To see the other types of publications on this topic, follow the link: Forensic analysis.
Dissertations / Theses on the topic 'Forensic analysis'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Forensic analysis.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Fairbanks, Kevin D. "Forensic framework for honeypot analysis." Diss., Georgia Institute of Technology, 2010. http://hdl.handle.net/1853/33977.
Full textAbstract:
The objective of this research is to evaluate and develop new forensic techniques for use in honeynet environments, in an effort to address areas where anti-forensic techniques defeat current forensic methods. The fields of Computer and Network Security have expanded with time to become inclusive of many complex ideas and algorithms. With ease, a student of these fields can fall into the thought pattern of preventive measures as the only major thrust of the topics. It is equally important to be able to determine the cause of a security breach. Thus, the field of Computer Forensics has grown. In this field, there exist toolkits and methods that are used to forensically analyze production and honeypot systems. To counter the toolkits, anti-forensic techniques have been developed. Honeypots and production systems have several intrinsic differences. These differences can be exploited to produce honeypot data sources that are not currently available from production systems. This research seeks to examine possible honeypot data sources and cultivate novel methods to combat anti-forensic techniques.
In this document, three parts of a forensic framework are presented which were developed specifically for honeypot and honeynet environments. The first, TimeKeeper, is an inode preservation methodology which utilizes the Ext3 journal. This is followed with an examination of dentry logging which is primarily used to map inode numbers to filenames in Ext3. The final component presented is the initial research behind a toolkit for the examination of the recently deployed Ext4 file system. Each respective chapter includes the necessary background information and an examination of related work as well as the architecture, design, conceptual prototyping, and results from testing each major framework component.
2
Rodríguez, Mariela, and James Winefordner. "Elemental Forensic Analysis of Glass." Revista de Química, 2007. http://repositorio.pucp.edu.pe/index/handle/123456789/99672.
Full textAbstract:
Existe una constante migración de la dependencia de mediciones de propiedades fisicas tales como índice de refracción y densidad hacia métodos de análisis elemental de trazas en la identificación de vidrios como evidencia forense. Numerosas técnicas espectroscópicas, radioquímicas, y de espectrometría de masa han sido aplicadas al análisis multielemental de pequeños trozos de vidrio. Esta revisión presenta algunos de los métodos más comúnmente empleados junto con sus ventajas y limitaciones.<br>At identifying glass as forensic evidence, there is a continued move away from dependence on physical properties measured, such as index of refraction and density, towards methods of elemental analysis of its traces. Several spectroscopic, radiochemical and mass spectrometry techniques have been applied for multielemental analysis of small samples of glass. This review shows some of the most commonly used methods, as well as their advantages and limitations.
3
Cembalo, Maurizio. "Forensic analysis for digital images." Doctoral thesis, Universita degli studi di Salerno, 2011. http://hdl.handle.net/10556/227.
Full textAbstract:
IX n.s.<br>Nowadays, taking and sharing digital pictures is becoming a very popular
activity. This is witnessed by the explosive growth of the digital cameras
market: e.g., more than one billion of digital cameras have been produced
and shipped in 2010. A consequence of this trend is that also the number of
crimes involving digital pictures increases, either because pictures are part
of the crime (e.g., exchanging pedopornographic pictures) or because their
analysis may reveal some important clue about the author of the crime.
The highly technical nature of computer crimes facilitated a wholly new
branch of forensic science called digital forensics. The Digital Forensic Sci-
ence involves processes such as acquisition of data from an electronic source,
analysis of the acquired data, extraction of evidence from the data, and the
preservation and presentation of the evidence. Digital Imaging Forensics
is a specialization of the Digital Forensics which deals with digital images.
One of the many issues that the Digital Imaging Forensics tries to deal with
is the source camera identi cation problem, i.e., establish if a given image
has been taken by a given digital camera. Today this is a practical and
important problem aiming to identify reliably the imaging device that acquired a particular digital image. Techniques to authenticate an electronic
image are especially important in court. For example, identifying the source
device could establish the origin of images presented as evidence. In a prosecution for child pornography, for example, it could be desirable that one
could prove that certain imagery was obtained with a speci c camera and
is thus not an image generated by a computer, given that "virutal images"
are not considered offense. As electronic images and digital video replace
their analog counterparts, the importance of reliable, inexpensive, and fast
identification of the origin of a particular image will increase.
The identification of a source camera of an image is a complex issue which
requires the understanding of the several steps involved in the creation of
the digital photographic representation of a real scene. In particular, it
is necessary to understand how the digital images are created, which are
the processes which create (and therefore affect) the creation of the digital
data, starting from the real scene. Moreover, it is necessary to point out the
factors which can be used to support the camera identification and, may be
even more important, which are the factors which can tamper the photos
and prevent (maliciously or not) the camera identification.
Many identification techniques have been proposed so far in literature. All
these techniques generally work by using the sensor noise (an unexpected
variation of the digital signal) left by a digital sensor when taking a picture
as a fingerprint for identifying the sensor. These studies are generally accompanied with tests proving the effectiveness of these techniques, both in
terms of False Acceptance Rate (FAR) and False Rejection Rate (FRR).
Unfortunately, most of these contributions do not take into consideration
that, in practice, the images that are shared and exchanged over the Internet
have often been pre-processed. Instead, it is a common practice to assume
that the images to be examined are unmodified or, at most, to ignore the
e ects of the pre-processing.
Even without considering the case of malicious users that could intention-
ally process a picture in order to fool the existing identification techniques,
this assumption is unrealistic for at least two reasons. The first is that,
as previously mentioned, almost all current photo-managing software o ers
several functions for adjusting, sometimes in a "magic" way (see the "I'm
feeling lucky" function on Google Picasa) different characteristics of a picture. The second reason can be found in the way the images are managed by
some of the most important online social network (OSN) and online photo
sharing (OPS) sites. These services usually make several modifications to
the original photos before publishing them in order to either improve their
appearance or reduce their size.
In this thesis we have first implemented the most prominent source camera
identification technique, proposed by Lukas et al. and based on the Photo-Response Non-Uniformity. Then, we present a new identification technique
that use a SVM (Support Vector Macchine) classifier to associate photos
to the right camera. Both our implementation of Lukas et al. technique
and our SVM technique have been extensively tested on a test-sample of
nearly 2500 images taken from 8 different cameras. The main purpose
of the experiments conducted is to see how these techniques performs in
presence of pre-processed images, either explicit modified by a user with
photo management tools or modified by OSNs and OPSs services without
user awareness.
The results confirm that, in several cases, the method by Lukas et al. and
our SVM technique is resilient to the modifications introduced by the considered image-processing functions. However, in the experiments it has
been possible to identify several cases where the quality of the identifica-
tion process was deteriorated because of the noise introduced by the image-
processing. In addition, when dealing with Online Social Networks and
Online Photo Sharing services, it has been noted that some of them process
and modify the uploaded pictures. These modifications make ineffective,
in many cases, the method by Lukas et al. while SVM technique performs
slightly better. [edited by author]<br>2009 - 2010
4
Gettings, Katherine Butler. "Forensic Ancestry and Phenotype SNP Analysis and Integration with Established Forensic Markers." Thesis, The George Washington University, 2013. http://pqdtopen.proquest.com/#viewpdf?dispub=3590467.
