Dissertations / Theses on the topic 'Iot forensics'
To see the other types of publications on this topic, follow the link: Iot forensics.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 28 dissertations / theses for your research on the topic 'Iot forensics.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Kruger, Jaco-Louis. "Digital forensic readiness for IOT devices." Diss., University of Pretoria, 2019. http://hdl.handle.net/2263/73385.
Full textAbstract:
The Internet of Things (IoT) has evolved to be an important part of modern society. IoT devices can be found in several environments such as smart homes, transportation, the health sector, smart cities and even facilitates automation in organisations. The increasing dependence on IoT devices increases the possibility of security incidents in the physical or cyber environment. Traditional methods of digital forensic (DF) investigations are not always applicable to IoT devices due to their limited data processing resources. A possible solution for conducting forensic investigations on IoT devices is to utilise a proactive approach known as digital forensic readiness (DFR).
This dissertation firstly aims to conduct a thorough review of the available literature in the current body of knowledge to identify a clear process that can be followed to implement DFR tailored for IoT devices. This dissertation then formulates requirements for DFR in IoT based on existing forensic techniques. The requirements for DFR in IoT give rise to the development of a model for DFR in IoT, which is then implemented in a prototype for IoT devices. The prototype is subsequently tested and evaluated on IoT devices that conduct proactive DFR in a simulation of a smart home system. Finally, the dissertation illustrates the feasibility of the DFR processes for IoT and serves as a basis for future research with regards to DFR in IoT. This dissertation will impact future research with regards to developing a standard for DFR in IoT.Dissertation (MSc)--University of Pretoria, 2019.
Computer Science
MSc
Unrestricted
2
Lu, Andy. "Forensic analysis on wireless medical devices." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2022. https://ro.ecu.edu.au/theses/2541.
Full textAbstract:
The number of Internet of Things (IoT) devices is forecast to grow to over 25 billion by 2030, with the healthcare IoT market projected to grow to 25.9% of IoT devices by 2028 worldwide. However, with new and growing technologies come new types of risks. Current risk assessment and risk management methods haven’t been designed to anticipate or predict these risks. IoT risks relate to openness and lack of standardisation, linking and connectivity between the devices and the lack of skilled support for IoT devices and networks. These factors put medical IoT devices and, by extension, their users at risk from cyber threats. Additionally, the attack surface for the medical IoT has not been fully mapped, nor have the risks been fully assessed. The lack of coverage means increased risk for manufacturers, medical facilities, and potentially, patients. This project evaluates the effectiveness of how new and emerging wireless and connected medical devices can be managed and analysed through a digital forensic framework. An initial analysis of the currently available frameworks showed that they did not address the nuances of implementing a wireless or connected medical device into a healthcare organisation.
Digital forensic frameworks that were deemed relevant to wireless medical devices were selected and tested against several currently available wireless medical devices. Four frameworks were tested across four devices each. The outcome was that none of the frameworks was fully able to effectively manage wireless medical devices (at least in terms of the objectives of digital forensics), with each missing elements that would aid an investigator or a hospital organisation in the case of a cyber-related incident.
These results led to the synthesis and testing of a framework that addressed the missing elements. The framework emphasises forensic readiness planning and risk management. The synthesised framework was tested against a new device. The results of the test found that the synthesised framework was effective in both the proactive digital forensics approach and reactive approach. The testing found that the framework performed better than the other tested frameworks, containing additional phases and steps that were advantageous in preparing and reacting to incidents involving wireless medical devices.
3
Shakir, Amer, Muhammad Hammad, and Muhammad Kamran. "Comparative Analysis & Study of Android/iOS MobileForensics Tools." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-44797.
Full textAbstract:
This report aims to draw a comparison between two commercial mobile forensics and recovery tools, Magnet AXIOM and MOBILedit. A thorough look at previously done studies was helpful to know what aspects of the data extractions must be compared and which areas are the most important ones to focus upon. This work focuses on how the data extracted from one tool compares with another and provides comprehensive extraction based on different scenarios, circumstances, and aspects. Performances of both tools are compared based on various benchmarks and criteria. This study has helped establish that MOBILedit has been able to outperform Magnet AXIOM on more data extraction and recovery aspects. It is a comparatively better tool to get your hands on.
