Commissioner's Office called for the greater evaluation and scrutiny of data extraction and examination processes deployed by investigating authorities with regard to smartphone data. In doing so, a light was shone on the wider issues and balancing act of maintaining data privacy whilst still allowing for an effective investigation to be conducted by law enforcement. This article proposes a set of ten Privacy-Preserving Data Processing Principles (PPDPP) for consideration by those conducting the digital forensic extraction and examination of data from a digital device. These principles define conduct that is indicative of privacy-preserving, where it is encouraged that those undertaking device investigations demonstrate evidence of adherence to the spirit of them.
Chapter
Full-text available
Human dependence on critical infrastructure and computer technology via cyberspace has made people highly vulnerable to cyberattacks and cyber hacking. Threats from cyberspace are among the most critical security challenges faced in the 21st century. This is raising serious concerns about the preparedness of individuals, organizations, and criminal justice institutions to counter the challenge (Mesko, 2018).This chapter is based on a review of the existing information on cyber connectivity and the evolving nature and impact of cybercrimes on individuals and society at large. It also examines issues such as hacking, hacking groups, ransomware, and the role of both legal protection and artificial intelligence in empowering humans to thwart cyber threats
Article
With the growing sophistication and prevalence of digital devices such as mobile phones, computers, tablets, sat-navs, and domestic appliances, the extraction, analysis and interpretation of digital data has become increasingly central to intelligence gathering and criminal proceedings. However, the very extent of data available today challenges the ability of police agencies to turn seized devices into useful evidence. To date, most social science scholarship about forensics has concentrated on DNA profiling and its societal and ethical issues. In contrast, other forensic fields, including digital forensics, have had little analytical scrutiny. Based on unprecedented access to a forensic collaboration in England, this study addresses the question: In conditions of constrained resources, how do police agencies manage the insatiable demand for digital examinations? In doing so, we bring rationing classification schemes from healthcare studies into the field of criminology in order to characterise the techniques for reconciling demand with capacity. As detailed, formal attempts to ration demand are confounded by informal practices and procedures that can impact on the capacity of the workforce and the speed with which cases are processed. In addition, the rationing of digital devices has significant consequences for the definition and distribution of skills and expertise across criminal justice agencies.
Article
As digital evidence now features prominently in many criminal investigations, such large volumes of requests for the forensic examination of devices has led to well publicized backlogs and delays. In an effort to cope, triage policies are frequently implemented in order to reduce the number of digital devices which are seized unnecessarily. Often first responders are tasked with performing triage at scene in order to decide whether any identified devices should be seized and submitted for forensic examination. In some cases, this is done with the assistance of software which allows device content to be “previewed”; however, in some cases, a first responder will triage devices using their judgment and experience alone, absent of knowledge of the devices content, referred to as “decision‐based device triage” (DBDT). This work provides a discussion of the challenges first responders face when carrying out DBDT at scene. In response, the COLLECTORS ranking scale is proposed to help first responders carry out DBDT and to formalize this process in an effort to support quality control of this practice. The COLLECTORS ranking scale consists of 10 categories which first responders should rank a given device against. Each devices cumulative score should be queried against the defined “seizure thresholds” which offer support to first responders in assessing when to seize a device. To offer clarify, an example use‐case involving the COLLECTORS ranking scale is included, highlighting its application when faced with multiple digital devices at scene.
Article
Full-text available
The paper presents a comparative analysis of criminal and information legislations, legal acts to ensure cybersecurity in the UK and Russia. The experience of the UK as the most digital country in the world in combating crimes committed with the use of digital technologies seems to be more than ever requested and topical. It notes that in Russia the damage to citizens and organizations from criminal attacks is five times higher than the similar damage to the UK citizens, while the total number of attacks registered in the Russian Federation is much lower than that of the official UK criminal statistics. The authors substantiate the thesis about feasibility of creating in the Russian legislation more universal norms with a certain threshold of strength to new types of digital threats. They argue that creation of effective mechanisms for application of legislation provisions in the digital sphere should be a separate area of domestic criminal policy of all countries. On the basis of the conducted research, they offer some mechanisms of securing relations in the digital sphere.