Full textAbstract:
<p> When an evidential DNA profile does not match identified suspects or profiles from available databases, further DNA analyses targeted at inferring the possible ancestral origin and phenotypic characteristics of the perpetrator could yield valuable information. Single Nucleotide Polymorphisms (SNPs), the most common form of genetic polymorphisms, have alleles associated with specific populations and/or correlated to physical characteristics. With this research, single base primer extension (SBE) technology was used to develop a 50 SNP assay designed to predict ancestry among the primary U.S. populations (African American, East Asian, European, and Hispanic/Native American), as well as pigmentation phenotype. The assay has been optimized to a sensitivity level comparable to current forensic DNA analyses, and has shown robust performance on forensic-type samples. In addition, three prediction models were developed and evaluated for ancestry in the U.S. population, and two models were compared for eye color prediction, with the best models and interpretation guidelines yielding correct information for 98% and 100% of samples, respectively. Also, because data from additional DNA markers (STR, mitochondrial and/or Y chromosome DNA) may be available for a forensic evidence sample, the possibility of including this data in the ancestry prediction was evaluated, resulting in an improved prediction with the inclusion of STR data and decreased performance when including mitochondrial or Y chromosome data. Lastly, the possibility of using next-generation sequencing (NGS) to genotype forensic STRs (and thus, the possibility of a multimarker multiplex incorporating all forensic markers) was evaluated on a new platform, with results showing the technology incapable of meeting the needs of the forensic community at this time.</p>
5
Nilsson, Martina. "Mitochondrial DNA in Sensitive Forensic Analysis." Doctoral thesis, Uppsala : Acta Universitatis Upsaliensis : Univ.-bibl. [distributör], 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-7458.
Full text
6
Shah, Jayna J. "Microfluidic devices for forensic DNA analysis." Fairfax, VA : George Mason University, 2007. http://hdl.handle.net/1920/2878.
Full textAbstract:
Thesis (Ph. D.)--George Mason University, 2007.<br>Title from PDF t.p. (viewed Jan. 22, 2008). Thesis director: Rao V. Mulpuri. Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical and Computer Engineering. Vita: p. 159. Includes bibliographical references (p. 145-158). Also available in print.
7
Ogwu, John. "Forensic pharmaceutical analysis of counterfeit medicines." Thesis, De Montfort University, 2018. http://hdl.handle.net/2086/17552.
Full textAbstract:
The World Health Organisation suggests that falsified and substandard medicines (FSMs) constitute approximately 10% of medicines globally with higher figures expected in low and middle income countries (LMICs). To combat the proliferation of FSMs, this study is aimed at developing simple and rapid instrumental methods for the identification and quantification of these medicines. Attenuated Total Reflection-Fourier Transform Infrared (ATR-FTIR) spectroscopy, Raman spectroscopy and two probe Mass Spectrometry (MS) methods were assessed for the rapid screening of tablet dosage forms. These systems were chosen because NO solvent extraction of the sample was required. Comparison with analyses of the tablets by accepted but more time consuming methods (UV-Vis and LC-MS) assessed the quality of the data obtained. Analgesic/antipyretic and antimalarial medicines tablet dosage forms are commonly falsified and for this study tablets were obtained opportunistically from different countries around the world. Reference spectra of appropriate active pharmaceutical ingredients (APIs) and excipients were created, for each method, as part of the identification process. Currently only Raman and ATR-FTIR delivered quantitative results which were based on automated multivariate analysis. For tablets with a single API, Raman and ATR-FTIR provided the simplest route to API confirmation and for tablets with multiple APIs or APIs present at < 10%w/w, in the tablet, probe MS methods were superior. Quantitative screening using ATR-FTIR required the samples to be weighed and crushed to produce reproducible data. Comparison of API confirmation tests between trial methods and LC-MS showed complete agreement and the quantitative results were within ±15% of the UV-Vis data. Each of the new tests can be completed in under five minutes and a survey of 69 paracetamol tablets, from around the world, showed that 10% were suspect. Subsequent probe MS showed the presence of a second undeclared API in different samples. More complex tablet formulations, for example the antimalarials were difficult to quantify rapidly. Raman and PCA methods provide a rapid approach to tablet identification within a limited range of possibilities. Factors that may affect Raman spectra of tablets include the expected API, the API levels, different excipients, colours or surface coatings for the tablets. The simplicity, speed and cost effectiveness of the proposed analytical methods make them suitable for use in LMICs. The potential use of these simple analytical methods in addition to already established pharmacopoeia approved (solvent extraction) techniques could help provide more comprehensive data about FSMs globally.
8
van, den Berg Jelle, and Filip Lagerholm. "Forensic Analysis of the Nintendo Switch." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-42451.
Full textAbstract:
In this thesis, we did a forensic analysis of a Nintendo Switch gaming console. It is both a portable and a stationary device, which makes it so that it could contain valuable information about the usage of the console at home and elsewhere. Multiple methods of data extraction were used, including using an exploit to obtain storage memory, extracting the contents of the SD card and capturing network traffic. The findings from the analysis of these data sources were compared to the information on the user interface. Any information that could not be found on the user interface was reported. The main findings of memory analysis were a detailed log file of user interactions, JSON files with personal information such as email addresses, and crash logs with information about the state of the console during the crash. The SD card mainly contains screenshots with embedded timestamps, and the network capture does not contain any forensically relevant information. The combination of these different types of information could makethe Nintendo Switch a useful source of evidence during an investigation.
9
Lu, Andy. "Forensic analysis on wireless medical devices." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2022. https://ro.ecu.edu.au/theses/2541.
Full textAbstract:
The number of Internet of Things (IoT) devices is forecast to grow to over 25 billion by 2030, with the healthcare IoT market projected to grow to 25.9% of IoT devices by 2028 worldwide. However, with new and growing technologies come new types of risks. Current risk assessment and risk management methods haven’t been designed to anticipate or predict these risks. IoT risks relate to openness and lack of standardisation, linking and connectivity between the devices and the lack of skilled support for IoT devices and networks. These factors put medical IoT devices and, by extension, their users at risk from cyber threats. Additionally, the attack surface for the medical IoT has not been fully mapped, nor have the risks been fully assessed. The lack of coverage means increased risk for manufacturers, medical facilities, and potentially, patients. This project evaluates the effectiveness of how new and emerging wireless and connected medical devices can be managed and analysed through a digital forensic framework. An initial analysis of the currently available frameworks showed that they did not address the nuances of implementing a wireless or connected medical device into a healthcare organisation.
Digital forensic frameworks that were deemed relevant to wireless medical devices were selected and tested against several currently available wireless medical devices. Four frameworks were tested across four devices each. The outcome was that none of the frameworks was fully able to effectively manage wireless medical devices (at least in terms of the objectives of digital forensics), with each missing elements that would aid an investigator or a hospital organisation in the case of a cyber-related incident.
These results led to the synthesis and testing of a framework that addressed the missing elements. The framework emphasises forensic readiness planning and risk management. The synthesised framework was tested against a new device. The results of the test found that the synthesised framework was effective in both the proactive digital forensics approach and reactive approach. The testing found that the framework performed better than the other tested frameworks, containing additional phases and steps that were advantageous in preparing and reacting to incidents involving wireless medical devices.
10
Eide, Jarle, and Jan Ove Skogheim Olsen. "Forensic analysis of an unknown embedded device." Thesis, Norges Teknisk-Naturvitenskaplige Universitet, Institutt for datateknikk og informasjonsvitenskap, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10060.
