DOCSLIB.ORG

Social Network Forensics: Evidence Extraction Tool Capabilities

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Social Network Forensics: Evidence Extraction Tool Capabilities Social Network Forensics: Evidence Extraction Tool Capabilities JUNG SON MNZCS, Postgrad Dip. Computing (UNITEC, NZ), Dip. InfoTech (AUT, NZ), Cert. Computing (AUT, NZ) A thesis submitted to the graduate faculty of Design and Creative Technologies AUT University in partial fulfilment of the requirements for the degree of Masters of Forensic Information Technology School of Computing and Mathematical Sciences Auckland, New Zealand 2012 Declaration I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which to a substantial extent has been accepted for the qualification of any other degree or diploma of a University or other institution of higher learning, except where due acknowledgement is made in the acknowledgements. .......................................... Signature ii Acknowledgements The thesis was completed at the Faculty of Design and Creative Technologies in the school of Computing and Mathematical Sciences at AUT University, New Zealand. This research task has been completed with the insight, support, practical assistance and guidance from many people: Firstly, I would like to thank my family. My master’s degree journey has been possible and even pleasurable due to the enthusiasm and goodwill of all my extended family. In particular, my wife Hi Sung has been unfailingly cheerful in organising her availability to suit my study commitments. My parents, Tiger and Jenny, and brother, Sam, have provided much-needed additional mental support, along with their interest and encouragement. I have been lucky with an exemplary supervision experience through out my master’s degree programme at AUT University. I would like to show my gratitude to my supervisor Dr Brian Cusack. Dr Cusack has guided me with precision, encouragement, humour and compassion. He provided me with a clear framework for the thesis construction, and supports me with tools and intellectual space to bring my ideas alive. I would also like to show my gratitude to the software vendors who provided free trial access to their software with extended period of time, including: John Bradley at SiQuest Corporation, Jad Saliba from JADsoftware. Their generous contributions have been invaluable to me and this research would not have been possible without this resource. My dear colleagues have had to tolerate my unavailability for much of the past one year, and to fit in with my very limited social/work calendar. My heartfelt thanks to my boss Rob Martindale, who has provided his professional interest, unconditional support, and encouragements. I would like to extend my gratitude to my quality reviewer Peter Wilson. In writing my thesis, I have received generous advice from Peter Wilson, who agreed to provide me with assistant in proof reading of my lengthy thesis with helping track down grammatical errors. Peter provided stimulating discussions, challenging questions, and many exciting debates in my chosen area of Social Network Forensic research. Lastly, thank you to my fellow student Tom Laurenson for his friendship, inspiration and continued ideas and enthusiasm. iii Abstract The introduction of Social Networking Sites (SNSs) in recent years caused an explosion in consumer participation and these sites now attract hundreds of millions of users from around the world. Likewise, blogs and wikis are increasingly popular Web 2.0 venues that can evolve into formal communities of interest, providing significant knowledge-sharing and learning opportunities. Used appropriately, these venues therefore represent a valuable public space. Unfortunately, because a majority of the users of these sites are young people, the sites also tend to attract online predators and others who would exploit the sites. It is opportune to review and test the capability of different Digital Forensic tools that have practical application in the extraction of potential evidence from SNSs such as FacebookTM, TwitterTM, LinkedIn and Google+TM, in the event of criminal activity. This research evaluates evidence extraction tools in a systematic and forensically sound manner and based on the findings of the literature review in this research, to measure the capability of extracting evidence from SNSs in different test scenarios. The research question underpinning this research asks whether the existing digital forensic tools have enable forensic investigators to enhance investigative process, and what features there are in each tool that can collect evidence from SNSs. This research will explore evidence extraction tool capabilities by posing the following main research question: What are the capabilities of the 3 chosen tools to collect and analyse evidence from Social Networking Sites in a digital forensic investigation? There are volumes of blog articles and ACM publications on social network technologies that reflect research in a full range of related topics. However, although there is a large body of literature on social networks generated since 2009, there are only a few articles on forensics in SNSs. The available literature is concerned with the impact of social networking on society in general, rather than how to find evidence from social networking sites. In the proposed research, a samples of three software tools are evaluated for capability after a thorough review from literature about the available tools. A simulated social