Whitireia NZ Porirua Wellington © Leutele Grey 2013 Digital Forensics Model for Lay People

11/26/2013

Academic Journal Topic: Computer (Digital) Forensic Tools and Biometrics

Post Graduate Diploma

Paper

IT8417 - Network Security & Forensics

By

Leutele Lucia Maria Grey

Tutor: Steve Cosgrove

ASSIGNMENT THREE

Faculty of Business and Information Technology

2013

1

Abstract

Governments and organisations

worldwide are increasingly adopting

biometric technologies as an effective

countermeasure in combating against

Identification fraud. In particular, the

worldwide adoption of biometric

Identification documents means that the

entire world population will eventually

become holders of identification

documents such as biometric e-passport,

bankcards etc. This paper argues that any

person who attempts to fraudulently

obtained, illegally issued, forged and

counterfeit documents, is likely to breach

the law. This study considers the lay and

non-technical people who may experience

being hacked and do not understand how

to go about in getting help. This paper

describes the computer (digital) Forensic

processes and applications to biometric

systems. It explores some existing modern

biometric Toolkits, discusses several

digital forensic models and compares

several modern Forensic Toolkits.

Finally, the study proposes a generic

computer digital forensic Model and

applications for the non- technical and

lay members of society.

Keywords: Computer (Digital) Forensic,

Forensic Tools, Biometric Systems,

Biometric tool kits, Biometric

countermeasures

1. Introduction

In the past decade, many people wouldn’t

have imagined that computers would be

the integral part of the daily living. Now

computers as well as other technological

devices have become the commonplace for

criminal activities, with the technological

device as the instrument of the crime, the

target of the crime, and, by its nature, the

storage for evidence. This study

investigates digital forensics and biometric

systems. Gorodnichy (2009) describes a

biometric system as an automated

technique for measuring the physical

biometric characteristics of a person such

as the face image, the iris, a fingerprint,

the palm of the hand etc. (Jain, Hong &

Pankanti, 2000) for the purpose of

recognizing him or her (Poli, Arcot, &

Charapanamjeri, 2009). The United Nations

Office in Drugs and Crime (UNODC)

(2010) had reported that fraudulent

identity and security documents are

integral prerequisites for: the smuggling of

migrants, people trafficking, terrorist

mobility, to facilitate the smuggling of

drugs, weapons and other goods, and to

commit fraud. The report also defined

‘security documents’ as those documents

(e.g. passports, identity cards, driving

licenses, currency, social security cards,

travel visas etc.,) that contained

incorporated security features in order to

protect the value of the document. Al-

Fedaghi and Al-Babtain (2012) define

digital (computer) forensics as the

“analytical and investigative techniques

used for the preservation, identification,

extraction, documentation, analysis and

interpretation of computer media (digital

data) which is stored or encoded for

evidentiary and/or root cause analysis”.

This paper argues that in general, digital

Computer (Digital) Forensic Tools and Biometrics

By

Leutele Lucia Maria Grey

25 November 2013

2

forensic law enforcement should cover all

aspects of Information Technology,

Computer and network that are obviously

susceptible to security intrusion and

fraudulent activities. This includes

consideration for the lay non-technical

users of such technologies. The digital

forensic investigation seeks to support

court processing of criminal cases relative

to computers and networks as well as

internal corporate investigations and

disciplinary hearings (Al-Fedaghi, et al,

2012). In addition, it involved the

acquisition and analysis of digital

evidences, authentication of documents,

identification of sources, suspects, and so

forth (Al-Fedaghi, et al, 2012). The rest of

this paper is structured as follow: Section

two discuses other related work. Section

three presents the problem statement.

Section four discusses biometric systems

and modern tool kits while section five

introduces digital forensics, compares

some of the modern digital forensic

toolkits and examines several forensic

models. Section six presents the Case

Study. Section seven, in the results and

discussion presents the proposed Digital

Forensic Investigation Model - for Non-

Technical Lay People (DFIM - FNTLP)

and the report concluded in section eight.