Full textAbstract:
<p>Every year thousands of new digital consumer device models come on the market. These devices include video cameras, photo cameras, computers, mobile phones and a multitude of different combinations. Most of these devices have the ability to store information in one form or another. This is a problem for law enforcement agencies as they need access to all these new kinds of devices and the information on them in investigations. Forensic analysis of electronic and digital equipment has become much more complex lately because of the sheer number of new devices and their increasing internal technological sophistication. This thesis tries to help the situation by reverse engineering a Qtek S110 device. More specifically we analyze how the storage system of this device, called the object store, is implemented on the devices operating system, Windows Mobile. We hope to figure out how the device stores user data and what happens to this data when it is "deleted". We further try to define a generalized methodology for such forensic analysis of unknown digital devices. The methodology takes into account that such analysis will have to be performed by teams of reverse-engineers more than single individuals. Based on prior external research we constructed and tested the methodology successfully. We were able to figure our more or less entirely the object stores internal workings and constructed a software tool called BlobExtractor that can extract data, including "deleted", from the device without using the operating system API. The main reverse engineering strategies utilized was black box testing and disassembly. We believe our results can be the basis for future advanced recovery tools for Windows Mobile devices and that our generalized reverse engineering methodology can be utilized on many kinds of unknown digital devices.</p>
11
Edlund, Hanna. "Sensitive Identification Tools in Forensic DNA Analysis." Doctoral thesis, Uppsala universitet, Institutionen för genetik och patologi, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-131904.
Full textAbstract:
DNA as forensic evidence is valuable in criminal investigations. Implementation of new, sensitive and fast technologies is an important part of forensic genetic research. This thesis aims to evaluate new sensitive methods to apply in forensic DNA analysis including analysis of old skeletal remains. In Paper I and II, two novel systems for analysis of STRs, based on the Pyrosequencing technology, are presented. In Paper I, Y chromosomal STRs are analysed. Markers on the male specific Y chromosome are especially useful in analysis of DNA mixtures. In Paper II, ten autosomal STRs are genotyped. The systems are based on sequencing of STR loci instead of size determination of STR fragments as in routine analysis. This provides a higher resolution since sequence variants within the repeats can be detected. Determination of alleles is based on a termination recognition base. This is the base in the template strand that is excluded from the dispensation order in the sequencing of the complementary strand and therefore terminates the reaction. Furthermore, skeletal remains are often difficult to analyse, due to damaging effects from the surrounding environment on the DNA and the high risk of exogenous contamination. Analysis of mitochondrial DNA is useful on degraded samples and in Paper III, mtDNA analysis of 700 years old skeletal remains is performed to investigate a maternal relationship. The quantity and quality of DNA are essential in forensic genetics. In Paper IV the efficiency of DNA isolation is investigated. Soaking skeletal remains in bleach is efficient for decontamination but result in a lower DNA yield, especially on pulverised skull samples. In conclusion, this thesis presents novel sequencing systems for accurate and fast analysis of STR loci that can be useful in evaluation of new loci and database assembly as well as the utility of mtDNA in forensic genetics.
12
Greening, Christopher. "Automatic writer identification for forensic document analysis." Thesis, University of Essex, 1999. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.520166.
Full text
13
McCallum, Nicola Ann. "Analysis of RNA stability in forensic specimens." Thesis, University of Strathclyde, 2015. http://oleg.lib.strath.ac.uk:80/R/?func=dbin-jump-full&object_id=24829.
Full textAbstract:
Ribonucleic acid (RNA) analysis presents a unique, novel opportunity to answer a wide range of questions in forensic science. The dynamicity of the transcriptome has led to it being suggested as a novel source of diagnostic information in forensic pathology. However, RNA is exceptionally labile. This research has characterised the post-mortem degradation behaviour of tissue RNA in an animal model, the laboratory mouse; with the aim of identifying a post-mortem interval during which gene expression analysis provides informative and reliable results. It was extremely encouraging that over the three day post-mortem interval examined, the yield of RNA from skeletal muscle, kidney, liver and heart tissue did not fall to such a level that it became unanalysable. Interestingly, individual RNAs were found to exhibit unique decay behaviour during the post-mortem interval; some significantly more stable than others. In the tissues of mice decomposed at room temperature, RNAs remained stable for at least the first 12 hours post-mortem; after which the observed differential decay skewed their expression profiles. This poses an interpretational obstacle for gene expression data where an extended time lag exists between death and sampling, and highlights the requirement for future work to consider novel data normalisation strategies. Overall, it is suggested that using RNA degradation as an indicator of post-mortem interval is fraught with difficulties: such as its dependence on the environmental conditions (specifically ambient temperature), differential RNA decay behaviour between tissue types and storage media, and inherently strong variability between replicates.
14
Thakur, Neha S. "Forensic Analysis of WhatsApp on Android Smartphones." ScholarWorks@UNO, 2013. http://scholarworks.uno.edu/td/1706.
Full textAbstract:
Android forensics has evolved over time offering significant opportunities and exciting challenges. On one hand, being an open source platform Android is giving developers the freedom to contribute to the rapid growth of the Android market whereas on the other hand Android users may not be aware of the security and privacy implications of installing these applications on their phones. Users may assume that a password-locked device protects their personal information, but applications may retain private information on devices, in ways that users might not anticipate. In this thesis we will be concentrating on one such application called 'WhatsApp', a popular social networking application. We will be forming an outline on how forensic investigators can extract useful information from WhatsApp and from similar applications installed on an Android platform. Our area of focus is extraction and analysis of application user data from non-volatile external storage and the volatile memory (RAM) of an Android device.
15
Swortwood, Madeleine Jean. "Comprehensive Forensic Toxicological Analysis of Designer Drugs." FIU Digital Commons, 2013. http://digitalcommons.fiu.edu/etd/997.
Full textAbstract:
New designer drugs are constantly emerging onto the illicit drug market and it is often difficult to validate and maintain comprehensive analytical methods for accurate detection of these compounds. Generally, toxicology laboratories utilize a screening method, such as immunoassay, for the presumptive identification of drugs of abuse. When a positive result occurs, confirmatory methods, such as gas chromatography (GC) or liquid chromatography (LC) coupled with mass spectrometry (MS), are required for more sensitive and specific analyses. In recent years, the need to study the activities of these compounds in screening assays as well as to develop confirmatory techniques to detect them in biological specimens has been recognized. Severe intoxications and fatalities have been encountered with emerging designer drugs, presenting analytical challenges for detection and identification of such novel compounds. The first major task of this research was to evaluate the performance of commercially available immunoassays to determine if designer drugs were cross-reactive. The second major task was to develop and validate a confirmatory method, using LC-MS, to identify and quantify these designer drugs in biological specimens.
Cross-reactivity towards the cathinone derivatives was found to be minimal. Several other phenethylamines demonstrated cross-reactivity at low concentrations, but results were consistent with those published by the assay manufacturer or as reported in the literature. Current immunoassay-based screening methods may not be ideal for presumptively identifying most designer drugs, including the “bath salts.” For this reason, an LC-MS based confirmatory method was developed for 32 compounds, including eight cathinone derivatives, with limits of quantification in the range of 1-10 ng/mL. The method was fully validated for selectivity, matrix effects, stability, recovery, precision, and accuracy. In order to compare the screening and confirmatory techniques, several human specimens were analyzed to demonstrate the importance of using a specific analytical method, such as LC-MS, to detect designer drugs in serum as immunoassays lack cross-reactivity with the novel compounds. Overall, minimal cross-reactivity was observed, highlighting the conclusion that these presumptive screens cannot detect many of the designer drugs and that a confirmatory technique, such as the LC-MS, is required for the comprehensive forensic toxicological analysis of designer drugs.
16
Van, Winkle Carolyn. "Forensic DNA Extraction Strategies for PCR Analysis." Thesis, University of North Texas, 1998. https://digital.library.unt.edu/ark:/67531/metadc278269/.