Article
The introduction of Industrial Revolution 4.0 (IR 4.0) brings benefits to the industries and our daily life. Innovation such as the Internet of Things, cloud computing, and blockchain is not only confined to the manufacturing industry but covers the whole of human life. Notwithstanding the said innovation, it also gives rise to cybercrimes with these technologies’ assistance. The botnet called Mirai is one example of compromising the technology in IR 4.0 to launch large-scale cyberattacks through Internet access. It is therefore crucial for the digital forensic (DF) organization to be ready to handle this kind of incident. This paper aims to provide the indicators for DF organizations’ maturity and readiness in the era of IR 4.0. To establish the indicators, a systematic literature review (SLR) is conducted. It involves four phases in the SLR, where the focus is; (1) challenges of DF in IR 4.0, (2) chain of custody and DF readiness, (3) existing maturity model, and (4) benchmarking the maturity element, respectively. It covers the research studies taken from five databases. From the comparison analysis, this study has derived five indicators for the maturity and readiness of DF organization: (1) People and capacity development, (2) Organization, policy and cooperation, (3) Process, (4) Technology and technical, (5) Legislation and regulation. Finally the work outlines the DF practices based on the CMMI ver. 2 practice areas and potential governance and management objectives that can govern the DF organization.
Chapter
Human dependence on critical infrastructure and computer technology via cyberspace has made people highly vulnerable to cyber attacks and cyber hacking. Threats from cyberspace are among the most critical security challenges faced in the 21st century. This is raising serious concerns about the preparedness of individuals, organizations, and criminal justice institutions to counter the challenge (Mesko, 2018). This chapter is based on a review of the existing information on cyber connectivity and the evolving nature and impact of cybercrimes on individuals and society at large. It also examines issues such as hacking, hacking groups, ransomware, and the role of both legal protection and artificial intelligence in empowering humans to thwart cyber threats.
Article
Full-text available
Purpose In-depth knowledge about specific national approaches to using digital evidence in investigations is scarce. A clearer insight into the organisational barriers and professional challenges experienced, alongside a more detailed picture of how digital evidence can help police investigations are required to empirically substantiate claims about how digital technologies are changing the face of criminal investigations. The paper aims to focus on the introduction of digital media investigators to support investigating officers with the collection and interpretation of digital evidence. Design/methodology/approach Drawing on ethnographic and interview data collected as part of an Economic and Social Research Council-funded project on the application of digital forensics expertise in policing in England and Wales, this paper examines the changing face of investigations in relation to escalating digital demand. Findings The analysis presents the national and regional organisational parameters of deploying digital expertise in criminal investigation and examines some of the challenges of being a digital media investigator (DMI). Through testimonies from DMIs, digital forensic practitioners, investigating and senior officers and forensic managers, the analysis explores the organisational tensions in the collection, processing, interpretation and use of information from digital devices for evidential purposes. Research limitations/implications The paper offers an empirical basis for the comparative study of how the DMI role has been implemented by law enforcement agencies and its fit within broader institutional considerations and processes. Practical implications The development of the DMI role has raised questions about the supply of digital expertise, especially to volume crime investigations, and tensions around occupational divisions between scientific and operational units. Social implications The findings show that while the introduction of the DMI role was much needed, the development of this valuable provision within each force and the resources available require sustained and coordinated support to protect these professionals and retain their skills. Originality/value This study contributes to the growing sociological and criminological literature with an ethnographically based perspective into the organisational and occupational tensions in the identification and processing of digital evidence in England and Wales.
Article
Many criminal investigations maintain an element of digital evidence, where it is the role of the first responder in many cases to both identify its presence at any crime scene, and assess its worth. Whilst in some instances the existence and role of a digital device at-scene may be obvious, in others, the first responder will be required to evaluate whether any ‘digital opportunities’ exist which could support their inquiry, and if so, where these are. This work discusses the potential presence of digital evidence at crime scenes, approaches to identifying it and the contexts in which it may exist, focusing on the investigative opportunities that devices may offer. The concept of digital devices acting as ‘digital witnesses’ is proposed, followed by an examination of potential ‘digital crime scene’ scenarios and strategies for processing them.