2. Other Related Work

A number of researchers have been

engaged in developing forensic models

and software toolkits required to improve

forensic investigation as well as procedural

and training equipment, and facilities.

Noblett, Pollitt and Presley (2000)

proposed a three-level hierarchical model

containing the following components:

examination, policies and practices,

procedures and technique. Baryamureeba

and Tushabe (2004) proposed the

Integrated Digital Investigation Model,

while Kohn, Olivier and Eloff (2006)

introduced a systematic framework for the

collection of court evidence and proposed

a three phase framework which combined

several existing forensic models. Grobler

and Von Solms (2009) discussed the South

African Liforac model which is related to

the live forensic acquisition. Satpathy,

Radhan and Ray (2010) contrasted various

forensic investigation models and

proposed a fusion based investigation tool,

while Bhat, Rao, Abhilash, Shenoy,

Venugopal and Patnaik (2010) proposed a

digital forensic practical framework for

flash drives. Yusoff, Ismail and Hassan

(2011) proposed the computer forensics

investigation model (GCFIM) while

Valjarevic and Venter (2011) defined the

basic postulates of a Digital Forensic

Readiness Framework for PKI systems.

In the development of the forensic

procedural and training sectors, Geradts

and Ruifrok (2003) provided an overview

of the information that is important to

know prior to a forensic investigation and

examination. Arthur and Venter (2004)

investigated Forensic tools and address

commonalities and differences. Ieong

(2006) highlighted the fundamental

principle of digital forensic investigation

(Reconnaissance, Reliability and

Relevancy) and Ayers (2009) proposed

several useful metrics for measuring the

efficacy and performance of computer

forensic tools and presented a second

generation computer forensic analysis

system. On the one hand, Lalla and

Flowerday (2010) compared tools

including Stylometry, autnominer

algorithm, ProDiscover IR (PDIR) 3.5 and

EnCase Enterprise Edition (EEE) 4.19a.

On the other hand, Canales, Monaco,

Murphy, Zych, Stewart, Tappert and

Truley (2011) experimented on a

Keystroke Biometric System which

measured the typing characteristics

believed to be unique to an individual and

difficult to duplicate. Agarwal, Gupta,

Gupta, & Gupta, (2011) proposed a

systematic digital forensic procedure

framework. Cantrell, Dampier, Dandass,

Niu and Bogen (2012) proposed a digital

triage process model and finally, James

and Jang (2013) presented a training

3

development model, aimed to expand the

investigation capability as well as the

capacity of investigators and units.

3. Problem Statement

Today, many commercial, public

and private-sector applications are

increasingly using biometric technologies

to establish personal recognition. In

particular, Governments of countries

worldwide are using biometric

technologies as countermeasure to mitigate

Personal Identification risks. In terms of

travel, every individual in the planet will

eventually become the holder of a

biometric passport. Unfortunately, the lay

members of society are increasingly

experiencing difficulties in figuring out the

complexity of bureaucratic systems

particularly in government departments

and non-government organisations and

business. What happens if a lay member of

Society has been hacked? The paper

proposed a simple model which provides

steps on what to do if someone’s biometric

passport or other personal identification

card or document have been hacked, which

is presented and discussed in full in section

seven.

4. Biometric Systems

Gorodnichy (2009) argues that

biometric systems have evolved

significantly over the past years. For

example, biometric systems ranged from a

single sample fully controlled verification

matcher to a wide range of multiple-

sample multi-modal full automated person

recognition systems that are working in a

diverse range of unconstrained

environments and behaviours. Sprokkereef

and De Hert (2007) state that the modern

biometric technologies are set up to

identify individuals by means of the body

characteristics for identification or

authentication purposes. Arguably,

biometric systems’ evaluation

methodologies continued to remain

unchanged, imposing limitations when

reporting false match and non-matching

rates and trade-off curves (Goronichy,

2009, 2010, 2011). Therefore, there is a

need for developing and standardizing new

biometric systems for effective

investigation and examination of biometric

evidences.

4.1 Biometric System

A generic biometric system

contained components which include: data

collection, data storage, data transmission,

signalling processes and the decision

phase. Jain, Nandakumar and Nagar

(2008) explain that a typical biometric

system as demonstrated in Figure 1

contained several modules.