Full textAbstract:
There is a transition nationwide on the analysis of forensic evidentiary stains containing biological material from traditional serology to Polymerase Chain Reaction (PCR) methodologies. The increased sensitivity of PCR, the limited number of alleles at each locus, and the necessity of producing unambiguous data for entry into the FBI's Combined DNA Index System make this study of extraction procedures of utmost importance. A "single tube" extraction procedure for blood stains collected onto FTA™ paper and a modified differential nonorganic extraction method from spermatozoa containing
mixed stains were analyzed and compared. The extraction success was evaluated by amplification and typing of the amplified fragment length polymorphism, D1S80. These modifications of the nonorganic method utilized gave an improved separation of the spermatozoa-containing mixed stains.
17
McCulley, Shane. "Forensic Analysis of G Suite Collaborative Protocols." ScholarWorks@UNO, 2017. http://scholarworks.uno.edu/td/2386.
Full textAbstract:
Widespread adoption of cloud services is fundamentally changing the way IT services are delivered and how data is stored. Current forensic tools and techniques have been slow to adapt to new challenges and demands of collecting and analyzing cloud artifacts. Traditional methods focusing only on client data collection are incomplete, as the client may have only a (partial) snapshot and misses cloud-native artifacts that may contain valuable historical information.
In this work, we demonstrate the importance of recovering and analyzing cloud-native artifacts using G Suite as a case study. We develop a tool that extracts and processes the history of Google Documents and Google Slides by reverse engineering the web applications private protocol. Combined with previous work that has focused on API-based acquisition of cloud drives, this presents a more complete solution to cloud forensics, and is generalizable to any cloud service that maintains a detailed log of revisions.
18
Susaimanickam, Rojesh. "A workflow to support forensic database analysis." Thesis, Susaimanickam, Rojesh (2012) A workflow to support forensic database analysis. Masters by Research thesis, Murdoch University, 2012. https://researchrepository.murdoch.edu.au/id/eprint/13741/.
Full textAbstract:
Governments and private organisations are increasingly aware that vital information stored in their databases is no longer safe behind perimeter firewalls, intrusion prevention systems and other edge protections. Databases store a broad range of private and important information, making them a prime target for exploitation by wrongdoers wishing to breach confidentiality, damage the integrity of the data or make it unavailable to its users.
The intricate nature and the non-stoppable critical services running in databases makes forensic examination of database difficult and challenges the forensics recovery and examination processes.
The research presented in this thesis discusses the feasibility of developing an enhanced workflow that provides insight into the challenging complexities of examining and using database evidence. It lays the foundation for the development and establishment of standards in database forensic analysis and forensic case management.
The major contribution of this research is a literature review that summarises the state-of-the-art in database forensics. It argues for the need for more in-depth research in this field and highlights limited availability of forensic data. To improve this, the research presents the design of a generic workflow of database forensic examination. This is evaluated using a qualitative and case study based evaluation and highlights the various limitations and drawback of the workflow.
In summary, the research in this thesis proposes a system that allows a forensic examiner to focus on what is relevant to a case in a systematic way that can be proved in court. The workflow also acts as a case management tool by aiding the forensic examiner to apply established standards and procedures to identify best-case result by systematically, thoroughly and efficiently collecting and validating digital evidence.
19
Buttigieg, Gavin. "Forensic and toxicological applications of atomic analysis." Diss., The University of Arizona, 2003. http://hdl.handle.net/10150/280402.
Full textAbstract:
Toxicological and forensic applications of analytical chemistry provide both interesting and unique opportunities for analytical chemists to hone their skills and push their abilities. Modern analytical chemistry has afforded researchers the ability to probe into the intricate pathways of biochemical processes by systematic identification and characterization of biologically relevant compounds. Unfortunately, often due to the restrictive specifications of the instrumentation used, it is necessary to remove those compounds from their natural environments such that their structure and at the very least the significance of those compounds may not be fully recognized. The work described herein identifies and characterizes two biologically relevant arsenic and selenium containing species. These species were synthesized and identified in environments that are very similar to those found in vivo. The use of chemical information contained within a small arms cartridge has seen extremely limited use by forensic laboratories despite the wealth of chemical information that may be useful in differentiating between cartridges of various manufacturers. The study herein uses the elemental composition of small arms rifle primers to develop a multivariate model against which unknown primers were compared and ultimately classified. The FBI's practice of elemental analysis of small arms projectiles has recently come under fire as the result of an ex-FBI metallurgist's research study which concluded that the trace elements analyzed were too rigidly controlled by Pb smelters and therefore not useful in distinguishing between batches of ammunition. The scientific community is now scrutinizing the practice with a National Academy of Science review of the FBI's practices. Unlike the trace elements utilized by the FBI for distinguishing between projectiles of various "origins" Pb isotopic signature is not controlled by smelters and should, even in the case of recycled Pb, vary when Pb from differing origins is utilized for the manufacture of small arms projectiles. The study described herein shows that Pb isotopic analysis of small arms projectiles from various regions of the world is useful for differentiating between small arms projectiles and in limited cases may even be useful in determining the geographic origin of projectile manufacture.
20
Shakir, Amer, Muhammad Hammad, and Muhammad Kamran. "Comparative Analysis & Study of Android/iOS MobileForensics Tools." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-44797.
Full textAbstract:
This report aims to draw a comparison between two commercial mobile forensics and recovery tools, Magnet AXIOM and MOBILedit. A thorough look at previously done studies was helpful to know what aspects of the data extractions must be compared and which areas are the most important ones to focus upon. This work focuses on how the data extracted from one tool compares with another and provides comprehensive extraction based on different scenarios, circumstances, and aspects. Performances of both tools are compared based on various benchmarks and criteria. This study has helped establish that MOBILedit has been able to outperform Magnet AXIOM on more data extraction and recovery aspects. It is a comparatively better tool to get your hands on.
21
Chow, W. M. L. "Capilliary column gas chromatography in forensic science." Thesis, University of Strathclyde, 1985. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.371945.
Full text
22
Cai, Yue. "Nondestructive multi-element analysis of colorants for forensic applications and artwork authentication." HKBU Institutional Repository, 2013. https://repository.hkbu.edu.hk/etd_ra/1528.
Full text
23
Byrne, Ana M. "Forensic anthropology : its contribution to forensic cases submitted to the University of Montana for analysis." The University of Montana, 2006. http://etd.lib.umt.edu/theses/available/etd-07202006-142543/.
Full textAbstract:
The Anthropology Lab at the University of Montana is regularly consulted by law enforcement agencies throughout the state of Montana on cases suspected to involve skeletal human remains. In this paper, how specifically Forensic Anthropology contributes to these cases is examined. Cases submitted to the UM Lab for analysis between the years of 1971 and 2004 are followed up and the agencies involved are asked specific questions regarding each case. Agencies responded to questions regarding 97 of the UMs 238 total cases. Results of this study show that of those cases containing contemporary human remains about 18% were identified after the UM performed their analysis, and about 60% had not been identified. With modern day forensic technology advancing at such a rapid rate, this paper aims to show that in Montana, Forensic Anthropology is a tool that has become less useful in its ability to assist in determining an unknown decedents identification, while being most useful in determining if a case in question is one that involves contemporary human remains to begin with.
24
Walnoha, Michael Anthony. "Shoeprint analysis a GIS application in forensic evidence /." Morgantown, W. Va. : [West Virginia University Libraries], 2006. https://eidr.wvu.edu/etd/documentdata.eTD?documentid=4639.
Full textAbstract:
Thesis (M.A.)--West Virginia University, 2006.<br>Title from document title page. Document formatted into pages; contains iv, 64 p. : ill. (some col.), maps (some col.). Includes abstract. Includes bibliographical references (p. 63-64).
