Search results for: forensic evidence

Authors: Tina Wu, Andrew Martin

Abstract:

The expansion of the Internet of Things (IoT) brings a new level of threat. Attacks on IoT are already being used by criminals to form botnets, launch Distributed Denial of Service (DDoS) and distribute malware. This opens a whole new digital forensic arena to develop forensic methodologies in order to have the capability to investigate IoT related crimes. However, existing proposed IoT forensic models are still premature requiring further improvement and validation, many lack details on the acquisition and analysis phase. This paper proposes an enhanced theoretical IoT digital forensic model focused on identifying and acquiring the main sources of evidence in a methodical way. In addition, this paper presents a theoretical acquisition framework of the different stages required in order to be capable of acquiring evidence from IoT devices.

Keywords: acquisition, Internet of Things, model, zoning

Procedia PDF Downloads 244

Authors: Aadita Chaudhury

Abstract:

Since at least the early 2000s, DNA profiling has achieved a preeminent status in forensic investigations into criminal acts. While the criminal justice system has a long history of using forensic evidence and testing them through establish technoscientific means, the primacy of DNA in establishing 'truth' or reconstructing a series of events is unparalleled in the history of forensic science. This paper seeks to elucidate the ways in which DNA profiling has become the most authoritative instrument of 'truth' in criminal investigations, and how it is used in the legal process to ascertain culpability, create the notion of infallible evidence, and advance the search for justice. It is argued that DNA profiling has created a paradigm shift in how the legal system and the general public understands crime and culpability, but not without limitations. There are indications that even trace amounts of DNA evidence can point to causal links in a criminal investigation, however, there still remains many rooms to create confusion and doubt from empirical evidence within the narrative of crimes. Many of the shortcomings of DNA-based forensic investigations are explored and evaluated with regards to claims of the authority of biological evidence and implications for the public understanding of the elusive concepts of truth and justice in the present era. Public misinformation about the forensic analysis processes could produce doubt or faith in the judgements rooted in them, depending on other variables presented at the trial. A positivist understanding of forensic science that is shared by the majority of the population does not take into consideration that DNA evidence is far from definitive, and can be used to support any theories of culpability, to create doubt and to deflect blame.

Keywords: DNA profiling, epistemology of forensic science, philosophy of forensic science, sociology of scientific knowledge

Procedia PDF Downloads 183

Authors: Lilian Noronha Nassif

Abstract:

Cybercrime investigation demands an appropriated evidence collection mechanism. If the investigator does not acquire digital proofs in a forensic sound, some important information can be lost, and judges can discard case evidence because the acquisition was inadequate. The correct digital forensic seizing involves preparation of professionals from fields of law, police, and computer science. This paper presents important challenges faced during evidence collection in different perspectives of places. The crime scene can be virtual or real, and technical obstacles and privacy concerns must be considered. All pointed challenges here highlight the precautions to be taken in the digital evidence collection and the suggested procedures contribute to the best practices in the digital forensics field.

Keywords: digital evidence, digital forensics process and procedures, mobile forensics, cloud forensics

Procedia PDF Downloads 387

Authors: E. Tugba Topcu

Abstract:

The emergency services are usually the first places to encounter forensic cases. Hence, it is important to consider forensics from the perspective of the emergency services staff and the physiological and psychological consequences that may arise as a result of behaviour by itself or another person. Accurate and detailed documentation of the situation in which the patient first arrives at the emergency service and preservation of the forensic findings is pivotal for the subsequent forensic investigation. The first step in determining whether or not a forensic case exists is to perform a medical examination of the patient. For each individual suspected to be part of a forensic case, police officers should be informed at the same time as the medical examination is being conducted. Violent events are increasing every year and with an increase in the number of forensic cases, emergency service workers have increasing responsibility and consequently play a key role in protecting, collecting and arranging the forensic evidence. In addition, because the emergency service workers involved in forensic events typically have information about the accused and/or victim, as well as evidence related to the events and the cause of injuries, police officers often require their testimony. However, both nurses and other health care personnel do not typically have adequate expertise in forensic medicine. Emergency nurses should take an active role for determining that whether any patient admitted to the emergency services is a clinical forensic patient the emergency service with injury and requiring possible punishment and knowing of their roles and responsibilities in this area provides legal protection as well as the protection of the judicial affair. Particularly, in emergency services, where rapid patient turnover and high workload exists, patient registration and case reporting may not exist. In such instances, the witnesses, typically the nurses, are often consulted for information. Knowledge of forensic medical matters plays a vital role in achieving justice. According to the Criminal Procedure Law, Article 75, Paragraph 3, ‘an internal body examination or the taking of blood or other biological samples from the body can be performed only by a doctor or other health professional member’. In favour of this item, the clinic nurse and doctor are mainly responsible for evaluating forensic cases in emergency departments, performing the examination, collecting evidence, and storing and reporting data. The courts place considerable importance on determining whether a suspect is the victim or accused and, thus, in terms of illuminating events, it is crucial that any evidence is gathered carefully and appropriately. All the evidence related to the forensic case including the forensic report should be handed over to the police officers. In instances where forensic evidence cannot be collected and the only way to obtain the evidence is the hospital environment, health care personnel in emergency services need to have knowledge about the diagnosis of forensic evidence, the collection of evidence, hiding evidence and provision of the evidence delivery chain.

