Your search keyword '"data forensics"' showing total 21 results

1. Data recovery methods for DNA storage based on fountain codes

Author

Schwarz, Peter Michael and Freisleben, Bernd

Published

2024

2. INVESTIGATION OF RESIDUAL DATA ON SECOND HAND SMART PHONES.

Author

Boonkrong, Sirapat and Heeptaisong, Tongpool

Subjects

*SMARTPHONES

Abstract

Due to rapid changes in technology, many new models of smart phones are introduced to the market every year. This has led to people changing their smart phones more frequently, which means more smart phones have become available in the second hand market for those who would like to own them at lower prices. The research was begun with a question of whether or not there would be any data belonging to the previous users remained on the phones, and if so, how much of it would still be accessible. In order to answer the questions, thirty second hand smart phones with different versions of both iOS and Android operating systems were bought from the second hand market in Thailand. The main aim of this research was to determine the types of data, if any, that still remained on the obtained second hand smart phones. The experiment showed that approximately 63 per cent of the second hand smart phones investigated in this research still contained data that were both confidential and recoverable. The awareness of this security issue is hoped to be raised as a result. [ABSTRACT FROM AUTHOR]

Published

2022

3. Getting to Grips with Exam Fraud: A Qualitative Study Towards Developing an Evidence Based Educational Data Forensics Protocol

Author

van Ommering, Christiaan J., de Klerk, Sebastiaan, Veldkamp, Bernard P., Barbosa, Simone Diniz Junqueira, Editorial Board Member, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Yuan, Junsong, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Draaijer, Silvester, editor, Joosten-ten Brinke, Desirée, editor, and Ras, Eric, editor

Published

2019

4. The Use of Theory of Linear Mixed-Effects Models to Detect Fraudulent Erasures at an Aggregate Level.

Author

Peng, Luyao and Sinharay, Sandip

Subjects

*COMPUTERS, *RESEARCH methodology, *REGRESSION analysis, *COMPARATIVE studies, *FRAUD, *DESCRIPTIVE statistics, *RESEARCH funding, *FORENSIC sciences, *EMPIRICAL research, *STATISTICAL sampling

Abstract

Wollack et al. (2015) suggested the erasure detection index (EDI) for detecting fraudulent erasures for individual examinees. Wollack and Eckerly (2017) and Sinharay (2018) extended the index of Wollack et al. (2015) to suggest three EDIs for detecting fraudulent erasures at the aggregate or group level. This article follows up on the research of Wollack and Eckerly (2017) and Sinharay (2018) and suggests a new aggregate-level EDI by incorporating the empirical best linear unbiased predictor from the literature of linear mixed-effects models (e.g., McCulloch et al., 2008). A simulation study shows that the new EDI has larger power than the indices of Wollack and Eckerly (2017) and Sinharay (2018). In addition, the new index has satisfactory Type I error rates. A real data example is also included. [ABSTRACT FROM AUTHOR]

Published

2022

5. Comparability and Integrity of Online Remote Vs. Onsite Proctored Credentialing Exams.

Author

Hurtz, Gregory M. and Weiner, John A.

Subjects

EXAMINATIONS, TESTING, FRAUD, PANDEMICS

Abstract

Since the onset of the pandemic in 2020, many credentialing organizations have incorporated online remote administration of their examinations to enable continuity of their programs. This paper describes a research study examining several high stakes credentialing examination programs that utilized mixed delivery modes, including online remote testing at home, as well as testing in test centers. Candidates were monitored in real time by a test proctor, either remotely by video camera, or in person. The study examined the comparability of test scores, instances of irregular candidate testing behavior (potential cheating), and candidate test taking experience ratings across modalities. Overall, results of the study indicated that test scores were psychometrically sound and comparable across modes; rates of suspect test taking behavior were low and not significantly different across modes; and candidate experience ratings were favorable and unrelated to testing modality. Implications for future practice and research are discussed. [ABSTRACT FROM AUTHOR]

Published

2022

6. Data recovery in a case of fire-damaged Hard Disk Drives and Solid-State Drives

Author

Denis Solodov and Ilia Solodov

Subjects

Hard disk drives, Solid-state drives, Fire-related damage, Data recovery, Data forensics, Criminal law and procedure, K5000-5582