25
Baize, John. "Forensic Soil Analysis: Characterization of the Sand Fraction." TopSCHOLAR®, 1997. http://digitalcommons.wku.edu/theses/767.
Full textAbstract:
The purpose of this project was to develop a comprehensive analytical method for the characterization of soil by examining particle size, elemental composition, and percent organic matter in soil, and to determine its forensic applicability. In this study, five soils of varying geological locations were examined including two samples from Kentucky; two samples from Pennsylvania; and one from Washington D C A Gilson sonic sieve shaker was used to separate fractions of soil to determine particle size, and a JEOL scanning electron microscope with a Kevex EDS detector was used to determine elemental composition. These techniques coupled with percent total carbon analysis (determined with a LECO CHN-1000) provide a method that measures three forensic properties instead of one for the forensic comparison of soil.
26
Johansson, Christian. "Computer Forensic Text Analysis with Open Source Software." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4994.
Full textAbstract:
Detta papper koncentrerar sig på kriminaltekniska undersökningar av text, med fokus på användande av mjukvara med öppen källkod. Pappret diskuterar och undersöker olika tekniker för framtida automatisering av dessa undersökningar.
27
Hales, Gavin. "Assisting digital forensic analysis via exploratory information visualisation." Thesis, Abertay University, 2016. https://rke.abertay.ac.uk/en/studentTheses/774128b9-957e-4a05-aa74-dbeefebb8113.
Full textAbstract:
Background: Digital forensics is a rapidly expanding field, due to the continuing advances in computer technology and increases in data stage capabilities of devices. However, the tools supporting digital forensics investigations have not kept pace with this evolution, often leaving the investigator to analyse large volumes of textual data and rely heavily on their own intuition and experience. Aim: This research proposes that given the ability of information visualisation to provide an end user with an intuitive way to rapidly analyse large volumes of complex data, such approached could be applied to digital forensics datasets. Such methods will be investigated; supported by a review of literature regarding the use of such techniques in other fields. The hypothesis of this research body is that by utilising exploratory information visualisation techniques in the form of a tool to support digital forensic investigations, gains in investigative effectiveness can be realised. Method:To test the hypothesis, this research examines three different case studies which look at different forms of information visualisation and their implementation with a digital forensic dataset. Two of these case studies take the form of prototype tools developed by the researcher, and one case study utilises a tool created by a third party research group. A pilot study by the researcher is conducted on these cases, with the strengths and weaknesses of each being drawn into the next case study. The culmination of these case studies is a prototype tool which was developed to resemble a timeline visualisation of the user behaviour on a device. This tool was subjected to an experiment involving a class of university digital forensics students who were given a number of questions about a synthetic digital forensic dataset. Approximately half were given the prototype tool, named Insight, to use, and the others given a common open-source tool. The assessed metrics included: how long the participants took to complete all tasks, how accurate their answers to the tasks were, and how easy the participants found the tasks to complete. They were also asked for their feedback at multiple points throughout the task. Results:The results showed that there was a statistically significant increase in accuracy for one of the six tasks for the participants using the Insight prototype tool. Participants also found completing two of the six tasks significantly easier when using the prototype tool. There were no statistically significant different difference between the completion times of both participant groups. There were no statistically significant differences in the accuracy of participant answers for five of the six tasks. Conclusions: The results from this body of research show that there is evidence to suggest that there is the potential for gains in investigative effectiveness when information visualisation techniques are applied to a digital forensic dataset. Specifically, in some scenarios, the investigator can draw conclusions which are more accurate than those drawn when using primarily textual tools. There is also evidence so suggest that the investigators found these conclusions to be reached significantly more easily when using a tool with a visual format. None of the scenarios led to the investigators being at a significant disadvantage in terms of accuracy or usability when using the prototype visual tool over the textual tool. It is noted that this research did not show that the use of information visualisation techniques leads to any statistically significant difference in the time taken to complete a digital forensics investigation.
28
Soobhany, Ahmad Ryad. "Image source identification and characterisation for forensic analysis." Thesis, Keele University, 2013. http://eprints.keele.ac.uk/2301/.
Full textAbstract:
Digital imaging devices, such as digital cameras or mobile phones, are prevalent in society. The images created by these devices can be used in the commission of crime. Source device identification is an emerging research area and involves the identification of artefacts that are left behind in an image by the camera pipeline. These artefacts can be used as digital signatures to identify the source device forensically. The type of digital signature considered in this thesis is the Sensor Pattern Noise (SPN), which consists mainly of the PRNU (Photo Response Non-Uniformity) of the imaging device. The PRNU is unique to each individual sensor, which can be extracted traditionally with a wavelet denoising filter and enhanced to attenuate unwanted artefacts. This thesis proposes a novel method to extract the PRNU of a digital image by using Singular Value Decomposition (SVD) to extract the digital signature. The extraction of the PRNU is performed using the homomorphic filtering technique, where the inherently nonlinear PRNU is transformed into an additive noise. The range of the energy of the PRNU is estimated, which makes it easier to separate from other polluting components to obtain a cleaner signature, as compared to extracting all the high frequency signals from an image. The image is decomposed by using SVD, which separates the image into ranks of descending order of energies. The estimated energy range of the PRNU is used to obtain the interesting ranks that are utilised to form part of the digital signature. A case study of an existing image analyser platform was performed by investigating its identification and classification results. The SVD based extraction method was tested by extracting image signatures from camera phones. The results of the experiments show that it is possible to determine the source device of digital images.
29
Divne, Anna-Maria. "Evaluation of New Technologies for Forensic DNA Analysis." Doctoral thesis, Uppsala : Acta Universitatis Upsaliensis : Univ.-bibl. [distributör], 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-5744.
Full text
30
West, M. J. "Applications of Raman Microscopy to Trace Forensic Analysis." Thesis, University of Kent, 2009. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.520885.
Full text
31
Croft, Debra Jane. "Forensic geoscience : development of techniques for soil analysis." Thesis, Royal Holloway, University of London, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.406177.
Full text
32
Tse, Wai-hin Kenneth, and 謝維軒. "Forensic analysis using FAT32 file cluster allocation patterns." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2011. http://hub.hku.hk/bib/B46605733.
Full text
33
Reidy, Lisa Jayne. "Stable isotope analysis : a new forensic science tool." Thesis, Queen's University Belfast, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.479310.
Full text
34
Nelson, Alexander J. "Software signature derivation from sequential digital forensic analysis." Thesis, University of California, Santa Cruz, 2016. http://pqdtopen.proquest.com/#viewpdf?dispub=10140317.
Full textAbstract:
<p> Hierarchical storage system namespaces are notorious for their immense size, which is a significant hindrance for any computer inspection. File systems for computers start with tens of thousands of files, and the Registries of Windows computers start with hundreds of thousands of cells. An analysis of a storage system, whether for digital forensics or locating old data, depends on being able to reduce the namespaces down to the features of interest. Typically, having such large volumes to analyze is seen as a challenge to identifying relevant content. However, if the origins of files can be identified—particularly dividing between software and human origins—large counts of files become a boon to profiling how a computer has been used. It becomes possible to identify software that has influenced the computer's state, which gives an important overview of storage system contents not available to date. </p><p> In this work, I apply document search to observed changes in a class of forensic artifact, cell names of the Windows Registry, to identify effects of software on storage systems. Using the search model, a system's Registry becomes a query for matching software signatures. To derive signatures, file system differential analysis is extended from between two storage system states to many sequences of states. The workflow that creates these signatures is an example of analytics on data lineage, from branching data histories. The signatures independently indicate past presence or usage of software, based on consistent creation of measurably distinct artifacts. A signature search engine is demonstrated against a machine with a selected set of applications installed and executed. The optimal search engine according to that machine is then turned against a separate corpus of machines with a set of present applications identified by several non-Registry forensic artifact sources, including the file systems, memory, and network captures. The signature search engine corroborates those findings, using only the Windows Registry.</p>
35
Senthivel, Saranyan. "Automatic Forensic Analysis of PCCC Network Traffic Log." ScholarWorks@UNO, 2017. http://scholarworks.uno.edu/td/2394.
