Automatic, Selective and Secure Deletion of Digital Evidence

Castiglione, Aniello; Cattaneo, Giuseppe; Maio, Giancarlo De; Santis, Alfredo De

doi:10.1109/bwcca.2011.64

Cited by 19 publications

(14 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this aspect it is interesting to note that Apple's stock Photos application specifically did not generate, in our experiments, the temporary files described in this paper, whereas other 3rd party applications offering added security to store this kind of information are likely to generate the standard AirPrint traces when printing documents. As a general solution, in order to limit the possibility of recovering data from the filesystem, some techniques aimed at performing a secure deletion could be adopted, such as the one presented in [34] for the Android OS.…”

Section: Discussionmentioning

confidence: 99%

AirPrint Forensics: Recovering the Contents and Metadata of Printed Documents from iOS Devices

Gómez-Miralles¹,

Arnedo-Moreno

2015

Mobile Information Systems

View full text Add to dashboard Cite

Since its presentation by Apple, both the iPhone and iPad devices have achieved great success and gained widespread popularity. This fact, added to the given idiosyncrasies of these new portable devices and the kind of data they may store, opens new opportunities in the field of computer forensics. In 2010, version 4 of the iOS operating system introduced AirPrint, a simple and driverless wireless printing functionality supported by hundreds of printer models from all major vendors. This paper describes the traces left in the iOS device when AirPrint is used and presents a method for recovering content and metadata of documents that have been printed.

show abstract

Section: Discussionmentioning

confidence: 99%

AirPrint Forensics: Recovering the Contents and Metadata of Printed Documents from iOS Devices

Gómez-Miralles¹,

Arnedo-Moreno

2015

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…The current framework does not implement any obfuscation methods to hide its execution. Running the framework from external media as suggested in [6] could help strengthen the validity of a forged alibi.…”

Section: Limitations and Future Workmentioning

confidence: 99%

Towards Fully Automated Digital Alibis with Social Interaction

Beyer

Mulazzani

Schrittwieser

et al. 2014

Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications

View full text Add to dashboard Cite

Digital traces found on local hard drives as a result of online activities have become very valuable in reconstructing events in digital forensic investigations. This paper demonstrates that forged alibis can be created for online activities and social interactions. In particular, a novel, automated framework is presented that uses social interactions to create false digital alibis. The framework simulates user activity and supports communications via email as well as instant messaging using a chatbot. The framework is evaluated by extracting forensic artifacts and comparing them with the results obtained from a human user study.

show abstract

“…It is based on the removal of unwanted traces by means of a secure deletion procedure. According to the definition given in [32], the secure deletion of an information is a task that involves the removal of any traces of this information from the system, as well as any evidence left by the deletion procedure itself. The core of a secure deletion procedure is the wiping function, which should guarantee complete removal of the selected data from the system.…”

Section: B Unwanted Evidence Handlingmentioning

confidence: 99%

Automated Production of Predetermined Digital Evidence

et al. 2013

Self Cite

View full text Add to dashboard Cite

Digital evidence is increasingly used in juridical proceedings. In some recent legal cases, the verdict has been strongly influenced by the digital evidence proffered by the defense. Digital traces can be left on computers, phones, digital cameras, and also on remote machines belonging to ISPs, telephone providers, companies that provide services via Internet such as YouTube, Facebook, Gmail, and so on. This paper presents a methodology for the automated production of predetermined digital evidence, which can be leveraged to forge a digital alibi. It is based on the use of an automation, a program meant to simulate any common user activity. In addition to wanted traces, the automation may produce a number of unwanted traces, which may be disclosed upon a digital forensic analysis. These include data remanence of suspicious files, as well as any kind of logs generated by the operating system modules and services. The proposed methodology describes a process to design, implement, and execute the automation on a target system, and to properly handle both wanted and unwanted evidence. Many experiments with different combinations of automation tools and operating systems are conducted. This paper presents an implementation of the methodology through VBScript on Windows 7. A forensic analysis on the target system is not sufficient to reveal that the alibi is forged by automation. These considerations emphasize the difference between digital and traditional evidence. Digital evidence is always circumstantial, and therefore it should be considered relevant only if supported by stronger evidence collected through traditional investigation techniques. Thus, a Court verdict should not be based solely on digital evidence

show abstract

Automatic, Selective and Secure Deletion of Digital Evidence

Cited by 19 publications

References 3 publications

AirPrint Forensics: Recovering the Contents and Metadata of Printed Documents from iOS Devices

AirPrint Forensics: Recovering the Contents and Metadata of Printed Documents from iOS Devices

Towards Fully Automated Digital Alibis with Social Interaction

Automated Production of Predetermined Digital Evidence

Contact Info

Product

Resources

About