Web browsers are essential tools for accessing the internet. Extra complexities are added to forensic investigations when recovering browsing artefacts as portable and private browsing are now common and available in popular web browsers. Browsers claim that whilst operating in private mode, no data is stored on the system. This paper investigates whether the claims of web browsers discretion are …

STorage as a Service (STaaS) cloud platforms benefits such as getting access to data anywhere, anytime, on a wide range of devices made them very popular among businesses and individuals. As such forensics investigators are increasingly facing cases that involve investigation of STaaS platforms. Therefore, it is essential for cyber investigators to know how to collect, preserve, and analyse evidences …

The DJI Phantom III drone has already been used for malicious activities (to drop bombs, remote surveillance and plane watching) in 2016 and 2017. At the time of writing, DJI was the drone manufacturer with the largest market share. This work presents the primary thorough forensic analysis of the DJI Phantom III drone, and the primary account for proprietary file …

This article explores a novel approach to file carving by viewing it as a decision problem. This allows us to design algorithms that produce best-effort results under given resource constraints. Resource-constrained carving is important for digital forensic triage, as well as for e-discovery, where a reduction in carving time may be preferred to completeness. In this work Pavel Gladyshev and Joshua I. James …

Besides its enormous benefits to the industry and community the Internet of Things (IoT) has introduced unique security challenges to its enablers and adopters. As the trend in cybersecurity threats continue to grow, it is likely to influence IoT deployments. Therefore it is eminent that besides strengthening the security of IoT systems we develop effective digital forensics techniques that when …

The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this work focuses on Linux user space processes as they might also …

Significantly increased use of USB devices due to their user-friendliness and large storage capacities poses various threats for many users/companies in terms of data theft that becomes easier due to their efficient mobility. Investigations for such data theft activities would require gathering critical digital information capable of recovering digital forensics artifacts like date, time, and device information. This research gathers …

Memory analysis has been successfully utilized to detect malware in many high profile cases. The use of signature scanning to detect malicious tools is becoming an effective triaging and first response technique. In particular, the Yara library and scanner has emerged as the defacto standard in malware signature scanning for files, and there are many open source repositories of yara …

Memory forensics is now a standard component of digital forensic investigations and incident response handling, since memory forensic techniques are quite effective in uncovering artifacts that might be missed by traditional storage forensics or live analysis techniques. Because of the crucial role that memory forensics plays in investigations and because of the increasing use of automation of memory forensics techniques, …

In recent years the use of digital communication has increased. This also increased the chance to find privileged data in the digital evidence. Privileged data is protected by law from viewing by anyone other than the client. It is up to the digital investigator to handle this privileged data properly without being able to view the contents. Procedures on handling …