Figure 1. A Simple Biometric System and Components.

Source: Ratha, Connell, & Bolle. 2001. Enhancing Security

and Privacy in Biometrics-Based Authentication Systems

For example, the sensor module acquires

the raw biometric data of an individual in

the form of an image, video, audio or some

other signal (Jain, et al, 2008). In addition,

while the feature extraction module

operates on the biometric signal, it also

extracted a salient set of features that

represent the signal (Jain, et al, 2008).

Further, during the user enrolment, the

extracted feature set (or Template) that is

labelled with the user identity is stored in

the biometric system (Johnson, 2004). This

in turn allowed the matching module to

4

compare the extracted feature set during

authentication with the enrolled

template(s) which generates match scores

in order to either determine or verify the

identity of an individual (Johnson, 2004).

Ratha, Connell and Bolle (2001), as cited

by Jain, et al, (2008) argue that there are

several different levels of attacks that can

be launched against a biometric system.

For example, a fake biometric trait such as

an artificial finger may be presented at the

sensor illegally or intercepted data may be

resubmitted to the system (Jain, et al,

2008). Moreover, while the feature

extractor may be replaced by a Trojan

horse program that produces pre-

determined feature set, a legitimate feature

set may be replaced with a synthetic

feature set (Jain, et al, 2008). Also the

matcher may be replaced by a Trojan horse

program that always outputs high scores

thereby defying system security while the

templates stored in the database may be

modified or removed or new templates

may be introduced in the database (Jain, et

al, 2008). Further, while the data in the

communication channel between various

modules of the system may be altered, this

could lead to an overridden final decision

output by the system (Jain, et al, 2008).

4.2. Advantages of Biometric

Anil and Arun (2004) argue that while

biometric systems have their limitations,

they performed better than traditional

security methods in that they cannot be

easily stolen or shared. In addition,

biometric systems may enhance user

convenience by alleviating the need to

design and remember passwords (Anil, et

al, 2004). In addition, biometrics

contained unique characteristics and it can

be used as a technique to discover negative

recognition where the system determines

whether the person is who he or she denies

(Anil, et al, 2004). A case in point

involved the Citizenship and Immigration

Canada (2008) Biometric Planning Project

which utilized a Biometric Field Trial that

tested many individuals and proved that

the biometric technology is an effective

tool for confirming identity and detecting

fraud.

4.3. Biometric Toolkits

Table 1 provides a list of modern multi-

biometric toolkits currently on the market

that are favoured by biometric

organisations mainly because of their

potentials to alleviate a few of the

problems that have been observed in

unimodal biometric systems.

Table 1: List of Biometric Tool Kits

While biometric tools improved matching

performance, they also have the capability

to address the problems of non-

universality and spoofing (Smith, 2006).

In addition, multi-biometric systems can

integrate information at various levels

(Imamverdiyev, Karimova, Musayev,

Wayman, & Concealers, 2008). An

example, involves the fusion at the

matching score level where the score

output by the individual matchers are

being integrated (Karray, Saleh, Arab, &

Alemzadeh, 2007). Over all, while the

Biometric Login, the Bioteps, the C_BET

Biometric, the BAT Automated (Biometric

Taskforce. 2007) and the HIDE Handled

Interagency multimode Biometric Toolkits

5

all detained high levels of unique strengths

and improved performance, all of them

shared common weaknesses - that is all are

non-error free and hackers can still access

private confidential personal data.

5. Digital Forensic Tools

5.1. Evolution

Ruibin, Yun and Gaertner (2005)

define the concept of digital forensic

investigation as the process of

"identifying, preserving, analysing, and

presenting digital evidence in a manner

that is legally acceptable through the

application of computer technology to the

investigation of computer based crime.