Keywords: emergency department, emergency nursing, forensic cases, forensic nursing

Procedia PDF Downloads 230

Authors: Hui Li, Xueying Zhao, Ke Ma, Yu Cao, Fan Yang, Qingwen Xu, Wenbin Liu

Abstract:

Soil can often link a person or item to a crime scene, which makes it a valuable evidence in forensic casework. Several techniques have been utilized in forensic soil discrimination in previous studies. Because soil contains a vast number of microbiomes, the analyse of soil microbiomes is expected to be a potential way to characterise soil evidence. In this study, we applied massively parallel sequencing (MPS) to soil bacterial profiling on the Ion Torrent Personal Genome Machine (PGM). Soils from different regions were collected repeatedly. V-region 3 and 4 of Bacterial 16S rRNA gene were detected by MPS. Operational taxonomic units (OTU, 97%) were used to analyse soil bacteria. Several bioinformatics methods (PCoA, NMDS, Metastats, LEfse, and Heatmap) were applied in bacterial profiles. Our results demonstrate that MPS can provide a more detailed picture of the soil microbiomes and the composition of soil bacterial components from different region was individualistic. In conclusion, the utility of soil bacterial profiling via MPS of the 16S rRNA gene has potential value in characterising soil evidences and associating them with their place of origin, which can play an important role in forensic science in the future.

Keywords: bacterial profiling, forensic, massively parallel sequencing, soil evidence

Procedia PDF Downloads 539

Authors: Chih-Ping Chang

Abstract:

Different from traditional objective evidence, social media evidence has its own characteristics with easily tampering, recoverability, and cannot be read without using other devices (such as a computer). Simply taking a screenshot from social network sites must be questioned its original identity. When the police search and seizure digital information, a common way they use is to directly print out digital data obtained and ask the signature of the parties at the presence, without taking original digital data back. In addition to the issue on its original identity, this conduct to obtain evidence may have another two results. First, it will easily allege that is tampering evidence because the police wanted to frame the suspect and falsified evidence. Second, it is not easy to discovery hidden information. The core evidence associated with crime may not appear in the contents of files. Through discovery the original file, data related to the file, such as the original producer, creation time, modification date, and even GPS location display can be revealed from hidden information. Therefore, how to show this kind of evidence in the courtroom will be arguably the most important task for ruling social media evidence. This article, first, will introduce forensic software, like EnCase, TCT, FTK, and analyze their function to prove the identity with another digital data. Then turning back to the court, the second part of this article will discuss legal standard for authentication of social media evidence and application of that forensic software in the courtroom. As the conclusion, this article will provide a rethinking, that is, what kind of authenticity is this rule of evidence chase for. Does legal system automatically operate the transcription of scientific knowledge? Or furthermore, it wants to better render justice, not only under scientific fact, but through multivariate debating.

Keywords: federal rule of evidence, internet forensic, printouts as evidence, social media evidence, United States v. Vayner

Procedia PDF Downloads 274

Authors: George Kurian, Hongmei Chi

Abstract:

Digital evidence plays a critical role in most legal investigations. In many cases, thumbnail databases show important information in that investigation. The probability of having digital evidence retrieved from a computer or smart device has increased, even though the previous user removed data and deleted apps on those devices. Due to the increase in digital forensics, the ability to store residual information from various thumbnail applications has improved. This paper will focus on investigating thumbnail information from Windows 10. Thumbnail images of interest in forensic investigations may be intact even when the original pictures have been deleted. It is our research goal to recover useful information from thumbnails. In this research project, we use various forensics tools to collect left thumbnail information from deleted videos or pictures. We examine and describe the various thumbnail sources in Windows and propose a methodology for thumbnail collection and analysis from laptops or desktops. A machine learning algorithm is adopted to help speed up content from thumbnail pictures.

Keywords: digital forensic, forensic tools, soundness, thumbnail, machine learning, OCR

Procedia PDF Downloads 108

Authors: Ahd Aljarf, Saad Amin

Abstract:

Images are important source of information used as evidence during any investigation process. Their clarity and accuracy is essential and of the utmost importance for any investigation. Images are vulnerable to losing blocks and having noise added to them either after alteration or when the image was taken initially, therefore, having a high performance image processing system and it is implementation is very important in a forensic point of view. This paper focuses on improving the quality of the forensic images. For different reasons packets that store data can be affected, harmed or even lost because of noise. For example, sending the image through a wireless channel can cause loss of bits. These types of errors might give difficulties generally for the visual display quality of the forensic images. Two of the images problems: noise and losing blocks are covered. However, information which gets transmitted through any way of communication may suffer alteration from its original state or even lose important data due to the channel noise. Therefore, a developed system is introduced to improve the quality and clarity of the forensic images.