Article
The prominence of technology usage in society has inevitably led to increasing numbers of digital devices being seized, where digital evidence often features in criminal investigations. Such demand has left well documented backlogs placing pressure on digital forensic labs, where in an effort to combat this issue, the ‘at-scene triage’ of devices has been touted as a solution. Yet such triage approaches are not straightforward to implement with multiple technical and procedural issues existing, including determining when it is actually appropriate to triage the contents of a device at-scene. This work remains focused on this point due to the complexities associated with it, and to support first responders a nine-stage triage decision model is offered which is designed to promote consistent and transparent practice when determining if a device should be triaged.
Article
Full-text available
Cyberspaceandtheexistenceoftheinternetallowsdifferenttypesofcrimestoappear.Hence,there is a need for new laws to beset with a collective,comprehensive,view of crime and a global understanding. This article studies 5 different countries’ laws pertaining to cybercrimes namely: Jordan, Oman, Kuwait, Qatar, and Saudi Arabia. These different countries issued different laws at different times, some in 2007 others are as new as 2015. The article looks at the laws from an academic definition of different crimes, and also describes the laws from a perspective of each country Cyber Security Crime and Punishment: Comparative Study of the Laws of Jordan, Kuwait, Qatar, Oman, and Saudi Arabia. Available from: https://www.researchgate.net/publication/326335840_Cyber_Security_Crime_and_Punishment_Comparative_Study_of_the_Laws_of_Jordan_Kuwait_Qatar_Oman_and_Saudi_Arabia [accessed Jul 12 2018].
Article
Full-text available
Start with talent and skills driven by curiosity and hormones, constrained only by moral values and judgment.
Article
Full-text available
Approximate Hash Based Matching (AHBM), also known as Fuzzy Hashing, is used to identify complex and unstructured data that has a certain amount of byte-level similarity. Common use cases include the identification of updated versions of documents and fragments recovered from memory or deleted files. Though several algorithms exist, there has not yet been an extensive focus on its practical use in digital investigations. The paper addresses the research question: How can AHBM be applied in digital investigations? It focuses on common scenarios in which AHBM can be applied, as well as the potential significance of its results. First, an assessment of AHBM for digital investigations with respect to existing algorithms and requirements for efficiency and precision is given. Then follows a description of scenarios in which it can be applied. The paper presents three modes of operation for Approximate Matching, namely searching, streaming and clustering. Each of the modes are tested in practical experiments. The results show that AHBM has great potential for helping investigators discover information based on data similarity. Three open source tools were implemented during the research leading up to this paper: Autopsy AHBM enables AHBM in an existing digital investigation framework, sddiff helps understanding AHBM results through visualization, and makecluster improves analysis of graphs generated from large datasets by storing each disjunct cluster separately.
Article
Full-text available
Cloud computing is a relatively new concept that offers the potential to deliver scalable elastic services to many. The notion of pay-per use is attractive and in the current global recession hit economy it offers an economic solution to an organizations' IT needs. Computer forensics is a relatively new discipline born out of the increasing use of computing and digital storage devices in criminal acts (both traditional and hi-tech). Computer forensic practices have been around for several decades and early applications of their use can be charted back to law enforcement and military investigations some 30 years ago. In the last decade computer forensics has developed in terms of procedures, practices and tool support to serve the law enforcement community. However, it now faces possibly its greatest challenges in dealing with cloud computing. Through this paper we explore these challenges and suggest some possible solutions.
Article
Full-text available
Today’s Golden Age of computer forensics is quickly coming to an end. Without a clear strategy for enabling research efforts that build upon one another, forensic research will fall behind the market, tools will become increasingly obsolete, and law enforcement, military and other users of computer forensics products will be unable to rely on the results of forensic analysis. This article summarizes current forensic research directions and argues that to move forward the community needs to adopt standardized, modular approaches for data representation and forensic processing.