Abstract

During a building fire and the subsequent firefighting operation, delicate internals of personal computers may be exposed to a variety of destructive factors, thereby increasing the risk of data loss. So far, there have been only a limited number of studies concerning the problem of data recovery from physically damaged Hard Disk Drives (HDDs) and Solid-State Drives (SSDs). It may be expected that memory chips installed inside a modern Solid-State Drive are less prone to vibrations and falls compared to the internals of a Hard Disk Drive. However, as this study shows, this is not always the case: the memory modules of a Solid-State Drive could be damaged when the drive is exposed to extremely high temperatures. There are many myths and misconceptions concerning data recovery in the case of physically damaged drives. Police first responders often discard badly damaged Hard Disk Drives based solely on their external appearance. While it may be true in some cases, it is nothing more than an incorrect general assumption. The internal design of modern Hard Disk Drives can prevent or reduce the risk of data loss even in the extreme circumstances accompanying a fire-fighting operation. Besides, there are often other contributing factors, which prevent data loss, such as a laptop screen and keyboard creating additional layers of protection. In this article, we describe the case of data recovery from Hard Disk Drives and Solid-State Drives of different manufactures and models with fire-related damage. A detailed account of all operations was included to provide necessary guidance.

Published

2021

7. FAST: A High-Performance Architecture for Heterogeneous Big Data Forensics

Author

Pungila, Ciprian, Negru, Viorel, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Advisory editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, Pérez García, Hilde, editor, Alfonso-Cendón, Javier, editor, Sánchez González, Lidia, editor, Quintián, Héctor, editor, and Corchado, Emilio, editor

Published

2018

8. Analysis of communication data of mobile terminal based on protocol reversal

Author

Mingyuan ZHANG and Xinyu QI,Yubo SONG,Rongrong GU,Aiqun HU,Zhenchao ZHU

Subjects

mobile terminal, data forensics, dynamic stain analysis, protocol reverse analysis, similarity comparison, Electronic computers. Computer science, QA75.5-76.95

Abstract

The most problem in analysis of communication protocols and communication data for mobile terminals is that many mobile applications do not have the relevant public technical documents,and it is difficult to know the type of communication protocol it adopts.The instruction execution sequence analysis technique takes the instruction sequence executed by the program as a research object,and inversely infers the message format and the state machine to obtain the communication protocol.However,due to the incomplete collection of sequence information,the state machine infers that the inference is incomplete and cannot be effective.A novel protocol reverse scheme based on state machine comparison is proposed,which can be used for the forensics of mobile terminal communication data.The scheme first uses PIN for dynamical identification of the taint,and track it and analyzes the trajectory to obtain the message format.Secondly,the message clustering is performed on the basis of the message format to infer the protocol state machine.Finally,the LCS algorithm is used to compare the state machines to get a complete protocol state machine.This article tests and evaluates the scheme based on two types of application design experiments on the Android platform.The experimental results show that the results are both complete and real-time,and have practical value.

Published

2018

9. Detecting Examinees With Pre-knowledge in Experimental Data Using Conditional Scaling of Response Times

Author

Sarah L. Toton and Dennis D. Maynes

Subjects

test security, latencies, cheating, pre-knowledge, data forensics, response times, Education (General), L7-991

Abstract

The detection of examinees who have previously accessed proprietary test content is a primary concern in the context of test security. Researchers have proposed using item response times to detect examinee pre-knowledge, but progress in this area has been limited by a lack of real data containing credible information about pre-knowledge and by strict statistical assumptions. In this work, an innovative, but simple, method is proposed for detecting examinees with pre-knowledge. The proposed method represents a conditional scaling that assesses an examinee's response time to a particular item, compared to a group of examinees who did not have pre-knowledge, conditioned on whether or not the item was answered correctly. The proposed method was investigated in empirical data from 93 undergraduate students, who were randomly assigned to have pre-knowledge or not. Participants took a computerized GRE Quantitative Reasoning test and were given no items, half the items, or half the items with correct answers to study before the test, depending on their condition. Exploratory analysis techniques were used to investigate the resulting values at both the item and person-level, including factor analyses and cluster analyses. The proposed method achieved impressive accuracy of separation between disclosed and undisclosed items and examinees with and without pre-knowledge (96 and 97% accuracy for cluster analyses, respectively), demonstrating detection power for item disclosure and examinee pre-knowledge. The methodology requires minimal assumptions about the data and can be used for a variety of modern test designs that preclude other types of data forensic analyses.