Full textAbstract:
Most SCADA devices have a few built-in self-defence mechanisms and tend to implicitly trust communications received over the network. Therefore, monitoring and forensic analysis of network traffic is a critical prerequisite for building an effective defense around SCADA units. In this thesis work, We provide a comprehensive forensic analysis of network traffic generated by the PCCC(Programmable Controller Communication Commands) protocol and present a prototype tool capable of extracting both updates to programmable logic and crucial configuration information. The results of our analysis shows that more than 30 files are transferred to/from the PLC when downloading/uplloading a ladder logic program using RSLogix programming software including configuration and data files. Interestingly, when RSLogix compiles a ladder-logic program, it does not create any lo-level representation of a ladder-logic file. However the low-level ladder logic is present and can be extracted from the network traffic log using our prototype tool. the tool extracts SMTP configuration from the network log and parses it to obtain email addresses, username and password. The network log contains password in plain text.
36
Swaminathan, Ashwin. "Multimedia forensic analysis via intrinsic and extrinsic fingerprints." College Park, Md.: University of Maryland, 2008. http://hdl.handle.net/1903/8776.
Full textAbstract:
Thesis (Ph. D.) -- University of Maryland, College Park, 2008.<br>Thesis research directed by: Dept. of Electrical and Computer Engineering. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
37
Kumar, Vasanth Sampangiramaiah. "In-circuit forensic analysis of IoT memory modules." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2024. https://ro.ecu.edu.au/theses/2806.
Full textAbstract:
Digital forensic investigation involves data acquisition from storage and memory devices including embedded memory, such as flash memory. In the age of IoT-connected systems, in which a typical crime scene often has several interconnected smart devices, chip-off analysis, the physical removal of a microchip from the circuitry for digital forensic acquisition, is time-consuming and can potentially lead to loss of data, even damage to the original memory chip involved in the alleged crime (due to the heat the chip is exposed to during the process). This study introduces a novel system-on-a-chip approach designed for rapid and non-intrusive data acquisition from IoT devices, addressing the limitations of traditional chip-off forensic techniques that often result in data loss and potential damage to memory chips. Utilizing a purpose-designed smart device, this method enables direct data retrieval from the microchip level, integrating seamlessly into a forensic toolkit to improve the speed and integrity of evidence gathering while maintaining the operational state of the device. The method places particular emphasis on physical data acquisition, essential for thorough analysis, including the recovery of deleted files and investigation of file tampering. The research develops a remote acquisition technique that accesses memory modules of diverse smart devices with minimal footprint, offering a device-agnostic solution that preserves data in its last functional state, thus enhancing evidence recovery. By ensuring the forensic soundness of the data extraction process, this innovative approach significantly advances digital forensics, enhancing both the integrity and admissibility of evidence in legal scenarios.
38
Rinke, Caitlin. "Selective Multivariate Applications in Forensic Science." Doctoral diss., University of Central Florida, 2012. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/5459.
Full textAbstract:
A 2009 report published by the National Research Council addressed the need for improvements in the field of forensic science. In the report emphasis was placed on the need for more rigorous scientific analysis within many forensic science disciplines and for established limitations and determination of error rates from statistical analysis. This research focused on multivariate statistical techniques for the analysis of spectral data obtained for multiple forensic applications which include samples from: automobile float glasses and paints, bones, metal transfers, ignitable liquids and fire debris, and organic compounds including explosives. The statistical techniques were used for two types of data analysis: classification and discrimination. Statistical methods including linear discriminant analysis and a novel soft classification method were used to provide classification of forensic samples based on a compiled library. The novel soft classification method combined three statistical steps: Principal Component Analysis (PCA), Target Factor Analysis (TFA), and Bayesian Decision Theory (BDT) to provide classification based on posterior probabilities of class membership. The posterior probabilities provide a statistical probability of classification which can aid a forensic analyst in reaching a conclusion. The second analytical approach applied nonparametric methods to provide the means for discrimination between samples. Nonparametric methods are performed as hypothesis test and do not assume normal distribution of the analytical figures of merit. The nonparametric permutation test was applied to forensic applications to determine the similarity between two samples and provide discrimination rates. Both the classification method and discrimination method were applied to data acquired from multiple instrumental methods. The instrumental methods included: Laser Induced-Breakdown Spectroscopy (LIBS), Fourier Transform Infrared Spectroscopy (FTIR), Raman spectroscopy, and Gas Chromatography-Mass Spectrometry (GC-MS). Some of these instrumental methods are currently applied to forensic applications, such as GC-MS for the analysis of ignitable liquid and fire debris samples; while others provide new instrumental methods to areas within forensic science which currently lack instrumental analysis techniques, such as LIBS for the analysis of metal transfers. The combination of the instrumental techniques and multivariate statistical techniques is investigated in new approaches to forensic applications in this research to assist in improving the field of forensic science.<br>Ph.D.<br>Doctorate<br>Chemistry<br>Sciences<br>Chemistry
39
Tagesson, Samuel. "Anti-forensik mot minnesforensik : En litteraturstudie om anti-forensiska metoder mot minnesdumpning och minnesanalys." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-17818.
Full textAbstract:
IT-forensiker möter många svårigheter i sitt arbete med att inhämta och analysera data. Brottslingar använder mer och mer anti-forensiska metoder för att gömma bevis som kan användas emot dem. En vanligt förekommande anti-forensisk metod är kryptering. För att IT-forensiker skall kunna komma åt den krypterade informationen kan krypteringsnyckeln hittas i minnet på datorn. Vilket gör att datorns minne blir värdefullt att hämta och analysera. Däremot finns det flera anti-forensiska metoder som en förbrytare kan använda för att förhindra att minnet hämtas eller analyseras. Denna studie utför en systematisk litteraturstudie för att identifiera de aktuella anti-forensiska metoder mot minnesanalys och minnesdumpning på Windows system. Flera metoder tas upp där bland annat operativsystemet modifieras eller inbyggda säkerhetsfunktioner på CPUn används för att förhindra att information hämtas eller analyseras från minnet.<br>IT forensics face many difficulties in their work of obtaining and analyzing data. Criminals are using more and more anti-forensic methods to hide evidence that can be used against them. One common anti-forensic method is encryption. In order for IT forensics to access the encrypted information, the encryption key can be found in the memory of the computer. This makes the computer's memory valuable to retrieved and analyze. However, there are several anti-forensic methods that a criminal can use to prevent the memory from being retrieved or analyzed. This study performs a systematic literature study to identify the current anti-forensic methods against memory analysis and memory dumping on Windows system. Several methods are addressed where, among other things, the operating system is modified or built-in security functions on the CPU are used to prevent information being retrieved or analyzed from memory.
40
Schultz, John S. "Offline forensic analysis of Microsoft Windows XP physical memory." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2006. http://library.nps.navy.mil/uhtbin/hyperion/06Sep%5FSchultz.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, September 2006.<br>Thesis Advisor(s): Chris Eagle. "September 2006." Includes bibliographical references (p. 73-74). Also available in print.
