publication . Doctoral thesis . 2014

Technical and legal perspectives on forensics scenario

Solinas, Fabrizio;
Open Access
  • Published: 23 May 2014
Abstract
The dissertation concerns digital forensic. The expression digital forensic (sometimes called digital forensic science) is the science that studies the identification, storage, protection, retrieval, documentation, use, and every other form of computer data processing in order to be evaluated in a legal trial. Digital forensic is a branch of forensic science. First of all, digital forensic represents the extension of theories, principles and procedures that are typical and important elements of the forensic science, computer science and new technologies. From this conceptual viewpoint, the logical consideration concerns the fact that the forensic science studies...
Subjects
ACM Computing Classification System: ComputingMilieux_LEGALASPECTSOFCOMPUTING
free text keywords: INF/01 Informatica
Download from
UniCA Eprints
Doctoral thesis . 2014

1 Literature review 1 1.1 The evolution of concept of forensic science . . . . . . . . . . 1 1.2 Digital forensics and computer crime . . . . . . . . . . . . . . 2 1.3 Economic problem related to computer crime . . . . . . . . . 5 1.4 European Union's in uences . . . . . . . . . . . . . . . . . . . 6

2 Criminal investigation steps on digital investigation 9 2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2 The Italian legal system within computer forensic scenario . . 12 2.3 The novel model to satisfy the legal system . . . . . . . . . . 15 2.3.1 Creating hash code phase . . . . . . . . . . . . . . . . 17 2.3.2 Image copy phase . . . . . . . . . . . . . . . . . . . . . 18 2.3.3 Data recovery/data carving phase . . . . . . . . . . . 20 2.3.4 Disk analysis phase . . . . . . . . . . . . . . . . . . . . 20 2.3.5 Mount partition phase . . . . . . . . . . . . . . . . . . 21 2.3.6 Files system analysis . . . . . . . . . . . . . . . . . . . 21 2.4 Limitations and known issues . . . . . . . . . . . . . . . . . . 23 2.5 Improvements and future works . . . . . . . . . . . . . . . . . 24

3 Live digital forensic 25 3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.2 Overview of main di erences between Windows XP and Windows 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.3 The case studies on Microsoft Windows system . . . . . . . . 31 3.3.1 Skype's RAM analysis . . . . . . . . . . . . . . . . . . 32 3.3.2 Google Talk's RAM analysis . . . . . . . . . . . . . . 33 3.3.3 Internet Explorer's RAM analysis . . . . . . . . . . . . 33 3.3.4 Summarized of Internet Explorer tests . . . . . . . . . 35 3.4 Limitations and known issues . . . . . . . . . . . . . . . . . . 35 3.5 Improvements and future works . . . . . . . . . . . . . . . . . 38

Any information missing or wrong?Report an Issue