Keywords: image filtering, image reconstruction, image processing, forensic images

Procedia PDF Downloads 345

Authors: M. O. Ezegbogu, H. B. Osadolor

Abstract:

Lipsticks constitute a significant source of transfer evidence, and can, therefore, provide corroborative or inclusionary evidence in criminal investigation. This study aimed to determine the uniqueness and persistence of different lipstick smears using Thin Layer Chromatography (TLC), and Gas Chromatography with a Flame Ionisation Detector (GC-FID). In this study, we analysed lipstick smears retrieved from tea cups exposed to the environment for up to four weeks. The n-alkane content of each sample was determined using GC-FID, while TLC was used to determine the number of bands, and retention factor of each band per smear. This study shows that TLC gives more consistent results over a 4-week period than GC-FID. It also proposes a maximum exposure time of two weeks for the analysis of lipsticks left in the open using GC-FID. Finally, we conclude that neither TLC nor GC-FID can distinguish lipstick evidence recovered from hypothetical crime scenes.

Keywords: forensic science, chromatography, identification, lipstick

Procedia PDF Downloads 171

Authors: E. Tuğba Topçu, Ebru E. Kazan, Erhan Büken

Abstract:

Emergency nurses are the first health care professional to generally observe the patients, communicate patients’ family or relatives, touch the properties of patients and contact to laboratory sample of patients. Also, they are the encounter incidents related crime, people who engage in violence or suspicious injuries frequently. So, documentation of patients’ condition came to the hospital and conservation of evidence are important in the inquiry of forensic medicine. The aim of the study was to determine the knowledge level of healthcare professional working at the emergency services regarding their approaches to common forensic cases. The study was comprised of 404 healthcare professional working (nurse, emergency medicine technician, health officer) at the emergency services of 6 state hospitals, 6 training and 6 research hospitals and 3 university hospitals in Ankara. Data was collected using questionnaire form which was developed by researches in the direction of literature. Questionnaire form is comprised of two sections. The first section includes 17 questions related demographic information about health care professional and 4 questions related Turkish laws. The second section includes 43 questions to the determination of knowledge level of health care professional’s working in the emergency department, about approaches to frequently encountered forensic cases. For the data evaluation of the study; Mann Whitney U test, Bonferroni correction Kruskal Wallis H test and Chi Square tests have been used. According to study, it’s said that there is no forensic medicine expert in the foundation by 73.4% of health care professionals. Two third (66%) of participants’ in emergency department reported daily average 7 or above forensic cases applied to the emergency department and 52.1% of participants did not evaluate incidents came to the emergency department as a forensic case. Most of the participants informed 'duty of preservation of evidence' is health care professionals duty related forensic cases. In result, we determinated that knowledge level of health care professional working in the emergency department, about approaches to frequently encountered forensic cases, is not the expected level. Because we found that most of them haven't received education about forensic nursing.Postgraduates participants, educated health professional about forensic nursing, staff who applied to sources about forensic nursing and staff who evaluated emergency department cases as forensic cases have significantly higher level of knowledge. Moreover, it’s found that forensic cases diagnosis score is the highest in health officer and university graduated. Health care professional’s deficiency in knowledge about forensic cases can cause defects in operation of the forensic process because of mistakes in collecting and conserving of evidence. It is obvious that training about the approach to forensic nursing should be arranged.

Keywords: emergency nurses, forensic case, forensic nursing, level of knowledge

Procedia PDF Downloads 269

Authors: Meriem Taleb, Ghania Tail, Fatma Zohra Kara, Brahim Djedouani, T. Moussa

Abstract:

Forensic entomology is the use of insects and their arthropod relatives as silent witnesses to aid legal investigations by interpreting information concerning a death. The main purpose of forensic entomology is to establish the postmortem interval or PMI Postmortem interval is a matter of crucial importance in the investigations of homicide and other untimely deaths when the body found is after three days. Forensic entomology has grown immensely as a discipline in the past thirty years. In Algeria, forensic entomology was introduced in 2010 by the National Institute for Criminalistics and Criminology of the National Gendarmerie (NICC). However, all the work that has been done so far in this growing field in Algeria has been unknown at both the national and international levels. In this context, the aim of this paper is to describe the state of forensic entomology in Algeria. The Laboratory of Entomology of the NICC is the only one of its kind in Algeria. It started its activities in 2010, consisting of two specialists. The main missions of the laboratory are estimation of the PMI by the analysis of entomological evidence, and determination if the body was moved. Currently, the laboratory is performing different tasks such as the expert work required by investigators to estimate the PMI using the insects. The estimation is performed by the accumulated degree days method (ADD) in most of the cases except for those where the cadaver is in dry decay. To assure the quality of the entomological evidence, crime scene personnel are trained by the laboratory of Entomology of the NICC. Recently, undergraduate and graduate students have been studying carrion ecology and insect activity in different geographic locations of Algeria using rabbits and wild boar cadavers as animal models. The Laboratory of Entomology of the NICC has also been involved in some of these research projects. Entomotoxicology experiments are also conducted with the collaboration of the Toxicology Department of the NICC. By dint of hard work that has been performed by the Laboratory of Entomology of the NICC, official bodies have been adopting more and more the use of entomological evidence in criminal investigations in Algeria, which is commendable. It is important, therefore, that steps are taken to fill in the gaps in the knowledge necessary for entomological evidence to have a useful future in criminal investigations in Algeria.