networking site is constructed in a controlled environment, and then iv stress-tested. The three selected tools are used to extract social network chat or web pages from allocated space on a hard disk partition, from unallocated space, and generated log data. Each tool is assessed for scope and capability. Advice on best practice for compliance with forensic data acquisition principles can be made based on performance. These outcomes can contribute to gaps in the current literature on conducting digital forensics investigation for SNSs. The research found that evidence extraction from SNSs is complex as evidence is typically not saved on the hard drive, and artifacts are stored in many different places, depending on a number of variables. Given that the data exchange in question creates largely volatile data for which no guarantee of later data retrieval is given, all tools attempting to recover SNS data as evidence meet this condition as a fundamental constraint. There is no guarantee of the survivability of data created during user interaction with SNSs. Field testing results shows that some tools can extract Facebook Chat messages but no other details, some tools could recover send dates and times for chat messages as well as users ID, and detailed messages. The research testing results provide an understanding of the capability of the evidence extraction tools. The findings help the forensic examiner determine the accuracy and effectiveness they can expect when they need to use a particular tool. The tools evaluated in this research, for their strengths and weaknesses, can dramatically improve the efficiency of a knowledgeable forensic examiner. The research findings presented may be valuable for law enforcement agents and digital forensic investigators in identifying current issues and limitations of the tools, and for software vendors to recognise the limitations of the tools, so that they can improve the tools for better extraction capability. It is hoped that the research findings may contribute to the future development of a social network artifact extraction tool, or to the enhancement of existing tools. v Table of Contents Declaration ........................................................................................................................... ii Acknowledgements ............................................................................................................. iii Abstract ................................................................................................................................ iv List of Figures ...................................................................................................................... xi List of Abbreviations ........................................................................................................ xiii Chapter One - Introduction 1.0 Background .................................................................................................................... 1 1.1 Motivation ..................................................................................................................... 3 1.2 Structure of Thesis ......................................................................................................... 4 Chapter Two - Literature Review 2.0 Introduction ................................................................................................................... 7 2.1 Social networking sites .................................................................................................. 8 2.1.1 Characteristics of Social Networking Sites ........................................................ 11 2.1.2 The modern media of Social Networking Sites and cultural factors ................. 12 2.1.3 Social Networking Site Usage by Country ........................................................ 13 2.2 Overview of Digital forensics environment ................................................................ 16 2.2.1 Digital Forensics ...............................................................................................
Load more

Recommended publications
  • Part 1 Digital Forensics Module Jaap Van Ginkel Silvio Oertli
    Part 1 Digital Forensics Module Jaap van Ginkel Silvio Oertli July 2016 Agenda • Part 1: Introduction – Definitions / Processes • Part 2: Theory in Practice – From planning to presentation • Part 3: Live Forensics – How to acquire a memory image – Investigate the image • Part 4: Advanced Topics – Tools – Where to go from here – And more 2 Disclaimer§ • A one or two-day course on forensics will not make you a forensics expert. – Professionals spend most of their working time performing forensic analysis and thus become an expert. • All we can offer is to shed some light on a quickly developing and broad field and a chance to look at some tools. • We will mostly cover Open Source Forensic Tools. 3 Introduction Forensics in History 4 Forensics – History 2000 BC 1200 BC 5 Introduction Definitions / Processes 6 Forensics – The Field digital forensics Computer Forensics Disk Forensics Mobil Forensics Memory Forensics Datenbase Forensics Live Forensics Network Forensics 7 Forensics - Definition • Digital Forensics [1]: – Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. • Computer Forensics [2]: – Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. 8 Forensics - Definitions • Network Forensics [3]: – Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.[1] Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information.