4
Ohlsson, Oliver. "En forensisk analys av iOS." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-23783.
Full textAbstract:
Sedan Apple introducerade sin iPhone 2007 har användadet av smarta telefoner ökat ständigt. De används inte bara i hemmet utan även på företag och i militären. På företagsmobiler finns det mer och mer viktig information såsom mail, sms och viktiga filer. För en hacker skulle det därför vara möjligt att komma åt hela företaget genom att gå in på en mobiltelefon som används i verksamheten. För att motverka det har det implementerats säkerhetsfunktioner i dagens mobiltelefoner som tex kryptering. I detta arbetet har målet varit att undersöka dessa säkerhetsfunktioner och vad för information som går att utvinna ur en iPhone. Genom att undersöka vilka säkerhetsfunktioner som implementerats och hur mycket information som går att få ut kommer frågeställningarna besvaras. Det har skrivits ett antal arbeten om iOS-säkerhet, men de flesta är skrivna om äldre versioner av operativsystemet. I det här arbetet kommer det senaste, iOS 6.1.4, testas i programmet XRY.
5
Ovens, Kenneth Martin. "Digital forensic analysis of communication applications on Apple iOS devices." Thesis, Glasgow Caledonian University, 2017. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.743916.
Full text
6
Alatram, Ala'a A. M. "A forensic framework for detecting denial-of-service attacks in IoT networks using the MQTT protocol." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2022. https://ro.ecu.edu.au/theses/2561.
Full textAbstract:
In the domain of the Internet of Things (IoT), The Message Queueing Telemetry Protocol (MQTT) is the most widely used protocol for applications across a wide range of realms, including industrial automation, healthcare, smart homes, and smart cities; MQTT is also used in many other critical real-world applicastions. An example is BMW’s Car Sharing application, that uses MQTT to provide reliable connectivity. However, due to a lack of security considerations during the design of the MQTT protocol, all the networks implementing it are prone to cyberattacks, such as denial-of-service (DoS) attacks. While the research community has a primary focus on MQTT vulnerabilities from the perspective of intrusion detection, digital forensic considerations of the protocol have yet to be addressed. This work attempts to address this issue, specifically by generating a novel dataset based on data captured from a testbed in an IoT setting, and the application of optimised Machine Learning (ML) algorithms to differentiate between cyberattacks and benign network traffic. The philosophical assumptions guiding the conduct of this research are Positivist Paradigm, Quantitative Methodology, Experimental Research Mode, and Quasi-Experimental as a Sub-category. As a result of the IoT testbed construction, a substantial quantity of IoT data was produced, including standard MQTT data and ten different DoS and DDoS attack scenarios. In addition, a network forensic analysis of the collected data shows specific information that can be extracted and the differences between attacks and normal data. Also, eight different ML algorithms were compared, resulting in the suggestions of Random Forest (RF), XGBoost, and Artificial Neural Network (ANN) for use in the proposed framework. Gray Wolf Optimiser (GWO) was selected to combine RF and ANN in a core component of the framework. It has been demonstrated that RF with GWO and ANN with GWO can optimise results. The output of this research can have a potential impact on the implementations of MQTT-powered networks globally, thereby improving the security of modern networks that use this protocol.
7
Jonah, Tosin Mobolaji. "Selective Sensing of Ions and Ion Pairs of Environmental and Forensic Significance." FIU Digital Commons, 2017. https://digitalcommons.fiu.edu/etd/3498.