Keywords: forensic entomology, corpse, insects, postmortem interval, expertise, Algeria

Procedia PDF Downloads 382

Authors: Saule Mussabekova

Abstract:

Recent advances in genetics have allowed increasing acutely the capacities of the formation of reliable evidence in conducting forensic examinations. Thus, traces of biological origin are important sources of information about a crime. Currently, around the world, sexual offenses have increased, and among them are those in which the criminals use various detergents to remove traces of their crime. A feature of modern synthetic detergents is the presence of biological additives - enzymes. Enzymes purposefully destroy stains of biological origin. To study the nature and extent of the impact of modern washing powders on saliva stains on the physical evidence, specially prepared test specimens of different types of tissues to which saliva was applied have been examined. Materials and Methods: Washing machines of famous manufacturers of household appliances have been used with different production characteristics and advertised brands of washing powder for test washing. Over 3,500 experimental samples were tested. After washing, the traces of saliva were identified using modern research methods of forensic medicine. Results: The influence was tested and the dependence of the use of different washing programs, types of washing machines and washing powders in the process of establishing saliva trace and identify of the stains on the physical evidence while washing was revealed. The results of experimental and practical expert studies have shown that in most cases it is not possible to draw the conclusions in the identification of saliva traces on physical evidence after washing. This is a consequence of the effect of biological additives and other additional factors on traces of saliva during washing. Conclusions: On the basis of the results of the study, the feasibility of saliva traces of the stains on physical evidence after washing is established. The use of modern molecular genetic methods makes it possible to partially solve the problems arising in the study of unlaundered evidence. Additional study of physical evidence after washing facilitates detection and investigation of sexual offenses against women and children.

Keywords: saliva research, modern synthetic detergents, laundry detergents, forensic medicine

Procedia PDF Downloads 198

Authors: Vasudeva Murthy Challakere Ramaswamy

Abstract:

Background: Conventionally forensic pathology is learnt through autopsy demonstrations which carry various limitations such as unavailability of cases in the mortuary, medico-legal implication and infection. Over the years forensic pathology and science has undergone significant evolution in this digital world. Forensic imaging is a technology which can be effectively utilized for overcoming the current limitations in the undergraduate learning of forensic curriculum. Materials and methods: demonstration of forensic imaging was done using a novel technology of autopsy which has been recently introduced across the globe. Three sessions were conducted in international medical university for a total of 196 medical students. The innovative educational tool was evacuated by using quantitative questionnaire with the scoring scales between 1 to 10. Results: The mean score for acceptance of new tool was 82% and about 74% of the students recommended incorporation of the forensic imaging in the regular curriculum. 82% of students were keen on collaborative research and taking further training courses in forensic imaging. Conclusion: forensic imaging can be an effective tool and also a suitable alternative for teaching undergraduate students. This feedback also supports the fact that students favour the use of contemporary technologies in learning medicine.

Keywords: forensic imaging, forensic pathology, medical students, learning tool

Procedia PDF Downloads 460

Authors: Huilei Wang, Yuanfeng Wang

Abstract:

In the early period of China, economy developed rapidly at the cost of environment. Recently, it is generally recognized that the heavily polluted environment not only puts a brake on economic development but also paces negative impact on people’ health as well as probably next decades of generations. Accordingly, the latest Environmental Protection Law revised in 2014 makes a clear-cut division of environmental responsibility and regulates stricter penalties of breaching law. As the new environmental law is enforced gradually, environmental forensic is increasingly required in the process of ascertaining facts in judicial proceedings of environmental cases. Based on the outcomes of documentary analysis for all environmental cases judged on the basis of new environmental law, it is concluded that there still exists problems in present system of environmental forensic. Thus, this paper is aimed to make proposition on improving Chinese environmental forensic system, which involves: (i) promoting capability of environmental forensic system (EFS) to handle professional questions; (ii) develop price mechanism; (iii) multi-departments cooperate to establish unifying and complete EFS system;(iv) enhance the probative value of results of EFS. Such protocol for amending present regulation on environmental forensic is of significant importance because a quality report of environmental forensic will contributes to providing strong probative evidence of culprits’ activity of releasing contaminant into environment, degree of damages for victims and above all, causality between the behavior of public nuisance and damages.