41
Dowler, Shaun Wallace. "Applications of hyperspectral imaging techniques to forensic image analysis." Thesis, University of Auckland, 2010. http://hdl.handle.net/2292/9604.
Full textAbstract:
Hyperspectral imaging is a form of imaging spectroscopy developed for remote sensing. Hyperspectral algorithms have many useful properties: particularly robustness to scene conditions and the versatility to analyse a wide variety of scene compositions. Hyperspectral techniques are, however, computationally expensive. Imaging spectroscopy has been applied to the analysis of forensic crime scenes in the recent past with some success. The relative simplicity of the techniques used in these studies, however, has created an opportunity to apply hyperspectral techniques to forensic scenes. This work focused on the development of analysis techniques for camera systems suitable for imaging forensic scenes in the field. Hyperspectral unmixing allows for a scene to be decomposed into a list of material signatures and maps of the abundances of those materials. Winter’s N-FINDR was selected as a suitable unmixing technique for examination due to its popularity, performance and well-understood operation. Analyses of the operation, complexity and performance on simulated and real remote sensing scenes of N-FINDR were conducted to establish a baseline against the body of remote sensing literature. N-FINDR was shown to be an effective, albeit computationally costly, algorithm for analysing hyperspectral data. Two complementary means for reducing the complexity of the N-FINDR algorithm were considered. The algorithm was restructured and the use of an LDU decomposition allowed for redundancies in the computations to be removed. Secondly, a means for reducing the search space of the algorithm was examined and shown to have a favourable complexity-accuracy trade-off. These modifications allow for N-FINDR to form the basis of a hyperspectral still camera system. A new algorithm, Abundance Guided Endmember Selection (AGES), was developed with the property that iterations have low complexity and produce intermediate material maps. A modified version of AGES was used to develop a framework for a video camera system that made use of between-frame redundancy. Both N-FINDR and AGES were compared to more traditional techniques from forensic literature in their performance on blood shoemarks and treated fingermarks. On these scenes, NFINDR and AGES were shown to equal or outperform traditional techniques. The work constitutes major progress towards a system capable of field deployment.
42
Haak, Daniel James. "Analysis of The University of Montana Forensic Case 29." The University of Montana, 2010. http://etd.lib.umt.edu/theses/available/etd-06032010-145520/.
Full textAbstract:
The application of non-metric forensic anthropological techniques produces results that are sometimes not always scientifically valid. Using the commonly accepted techniques to produce a biological profile (age, sex, ancestry, height, pathology and trauma), an application of the methods is utilized and critiqued in the analysis of The University of Montana forensic case 29 (UMFC 29). Using the accepted techniques in forensic anthropology, UMFC 29 was identified as a Black Male with an age range of 35-65 years and a height of 53-56. Possible skeletal trauma is found on the vertebral bodies, left 4th rib, and on the left scapula and there was no obvious pathology is present on the entire skeleton. Although using non-metric techniques in forensic anthropology is thought by some researchers to not always be scientifically valid, the techniques and procedures utilized in this analysis were found to be replicable and thus scientifically acceptable.
43
Peisert, Sean Philip. "A model of forensic analysis using goal-oriented logging." Diss., Connect to a 24 p. preview or request complete full text in PDF format. Access restricted to UC campuses, 2007. http://wwwlib.umi.com/cr/ucsd/fullcit?p3246091.
Full textAbstract:
Thesis (Ph. D.)--University of California, San Diego, 2007.<br>Title from first page of PDF file (viewed March 9, 2007). Available via ProQuest Digital Dissertations. Vita. Includes bibliographical references (p. 156-165).
44
Carpenter, Robert Christopher. "Inductively coupled plasma-optical emission spectrometry for forensic analysis." Thesis, University of Plymouth, 1985. http://hdl.handle.net/10026.1/2680.
Full textAbstract:
The fundamental characteristics and applications of inductively coupled plasma - optical emission spectrometry (ICP-OES) for forensic science purposes have been evaluated. Optimisation of ICP-OES for single elements using simplex techniques identified an ICP torch fitted with a wide bore injector tube as most suitable for multielement analysis because of a compact analytical region in the plasma. A suitable objective function has been proposed for multielement simplex optimisation of ICP-OES and its effectiveness has been demonstrated. The effects of easily ionisable element (EIE) interferences have been studied and an interference minimisation simplex optimisation shown to be appropriate for the location of an interference free zone. Routine, interference free determinations (<2% for 0.5% Na) have been shown to be critically dependant on the stability of the injector gas flowrate and nebuliser derived pressure pulses. Discrete nebulisation has been investigated for the analysis of small fragments of a variety of metal alloys which could be encountered in casework investigations. External contamination together with alloy inhomogeneity have been shown to present some problems in the interpretation of the data. A compact, corrosion resistant recirculating nebuliser has been constructed and evaluated for the analysis of small fragments of shotgun steels. The stable aerosol production from this nebuliser allowed a set of element lines, free from iron interferences, to be monitored with a scanning monochromator. The analysis, classification and discrimination of casework sized fragments of brasses and sheet glasses have been performed and a method has been proposed for the analysis of white household gloss paints. The determination of metal traces on hands following the handling of a variety of metal alloys has been reported. The significance of the results from these evidential materials has been assessed for forensic science purposes.
45
Yu, Holly April. "Novel Approaches to Forensic Explosives Recovery, Storage and Analysis." Thesis, Curtin University, 2017. http://hdl.handle.net/20.500.11937/57348.
Full textAbstract:
This thesis describes a series of studies aiming to improve current practices associated with forensic explosives recovery, storage and analysis. Specifically, fundamental studies on the recovery of explosives from textiles and the storage of soil samples containing explosives were performed. A novel electrochemical technique for the detection of TNT was also developed.
46
Churinsky, Candace Renee. "Characterization of carbon electrode surfaces development of biosensors for forensic DNA applications." Thesis, Boston University, 2013. https://hdl.handle.net/2144/21139.
Full textAbstract:
Thesis (M.S.F.S) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you.<br>Quantitative polymerase chain reaction (qPCR) techniques are currently used to quantify samples containing deoxyribonucleic acid (DNA) in forensic analyses. This technology can provide valuable information to an analyst regarding the amount of DNA present but lacks the ability to determine the quality of the sample. Electrochemistry-based biosensors that utilize screen-printed electrodes may provide a method to determine the number of DNA molecules and the length of those molecules in a single assay. This work aimed to create a biosensor by electrostatically loading TPOX oligonucleotides onto a carbon screen-printed electrode for the purpose of quantifying genomic DNA. Electrochemical signal was obtained via the indicating molecule bis-benzimide H33258, which preferentially interacts with double-stranded DNA and would indicate a hybridization event. Cyclic voltammetry was chosen to measure the current signal; peaks obtained using this technique can be analyzed with the Randles-Sevčik equation, which relates current signal with concentration of the target species.
A large amount of signal variation and background charging current was observed when H33258 was used as the redox probe. This led to a study of the surface characteristics of the carbon electrodes themselves (i.e. effective surface area) by utilizing the reversible and well-characterized redox couple hexaammine ruthenium. The effect of electrode activation at high anodic potentials was also studied. Though highly recommended in the literature, activation of the carbon surface caused effective surface area and charging current to increase. While a larger electro-active surface is often desirable, the high background current generated when activation is used within the protocol can mask the signal of interest. Due to the low signal-to-noise ratio and inability to reuse the carbon electrode, it was concluded that carbon screen printed electrodes are not optimal forensic DNA biosensors.<br>2031-01-01
47
Jofre, Alegria Maria Paz. "Fighting Accounting Fraud through Forensic Analytics." Thesis, The University of Sydney, 2017. http://hdl.handle.net/2123/17826.