Coincidentally, while computers also

became more networked, computer

forensics also evolved into a term for

post-incident analysis of computers that

have been victimized by intrusion or

malicious code (Rubin, et al, 2005). As a

result, people would often describe the

former hacking instance, in which

network traffic has been captured and

analysed as network forensics (Kent,

Chevalier, Grance, & Dang, 2006). Kent,

et al, (2006) argue that in a digital

forensic investigation process, the

accurate application of science is

paramount to the identification,

collection, examination, and analysis of

data while preserving the integrity of the

information and maintaining a strict chain

of custody for the data (Kent, et al, 2006).

Since organizations needs for data

continued to increase and from many

sources, therefore digital forensic tools

and techniques can be utilized for many

purposes such as investigating crimes and

internal policy violations, reconstructing

computer security incidents,

troubleshooting operational problems;

recovering from accidental system

damage operational troubleshooting, log

monitoring and so forth (Kent et al,

2006).

5.2. Digital Forensics 2013 Modern

Toolkits

Table 2 provides a list of Digital Forensic

Tool Kits. In general the NIKSUN

NetDetector/NetVCR Alpine 4.2.1, the

CRU WiebeTech Forensic ComboDock

v5; the Cyber Security Technologies Mac

Marshal; the ADF Solutions Triage-G2;

the AccessData Forensic Suite; and the

IntaForensics Lima Forensic Case

Management Software are all sophisticated

and improved multi-purpose forensic tools

(SC Magazine for IT Security

Professionals, 2013). However, while each

of the tools contained unique strengths all

of them also detained security weaknesses

and still can be easily hacked by educated

hackers,

Table 2: Digital Forensic Modern Tools

Comparison

6

5.3. Digital Forensic Models

In order to determine what events

have occurred within digital forensic

systems and networks, many efforts have

been contributed in constituting a flexible

and standardized digital forensic model

that can provide detailed information

concerning the files, operating systems,

network traffic and applications. The sub-

section that follows describes some of the

early computer (digital) forensic models

and applications.

5.3.1. The Forensic Process Model

The Department of Justice (DOJ) and the

National Institute of Standards and

Technology (NIST) define the basic

forensic process based on the four modules

including: Collection, Analysis,

Examination and Reporting as

demonstrated and explained in Figure 2.

(Carrier & Spafford, 2003).

Figure 2: NIST Forensic Model. Source:

Shrivastava, Sharma & Dwivedi (2012).

5.3.2. The Abstract Digital Forensic

Model

Reith, Carr and Gunsch (2002) proposed

the ADFM model which contained nine

specific components as demonstrated in

Figure 3.

Figure 3: The Abstract Forensic Model:

Source Reith, Carr & Gunsch (2002).

1) The Identification Phase - helps in

recognizing & identifying the type

of incident and has influence on

other steps or phases of the model.

2) The Preparation Phase - prepares

procedures, techniques, and search

warrants.

3) The Approach Strategy - involves

the formulation of procedures and

approaches to be used in the

collection of evidence.

4) The Preservation Phase - deals

with securing and preserving the

evidence.

5) The Collection Phase - involves

the collection of evidence using

standardized procedures to record

them from the physical scene.

7

6) The Examination Phase - deals

with searching evidence of the

related suspects.

7) The Analysis Phase - involves the

inspection of examined products.

8) The Presentation Phase - explains

all the investigation and

examination phases.

9) The Returning Evidence –

requires returning of the digital

sources back to the right owner.

5.3.3. The Integrated Digital

Investigation Model

Carrier and Spafford (2003) proposed the

Integrated Digital Information model that

manages the forensic process into five groups

as demonstrated in Figure 4.

Figure 4: Digital Forensic IDI Model

Source: Carrier & Spafford (2003).

1) The Readiness Phase - ensures

that the operations and

infrastructure are able to fully

support an investigation.

2) The Deployment Phase - provides

a mechanism for an incident to be

detected and confirmed.

3) The Physical Crime Scene

Investigation Phase - collects and

analyzes physical evidence and

reconstructs the actions that took

place during the incident.

4) The Digital Crime Scene

Investigation Phase - collects and

analyzes digital evidence.

5) The Review Phase - reviews the

whole investigation and identifies

areas of Improvement.