Keywords: China, environmental cases, environmental forensic system, proposition

Procedia PDF Downloads 355

Authors: Fahad Alanazi, Andrew Jones

Abstract:

Digital forensics seeks to achieve the successful investigation of digital crimes through obtaining acceptable evidence from digital devices that can be presented in a court of law. Thus, the digital forensics investigation is normally performed through a number of phases in order to achieve the required level of accuracy in the investigation processes. Since 1984 there have been a number of models and frameworks developed to support the digital investigation processes. In this paper, we review a number of the investigation processes that have been produced throughout the years and introduce a proposed digital forensic model which is based on the scope of the Saudi Arabia investigation process. The proposed model has been integrated with existing models for the investigation processes and produced a new phase to deal with a situation where there is initially insufficient evidence.

Keywords: digital forensics, process, metadata, Traceback, Sauid Arabia

Procedia PDF Downloads 336

Authors: Avinash Malladhi

Abstract:

Forensic accounting is a specialized field that involves the application of accounting principles, investigative skills, and legal knowledge to detect and prevent fraud. With the rise of big data and technological advancements, artificial intelligence (AI) and machine learning (ML) algorithms have emerged as powerful tools for forensic accountants to enhance their fraud detection capabilities. In this paper, we review and analyze various AI/ML algorithms that are commonly used in forensic accounting, including supervised and unsupervised learning, deep learning, natural language processing Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), Support Vector Machines (SVMs), Decision Trees, and Random Forests. We discuss their underlying principles, strengths, and limitations and provide empirical evidence from existing research studies demonstrating their effectiveness in detecting financial fraud. We also highlight potential ethical considerations and challenges associated with using AI/ML in forensic accounting. Furthermore, we highlight the benefits of these technologies in improving fraud detection and prevention in forensic accounting.

Keywords: AI, machine learning, forensic accounting & fraud detection, anti money laundering, Benford's law, fraud triangle theory

Procedia PDF Downloads 67

Authors: Ali Alshumrani, Nathan Clarke, Bogdan Ghite, Stavros Shiaeles

Abstract:

Digital forensics has become an essential tool in the investigation of cyber and computer-assisted crime. Arguably, given the prevalence of technology and the subsequent digital footprints that exist, it could have a significant role across almost all crimes. However, the variety of technology platforms (such as computers, mobiles, Closed-Circuit Television (CCTV), Internet of Things (IoT), databases, drones, cloud computing services), heterogeneity and volume of data, forensic tool capability, and the investigative cost make investigations both technically challenging and prohibitively expensive. Forensic tools also tend to be siloed into specific technologies, e.g., File System Forensic Analysis Tools (FS-FAT) and Network Forensic Analysis Tools (N-FAT), and a good deal of data sources has little to no specialist forensic tools. Increasingly it also becomes essential to compare and correlate evidence across data sources and to do so in an efficient and effective manner enabling an investigator to answer high-level questions of the data in a timely manner without having to trawl through data and perform the correlation manually. This paper proposes a Unified Forensic Analysis Tool (U-FAT), which aims to establish a common language for electronic information and permit multi-source forensic analysis. Core to this approach is the identification and development of forensic analyses that automate complex data correlations, enabling investigators to investigate cases more efficiently. The paper presents a systematic analysis of major crime categories and identifies what forensic analyses could be used. For example, in a child abduction, an investigation team might have evidence from a range of sources including computing devices (mobile phone, PC), CCTV (potentially a large number), ISP records, and mobile network cell tower data, in addition to third party databases such as the National Sex Offender registry and tax records, with the desire to auto-correlate and across sources and visualize in a cognitively effective manner. U-FAT provides a holistic, flexible, and extensible approach to providing digital forensics in technology, application, and data-agnostic manner, providing powerful and automated forensic analysis.

Keywords: digital forensics, evidence correlation, heterogeneous data, forensics tool

Procedia PDF Downloads 173

Authors: Bagus Hanindhito, Fariz Azmi Pratama, Ulfah Nadiya

Abstract:

Nowadays, digital system including, but not limited to, computer and internet have penetrated the education system widely. Critical information such as students’ academic records is stored in a server off- or on-campus. Although several countermeasures have been taken to protect the vital resources from outsider attack, the defense from insiders threat is not getting serious attention. At the end of 2017, a security incident that involved academic information system in one of the most respected universities in Indonesia affected not only the reputation of the institution and its academia but also academic integrity in Indonesia. In this paper, we will explain our efforts in investigating this security incident where we have implemented a novel rapid evidence remote acquisition method in high-availability server and storage system thus our data collection efforts do not disrupt the academic information system and can be conducted remotely minutes after incident report has been received. The acquired evidence is analyzed during digital forensic by constructing the model of the system in an isolated environment which allows multiple investigators to work together. In the end, the suspect is identified as a student (insider), and the investigation result is used by prosecutors to charge the suspect as an academic crime.