Full textAbstract:
Dual-host combinations of cation and anion sensors have unique potential for selective detection of ion pairs, such as NH4NO3, via solvent extraction. Selective sensors for NH4+ and NO3- were synthesized and used together for ion-pair sensing of ammonium nitrate both in organic solvents (using Bu4N+NO3 - and NH4+PF6-) and in extraction of NH4NO3 from water into dichloromethane. A fluorescent sensor for NH4+ based on 1,3,5-triethylbenzene shows remarkable binding and sensing selectivity for NH4+ vs. K+. Fluorescence and 1H-NMR titrations reveal surprising differences in sensing properties and binding constants for the tris-(3,5-dimethyl)pyrazole vs. the tris(3,5-diphenyl)pyrazole. The role of ion pairing and solvation is revealed by X-ray and theoretical DFT studies. We have also demonstrated a unique dual-host extraction-based ion-pair sensing paradigm using Förster Resonance Energy Transfer (FRET), showing selectivity for NH4NO3. The fluorescence emission of the NH4+ sensor tris-(3,5-dimethyl)pyrazole (305-340 nm), is compatible with the excitation wavelength of the dansyl fluorophore of the nitrate sensor 1,3,5-Tris-(5-dimethylamino-1-naphthalenesulfonamido)methyl]-2,4,6-triethylbenzene, thus resulting in FRET emission upon combined use of these two sensors for the NH4NO3 ion pair. Contact of dichloromethane solutions containing the two hosts with aqueous solutions of NH4NO3 (1 x 10-5 M to 1 x 10-4 M ), resulted in FRET fluorescence enhancements at 510 nm, with increasing concentrations of NH4NO3, while NaNO3, KNO3, NaCl and KCl showed only minimal fluorescence responses, under identical conditions. The ability of the tris-pyrazole to bind cations, such as NH4+, was also exploited in a detailed fluorescence and 1H-NMR Ln(III), binding study using tris-pyrazoles with varying substitution patterns. The dependence of fluorescence responses on pyrazole substitution that had been observed for NH4+ was also observed for different Ln(III), indicating the significant role of ion pairing for Ln(III) binding and fluorescence sensing. Likewise, the tris-dansyl nitrate receptor, in its deprotonated form, was also found to be an efficient Hg(II) fluorescent sensor. An X-ray crystal structure showed the ability of the trianionic version of this receptor to bind three Hg(II) atoms, also containing three CH3COO- counteranions. The X-ray crystal structure of the same receptor with HgCl2 gave a 2:1 complexation pattern, with one Hg atom complexed by two bis-deprotonated receptor molecules
8
Russell, Paul. "Membrane properties and calcium ion activity in skeletal muscle fibres of the dystrophic mouse." Thesis, University of Central Lancashire, 1993. http://clok.uclan.ac.uk/20630/.
Full textAbstract:
The ReJI29 murine model of muscular dystrophy was employed to investigate the properties of skeletal muscle plasmalemma and calcium ion movements during muscle wastage, with the intention of determining the route of calcium influx, and the efficacy of calcium ion blockers in preventing this influx. Electrophysiological parameters (Resting membrane potential [RMP] and input resistance) reached adult magnitude in normal soleus and extensor digitorum longus (EDL) by 4 weeks and 3 weeks respectively. Electrophysiological parameters in dystrophic soleus developed in a similar maimer to normal muscle, but RMP in dystrophic EDL was reduced and input resistance was elevated suggesting the presence of a population of regenerating fibres. Twitch and contracture tension development reached mature levels by 4 weeks in normal soleus muscle, but development was prolonged to 10 weeks in EDL, due to the slower development of type II fibres. Contracture tension was markedly smaller in EDL possibly due to fibre type-related differences in the concentrations of calcium sequestering proteins. Twitch and contracture tension in dystrophic soleus was identical to normal. In dystrophic EDL, 4 week old muscle did not generate tension from either electrical or chemical stimulation. Older muscles generated tension but smaller than their normal counterparts. Twitch and contracture tomography revealed similarities between dystrophic EDL and immature normal EDL corroborating with the conclusions made from the electrophysiological experiments. Caffeine contractures generated in glycinerated normal soleus muscle, incubated in low calcium saline, and then bathed in high calcium saline reached 115-185% the magnitude of caffeine contractures generated prior to incubation. 