    [Show full text]
  • Digital Forensics Based Analysis of Mobile Phones
    Journal of Android and IOS Applications and Testing Volume 4 Issue 3 Digital Forensics Based Analysis of Mobile Phones Pooja V Chavan PG Student, Department of Computer Engineering, K. J. Somaiya College of Engineering, Mumbai, Maharashtra, India Email: [email protected] DOI: Abstract Now-a-day’s ratio of mobile phone is increasing day by day. Digital forensics methodology is use to recover and investigate data that found in a digital devices. Mobile phone usage is more that’s why not only judicial events occurred but also mobile forensics and subdivision of digital forensics are emerged. Some hardware and software are used for mobile phone investigations. Keywords: Digital forensics, digital devices, mobile phone INTRODUCTION because electronic device have a variety of Forensic science’s subdivision is a digital different operating system, technology, forensic, is a one type of process. The storage structure, Features. First identify main objective of this process to find the crime after that digital forensic work evidence in digital devices [1]. Digital on four important steps (Figure 1): forensics are used for the analysis of data, such as audio, video, pictures, etc. After • Collection: The collected of evidence the analysis of electronic devices data that like fingerprints, broken fingernails help for legal process. The usage of blood and body fluids. advanced technology is increasing rapidly. • Examination: The examination of Electronic device have a variety of product process is depending on evidence. like tablet, flash memory, memory card, • Analysis: The crime scenes obtain SD card, etc. When forensic analysis is different digital evidence, analysis is performed at that time data should be done on storage evidence this secure.
    [Show full text]
  • Current and Future Trends in Mobile Device Forensics: a Survey
    Current and Future Trends in Mobile Device Forensics: A Survey KONSTANTIA BARMPATSALOU, TIAGO CRUZ, EDMUNDO MONTEIRO, and PAULO SIMOES, Centre for Informatics and Systems of the University of Coimbra, Department of Informatics (CISUC/DEI), University of Coimbra, Portugal Contemporary mobile devices are the result of an evolution process, during which computational and networking capabilities have been continuously pushed to keep pace with the constantly growing workload requirements. This has allowed devices such as smartphones, tablets and Personal Digital Assistants (PDAs) to perform increasingly complex tasks, up to the point of efficiently replacing traditional options such as desktop computers and notebooks. However, due to their portability and size, these devices are more prone to theft, to become compromised or to be exploited for attacks and other malicious activity. The need for investigation of the aforementioned incidents resulted in the creation of the Mobile Forensics (MF) discipline. MF, a sub-domain of Digital Forensics (DF), is specialized in extracting and processing evidence from mobile devices in such a way that attacking entities and actions are identified and traced. Beyond its primary research interest on evidence acquisition from mobile devices, MF has recently expanded its scope to encompass the organized and advanced evidence representation and analysis of future malicious entity behavior. Nonetheless, data acquisition still remains its main focus. While the field is under continuous research activity, new concepts such as the involvement of Cloud Computing in the MF ecosystem and the evolution of enterprise mobile solutions – particularly Mobile Device Management (MDM) and Bring Your Own Device (BYOD) – bring new opportunities and issues to the discipline.
    [Show full text]
  • A User-Oriented Network Forensic Analyser: the Design of a High- Level Protocol Analyser
    Edith Cowan University Research Online Australian Digital Forensics Conference Conferences, Symposia and Campus Events 2014 A user-oriented network forensic analyser: The design of a high- level protocol analyser D Joy Plymouth University F Li Plymouth University N L. Clarke Edith Cowan University S M. Furnell Edith Cowan University Follow this and additional works at: https://ro.ecu.edu.au/adf Part of the Computer Engineering Commons, and the Information Security Commons DOI: 10.4225/75/57b3e511fb87f 12th Australian Digital Forensics Conference. Held on the 1-3 December, 2014 at Edith Cowan University, Joondalup Campus, Perth, Western Australia. This Conference Proceeding is posted at Research Online. https://ro.ecu.edu.au/adf/135 A USER-ORIENTED NETWORK FORENSIC ANALYSER: THE DESIGN OF A HIGH-LEVEL PROTOCOL ANALYSER D. Joy1, F. Li1, N.L. Clarke1,2 and S.M. Furnell1,2 1Centre for Security, Communications and Network Research (CSCAN) Plymouth University, Plymouth, United Kingdom 2Security Research Institute, Edith Cowan University, Western Australia [email protected] Abstract Network forensics is becoming an increasingly important tool in the investigation of cyber and computer- assisted crimes. Unfortunately, whilst much effort has been undertaken in developing computer forensic file system analysers (e.g. Encase and FTK), such focus has not been given to Network Forensic Analysis Tools (NFATs). The single biggest barrier to effective NFATs is the handling of large volumes of low-level traffic and being able to exact and interpret forensic artefacts and their context – for example, being able extract and render application-level objects (such as emails, web pages and documents) from the low-level TCP/IP traffic but also understand how these applications/artefacts are being used.