Published

2019

10. Analysis of Test-Taker Profiles Across a Suite of Statistical Indices for Detecting the Presence and Impact of Cheating.

Author

Hurtz, Gregory M. and Weiner, John A.

Subjects

DISCRIMINANT analysis, HEURISTIC

Abstract

Preventing cheating on tests is crucial, but in the event of failure to prevent it, detecting its presence and impact on scores is equally important. Many statistical indices have been developed for this purpose in nearly 100 years of research, often in a quest for the "best" index. The premise of this study is that: (a) Cheating is manifested in different patterns of aberrant responding, (b) No single index can effectively detect all such patterns, and thus (c) A suite of different indices working together should be more effective at identifying anomalous responding indicative of potential cheating. Two methods for simultaneous consideration of a suite of 7 indices were investigated for detecting three patterns of cheating that were manipulated in random subsamples of actual data from two high stakes credentialing tests. Discriminant function analysis distinguished presence and impact of cheating through different linear combinations of the indices. An alternative approach based on testing the fit of individuals' profiles across the 7 indices to heuristic model profiles for each cheating pattern led to similarly accurate classifications of test-taker's into their manipulated cheating groups. This profile similarity method provides a means for theory development and model testing, in aggregating any number of individual statistical indices for detecting fit to any modeled pattern of interest. [ABSTRACT FROM AUTHOR]

Published

2019

11. Detecting Fraudulent Erasures at an Aggregate Level.

Author

Sinharay, Sandip

Subjects

FRAUD investigation, COMPUTER simulation, ASYMPTOTIC expansions, GAUSSIAN distribution, CRIMINAL investigation, COMPUTER crimes

Abstract

Wollack, Cohen, and Eckerly suggested the "erasure detection index" (EDI) to detect fraudulent erasures for individual examinees. Wollack and Eckerly extended the EDI to detect fraudulent erasures at the group level. The EDI at the group level was found to be slightly conservative. This article suggests two modifications of the EDI for the group level. The asymptotic null distribution of the two modified indices is proved to be the standard normal distribution. In a simulation study, the modified indices are shown to have Type I error rates close to the nominal level and larger power than the index of Wollack and Eckerly. A real data example is also included. [ABSTRACT FROM AUTHOR]

Published

2018

12. Personal Computer Privacy: Analysis for Korean PC Users

Author

Kwon, Young Chul, Lee, Sang Won, Moon, Songchun, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Yoshiura, Hiroshi, editor, Sakurai, Kouichi, editor, Rannenberg, Kai, editor, Murayama, Yuko, editor, and Kawamura, Shinichi, editor

Published

2006

13. Indexing Information for Data Forensics

Author

Goodrich, Michael T., Atallah, Mikhail J., Tamassia, Roberto, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Ioannidis, John, editor, Keromytis, Angelos, editor, and Yung, Moti, editor

Published

2005

14. DETECTING POST!PRODUCTION TAMPERING ARTIFACTS IN VIDEO AND AUDIO RECORDINGS ON FAT16 AND FAT32 FORMATTED STORAGE DEVICES (METHODOLOGY RECOMMENDATIONS FOR FORENSIC PRACTITIONERS)

Author

A. G. Boyarov

Subjects

forensic video examination, forensic audio examination, forensic digital data analysis, data forensics, fat16 and fat32 features, Social pathology. Social and public welfare. Criminology, HV1-9960

Abstract

This article represents tools and methods for authenticity analysis of video and audio recordings stored on FAT16 or FAT32 digital media storages. Di"erent types of editing are taken into consideration: breaches of media data allocation order, media #les and their sequences creation and modi#cation date and time attributes disorder, naming features mismatch, search for deleted data proving sound/video editors usage.