4 week dystrophic soleus attained similar sized contractures, but contractures were reduced to 77-90% in older muscles. This technique was found to be inappropriate in the study of EDL. Caffeine contractures generated by normal soleus in normal saline, after incubation in low calcium saline, reached the magnitude of contractures generated in high calcium saline after 30 minutes. Contractures generated by dystrophic soleus remained identical to those generated in high calcium saline suggesting that the sarcoplasmic reticulum in these fibres was unable to cope with a high calcium load. This result gave the first indication that soleus muscle was affected by muscular dystrophy. Membrane bound calcium derived from 45Calcium influx studies was 2nmoles/mg tissue/30 minutes in soleus and 1 Snmoles/mg tissue weight/30 minutes in EDL. Intracellular influx was 0.5-0.6nmoles/mg tissue weight/ 30 minutes in both muscles. Membrane bound calcium was elevated in dystrophic EDL to 2.5-3.8nmoles/mg tissue weight/30 minutes, but influx was normal in both dystrophic soleus and EDL, casting doubt on whether the plasmalemma is more permeable to calcium. The increase in membrane bound calcium may be artefactual. Cadmium blocked influx in both normal and dystrophic muscles. Blot weights showed continual growth in normal muscles although the rate decreased after 10 weeks. In dystrophic muscles growth ceased after 10 weeks. NCP data was limited but did show a decrease in dystrophic muscle, followed by an increase. Tension as a function of tissue mass, revealed that the contractile apparatus in normal soleus matured within 2 weeks, and by 10 weeks in EDL due to the differences in myosin isoforms present in each fibre type. These ratios were elevated in dystrophic muscle indicating calcium accumulation in the sarcoplasmic reticulum. The results showed that EDL muscle was more severely affected by muscular dystrophy. Between 2 and 4 weeks, the muscle underwent degeneration via an unidentified process. There was regeneration, and the regenerating fibres appeared to be normal. Soleus muscle appeared resistant to the disease but succumbed under unusual chemical stresses. Some aspects of development of normal muscle were also considered.
9
Buxton, Tricia L. "Solving Problems in Ion Mobility Measurements of Forensic Samples with Thermal Desorption and Dynamic Modeling." Ohio University / OhioLINK, 2002. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1019244669.
Full text
10
Lu, Yao. "Forensic Applications of Gas Chromatography-Differential Mobility Spectrometry, Gas Chromatography/Mass Spectrometry, and Ion Mobility Spectrometry with Chemometric Analysis." Ohio University / OhioLINK, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1267816777.
Full text
11
Martin, Bertha Louise. "High pressure liquid chromatography ion exchange studies on bile relating to the postmortem interval." Scholarly Commons, 1987. https://scholarlycommons.pacific.edu/uop_etds/2141.
Full textAbstract:
It is the purpose of this, then, to investigate the feasibility of using the changes of concentrations of small iconic decomposition products in bile as indicators of time since death. High pressure liquid chromatography was selected for measurement of these changes.
12
Ochoa, Mariela L. "Forensic and Proteomic Applications of Thermal Desorption Ion Mobility Spectrometry and Matrix-Assisted Laser Desorption/Ionization Time-of-Flight Mass Spectrometry." Ohio University / OhioLINK, 2005. http://www.ohiolink.edu/etd/view.cgi?ohiou1113585811.
Full text
13
Collin, Olivier L. "Development of a Novel Tandem Mass Spectrometry Technique for Forensic and Biological Applications." View abstract, 2007. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&res_dat=xri:pqdiss&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&rft_dat=xri:pqdiss:3292877.
Full text
14
Rearden, Preshious R. A. "Applications of Solid Phase Microextraction with Ion and Differential Mobility Spectrometry for the Study of Jet Fuels and Organophosphonates." Ohio University / OhioLINK, 2006. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1142627911.
Full text
15
Lai, Hanh Tuyet. "The Construction and Optimization on an Ion Mobility Spectrometer for the Analysis of Explosives and Drugs." FIU Digital Commons, 2010. http://digitalcommons.fiu.edu/etd/169.