Keywords: academic information system, academic crime, digital forensic, high-availability server and storage, rapid evidence remote acquisition, security incident

Procedia PDF Downloads 131

Authors: Samara A. Testoni, Vander F. Melo, Lorna A. Dawson, Fabio A. S. Salvador

Abstract:

Soil traces are useful as forensic evidence due to their potential to transfer and adhere to different types of surfaces on a range of objects or persons. The great variability expressed by soil physical, chemical, biological and mineralogical properties show soil traces as complex mixtures. Soils are continuous and variable, no two soil samples being indistinguishable, nevertheless, the complexity of soil characteristics can provide powerful evidence for comparative forensic purposes. This work aimed to establish a Standard Operating Procedure (SOP) for forensic soil analysis in Brazil. We carried out a simulated crime scene with double blind sampling to calibrate the sampling procedures. Samples were collected at a range of locations covering a range of soil types found in South of Brazil: Santa Candida and Boa Vista, neighbourhoods from Curitiba (State of Parana) and in Guarani and Guaraituba, neighbourhoods from Colombo (Curitiba Metropolitan Region). A previously validated sequential analyses of chemical, physical and mineralogical analyses was developed in around 2 g of soil. The suggested SOP and the sequential range of analyses were effective in grouping the samples from the same place and from the same parent material together, as well as successfully discriminated samples from different locations and originated from different rocks. In addition, modifications to the sample treatment and analytical protocol can be made depending on the context of the forensic work.

Keywords: clay mineralogy, forensic soils analysis, sequential analyses, kaolinite, gibbsite

Procedia PDF Downloads 230

Authors: Agria Rhamdhan

Abstract:

WhatsApp as the most popular mobile messaging app has been used as evidence in many criminal cases. As the use of mobile messages generates large amounts of data, forensic investigation faces the challenge of large data problems. The hardest part of finding this important evidence is because current practice utilizes tools and technique that require manual analysis to check all messages. That way, analyze large sets of mobile messaging data will take a lot of time and effort. Our work offers methodologies based on forensic triage to reduce large data to manageable sets resulting easier to do detailed reviews, then show the results through interactive visualization to show important term, entities and relationship through intelligent ranking using Term Frequency-Inverse Document Frequency (TF-IDF) and Latent Dirichlet Allocation (LDA) Model. By implementing this methodology, investigators can improve investigation processing time and result's accuracy.

Keywords: forensics, triage, visualization, WhatsApp

Procedia PDF Downloads 151

Authors: William C. Bracken

Abstract:

This paper discusses the forensic investigation of a fatality-involved catastrophic structure collapse and the special challenges faced when tasked with directing such an effort. While this paper discusses the investigation’s findings and the outcome of the event; this paper’s primary focus is on the challenges faced directing a forensic investigation that requires coordinating with governmental oversight while also having to accommodate multiple parties’ investigative teams. In particular the challenges discussed within this paper included maintaining on-site safety and operations while accommodating outside investigator’s interests. In addition this paper discusses unique challenges that one may face such as what to do about unethical conduct of interested party’s investigative teams, “off the record” sharing of information, and clandestinely transmitted evidence.

Keywords: catastrophic structure collapse, collapse investigation, Jacksonville parking garage collapse, forensic investigation

Procedia PDF Downloads 336

Authors: Zainurrasyid Abdullah, Mohamed Fadzlee Sulaiman, Muhammad Fadzlan Zainal, M. Zabri Adil Talib, Aswami Fadillah M. Ariffin

Abstract:

The Onion Router (Tor) browser is a well-known tool and widely used by people who seeking for web anonymity when browsing the internet. Criminals are taking this advantage to be anonymous over the internet. Accessing the dark web could be the significant reason for the criminal in order for them to perform illegal activities while maintaining their anonymity. For a digital forensic analyst, it is crucial to extract the trail of evidence in proving that the criminal’s computer has used Tor browser to conduct such illegal activities. By applying the digital forensic methodology, several techniques could be performed including application analysis, memory analysis, and registry analysis. Since Windows 10 is the latest operating system released by Microsoft Corporation, this study will use Windows 10 as the operating system platform that running Tor browser. From the analysis, significant artifacts left by Tor browser were discovered such as the execution date, application installation date and browsing history that can be used as an evidence. Although Tor browser was designed to achieved anonymity, there is still some trail of evidence can be found in Windows 10 platform that can be useful for investigation.

Keywords: artifacts analysis, digital forensics, forensic analysis, memory analysis, registry analysis, tor browser, Windows 10

Procedia PDF Downloads 150

Authors: Ariq Bani Hardi

Abstract:

Empowerment of smartphone technology is growing very rapidly in various fields of science. One of the mobile operating systems that dominate the smartphone market today is Android by Google. Unfortunately, the expansion of mobile technology is misused by criminals to hide the information that they store or exchange with each other. It makes law enforcement more difficult to prove crimes committed in the judicial process (anti-forensic). One of technique that used to hide the information is encryption, such as the usages of SMS encryption applications. A Mobile Forensic Examiner or an investigator should prepare a countermeasure technique if he finds such things during the investigation process. This paper will discuss an extension procedure if the investigator found unreadable SMS in android evidence because of encryption. To define the extended procedure, we create and analyzing a dataset of android SMS encryption application. The dataset was grouped by application characteristics related to communication permissions, as well as the availability of source code and the documentation of encryption scheme. Permissions indicate the possibility of how applications exchange the data and keys. Availability of the source code and the encryption scheme documentation can show what the cryptographic algorithm specification is used, how long the key length, how the process of key generation, key exchanges, encryption/decryption is done, and other related information. The output of this paper is an extended or alternative procedure for examination and analysis process of android digital forensic. It can be used to help the investigators while they got a confused cause of SMS encryption during examining and analyzing. What steps should the investigator take, so they still have a chance to discover the encrypted SMS in android evidence?