Article
Full-text available
What can we reasonably expect from law enforcement in terms of policing high tech crime? What can the police reasonably expect from us in terms of adequacy of prevention and co-operation when a suspected crime occurs? Cyber Crime Policing can only be understood within the broader issues facing the criminal justice system. It seems to me that both sides may be expecting too much of each other and a more realistic approach might be more productive. In this presentation I will concentrate on the situation here in the UK; however similar patterns occur in many other countries.
Article
Encryption policy is becoming a crucial test of the values of liberal democracy in the twenty-first century.
Article
The primary goal of this paper is to raise awareness regarding legal loopholes and enabling technologies, which facilitate acts of cyber crime. In perusing these avenues of inquiry, the author seeks to identify systemic impediments which obstruct police investigations, prosecutions, and digital forensics interrogations. Existing academic research on this topic has tended to highlight theoretical perspectives when attempting to explain technology aided crime, rather than presenting practical insights from those actually tasked with working cyber crime cases. The author offers a grounded, pragmatic approach based on the in-depth experience gained serving with police task-forces, government agencies, private sector, and international organizations. The secondary objective of this research encourages policy makers to reevaluate strategies for combating the ubiquitous and evolving threat posed by cybercriminality. Research in this paper has been guided by the firsthand global accounts (via the author's core involvement in the preparation of the Comprehensive Study on Cybercrime (United Nations Office on Drugs and Crime, 2013) and is keenly focused on core issues of concern, as voiced by the international community. Further, a fictional case study is used as a vehicle to stimulate thinking and exemplify key points of reference. In this way, the author invites the reader to contemplate the reality of a cyber crime inquiry and the practical limits of the criminal justice process.
Article
Malware is a major security threat confronting computer systems and networks and has increased in scale and impact from the early days of ICT. Traditional protection mechanisms are largely incapable of dealing with the diversity and volume of malware variants which is evident today. This paper examines the evolution of malware including the nature of its activity and variants, and the implication of this for computer security industry practices. As a first step to address this challenge, I propose a framework to extract features statically and dynamically from malware that reflect the behavior of its code such as the Windows Application Programming Interface (API) calls. Similarity based mining and machine learning methods have been employed to profile and classify malware behaviours. This method is based on the sequences of API sequence calls and frequency of appearance. Experimental analysis results using large datasets show that the proposed method is effective in identifying known malware variants, and also classifies malware with high accuracy and low false alarm rates. This encouraging result indicates that classification is a viable approach for similarity detection to help detect malware. This work advances the detection of zero-day malware and offers researchers another method for understanding impact.
Article
Internet technologies are beginning to influence the sale and supply of illicit drugs in Australia. One such technology, an online marketplace known as Silk Road, had dramatically increased in popularity since its worldwide launch in February 2011. This research and paper were completed prior to the Silk Road's founder, Ross Ulbricht being arrested on 2 October 2013 and Silk Road being taken off line. This research paper will consider such factors; as the increasing use of internet by Australians, the popularity of shopping online and the variance in the quality and price of products available on Silk Road to those available in other drug markets. The case study will provide an in-depth look at Silk Road from an Australian perspective and in light of the continuing popularity of illicit drug use in Australia. Though Silk Road is currently off line, ‘Bitcoin’ has survived and it will only be a matter of time before a substitute for Silk Road emerges.
Article
Digital forensic triage is poorly defined and poorly understood. The lack of clarity surrounding the process of triage has given rise to legitimate concerns. By trying to define what triage actually is, one can properly engage with the concerns surrounding the process. This paper argues that digital forensic triage has been conducted on an informal basis for a number of years in digital forensic laboratories, even where there are legitimate objections to the process. Nevertheless, there are clear risks associated with the process of technical triage, as currently practised. The author has developed and deployed a technical digital forensic previewing process that negates many of the current concerns regarding the triage process and that can be deployed in any digital forensic laboratory at very little cost. This paper gives a high-level overview of how the system works and how it can be deployed in the digital forensic laboratory.