Full textAbstract:
Today, over 15,000 Ion Mobility Spectrometry (IMS) analyzers are employed at worldwide security checkpoints to detect explosives and illicit drugs. Current portal IMS instruments and other electronic nose technologies detect explosives and drugs by analyzing samples containing the headspace air and loose particles residing on a surface. Canines can outperform these systems at sampling and detecting the low vapor pressure explosives and drugs, such as RDX, PETN, cocaine, and MDMA, because these biological detectors target the volatile signature compounds available in the headspace rather than the non-volatile parent compounds of explosives and drugs. In this dissertation research volatile signature compounds available in the headspace over explosive and drug samples were detected using SPME as a headspace sampling tool coupled to an IMS analyzer. A Genetic Algorithm (GA) technique was developed to optimize the operating conditions of a commercial IMS (GE Itemizer 2), leading to the successful detection of plastic explosives (Detasheet, Semtex H, and C-4) and illicit drugs (cocaine, MDMA, and marijuana). Short sampling times (between 10 sec to 5 min) were adequate to extract and preconcentrate sufficient analytes (> 20 ng) representing the volatile signatures in the headspace of a 15 mL glass vial or a quart-sized can containing ≤ 1 g of the bulk explosive or drug. Furthermore, a research grade IMS with flexibility for changing operating conditions and physical configurations was designed and fabricated to accommodate future research into different analytes or physical configurations. The design and construction of the FIU-IMS were facilitated by computer modeling and simulation of ion’s behavior within an IMS. The simulation method developed uses SIMION/SDS and was evaluated with experimental data collected using a commercial IMS (PCP Phemto Chem 110). The FIU-IMS instrument has comparable performance to the GE Itemizer 2 (average resolving power of 14, resolution of 3 between two drugs and two explosives, and LODs range from 0.7 to 9 ng). The results from this dissertation further advance the concept of targeting volatile components to presumptively detect the presence of concealed bulk explosives and drugs by SPME-IMS, and the new FIU-IMS provides a flexible platform for future IMS research projects.
16
Lisander, Joakim, and Niklas Lyxell. "Problem kring mobilforensik : En sammanställning om hur mobiltelefoner och forensiska verktyg hanterar kryptering, utvinning och molnlagring." Thesis, Högskolan i Halmstad, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-30747.
Full textAbstract:
Mobiltelefoner innehåller idag en stor mängd information som är av stort forensiskt intresse. Att skydda informationen i sin telefon är en självklarhet för många och utvecklarna av de mobila operativsystemen lägger nu större vikt på säkerhet och skydd av information. Kryptering är idag standard i de flesta mobiltelefoner och det leder till problem vid utvinning. Arbetet tar upp och jämför hur kryptering hanteras av iOS, Android och Windows Phone och vilka tillvägagångssätt som finns vid utvinning av data genom att kringgå skärmlåsen som krävs för att krypteringen ska fungera. Arbetet ger även en inblick på molnlagring i och med att det blir allt vanligare och kan komma att bli mer relevant för forensiker eftersom telefonerna blir allt svårare att utvinna data ifrån. Dessutom ges en liten inblick på forensiska verktyg som finns idag, vilka brister de har och vad som är oklart hos dem. Frågeställningarna har besvarats genom att en grundläggande litteraturstudie genomförts för att få den bakgrundsfakta som krävs. Därefter gjordes det experiment för att visa på brister i de forensiska verktygen. Avslutningsvis svarade två it-forensiker från polisen på intervjufrågor via mail, det gjordes för att lyfta fram problematiken och visa på hur situationen ser ut i arbetslivet idag. Arbetets resultat visar på att alla operativsystem ger, beroende på hur användaren har anpassat telefonen, möjlighet till fullt skydd mot utvinning. Och därmed klarar de forensiska verktygen som finns idag inte av att utvinna någon relevant information ifrån de senaste mobiltelefonerna. Som forensiker borde man utnyttja att molnlagring börjat användas mer och mer, då det där kan finns mycket bra information. Slutsatser som kan dras efter arbetet är att det behövs nya metoder för att utvinna data ifrån mobiltelefoner då de metoder som tidigare använts inte är kompatibla med de senaste telefonerna på grund utav de krypteringsfunktioner som används. Det finns metoder som kan fungera, men dessa metoder fungerar bara med rätt förutsättningar, vilket gör att det inte är en lösning som man alltid kan applicera. Forensiker borde även utforska möjligheten att få fram information ifrån molnlagringstjänster ifall data på telefonen är oåtkomlig för alla utom ägaren. Arbetet syftar inte till att ta fram nya metoder för utvinning eller arbetssätt inom det stora området forensik, utan kartlägger problemområdet inom mobilforensik och ger förslag på och diskuterar möjliga lösningar.
17
Cinti, Mariagrazia. "Metodologie e tecniche per l'analisi forense di dispositivi di telefonia mobile." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/6677/.