    [Show full text]
  • Purpose of Computer and Network Forensics
    Purpose of Computer and Network Forensics Table of Contents Purpose of Computer and Network Forensics ................................................................................ 2 What Is Digital Forensics? ............................................................................................................... 3 Need for Digital Forensics -1 ........................................................................................................... 4 Need for Digital Forensics -2 ........................................................................................................... 6 Purpose of Digital Forensics ............................................................................................................ 8 Notices .......................................................................................................................................... 12 Page 1 of 12 Purpose of Computer and Network Forensics Purpose of Computer and Network Forensics 4 **004 Okay. So we'll start out with the purpose of computer and network forensics. Page 2 of 12 What Is Digital Forensics? What Is Digital Forensics? As defined in NIST Guide to Integrating Forensic Techniques into Incident Response: “Application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data” Also known as or called computer forensics and network forensics, and includes mobile device forensics All better called one term: Digital
    [Show full text]
  • Graduate Prospectus2014 Institute of Space Technology
    Graduate Prospectus2014 Institute of Space Technology we HELP YOU ACHIEVE YOUR AMBITIONS P R O S P E C T U S 2 141 INSTITUTE OF SPACE TECHNOLOGY w w w . i s t . e d u . p k To foster intellectual and economic vitality through teaching, research and outreach in the field of Space Science & Technology with a view to improve quality of life. www.ist.edu.pk 2 141 P R O S P E C T U S INSTITUTE OF SPACE TECHNOLOGY CONTENTS Welcome 03 Location 04 Introduction 08 The Institute 09 Facilities 11 Extra Curricular Activities 11 Academic Programs 15 Department of Aeronautics and Astronautics 20 Local MS Programs 22 Linked Programs with Beihang University 31 Linked Programs with Northwestern Polytechnic University 49 Department of Electrical Engineering 51 Local MS Programs 53 Linked Programs with University of Surrey 55 Department of Materials Science & Engineering 72 Department of Mechanical Engineering 81 Department of Remote Sensing & Geo-information Science 100 w w w . i s t . e d u . p k Department of Space Science 106 ORIC 123 Admissions 125 Fee Structure 127 Academic Regulations 130 Faculty 133 Administration 143 Location Map 145 1 20 P R O S P E C T U S 2 141 INSTITUTE OF SPACE TECHNOLOGY w w w . i s t . e d u . p k 2 141 P R O S P E C T U S INSTITUTE OF SPACE TECHNOLOGY Welcome Message Vice Chancellor The Institute of Space Technology welcomes all the students who aspire to enhance their knowledge and specialize in cutting edge technologies.
    [Show full text]
  • Forensic Investigation of P2P Cloud Storage Services and Backbone For
    Forensic investigation of P2P cloud storage services and backbone for IoT networks : BitTorrent Sync as a case study Yee Yang, T, Dehghantanha, A, Choo, R and Yang, LK http://dx.doi.org/10.1016/j.compeleceng.2016.08.020 Title Forensic investigation of P2P cloud storage services and backbone for IoT networks : BitTorrent Sync as a case study Authors Yee Yang, T, Dehghantanha, A, Choo, R and Yang, LK Type Article URL This version is available at: http://usir.salford.ac.uk/id/eprint/40497/ Published Date 2016 USIR is a digital collection of the research output of the University of Salford. Where copyright permits, full text material held in the repository is made freely available online and can be read, downloaded and copied for non-commercial private study or research purposes. Please check the manuscript for any further copyright restrictions. For more information, including our policy and submission procedure, please contact the Repository Team at: [email protected]. Note: This is authors accepted copy – for final article please refer to International Journal of Computers & Electrical Engineering Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study 1 2 3 1 Teing Yee Yang , Ali Dehghantanha , Kim-Kwang Raymond Choo , Zaiton Muda 1 Department of Computer Science, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia 2 The School of Computing, Science & Engineering, Newton Building, University of Salford, Salford, Greater Manchester, United Kingdom 3 Information Assurance Research Group, University of South Australia, Adelaide, South Australia, Australia. Abstract Cloud computing has been regarded as the technology enabler for the Internet of Things (IoT).