6. Case Study

6.1. A Computer Forensics Case Study

Yasinsac, Erbacher, Marks, Pollitt &

Sommer (2003). Computer forensics

education. Security & Privacy, IEEE, 1(4),

15-23.

A system administrator (sysadmin)

was troubleshooting a network problem

when she captured several minutes’ worth

of network traffic to review with a

protocol analyzer. While conducting the

review, she noticed some odd traffic in

which a user’s desktop has sent a well-

formed packet to an obscure port on an

unfamiliar IP address outside the

company’s firewall. Shortly thereafter, one

of the company’s research and

development database servers had

transmitted a packet that did not conform

to any of the company’s standard formats

to the same IP address. This intrigued the

sysadmin, who did a lookup of the IP

address which came back as one of the

firm’s competitors. The sysadmin called

her boss and the boss instructed her to

preserve the collected packets immediately

and he proceeded in contacting the

company’s chief information security

officer (CISO) and informed him of the

situation. The CISO recognized this as a

security incident that could compromised

the company’s proprietary information and

8

trade secrets. Further, it could also

involved

the employee whose workstation contacted

the competition’s IP address. Fortunately,

the company already have a Digital

Forensic Policy in place. The CISO

assigned an incident manager from his

organization to oversee the event. The

incident manager then contacted the

company’s general counsel to discuss

various legal issues involved in the

investigation. Next, he called out a

forensics technician to collect and preserve

the evidence at the sysadmin’s computer,

the employee’s workstation, the database

server, and the firewall. After conducting a

routine examination of the collected

material, the forensic technician noticed a

substantial amount of proprietary

information on the employee’s hard drive

that he does not appear to need. Moreover,

the forensic technician couldn’t identify

the mechanism used to communicate with

the competitor’s computer. Further, the

analysis of the server and firewall logs

revealed lots of information that have been

transferred from the database server to the

competition. After obtaining the general

counsel’s approval, the incident manager

engaged a researcher at a major university

to review the examination results and work

product who identified a code on both the

employee workstation and the database

server that’s written to send information

from the database server to the

competitor’s computer on command from

the employee’s workstation. This

command was determined to be the first

and middle name of the employee’s oldest

daughter. The incident manager used the

reports from the forensic technician and

the researcher to write an incident report

for the executive management. On the

basis of this incident report, the employee

confessed to cooperating with an associate

employed by the competition. The general

counsel sued the competitor for damages,

obtaining a restraining order against the

competition while demonstrating the

company’s aggressive protection of its

trade secrets.

7. Results and Discussions

7.1. The Proposed Digital Forensic

Investigation Model - for Non-Technical

Lay People (DFI Model - FNTLP)

Biometric data are increasingly

being adopted by country governments and

commercial organisations worldwide for

Personal Identification and Recognition.

This implied that Individuals of all walks

of life may very soon become holders of

biometric E-Passports, Visa and Credit

cards, as well as other biometric

identification documents. A core problem

already suffered by the general lay and

non-technical members of society involved

the complex technical and fragmented

settings of bureaucratic systems. How does

one go about in reporting a hacking

incident? The proposed Forensic Model as

illustrated in Figure 5 provides an easy

‘do it yourself’

Figure 5: The Proposed Digital Forensic

Investigation Model - for

Non-Technical Lay People (DFI Model -

FNTLP). Leutele Grey November 2013

prescription for all non-technical lay

people in organisations or home computer

9

users or holders of any form of legal

identification document in case of a

potential breach of the law. The forensic

investigation components contained all

tasks expected to be carried out during

each phase of the model. The three Phases

of the model include:

1. The Basic Phase - signifies the

beginning of the forensic investigation

process once the user realized that he/she

has been hacked.

2. The Advanced Phase– refers to the

more detailed examination of evidence

involving more sophisticated computer

and experienced staff or others.

3. The Specialist Phase - refers to a

complete investigation analysis,

examination and live presentation of

evidences by the Forensic Scientific

Laboratory Team with specialized

equipment.

7.3. Applications for Non-Technical

Lay Members of Society.