Full textAbstract:
Studio che approfondisce e compare le diverse metodologie e tecniche utilizzabili per l'analisi di dispositivi di telefonia cellulare, in particolar modo smartphone, nel contesto di indagini di mobile device forensics
18
Baghyari, Roza, and Carolina Nykvist. "Händelsekonstruktion genom säkrande och analys av data från ett hemautomationssystem." Thesis, Linköpings universitet, Datorteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-157619.
Full textAbstract:
I detta examensarbete har tidsstämplar extraherats ur ett forensiskt perspektiv från ett hemautomationssystem med styrenheten Homey från Athom. Först konstruerades ett fiktivt händelsescenario gällande ett inbrott i en lägenhet med ett hemautomationssystem. Hemautomationssystemet bestod av flera perifera enheter som använde olika trådlösa nätverksprotokoll. Enheterna triggades under händelsescenariot. Därefter testades olika metoder för att få ut data i form av tidsstämplar. De metoder som testades var rest-API, UART och chip-off på flashminnet medan JTAG inte hanns med på grund av tidsbrist. Den metod som gav bäst resultat var rest-API:t som möjliggjorde extrahering av alla tidsstämplar samt information om alla enheter. I flashminnet hittades alla tidsstämplar, men det var inte möjligt att koppla ihop dessa tidsstämplar med en specifik enhet utan att använda information från rest-API:t. Trots att rest-API:t gav bäst resultat så var det den metod som krävde en mängd förutsättningar i form av bland annat inloggningsuppgifter eller en rootad mobil. Med hjälp av de extraherade tidsstämplarna rekonstruerades sedan händelsescenariot för inbrottet.The purpose of this bachelor thesis was to extract timestamps from a home automation system with a control unit named Homey in a forensic perspective. The first step was to create a course of event regarding a burglar breaking into an apartment with home automation. The home automation system consisted of some peripheral units using different types of wireless network protocols. All these units were triggered during the break in. Thereafter different types of methods were tested in an attempt to extract the timestamps for each unit. These methods included rest-API, UART and chip-off on a flash memory. The method using JTAG were not tested due to lack of time. Rest-API was the method that provided most information about the units and time stamps. The flash memory also contained every timestamp, however it did not provide any information about which timestamp belonged to which unit. Even though the rest-API was the best method to extract data, it was also the method with most requirements such as credentials or a rooted smartphone. With the extracted timestamps it was possible to reconstruct the course of events of the break-in.
19
Ekfeldt, Jonas. "Om informationstekniskt bevis." Doctoral thesis, Stockholms universitet, Juridiska institutionen, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-125286.
Full textAbstract:
Information technology evidence consists of a mix of representations of various applications of digital electronic equipment, and can be brought to the fore in all contexts that result in legal decisions. The occurrence of such evidence in legal proceedings, and other legal decision-making, is a phenomenon previously not researched within legal science in Sweden. The thesis examines some of the consequences resulting from the occurrence of information technology evidence within Swedish practical legal and judicial decision-making. The thesis has three main focal points. The first consists of a broad identification of legal problems that information technology evidence entails. The second focal point examines the legal terminology associated with information technology evidence. The third focal point consists of identifying sources of error pertaining to information technology evidence from the adjudicator’s point of view. The examination utilizes a Swedish legal viewpoint from a perspective of the public trust in courts. Conclusions include a number of legal problems in several areas, primarily in regards to the knowledge of the adjudicator, the qualification of different means of evidence and the consequences of representational evidence upon its evaluation. In order to properly evaluate information technology evidence, judges are – to a greater extent than for other types of evidence – in need of (objective) knowledge supplementary to that provided by parties and their witnesses and experts. Furthermore, the current Swedish evidence terminology has been identified as a complex of problems in and of itself. The thesis includes suggestions on certain additions to this terminology. Several sources of error have been identified as being attributable to different procedures associated with the handling of information technology evidence, in particular in relation to computer forensic investigations. There is a general need for future research focused on matters regarding both standards of proof for and evaluation of information technology evidence. In addition, a need for deeper legal scientific studies aimed at evidence theory has been identified, inter alia regarding the extent to which frequency theories are applicable in respect to information technology evidence. The need for related further discussions on future emerging areas such as negative evidence and predictive evidence are foreseen.