Keywords: anti-forensic countermeasure, SMS encryption android, examination and analysis, digital forensic

Procedia PDF Downloads 117

Authors: Kyu-Jeoung Lee, Jae-Uk Choo

Abstract:

This paper focuses on investigating The Strange Case of Dr Jekyll and Mr Hyde from Utterson’s point of view, referring to: Gabriel John Utterson, a central character in the book. Utterson is no different from a forensic investigator, as he tries to collect evidence on the mysterious Mr. Hyde’s relationship to Dr. Jekyll. From Utterson's perspective, Jekyll is the 'victim' of a potential scandal and blackmail, and Hyde is the 'suspect' of a possible 'crime'. Utterson intends to figure out Hyde's identity, connect his motive with his actions, and gather witness accounts. During Utterson’s quest, the outside materials available to him along with the social backgrounds of Hyde and Jekyll will be analyzed. The archives left from Jekyll’s chamber will also play a part providing evidence. Utterson will investigate, based on what he already knows about Jekyll his whole life, and how Jekyll had acted in his eyes until he was gone, and finding out possible explanations for Jekyll's actions. The relationship between Jekyll and Hyde becomes the major question, as the social background offers clues pointing in the direction of illegitimacy and prostitution. There is still a possibility that Jekyll and Hyde were, in fact, completely different people. Utterson received a full statement and confession from Jekyll himself at the end of the story, which gives the reader the possible truth on what happened. Stevenson’s Dr. Jekyll and Mr. Hyde led readers, as it did Utterson, to find the connection between Hyde and Jekyll using methods of history, culture, and science. Utterson's quest to uncover Hyde shows an example of applying the various fields to in his act to see if Hyde's inheritance was legal. All of this taken together could technically be considered forensic investigation.

Keywords: Dr. Jekyll and Mr. Hyde, forensic investigation, illegitimacy, prostitution, Robert Louis Stevenson

Procedia PDF Downloads 188

Authors: Sudhir K. Gupta

Abstract:

Introduction: When a forensic doctor determines that a suspicious death is a suicide, homicide, or accident, the decision virtually becomes incontestable by the investigating police officer, and it becomes an issue whether the medical opinion was created with necessary checks and balances on the other probabilities of the case. It is suggested that the opinion of Forensic Medical experts is conventional, mutable, and shifting from one expert to another. The determination of suicide, accident, or homicide is mandatorily required, which is the Gold Standard for conducting death investigations. Forensic investigations serve many audiences, but the court is by far the most critical. The likely questions on direct and cross-examination determine how forensic doctors gather and handle evidence and what conclusions they reach. Methodology: The author interacted with the investigative authority, and a crime scene visit was also done along with the perusal of the Postmortem report, subsequent opinion, and crime scene photographs and statements of the witness and accused. Further analysis of all relevant scientific documents and opinions of other forensic doctors, forensic scientists, and ballistic experts involved in these cases was done to arrive at an opinion with scientific justification. Findings: The opinions arrived at by the author and how they helped the judiciary in delivering justice in these cases have been discussed in this article. This can help the readers to understand the process involved in formulating a credible forensic medical expert opinion for investigators and the judiciary. Conclusion: A criminal case might be won or lost over doubt cast on the chain of custody. Medically trained forensic doctors, therefore, learn to practice their profession in legally appropriate ways, and opinions must be based on medical justifications with credible references.

Keywords: forensic doctor, professional credibility, investigation, expert opinion

Procedia PDF Downloads 61

Authors: Marcus Smith

Abstract:

DNA profiling has made a valuable contribution to criminal investigations over the past thirty years. Direct matching DNA profiles from a crime scene and suspect, or between a suspect and a database remain of great importance to crimes such as murder, assault, and property theft. As scientific and technological advancement continues, a wide range of new DNA profiling applications has been developed. The application of new techniques involves an interesting balancing act between admitting probative evidence in a criminal trial, evaluating its degree of relevance and validity, and limiting its prejudicial impact. The impact of new DNA profiling applications that have significant implications for law enforcement and the legal system can be evaluated through a review of relevant case law, legislation and the latest empirical evidence from jurisdictions around the world including the United States, United Kingdom, and Australia. There are benefits in further examining the implications of these new developments, including how the criminal law can best be adapted to ensure that new technology is used to enhance criminal investigation and prosecution while ensuring it is applied in a measured way that respects individual rights and maintains principles of fairness enshrined in the legal system.