Published

2014

15. Secure Provenance for Data Forensics with Efficient Revocation of Anonymous Credentials in Cloud Computing.

Author

Wu, Songyang and Zhang, Yong

Subjects

CLOUD computing, CRIMINAL investigation, COMPUTER crimes, COMPUTER security, CLIENT/SERVER computing, DISTRIBUTED computing

Abstract

Privacy is a critical security requirement in mobile cloud computing. To address the dilemma of data forensics in privacy-preserving cloud environment, secure provenance that records the ownership and process history of data objects was proposed in literatures. Although existing secure provenance schemes provide anonymous authentication to cloud servers, confidentiality of sensitive documents, unforgeability of provenance records and provenance tracking of disputed documents, they do not address the revocation of anonymous user or introduce high computational overhead into anonymous authentication. In this study, we propose a practical secure data provenance for cloud computing. Our scheme provides the necessary security features and efficient revocation of anonymous credentials without sacrificing performance (i.e. computational overhead is minimal). Using provable security techniques, we prove that the proposed scheme is secure under the standard model. [ABSTRACT FROM AUTHOR]

Published

2016

16. A Practical Guide to Check the Consistency of Item Response Patterns in Clinical Research Through Person-Fit Statistics.

Author

Meijer, Rob R., Niessen, A. Susan M., and Tendeiro, Jorge N.

Subjects

*CLINICAL medicine research, *FORENSIC sciences, *STATISTICAL hypothesis testing, *STATISTICS, *RESEARCH personnel, *DESCRIPTIVE statistics, *ARTHRITIS Impact Measurement Scales, RESEARCH evaluation

Abstract

Although there are many studies devoted to person-fit statistics to detect inconsistent item score patterns, most studies are difficult to understand for nonspecialists. The aim of this tutorial is to explain the principles of these statistics for researchers and clinicians who are interested in applying these statistics. In particular, we first explain how invalid test scores can be detected using person-fit statistics; second, we provide the reader practical examples of existing studies that used person-fit statistics to detect and to interpret inconsistent item score patterns; and third, we discuss a new R-package that can be used to identify and interpret inconsistent score patterns. [ABSTRACT FROM AUTHOR]

Published

2016

17. Logging for Cloud Computing Forensic Systems.

Author

Pătraşcu, Alecsandru and Valeriu Patriciu, Victor

Subjects

DATA logging, CLOUD computing, FORENSIC sciences, INFORMATION storage & retrieval systems, COMPARATIVE studies

Abstract

Cloud computing represents a different paradigm in the field of distributed computing that involves more and more researchers. We can see in this context the need to know exactly where, when and how a piece of data is processed or stored. Compared with classic digital forensic, the field of cloud forensic has a lot of difficulties because data is not stored on a single place and furthermore it implies the use of virtualization technologies. In this paper we present a new method of monitoring activity in cloud computing environments and datacenters by running a secure cloud forensic framework. We talk in detail about the capabilities that such system must have and we propose an architecture for it. For testing and results we have implemented this solution to our previous developed cloud computing system. [ABSTRACT FROM AUTHOR]

Published

2015

18. DIGITAL FORENSICS IN CLOUD COMPUTING APPLIED TO NEW OR EXISTING DATACENTER ARCHITECTURES.

Author

PĂTRAŞCU, ALECSANDRU, BICA, ION, and PATRICIU, VICTOR-VALERIU

Subjects

COMPUTER crimes, CRIMINAL investigation, CLOUD computing, COMPUTER architecture, ELECTRONIC information resources, BACK up systems, COMPUTER files, COMPUTER storage devices

Abstract

Cloud computing technologies have an important place in today's digital environment as they offer the user attractive benefits such as information backup, file storage, renting virtual machines. In this context we need to know exactly where, when and how a piece of data is processed and, even more, we need to know what is happening in a datacenter at the virtual machine level. This means we must have installed, at the datacenter level, a system that can detect anomalies based on the usage pattern of virtual machines. In this paper we will present a novel way of monitoring virtual machine activity in datacenters and how we use this information in order to train our automated anomalies machine learning modules. [ABSTRACT FROM AUTHOR]

Published

2014

19. InVEST: Intelligent visual email search and triage

Author

Jay Koven, Nasir Memon, Enrico Bertini, and R. Luke DuBois

Subjects

Visual search, Focus (computing), Forcing (recursion theory), Computer science, business.industry, Process (engineering), Data visualization, 020207 software engineering, Context (language use), 02 engineering and technology, Data forensics, Triage, Task (project management), Email search, Computer Science Applications, World Wide Web, Medical Laboratory Technology, Email forensics, Data analytics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Law