20
(11205891), Tanvi Milind Gandhi. "Forensic Analysis of GroupMe on Android and iOS Smartphones." Thesis, 2021.
Find full textAbstract:
The growing popularity of instant messaging has led to the conception of several new applications over the span of the past decade. This has opened up an attack surface for cybercriminals to target susceptible app users. GroupMe is a free IM app widely used by students and so far, no comprehensive forensic analysis has been performed to aid forensic practitioners in recovering evidence from GroupMe on smartphones. This research performs a detailed analysis of the digital artifacts left by the app on Android and iOS devices. This was achieved by installing the app on two mobile phones (Samsung Galaxy S7 Edge and iPhone 6), and identifying each artifact created by performing a series of actions in the app ranging from sending texts, to sharing images and documents, along with their location. Using Cellebrite UFED and Magnet AXIOM, a significant number of artifacts were accurately recovered mainly from the “GroupMe.sqlite” and “GroupMe.sqlite-wal” databases. Out of the 335 artifacts populated on the iPhone, 317 were correctly recovered by both UFED and AXIOM, resulting in an accuracy of 94.62%. No GroupMe related artifacts could be recovered from the Android device. This was due to several physical imaging and rooting limitations imposed by the Samsung SM-935A model, which was used during the study.
21
"Enhancing Mobile Forensics on iOS." Master's thesis, 2015. http://hdl.handle.net/2286/R.I.36434.
Full textAbstract:
abstract: Due to the shortcomings of modern Mobile Device Management solutions, businesses
have begun to incorporate forensics to analyze their mobile devices and respond
to any incidents of malicious activity in order to protect their sensitive data. Current
forensic tools, however, can only look a static image of the device being examined,
making it difficult for a forensic analyst to produce conclusive results regarding the
integrity of any sensitive data on the device. This research thesis expands on the
use of forensics to secure data by implementing an agent on a mobile device that can
continually collect information regarding the state of the device. This information is
then sent to a separate server in the form of log files to be analyzed using a specialized
tool. The analysis tool is able to look at the data collected from the device over time
and perform specific calculations, according to the user's specifications, highlighting
any correlations or anomalies among the data which might be considered suspicious
to a forensic analyst. The contribution of this paper is both an in-depth explanation
on the implementation of an iOS application to be used to improve the mobile forensics
process as well as a proof-of-concept experiment showing how evidence collected
over time can be used to improve the accuracy of a forensic analysis.Dissertation/Thesis
Masters Thesis Computer Science 2015
22
蔡蕣竟. "iOS-Jailbreaking Forensics and Evidence Analysis." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/73j5n2.
Full text
23
葉書廷. "iOS Forensics in Instant Message with Mobile Explorations." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/nxjb2c.
Full text
24
HOUŠKA, Jan. "Tvorba analytického nástroje ke zjišťování vazeb pro potřeby forenzních analýz ICT." Master's thesis, 2015. http://www.nusl.cz/ntk/nusl-201534.
Full textAbstract:
The objective of this thesis is to design and implement an application, which will on the basis of outputs from selected forensic tools analyse and search for relations among individual participants in communication. The paper will first describe procedures of digital forensics and selected programs used for digital forensics. Following chapters will be dedicated to description of the whole development cycle of the application. The main outcome of the thesis will be a finished application meeting the requirements of the assignment and enabling not only search for relations based on outputs from forensic tools, but also search for additional possible relations from open sources.
25
"Nuclear Fission Weapon Yield, Type, and Neutron Spectrum Determination Using Thin Li-ion Batteries." Doctoral diss., 2017. http://hdl.handle.net/2286/R.I.44161.
Full textAbstract:
abstract: With the status of nuclear proliferation around the world becoming more and more complex, nuclear forensics methods are needed to restrain the unlawful usage of nuclear devices. Lithium-ion batteries are present ubiquitously in consumer electronic devices nowadays. More importantly, the materials inside the batteries have the potential to be used as neutron detectors, just like the activation foils used in reactor experiments. Therefore, in a nuclear weapon detonation incident, these lithium-ion batteries can serve as sensors that are spatially distributed.
