Proceedings of the Conference on Digital Forensics, Security, and Law 2012 Richmond, Virginia May 30-31
Total Page:16
File Type:pdf, Size:1020Kb
Proceedings of the Conference on Digital Forensics, Security, and Law 2012 Richmond, Virginia May 30-31 Richmond, Virginia May 30-31, 2012 Conference Chair Glenn S. Dardick Longwood University Virginia, USA Association of Digital Forensics, Security and Law Copyright © 2012 ADFSL, the Association of Digital Forensics, Security and Law. Permission to make digital or printed copies of all or any part of this journal is granted without fee for personal or classroom use only and provided that such copies are not made or distributed for profit or commercial use. All copies must be accompanied by this copyright notice and a full citation. Permission from the ADFSL is required to make digital or printed copies of all or any part of this journal for-profit or commercial use. Permission requests should be sent to Dr. Glenn S. Dardick, Association of Digital Forensics, Security and Law, 1642 Horsepen Hills Road, Maidens, Virginia 23102 or emailed to [email protected]. ISSN 1931-7379 ADFSL Conference on Digital Forensics, Security and Law, 2012 Sponsors 2 ADFSL Conference on Digital Forensics, Security and Law, 2012 Contents Committee ................................................................................................................................................ 4 Schedule ................................................................................................................................................... 5 Update on the State of the Science of Digital Evidence Examination ................................................. 7 Fred Cohen* A Proposal for Incorporating Programming Blunder as Important Evidence in Abstraction-Filtration-Comparison Test ............................................................................................ 19 P. Vinod Bhattathiripad* The Xbox 360 and Steganography: How Criminals and Terrorists could be “Going Dark” ......... 33 Ashley Podhradsky*, Rob D’Ovidio and Cindy Casey Double-Compressed JPEG Detection in a Steganalysis System ........................................................ 53 Jennifer L. Davidson* and Pooja Parajape Toward Alignment between Communities of Practice and Knowledge-Based Decision Support ................................................................................................................................................... 79 Jason Nichols*, David Biros* and Mark Weiser A Fuzzy Hashing Approach Based on Random Sequences and Hamming Distance ...................... 89 Frank Breitinger* and Harald Baier Cloud Forensics Investigation: Tracing Infringing Sharing of Copyrighted Content in Cloud .. 101 Yi-Jun He, Echo P. Zhang*, Lucas C.K. Hui, Siu Ming Yiu* and K.P. Chow iPad2 Logical Acquisition: Automated or Manual Examination? .................................................. 113 Somaya Ali*, Sumaya AlHosani*, Farah AlZarooni and Ibrahim Baggili Multi-Parameter Sensitivity Analysis of a Bayesian Network from a Digital Forensic Investigation ......................................................................................................................................... 129 Richard E. Overill, Echo P. Zhang* and Kam-Pui Chow Facilitating Forensics in the Mobile Millennium Through Proactive Enterprise Security .......... 141 Andrew R. Scholnick* A Case Study of the Challenges of Cyber Forensics Analysis of Digital Evidence in a Child Pornography Trial .................................................................................................................... 155 Richard Boddington* After Five Years of E-Discovery Missteps: Sanctions or Safe Harbor? ......................................... 173 Milton Luoma* and Vicki Luoma* Digital Evidence Education in Schools of Law ................................................................................. 183 Aaron Alva* and Barbara Endicott-Popovsky Pathway into a Security Professional: A new Cyber Security and Forensic Computing Curriculum .......................................................................................................................................... 