    [Show full text]
  • The State of the Art Forensic Techniques in Mobile Cloud Environment: a Survey, Challenges and Current Trends
    The State of the Art Forensic Techniques in Mobile Cloud Environment: A Survey, Challenges and Current Trends Muhammad Faheem School of Computer Science and informatics University College Dublin Dublin, Ireland [email protected] M-Tahar Kechadi School of Computer Science and informatics University College Dublin Dublin, Ireland [email protected] Nhien-An Le-Khac School of Computer Science and informatics University College Dublin Dublin, Ireland [email protected] Abstract: Smartphones have become popular in recent days due to the accessibility of a wide range of applications. These sophisticated applications demand more computing resources in a resource constraint smartphone. Cloud computing is the motivating factor for the progress of these applications. The emerging mobile cloud computing introduces a new architecture to offload smartphone and utilize cloud computing technology to solve resource requirements. The popularity of mobile cloud computing is an opportunity for misuse and unlawful activities. Therefore, it is a challenging platform for digital forensic investigations due to the non-availability of methodologies, tools and techniques. The aim of this work is to analyze the forensic tools and methodologies for crime investigation in a mobile cloud platform as it poses challenges in proving the evidence. The advancement of forensic tools and methodologies are much slower than the current technology development in mobile cloud computing. Thus, forces the available tools, and techniques become increasingly obsolete. Therefore, it opens up the door for the new forensic tools and techniques to cope up with recent developments. Hence, this work presents a detailed survey of forensic methodology and corresponding issues in a mobile device, cloud environment, and mobile cloud applications.
    [Show full text]
  • Packet Analysis for Network Forensics: a Comprehensive Survey
    Edith Cowan University Research Online ECU Publications Post 2013 1-1-2020 Packet analysis for network forensics: A comprehensive survey Leslie F. Sikos Edith Cowan University Follow this and additional works at: https://ro.ecu.edu.au/ecuworkspost2013 Part of the Physical Sciences and Mathematics Commons 10.1016/j.fsidi.2019.200892 Sikos, L. F. (2020). Packet analysis for network forensics: a comprehensive survey. Forensic Science International: Digital Investigation, 32, Article 200892. https://doi.org/10.1016/j.fsidi.2019.200892 This Journal Article is posted at Research Online. https://ro.ecu.edu.au/ecuworkspost2013/7605 Forensic Science International: Digital Investigation 32 (2020) 200892 Contents lists available at ScienceDirect Forensic Science International: Digital Investigation journal homepage: www.elsevier.com/locate/fsidi Packet analysis for network forensics: A comprehensive survey Leslie F. Sikos Edith Cowan University, Australia article info abstract Article history: Packet analysis is a primary traceback technique in network forensics, which, providing that the packet Received 16 May 2019 details captured are sufficiently detailed, can play back even the entire network traffic for a particular Received in revised form point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized 27 August 2019 website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, Accepted 1 October 2019 email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of Available online xxx packet analysis, including deep packet inspection, in network forensics, and provides a review of AI- powered packet analysis methods with advanced network traffic classification and pattern identifica- Keywords: Packet analysis tion capabilities.