1. The Basic Phase– If an individual had

suspected that any of his or her

Identification Documents have been

hacked, the basic step requires conducting

an in-house investigation using the easy

flexible digital forensic investigation

components including: collecting,

examining, reporting, presenting and

preserving the information. Do not

attempt to make changes in the documents.

2.The Advanced Phase - Immediately

report the incident to any of the

community not-for-profit organisations

such as the Community Law Centre;

Citizens Advice Bureau; or ring the local

police; or even contact some experienced

friends to help with the forensic processes.

The advanced level staff will then make

appropriate referral to the Specialist Level.

3. The Specialist Phase - will conduct the

forensic investigation, examination and

presentation of evidences in a court of law.

8. Conclusion

While forensic examination of

documents are useful to guide and support

criminal investigations and border control

activities, they also have the potential to

generate useful data on the means of

forging/altering documents. The forensic

examination and analyses performed on

fraudulent identity documents, security,

documents and non-security documents

aimed to:

Detect fraudulent documents (both

altered and counterfeited

documents);

Determine authenticity of security

features;

Determine authenticity of

documents by comparing with

known standards;

Determine the author of signatures;

Identify methods used to alter

documents and to produce

counterfeit documents;

Provide intelligence information;

Provide advice for the development

of new security features for identity

and security documents;

Provide other relevant information

related to the content of the

document.

9. Acknowledgement

The author wishes to acknowledge the

Whitireia Community Polytechnic in

particular the Faculty of Business and

Information Technology 2013.

10. References

Anil, K., & Arun, R. (2004).Multi-

biometric systems. Communication of the

ACM. Vol.47.No.1.

10

Agarwal, M. A., Gupta, M. M., Gupta, M.

S., & Gupta, S. C. (2011). Systematic

digital forensic investigation model.

International Journal of Computer Science

and Security (IJCSS), 5(1), 118.

Al-Fedaghi, S., & Al-Babtain, B. (2012).

Modelling the forensics process. Int. J.

Security Appl, 6(4).

Arthur, K. K., & Venter, H. S. (2004,

June). An Investigation into computer

forensic tools. In ISSA (pp. 1-11

Ayers, D. (2009). A second generation

computer forensic analysis system. Digital

Investigation, 6, S34-S42.

Baryamureeba, V., & Tushabe, F.

(2004).The enhanced digital investigation

process model. In Proceedings of the

Fourth Digital Forensic Research

Workshop.

Bhat, V. H., Rao, P. G., Abhilash, R. V.,

Shenoy, P. D., Venugopal, K. R., &

Patnaik, L. M. (2010). A data mining

approach for data generation and analysis

for digital forensic application. IACSIT

International Journal of Engineering and

Technology, 2(3), 314-319.

Biometric Taskforce. (2007).Biometric

Automated Toolset (BAT) and Handheld

Interagency Identity Detection Equipment

(HIDE). Overview for NIST SML &

Mobile ID Workshop.

Boult, T. (2006, April). Robust distance

measures for face-recognition supporting

revocable biometric tokens. In Automatic

Face and Gesture Recognition, 2006. FGR

2006. 7th International Conference on (pp.

560-566). IEEE. Canada Border services

Agency

Canales, O., Monaco, V., Murphy, T.,

Zych, E., Stewart, J., Tappert, C., &

Truley, G. (2011). A stylometry system for

authenticating students taking online Tests.

Proceedings of Student-Faculty Research

Day, CSIS, Pace University.

Cantrell, G., Dampier, D., Dandass, Y. S.,

Niu, N., & Bogen, C. (2012). Research

toward a Partially-Automated, and Crime

Specific Digital Triage Process Model.

Computer and Information Science, 5(2),

p29.

Carrier, B., & Spafford, E. H. (2003).

Getting physical with the digital

investigation process. International

Journal of digital evidence, 2(2), 1-20.

Citizenship and Immigration Canada

(2008).Biometric Planning Project.

Biometric Field Trial Evaluation

Report.Cat.no.CI42/2008E.Citizenship and

Immigration Canada.