In order to validate the feasibility of such an approach, Monte Carlo N-Particle (MCNP) models are built for various lithium-ion batteries, as well as neutron transport from different fission nuclear weapons. To obtain the precise battery compositions for the MCNP models, a destructive inductively coupled plasma mass spectrometry (ICP-MS) analysis is utilized. The same battery types are irradiated in a series of reactor experiments to validate the MCNP models and the methodology. The MCNP nuclear weapon radiation transport simulations are used to mimic the nuclear detonation incident to study the correlation between the nuclear reactions inside the batteries and the neutron spectra. Subsequently, the irradiated battery activities are used in the SNL-SAND-IV code to reconstruct the neutron spectrum for both the reactor experiments and the weapon detonation simulations.
Based on this study, empirical data show that the lithium-ion batteries have the potential to serve as widely distributed neutron detectors in this simulated environment to (1) calculate the nuclear device yield, (2) differentiate between gun and implosion fission weapons, and (3) reconstruct the neutron spectrum of the device.Dissertation/Thesis
Doctoral Dissertation Electrical Engineering 2017
26
Denman, John A. "The application of time-of-flight secondary ion mass spectrometry (ToF-SIMS) to forensic glass analysis and questioned document examination." 2007. http://arrow.unisa.edu.au:8081/1959.8/40576.
Full textAbstract:
The combination of analytical sensitivity and selectivity provided by time-of-flight secondary ion mass spectrometry (ToF-SIMS), with advanced statistical interrogation by principal component analysis (PCA), has allowed a significant advancement in the forensic discrimination of pen, pencil and glass materials based on trace characterisation.
27
McKenna, Josiah Michael. "Paper spray mass spectrometry (PS-MS) for toxicological drug screens and biomonitoring of chemical warfare agent exposure." Thesis, 2017. https://doi.org/10.7912/C2TQ04.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)Paper spray is an ambient ionization technique for mass spectrometry that is well-known for its ability to accomplish rapid and sensitive analyses without any need for sample preparation. This work further develops the technique in two major areas: negative ionization and drug screening. Negative ionization has always been an obstacle to electrospray-based ion sources because of its vulnerability to corona discharge, but methods are presented here to both quantify and suppress this electrical phenomenon, thus preventing it from interfering with qualitative/quantitative analyses. The validity of the discharge-suppressing method is demonstrated for both a simple screen of barbiturates and other acidic drugs (Chapter 2) and the detection and quantitation of chemical warfare agent hydrolysis products (Chapter 3). Additionally, a positive ion drug screen is applied to the analysis of postmortem blood samples (Chapter 4), achieving rapid and effective screening of 137 different drugs ranging from pharmaceuticals to drugs of abuse. The performance of this screen is also evaluated by comparing the results of the postmortem samples to those obtained using a more established series of assays. The research contained herein presents strides toward forensic application of paper spray mass spectrometry, especially in disciplines related to forensic toxicology.
28
Schotsmans, Eline M. J., J. Denton, J. Dekeirsschieter, T. Ivaneanu, S. Leentjes, Robert C. Janaway, and Andrew S. Wilson. "Effects of hydrated lime and quicklime on the decay of buried human remains using pig cadavers as human body analogues." 2012. http://hdl.handle.net/10454/6173.
Full textAbstract:
Recent casework in Belgium involving the search for human remains buried with lime, demonstrated the need for more detailed understanding of the effect of different types of lime on cadaver decomposition and its micro-environment. Six pigs (Sus scrofa) were used as body analogues in field experiments. They were buried without lime, with hydrated lime (Ca(OH)(2)) and with quicklime (CaO) in shallow graves in sandy loam soil in Belgium and recovered after 6 months of burial. Observations from these field recoveries informed additional laboratory experiments that were undertaken at the University of Bradford, UK. The combined results of these studies demonstrate that despite conflicting evidence in the literature, hydrated lime and quicklime both delay the decay of the carcass during the first 6 months. This study has implications for the investigation of clandestine burials and for a better understanding of archaeological plaster burials. Knowledge of the effects of lime on decomposition processes also has bearing on practices involving burial of animal carcasses and potentially the management of mass graves and mass disasters by humanitarian organisations and DVI teams.No