Keywords: criminal procedure, forensic evidence, DNA profiling, familial searching, phenotyping

Procedia PDF Downloads 119

Authors: Jamila Garba Audu, Peter Adamu

Abstract:

This study investigates the role of forensic accounting in the fight against corruption in Nigeria for better utilization of public funds and economic growth and development of the Country. We adopted a trend analysis to show the performance of the Nigerian economy as well as the quality of institutions which government economic and political activities in the country. It is an established fact that Nigeria has performed badly since the 1960s to date in terms of institutional quality and economic development despite large amount of money obtained from the export of crude oil. It was revealed also that the fight against corruption has not been very successful in recent times because experts in the field of forensic accounting have not been utilized. With the successes recorded in dealing with fraud and embezzlement using forensic accounting, it has become imperative for the EFCC to use forensic accountants in the fight against corruption in the country. Also, there is the need to introduce very seriously, the teaching of forensic accounting in Nigerian Universities to train experts.

Keywords: corruption, economic performance, forensic accounting, Nigeria

Procedia PDF Downloads 351

Authors: Venkata Venugopal Rao Gudlur

Abstract:

The Proposed Policies referred to as “SOP”, on the Internet of Things (IoT) based Forensic Investigation into Process Management is the latest revolution to save time and quick solution for investigators. The forensic investigation process has been developed over many years from time to time it has been given the required information with no policies in investigation processes. This research reveals that the current IoT based forensic investigation into Process Management based is more connected to devices which is the latest revolution and policies. All future development in real-time information on gathering monitoring is evolved with smart sensor-based technologies connected directly to IoT. This paper present conceptual framework on process management. The smart devices are leading the way in terms of automated forensic models and frameworks established by different scholars. These models and frameworks were mostly focused on offering a roadmap for performing forensic operations with no policies in place. These initiatives would bring a tremendous benefit to process management and IoT forensic investigators proposing policies. The forensic investigation process may enhance more security and reduced data losses and vulnerabilities.

Keywords: Internet of Things, Process Management, Forensic Investigation, M2M Framework

Procedia PDF Downloads 82

Authors: Gigih Supriyatno

Abstract:

SQL injection is one of the most common types of attacks and has a very critical impact on web servers. In the worst case, an attacker can perform post-exploitation after a successful SQL injection attack. In the case of forensics web servers, web server analysis is closely related to log file analysis. But sometimes large file sizes and different log types make it difficult for investigators to look for traces of attackers on the server. The purpose of this paper is to help investigator take appropriate steps to investigate when the web server gets attacked. We use attack scenarios using SQL injection attacks including PHP backdoor injection as post-exploitation. We perform post-mortem analysis of web server logs based on Hypertext Transfer Protocol (HTTP) POST and HTTP GET method approaches that are characteristic of SQL injection attacks. In addition, we also propose structured analysis method between the web server application log file, database application, and other additional logs that exist on the webserver. This method makes the investigator more structured to analyze the log file so as to produce evidence of attack with acceptable time. There is also the possibility that other attack techniques can be detected with this method. On the other side, it can help web administrators to prepare their systems for the forensic readiness.

Keywords: web forensic, SQL injection, investigation, web shell

Procedia PDF Downloads 134

Authors: Eglė Bilevičiūtė, Vidmantas Egidijus Kurapka, Snieguolė Matulienė, Sigutė Stankevičiūtė

Abstract:

The Council of European Union (EU Council) has stressed on several occasions the need for a concerted, comprehensive and effective solution to delinquency problems in EU communities. In the context of establishing a European Forensic Science Area and the development of forensic science infrastructure in Europe, EU Council believes that forensic science can significantly contribute to the efficiency of law enforcement, crime prevention and combating crimes. Lithuanian scientists have consolidated to implement a project named “Conception of the vision for European Forensic Science 2020 implementation in Lithuania” (the project is funded for the period of 1 March 2014 - 31 December 2016) with the objective to create a conception of implementation of the vision for European Forensic Science 2020 in Lithuania by 1) evaluating the current status of Lithuania’s forensic system and opportunities for its improvement; 2) analysing achievements and knowledge in investigation of crimes listed in conclusions of EU Council on the vision for European Forensic Science 2020 including creation of a European Forensic Science Area and the development of forensic science infrastructure in Europe: trafficking in human beings, organised crime and terrorism; 3) analysing conceptions of criminalistics, which differ in different EU member states due to the variety of forensic schools, and finding means for their harmonization. Apart from the conception of implementation of the vision for European Forensic Science 2020 in Lithuania, the project is expected to suggest provisions that will be relevant to other EU countries as well. Consequently, the presented conception of implementation of vision for European Forensic Science 2020 in Lithuania could initiate a project for a common vision of European Forensic Science and contribute to the development of the EU as an area of freedom, security and justice. The article presents main ideas of the project of the conception of the vision for European Forensic Science 2020 of EU Council and analyses its legal background, as well as prospects of and challenges for its implementation in Lithuania and the EU.

Keywords: EUROVIFOR, standardization, vision for European Forensic Science 2020, Lithuania

Procedia PDF Downloads 386