±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34287
New Yesterday: 0 Visitors: 232

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

A research survey on Foorensic Methodologies

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

A research survey on Foorensic Methodologies

Post Posted: Mon Aug 06, 2018 6:06 am

Dear members of the forum,
You are being invited to participate in a research study titled
Is it possible to create a standardised Digital Forensic Procedure to be used globally in Digital Forensic Investigations. [align=center]
I am a student at the University of South Wales.
The purpose of this research study is to identify weaknesses in the current digital forensic methodologies used by digital forensic investigators in order to identify best practice to build a single methodology. The aim of the proposed methodology is to go forward as a global standard to be utilized for all technology and in a global environment.

Your participation in this study is entirely voluntary and you can withdraw at any time. You are free to omit any question that you feel are unnecessary.

The SurveyMonkey survey should take you no more than 10 minutes to complete.

www.surveymonkey.co.uk/r/GMBQNP7

Thank you in advance

Kim  

kimsmith64
Newbie
 
 
  

Re: A research survey on Foorensic Methodologies

Post Posted: Mon Aug 06, 2018 7:09 am

Do you want LEO responses only, or do you want insight from other agencies/private business and discovery peeps too? What is the scope/purpose of the survey?

I'm asking because in some places, methodology is fast and loose since you do not go to court but act upon the information immediately.  

MDCR
Senior Member
 
 
  

Re: A research survey on Foorensic Methodologies

Post Posted: Mon Aug 06, 2018 7:46 am

- MDCR

I'm asking because in some places, methodology is fast and loose since you do not go to court but act upon the information immediately.


I fully agree with this statement, but also believe that not going to court should not be a reason to obviate rigor.

More importantly, it is similarly not a reason to obviate documentation.

Within the private sector, IMHO, workflows are critical. For example, there are various different types of investigations that would benefit greatly from documented, living workflows, such as BEC investigations, malware discovery, etc. However, many analysts are reticent to either establish and follow a workflow, or to document that they did.

I firmly believe that having a documented, repeatable process in place (where applicable), something that is a living document (updated to include new findings) provides a basis for automation, and does not limit the analyst. Rather, such a process makes a new analyst much more productive, and frees up the more experienced analyst to be creative.  

keydet89
Senior Member
 
 
  

Re: A research survey on Foorensic Methodologies

Post Posted: Wed Aug 08, 2018 11:05 am

- keydet89
...More importantly, it is similarly not a reason to obviate documentation.

... I firmly believe that having a documented, repeatable process in place (where applicable), something that is a living document (updated to include new findings) provides a basis for automation, and does not limit the analyst. Rather, such a process makes a new analyst much more productive, and frees up the more experienced analyst to be creative.


I absolutely agree with you in principle.

Unfortunately there are environments that turn repeatable process into a stultified checkbox mentality instead of a living reference guide. This often goes hand-in-hand with the complaint that reports are too long and too technical and a demand that all process documentation be removed to shorten and simplify the report. Formatting the report into an executive summary without details followed by a full technical report with process quickly becomes a clipped out summary only. New analysts learned that without process detail, their reports can not be effectively reviewed or challenged, speeding everything up.

This is also an effect of applying simple metrics to complex issues (reports per month). You end up getting simple and wrong results.

"Should" and "Human Nature" often work in opposition.  

watcher
Member
 
 
  

Re: A research survey on Forensic Methodologies

Post Posted: Wed Aug 08, 2018 2:18 pm

Thank you for the question concerning who I would like to compete the questionnaire. I am happy to receive a range of responses from both the private and public sector. The main aim is to identify common issues that could be alleviated through the use of a common model for all digital forensic investigations. This is only a first step to investigate the possibility of a set of common steps that would provide a more scientific method to digital forensic investigators and to thus have a similar impact in terms of reliability that Fingerprints now have.  

kimsmith64
Newbie
 
 
  

Re: A research survey on Foorensic Methodologies

Post Posted: Thu Aug 09, 2018 1:47 am

Assuming that the quality of the fingerprint image is sufficient and that the analyst does a human inspection of the matched results:

www.theregister.co.uk/...d_blunder/  

MDCR
Senior Member
 
 
  

Re: A research survey on Foorensic Methodologies

Post Posted: Thu Aug 09, 2018 2:57 am

- watcher
New analysts learned that without process detail, their reports can not be effectively reviewed or challenged, speeding everything up.


Insightful observations about the problem. In particular, should an analyst know the process merely as to his/her actions in an examination? What about the process of knowing the digital forensic hardware and software?

Director of Public Prosecutions -v- Power [2018] IECA 119 (24 April 2018) -
Court of Appeal Record Number: 150/2014

'Ground of Appeal No. (vi) – the admissibility of the XRY Report/Printout
87. During the course of the trial the respondent sought to introduce into evidence a printout of data (the “XRY report”) downloaded from the mobile phone and SIM card of the deceased using a software tool known as the XRY Forensic Phone Analysis System.

88. The evidence relied upon in support of the application came, inter alia, from Sergeant Mary Gilmartin who told that court that she was trained and qualified to operate the XRY Forensic Phone Analysis System, that she had received a Nokia mobile phone handset labelled BC 08 from Sergeant Brendan Carey (there was later evidence that Sgt Carey had recovered that handset from the kitchen of the deceased’s house where it was plugged in to charge), and that using the XRY Forensic Phone Analysis System she had on the 17th of October 2012 downloaded data from the SIM card in that handset, and further on the 18th of October 2012 had downloaded data from the mobile phone handset itself. Then again using XRY Forensic Phone Analysis System software she had generated a printout (the “XRY report”) covering a specified period, which she was exhibiting. This report or printout contained details of calls made and received over the period of interest as recorded on either the SIM card or the handset itself, as well as details of the dates and times of SMS texts sent and received in the period of interest, the numbers from which texts were received and to which they were sent, and a record of the actual text transmitted or received.

89. Under cross-examination, Sergeant Gilmartin accepted that she did not really know how the XRY Forensic Phone Analysis System worked:
“Q. Yes. I think your role essentially, Sergeant, was to get your device or programme, to plug it into the phone, get a printout and hand it on?
A. That is correct, Judge.

Q. Do you know how the software works?

A. Very vaguely, Judge, I'm not

Q. You wouldn't purport to be an expert in that?

A. Absolutely not, Judge, I'm qualified in the operation of it.

Q. Yes?

A. And to make sure that it's done correctly, but that is my sole function in relation to it.

Q. Certainly, you wouldn't be able to help us as to how it actually operates?

A. No, Judge, I would not.

Q. Did you check the device time?

A. The only place that that is recorded is sometimes depending on the model of the phone, on the first couple of pages of the report, if you just give me a moment and I'll just check and see if it was recorded on this, no, Judge, it's not recorded on the download.” '
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 

trewmte
Senior Member
 
 

Page 1 of 2
Go to page 1, 2  Next