    [Show full text]
  • Network Forensics: Notions and Challenges
    Network Forensics: Notions and Challenges Ahmad Almulhem Computer Engineering Department King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia Tel: +966-3-860-7554, Fax: +966-3-860-3059 E-mail: [email protected] Abstract—Network forensics is an extension of the network section II. Then, the current practice in network forensics is security model which traditionally emphasizes prevention and presented in section III. In section IV, related technologies detection of network attacks. It addresses the need for dedicated are reviewed showing their connection to network forensics investigative capabilities in the current model to allow investi- gating malicious behavior in networks. It helps organizations and their limitations. Then, in section V, main challenges in in investigating outside and inside network attacks. It is also designing a network forensics infrastructure are highlighted. important for law enforcement investigations. In this paper, various aspects of network forensics are reviewed as well as II. BACKGROUND related technologies and their limitations. Also, challenges in A. Terminology deploying a network forensics infrastructure are highlighted. Index Terms—Network Forensics, Network Security, Computer The term network forensics was previously used in few con- Forensics, Computer Security texts without an official definition [3]. However, it generally refers to the collection and analysis of network data such as I. INTRODUCTION network traffic, firewall logs, IDS logs, etc. Technically, itisa When it comes to network security, organizations typically member of the already-existing and expanding field of digital use various products [1]. Generally, these products addresses forensics [4], [5]. In particular, it is concerned with digital security from two main perspectives; namely prevention and forensics in networked environments.
    [Show full text]
  • Forensic Science 1 Forensic Science
    Forensic science 1 Forensic science "Forensics" redirects here. For other uses, see Forensics (disambiguation). Forensic science Physiological sciences • Forensic anthropology • Forensic archaeology • Forensic odontology • Forensic entomology • Forensic pathology • Forensic botany • Forensic biology • DNA profiling • Bloodstain pattern analysis • Forensic chemistry • Forensic osteology Social sciences • Forensic psychology • Forensic psychiatry Forensic criminalistics • Ballistics • Ballistic fingerprinting • Body identification • Fingerprint analysis • Forensic accounting • Forensic arts • Forensic footwear evidence • Forensic toxicology • Gloveprint analysis • Palmprint analysis • Questioned document examination • Vein matching Digital forensics • Computer forensics • Forensic data analysis • Database forensics • Mobile device forensics • Network forensics • Forensic video • Forensic audio Related disciplines • Fire investigation Forensic science 2 • Fire accelerant detection • Forensic engineering • Forensic linguistics • Forensic materials engineering • Forensic polymer engineering • Forensic statistics • Forensic taphonomy • Vehicular accident reconstruction People • William M. Bass • George W. Gill • Richard Jantz • Edmond Locard • Douglas W. Owsley • Werner Spitz • Auguste Ambroise Tardieu • Juan Vucetich Related articles • Crime scene • CSI effect • Perry Mason syndrome • Pollen calendar • Skid mark • Trace evidence • Use of DNA in forensic entomology • v • t [1] • e Forensic science is the scientific method of gathering and examining
    [Show full text]
  • Digital Forensics: Operational, Legal and Research Issues
    DIGITAL FORENSICS: OPERATIONAL, LEGAL AND RESEARCH ISSUES M. Pollitt, M. Caloyannides, J. Novotny and S. Shenoi Abstract With more than 93% of the world’s data being computer generated [23], digital forensics offers significant opportunities and challenges. This paper discusses the operational and legal issues related to digital evidence. In addition, it highlights current needs and future research opportunities. Keywords: Digital Evidence, Computer and Network Forensics, Forensic Processes, Legal Issues, Research Directions 1. Introduction Digital forensics played a crucial role in the investigations of the 9-11 ter- rorists, the Enron, WorldCom and Martha Stewart scandals, and the DC sniper attacks. In the sniper case, electronic data extracted from a GPS device in the suspects’ automobile provided information about their route across the country. Three unsolved murders along this route, in Louisiana, Alabama and Georgia, which involved weapons of the same caliber as the DC attacks, were connected to the sniper suspects via ballistics and fingerprint evidence. Indeed, due to network convergence and the ubiquity of embedded systems and devices, prac- tically every crime – not just white-collar crime – has a digital forensic com- ponent [9,15,21]. Laptops, cell phones and PDAs seized from drug dealers and other violent criminals often yield vital evidence [15,21]. Meanwhile, electronic evidence is playing an increasingly important role in civil litigation. This paper discusses the operational and legal issues related to digital evidence. In addition, it highlights current needs and future research opportunities. 2. Operational Issues Computers and other electronic devices invariably contain information rel- evant to investigations. This is the electronic analog of Locard’s forensic prin- ciple of “exchange,” where “every contact leaves a trace” [10].
    [Show full text]