Geradts, Z. J., & Ruifrok, A. C. (2003,

August). Extracting forensic evidence

from biometric devices. In AeroSense 2003

(pp. 181-188). International Society for

Optics and Photonics

Gorodnichy, D. O. (2009). Evolution and

evaluation of biometric systems. In

Computational Intelligence for Security

and Defense Applications, 2009. CISDA

2009. IEEE Symposium on (pp. 1-8).

IEEE.

Gorodnichy, D.O. (2010). Multi-order

biometric performance analysis. Video

Surveillance & Biometrics Section Science

and Engineering Directorate. Canada

Border services Agency

Gorodnichy, D. O. (2011). Multi-order

biometric score analysis framework and its

application to designing and evaluating

biometric systems for access and border

control. In Computational Intelligence in

Biometrics and Identity Management

(CIBIM), (pp. 44-53). IEEE.

11

Grobler, M. M., & Von Solms, S. H.

(2009). Modelling live forensic

acquisition.

Ieong, R. S. (2006). FORZA–Digital

forensics investigation framework that

incorporate legal issues. Digital

investigation, 3, 29-36.

Imamverdiyev, Y., Karimova, L.,

Musayev, V., Wayman, J., & Concealers,

I. (2008).Testing biometric systems

against spoofing attacks.

Jain, A. K., Nandakumar, K., & Nagar, A.

(2008). Biometric template security.

EURASIP Journal on Advances in Signal

Processing, 2008, 113.

Jain, A., Hong, L., & Pankanti, S. (2000).

Biometric identification. Communications

of the ACM, 43(2), 90-98.

James, J. I., & Jang, Y. J. (2013). An

Assessment Model for Cybercrime

Investigation Capacity. arXiv preprint

arXiv:1307.0076.

Johnson, M. L. (2004). Biometrics and the

threat to civil liberties. Computer, 37(4),

90-92

Karray, F., Saleh, J. A., Arab, M. N., &

Alemzadeh, M. (2007). Multi modal

biometric systems: A state of the art

survey. Pattern Analysis and Machine

Intelligence Laboratory, University of

Waterloo, Waterloo, Canada

Kent, K., Chevalier, S., Grance, T., &

Dang, H. (2006). Guide to integrating

forensic techniques into incident response.

NIST Special Publication, 800-86.

Kohn, M., Olivier, M. S., & Eloff, J. H.

(2006, July). Framework for a Digital

Forensic Investigation. In ISSA (pp. 1-7).

Lalla, H., & Flowerday, S. (2010).

Towards a Standardised Digital Forensic

Process: E-mail Forensics. In ISSA.

Noblett, M. G., Pollitt, M. M., & Presley,

L. A. (2000). Recovering and examining

computer forensic evidence. Forensic

Science Communications, 2(4), 1-13.

Poli, V., Arcot, N., & Charapanamjeri, J.

(2009). Evaluation of Biometrics. IJCSNS

International Journal of Computer Science

and Network Security, 9(9), 261

Ratha, Connell, & Bolle. (2001).

Enhancing Security and Privacy in

Biometrics-Based Authentication Systems

Reith, M., Carr, C., & Gunsch, G. (2002).

An examination of digital forensic models.

International Journal of Digital Evidence,

1(3), 1-12.

Ruibin, G., Yun, T., & Gaertner, M.

(2005). Case-relevance information

investigation: binding computer

intelligence to the current computer

forensic framework. International Journal

of Digital Evidence, 4(1), 1-13.

Satpathy, S., Pradhan, S. K., & Ray, B. B.

(2010). A digital investigation tool based

on data fusion in management of cyber

security systems. Int Journal Inf Technol,

2(2), 561-565.

SC Magazine for IT Security

Professionals. (Retrieved 2013). 2013

Digital Forensics Tools.

http://www.scmagazine.com//2013-digital-

forensic-tools/slideshow/1351/#7.

Shrivastava, G., Sharma, K., & Dwivedi,

A. (2012). Forensic Computing Models:

Technical Overview. CCSEA, SEA

Smith, R. G. (2006). Identification

systems: a risk assessment framework.

Australian Institute of Criminology.