193 Elena Sitnikova* and Jill Slay * Author Presenting and/or Attending 3 ADFSL Conference on Digital Forensics, Security and Law, 2012 Conference Committee The 2012 ADFSL Conference on Digital Forensics, Security and Law is pleased to have the following members of the conference committee. Glenn Dardick [email protected] General chair Longwood University Virginia USA John Bagby Nick Vincent Flor Jigang Liu [email protected] [email protected] [email protected] The Pennsylvania State University of New Mexico Metropolitan State University University New Mexico Minnesota Pennsylvania USA USA USA Diane Barrett Felix Freiling John Riley [email protected] [email protected] [email protected] University of Advanced erlangen.de Bloomsburg University Technology, Arizona University of Erlangen Pennsylvania USA Nürnberg USA Germany David Biros Simson Garfinkel Pedro Luis Prospero Sanchez [email protected] [email protected] [email protected] Oklahoma State University Naval Postgraduate School University of Sao Paulo Oklahoma Monterey, CA Sao Paulo USA USA Brazil Mohamed Chawki Andy Jones Jill Slay [email protected] [email protected] [email protected] University of Aix-Marseille III Khalifa University Polytechnic of Namibia France UAE Windhoek Namibia Fred Cohen Gregg Gunsch Eli Weintraub [email protected] [email protected] [email protected] California Sciences Institute Defiance College Afeka Tel Aviv Academic College Livermore, CA Ohio of Engineering USA USA Israel David Dampier Gary Kessler Craig Valli [email protected] [email protected] [email protected] Mississippi State University Gary Kessler Associates Edith Cowan University Mississippi Vermont Western Australia USA USA Australia Denis Edgar-Nevill Ki Jung Lee denis.edgar-nevill@ [email protected] canterbury.ac.uk Drexel University Canterbury Christ Church Pennsylvania University USA UK 4 ADFSL Conference on Digital Forensics, Security and Law, 2012 Schedule Wednesday, May 30 07:30 AM CONTINENTAL BREAKFAST 07:30 AM On-site Registration 08:30 AM Introductions . Glenn S. Dardick, Conference Chair and Director of the ADFSL 08:40 AM Welcome . Paul Barrett, Dean of the College of Business and Economics at Longwood University 08:50 AM Papers/Presentation Session I . Fred Cohen, USA: Update on the State of the Science of Digital Evidence Examination . P. Vinod Bhattathiripad, India: A Proposal for Incorporating Programming Blunder as Important Evidence in Abstraction- Filtration-Comparison Test 10:10 AM BREAK 10:30 AM Papers/Presentation Session II . Ashley L. Podhradsky, USA: The Xbox 360 and Steganography: How Criminals and Terrorists Could Be “Going Dark” . Jennifer Davidson, USA: Double-Compressed JPEG Detection in a Steganalysis System . Jason Nichols and David Biros, USA: Toward Alignment Between Communities of Proactive and Knowledge-Based Decision Support 12:30 PM LUNCH (provided) 01:15 PM Keynote . Mohamed Chawki, Senior Judge at the Council of State, Egypt and Founder-Chairman of the International Association of Cybercrime Prevention (AILCC) in Paris - "IT and Regime Change" 01:45 PM Papers/Presentation Session III . Frank Breitinger, Germany: A Fuzzy Hashing Approach based on Random Sequences and Hamming Distance 03:00 PM BREAK 03:20 PM Papers/Presentation Session IV . Echo P. Zhang and Siu Ming Yiu, China: Cloud Forensics Investigation: Tracing Infringing Sharing of Copyrighted Content in the Cloud . Somaya Ali AlWejdani and Sumaya AbdulAziz AlHosani, UAE iPad2 logical acquisition: Automated or Manual Examination? 04:40 PM Conference Close for Day 5 ADFSL Conference on Digital Forensics, Security and Law, 2012 Schedule Thursday, May 31 07:30 AM CONTINENTAL BREAKFAST 07:30 AM On-site Registration 08:30 AM Papers/Presentation Session I . Paul Poroshin, US Branch Vice-President, Group-IB, Russia: The Analysis of the 2011 Russian Cybercrime Scene . Gareth Davies, UK: NAND Memory Technology Forensics 10:15 AM BREAK 10:30 AM Papers/Presentation Session II . Ping Zhang, China: Multi-Parameter Sensitivity Analysis of a Bayesian Network From a Digital Forensic Investigation . Andrew Scholnick, USA: Facilitating Forensics in the Mobile Millennium Through Proactive Enterprise Security 12:30 PM LUNCH (provided) 01:15 PM Keynote Speech . Nigel Wilson, Senior Lecturer at the University of Adelaide Law School in Australia - "Digital Experts – Why is Effective Communication So Important to Both the Admissibility and Persuasiveness of Expert Opinion?" 01:45 PM Papers/Presentation Session III . Richard Boddington, Australia: A Case Study of the Challenges of Cyber Forensics Analysis of Digital Evidence in a Child Pornography Trial . Milton Luoma and Vicki Luoma, USA: After Five Years of E-Discovery Missteps: Sanctions or Safe Harbor? 03:00 PM BREAK 03:20 PM Papers/Presentation Session IV . Aaron Alva, USA: Digital Evidence Education in Schools of Law . Elena Sitnikova, Australia: Pathway into a Security Professional: A New Cyber Security and Forensic Computing Curriculum 04:40 PM Conference Close 6 ADFSL Conference on Digital Forensics, Security and Law, 2012 UPDATE ON THE STATE OF THE SCIENCE OF DIGITAL EVIDENCE EXAMINATION Fred Cohen CEO, Fred Cohen & Associates President, California Sciences Institute ABSTRACT This paper updates previous work on the level of consensus in foundational elements of digital evidence examination. Significant consensus is found present only after definitions