Abstract

Large email data sets are often the focus of criminal and civil investigations. This has created a daunting task for investigators due to the extraordinary size of many of these collections. Our work offers an interactive visual analytic alternative to the current, manually intensive methodology used in the search for evidence in large email data sets. These sets usually contain many emails which are irrelevant to an investigation, forcing investigators to manually comb through information in order to find relevant emails, a process which is costly in terms of both time and money. To aid the investigative process we combine intelligent preprossessing, a context aware visual search, and a results display that presents an integrated view of diverse information contained within emails. This allows an investigator to reduce the number of emails that need to be viewed in detail without the current tedious manual search and comb process.

Published

2016

20. CopyDetect: An R Package for Computing Statistical Indices to Detect Answer Copying on Multiple-Choice Examinations.

Author

Zopluoglu, Cengiz

Subjects

*PROGRAMMING languages, *MULTIPLE choice examinations, *QUANTITATIVE research, *HIGH school students, *TEST scoring, *STUDENT cheating

Abstract

The article presents information on an R package, CopyDetect, a programming language that is developed to detect answer copying on multiple-choice examination through computing statistical analysis. It informs that identifying answer copying is an essential part of maintaining the integrity of test scores. It also offers information on a report which shows that 35 percent of high school students are engaged in some type of est fraud.

Published

2013

21. Security mechanisms for body sensor networks

Author

Ali, Syed Taha

Subjects

Privacy, Security, Physical layer security, Data forensics, Body area networks

Abstract

Body sensor networks are a key component in the emerging trend towards personalised healthcare monitoring and the mobile health paradigm. These networks consist of miniaturized devices, mounted on the human body that continuously monitor and communicate the subject's vital signs to a basestation device for real time viewing, sharing, and remote diagnosis by health professionals. Security is a stringent requirement as these devices communicate personal medical data, and mishandling can result in serious ethical implications and massive liabilities. Traditional security mechanisms, however, are not suited to the resource constraints of these small devices, or the fundamental limitations of their operating environment. Adapting and devising new solutions to satisfactorily encrypt and authenticate the communication of these devices is an open research area. In this thesis, we present three mechanisms to address specific and realistic security concerns of body sensor networks: First, we propose a secret-key generation mechanism that uses reciprocal and unique properties of the wireless channel between two communicating devices to generate secret-key bits to encrypt communications. Existing schemes of this type frequently yield mismatching key bits, thereby requiring reconciliation schemes with high implementation and energy costs. In our work, we identify and address the root cause of bit mismatch, and restrict bit generation to dynamic periods when bit agreement is high. As a result, we eliminate the need for reconciliation itself. Our mechanism is extremely lightweight and generates perfectly matching secret key bits at a rate suited to the typical needs of bodyworn devices. Second, we suggest an enhancement to secure broadcast communication for bodyworn devices. The literature proposes the use of time-varying secret keys to encrypt group communications. However, packet loss is very common for bodyworn devices, and key updates may not be received by all parties, rendering them unable to participate in subsequent broadcasts. We devise a mechanism to allow receivers to recover from key loss in a secure, efficient, and scalable manner. Our analysis allows for operator-specified control of recovery probability to configure the scheme for different environments, and we deduce fundamental asymptotic bounds on recovery. Finally, we address the issue of data authentication. We note that proposed healthcare networks consist of disparate devices (such as sensors, mobile phones, databases), have multiple points of access, and therefore, the integrity of the data that is collected by the sensor device is of critical importance. Traditional security mechanisms do not suffice: secret key solutions are vulnerable to insider attacks, and digital signatures are not robust to packet loss and are too resource intensive for frequent application. We develop an authentication solution by amortizing the cost of a digital signature over a very large data set and apply coding for robustness to loss. Furthermore, we provide a framework for optimizing performance for different environments and overhead constraints. We show that our scheme can satisfactorily authenticate the source and integrity of almost all the received data with minimal overhead. In each of these instances, we validate our solutions and results via experimentation with real bodyworn devices in typical everyday operating environments. It is hoped that this work is a positive step towards widespread adoption and integration of bodyworn sensing devices in healthcare.

Published

2011