Article
Purpose The study examines whether the use of forensic awareness strategies increases the chance of avoiding police detection in sexual homicide. Methods Logistic and negative binomial regression analyses are used on a sample of 350 cases of sexual homicide – 250 solved and 100 unsolved cases – in order to determine if forensic awareness strategies are related to the status of the case (i.e., solved versus unsolved) and the number of days before body recovery, while controlling for certain victim characteristics. Results Although an offender’s use of precautions does not seem to increase the offender’s chance of avoiding police detection, some modus operandi behavior adopted by the offender at the crime scene may help to delay the discovery of the victim, and thus delay the offender’s apprehension. Moreover, the likelihood of whether or not a sexual murderer is apprehended varied significantly across victim characteristics. Conclusion Some offenders seem to exhibit rational thinking in targeting certain types of victims and in adopting certain strategies in order to delay body recovery. Number of days until body recovery is a more appropriate measure of detection avoidance than case status, as it is not biased by administrative rules or timing of data entry.
Article
This study presents results of a survey of self-proclaimed computer hackers about their perceptions in regards to illegal hacking. Results show that hackers continue to engage in illegal hacking activities despite the perception of severe judicial punishment. A closer look shows that hackers perceive a high utility value from hacking, little informal sanctions, and a low likelihood of punishment. These perceptions coupled with a high level of moral disengagement partially explain the hacker's illegal behavior.
Article
The article focuses on the effectiveness of computer misuse policies among university students The article focuses on the effectiveness of computer misuse policies among university students. A study of Midwestern college students found that more than a third of business students, (undergraduate and graduate), had misused computer system resources or software in their lifetimes. Paradoxically, the study found that students who had read the computer misuse policy of the university committed more abuse. Greater familiarity with computers was also an indicator of greater levels of computer misuse; in general, undergraduate misuse was lower than graduate student misuse. The study's implications for corporate computer use policies are discussed.
Article
This paper questions the current approach to forensic incident response and network investigations. Although claiming to be ‘forensic’ in nature it shows that the basic processes and mechanisms used in traditional computer forensics are rarely applied in the live incident investigation arena. This paper demonstrates how the newly proposed Digital Evidence Bag (DEB) storage format can be applied to a dynamic environment. A DEB is a universal container for digital evidence from any source. It allows the provenance to be recorded and continuity to be maintained throughout the life of the investigation. With a small amount of forethought a forensically rigorous approach can be applied to incident response, network investigations and system administration with minimal overhead.
Article
The transfer of DNA from hands to objects by holding or touching has been examined in the past. The main purpose of this study was to examine the variation in the amount of DNA transferred from hands to glass, fabric and wood. The study involved 300 volunteers (100 for glass, 100 for fabric and 100 for wood) 50% of which were male and 50% female. The volunteers held the material for 60s. The DNA was recovered from the objects using a minitape lift, quantified using the Quantifiler kit assay, extracted using a 'Qiagen(®) QIAamp DNA mini kit' and amplified using the AmpFlSTR(®) SGM Plus™ Amplification Kit at 28 cycles. The results show that using ANOVA there was a significant difference (F=8.2, p<0.05) between the three object types in the amount of DNA recovered. In terms of DNA transfer and recovery, wood gave the best yield, followed by fabric and then glass. The likelihood of success of obtaining a profile indicative of the holder was approximately 9% for glass samples, 23% for fabric and 36% for wood. There was no significant difference between the amount of DNA transferred by male or female volunteers. In this study good shedder status, as defined by obtaining useful profiles of 6 or more alleles, is estimated at approximately 22% of the population. The phenomenon of secondary transfer was observed when mixed DNA profiles were obtained but the incidence was low at approximately 10% of the total number of samples. DNA profiles corresponding to more than one person were found on objects which had been touched by only one volunteer. Although secondary transfer is possible the profiles obtained from touched objects are more likely to be as a result of primary transfer rather than a secondary source.