Full textAbstract:
Accounting Fraud is one of the most harmful financial crimes as it often results in massive corporate collapses, commonly silenced by powerful high-status executives and managers. Accounting fraud represents a significant threat to the financial system stability due to the resulting diminishing of the market confidence and trust of regulatory authorities. Its catastrophic consequences expose how vulnerable and unprotected the community is in regards to this matter, since most damage is inflicted to investors, employees, customers and government. Accounting fraud is defined as the calculated misrepresentation of the financial statement information disclosed by a company in order to mislead stakeholders regarding the firm’s true financial position. Different fraudulent tricks can be used to commit accounting fraud, either direct manipulation of financial items or creative methods of accounting, hence the need for non-static regulatory interventions that take into account different fraudulent patterns. Accordingly, this study aims to identify signs of accounting fraud occurrence to be used to, first, identify companies that are more likely to be manipulating financial statement reports, and second, assist the task of examination within the riskier firms by evaluating relevant financial red-flags, as to efficiently recognise irregular accounting malpractices. To achieve this, a thorough forensic data analytic approach is proposed that includes all pertinent steps of a data-driven methodology. First, data collection and preparation is required to present pertinent information related to fraud offences and financial statements. The compiled sample of known fraudulent companies is identified considering all Accounting Series Releases and Accounting and Auditing Enforcement Releases issued by the U.S. Securities and Exchange Commission between 1990 and 2012, procedure that resulted in 1,594 fraud-year observations. Then, an in-depth financial ratio analysis is performed in order to evaluate publicly available financial statement data and to preserve only meaningful predictors of accounting fraud. In particular, two commonly used statistical approaches, including non-parametric hypothesis testing and correlation analysis, are proposed to assess significant differences between corrupted and genuine reports as well as to identify associations between the considered ratios. The selection of a smaller subset of explanatory variables is later reinforced by the implementation of a complete subset logistic regression methodology. Finally, statistical modelling of fraudulent and non-fraudulent instances is performed by implementing several machine learning methods. Classical classifiers are considered first as benchmark frameworks, including logistic regression and discriminant analysis. More complex techniques are implemented next based on decision trees bagging and boosting, including bagged trees, AdaBoost and random forests. In general, it can be said that a clear enhancement in the understanding of the fraud phenomenon is achieved by the implementation of financial ratio analysis, mainly due to the interesting exposure of distinctive characteristics of falsified reporting and the selection of meaningful ratios as predictors of accounting fraud, later validated using a combination of logistic regression models. Interestingly, using only significant explanatory variables leads to similar results obtained when no selection is performed. Furthermore, better performance is accomplished in some cases, which strongly evidences the convenience of employing less but significant information when detecting accounting fraud offences. Moreover, out-of-sample results suggest there is a great potential in detecting falsified accounting records through statistical modelling and analysis of publicly available accounting information. It has been shown good performance of classic models used as benchmark and better performance of more advanced methods, which supports the usefulness of machine learning models as they appropriately meet the criteria of accuracy, interpretability and cost-efficiency required for a successful detection methodology. This study contributes in the improvement of accounting fraud detection in several ways, including the collection of a comprehensive sample of fraud and non-fraud firms concerning all financial industries, an extensive analysis of financial information and significant differences between genuine and fraudulent reporting, selection of relevant predictors of accounting fraud, contingent analytical modelling for better differentiate between non-fraud and fraud cases, and identification of industry-specific indicators of falsified records. The proposed methodology can be easily used by public auditors and regulatory agencies in order to assess the likelihood of accounting fraud and to be adopted in combination with the experience and instinct of experts to lead to better examination of accounting reports. In addition, the proposed methodological framework could be of assistance to many other interested parties, such as investors, creditors, financial and economic analysts, the stock exchange, law firms and to the banking system, amongst others.
48
GUARNERA, LUCA. "Discovering Fingerprints for Deepfake Detection and Multimedia-Enhanced Forensic Investigations." Doctoral thesis, Università degli studi di Catania, 2021. http://hdl.handle.net/20.500.11769/539620.
Full textAbstract:
Forensic Science, which concerns the application of technical and scientific methods to justice, investigation and evidence discovery, has evolved over the years to the birth of several fields such as Multimedia Forensics, which involves the analysis of digital images, video and audio contents. Multimedia data was (and still is), altered using common editing tools such as Photoshop and GIMP. Rapid advances in Deep Learning have opened up the possibility of creating sophisticated algorithms capable of manipulating images, video and audio in a “simple” manner causing the emergence of a powerful yet frightening new phenomenon called deepfake: synthetic multimedia data created and/or altered using generative models. A great discovery made by forensic researchers over the years concerns the possibility of extracting a unique fingerprint that can determine the devices and software used to create the data itself. Unfortunately, extracting these traces turns out to be a complicated task. A fingerprint can be extracted not only in multimedia data in order to determine the devices used in the acquisition phase, or the social networks where the file was uploaded, or recently define the generative models used to create deepfakes, but, in general, this trace can be extracted from evidences recovered in a crime scene as shells or projectiles to determine the model of gun that have fired (Forensic Firearms Ballistics Comparison). Forensic Analysis of Handwritten Documents is another field of Forensic Science that can determine the authors of a manuscript by extracting a fingerprint defined by a careful analysis of the text style in the document. Developing new algorithms for Deepfake Detection, Forensic Firearms Ballistics Comparison, and Forensic Handwritten Document Analysis was the main focus of this Ph.D. thesis. These three macro areas of Forensic Science have a common element, namely a unique fingerprint present in the data itself that can be extracted in order to solve the various tasks. Therefore, for each of these topics a preliminary analysis will be performed and new detection techniques will be presented obtaining promising results in all these domains.
49
Wanogho, S. O. "The forensic analysis of soils with particular reference to particle size distribution analysis." Thesis, University of Strathclyde, 1985. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.381113.
Full text
50
Gustafsson, Kevin, and Emil Sundstedt. "Automated file extraction in a cloud environment for forensic analysis." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-14692.
Full textAbstract:
The possibility to use the snapshot functionality of OpenStack as a method of securing evidence has been examined in this paper. In addition, the possibility of extracting evidence automatically using an existing operation tool has been investigated. The usability of snapshots in a forensic investigation was examined by conducting a series of tests on both snapshots and physical disk images. The results of the tests were then compared to evaluate the usefulness of the snapshot. Automatic extraction of evidence was investigated by implementing a solution using Ansible and evaluating the algorithm based on the existing standard ISO 27037. It was concluded that the snapshots created by OpenStack behaves similar enough to disks to be useful in a forensic investigation. The algorithm proposed to extract evidence automatically seems to not breach the standard.<br>Möjligheten att använda OpenStacks ögonblicks funktion som metod för att säkra bevis har granskats i detta papper. Dessutom har möjligheten att extrahera bevis automatiskt med ett befintligt automatiseringsverktyg undersökts. Användbarheten av ögonblicksbilder i en rättslig utredning undersöktes genom att genomföra en serie tester påbåde ögonblicksbilder och fysiska disk avbilder. Resultaten av testerna jämfördes sedan för att utvärdera användbarheten av ögonblicksbilden. Automatisk utvinning av bevis undersöktes genom att implementera en lösning med Ansible och utvärdera algoritmen baserat påden befintliga standarden ISO 27037. Det drogs slutsatsen att de ögonblicksbilder som skapats av OpenStack beter sig tillräckligt lika en fysisk disk för att avbilderna ska vara användbara vid en råttslig utredning. Den algoritm som föreslås att extrahera bevis automatiskt tycks inte bryta mot standarden.