Sprokkereef, A., & De Hert, P. A. U. L.

(2007). Ethical practice in the use of

12

biometric identifiers within the EU. Law

Science and Policy, 3(2), 177

The United Nations Office in Drugs and

Crime (UNODC Report) (2010).

Valjarevic, A., & Venter, H. S. (2011,

August). Towards a Digital Forensic

Readiness Framework for Public Key

Infrastructure Systems. In Information

Security South Africa (ISSA), 2011 (pp. 1-

10). IEEE.

Yasinsac, A., Erbacher, R. F., Marks, D.

G., Pollitt, M. M., & Sommer, P. M.

(2003). Computer forensics education.

Security & Privacy, IEEE, 1(4), 15-23.

Yusoff, Y., Ismail, R., & Hassan, Z.

(2011). Common phases of computer

forensics investigation models.

International Journal of Advanced

Computer Science and Information

Technology, 3(3).

11. Bibliography

Al-Khouri, A. M. (2011). PKI in

government identity management systems.

arXiv preprint arXiv:1105.6357.

Angelopoulou, O. (2007). ID Theft: A

Computer Forensics' Investigation

Framework.

Angelopoulou, O., Thomas, P., Xynos, K.,

& Tryfonas, T. (2007). Online ID theft

techniques, investigation and response.

International Journal of Electronic

Security and Digital Forensics, 1(1), 76-

88.

Ademu, I. O., & Imafidon, C. O.(2012).

The Influence of Security Threats and

Vulnerabilities on Digital Forensic

Investigation.

Atrey, P. K., Hossain, M. A., El Saddik,

A., & Kankanhalli, M. S. (2010).

Multimodal fusion for multimedia

analysis: a survey. Multimedia systems,

16(6), 345-379.

Beebe, N. L., & Clark, J. G. (2005). A

hierarchical, objectives-based framework

for the digital investigations process.

Digital Investigation, 2(2), 147-167.

Bos, H., Etalle, S., & Poll, E. (2012).

National cyber security research agenda.

Burde, M. R., & Khan, M. T. (2012).

Traceability in Digital Forensic

Investigation Process. International

Journal, 2(10).

Chakravarthy, A. S. N., & Kumar, T. S.

(retrieved 2013) Survey on Computer

Crime Scene Investigation Forensic Tools.

International Journal, 3.

Choo, K. K. R., Smith, R. G., McCusker,

R., & Australian Institute of Criminology.

(2007). Future directions in technology-

enabled crime: 2007-09. Australian

Institute of Criminology.

Chen, T. P., Yau, W. Y., & Jiang,

X.(2009). Token-Based Fingerprint

Authentication.

Ciardhuáin, S. Ó. (2004). An extended

model of cybercrime investigations.

International Journal of Digital Evidence,

3(1), 1-22.

Cukic, B., & Bartlow, N. (2005,

September). Biometric system threats and

countermeasures: a risk based approach. In

Proceedings of the Biometric Consortium

Conference (BCC’05).

El-Abed, M., Charrier, C., & Rosenberger,

C. (2012). Evaluation of Biometric

Systems. New Trends and Developments

in Biometrics.

Frontex, Warsaw, (July 2011). Operational

and Technical security of Electronic

Passports. European Agency for the

Management of Operational Cooperation

13

at the External Borders of the Member

States of the European Union

Geradts, Z. (2006). Forensic implications

of identity systems. Datenschutz und

Datensicherheit-DuD, 30(9), 557-559.

Grother, P. J., Quinn, G. W., & Phillips, P.

J. (2010). Report on the evaluation of 2d

still-image face recognition algorithms.

NIST Interagency Rep, (7709).

Jadhav, D. S., & Ghatule, A. P. (2012). A

study of the analysis techniques to gather

evidence for presentation in the legal

constitution. International Journal of

Research in Information Technology and

Sciences-IJRITS, 1(2).

Jamieson, R., Winchester, D., Stephens,

G., & Smith, S. (2008, June). Developing a

Conceptual Framework for Identity Fraud

Profiling. In ECIS (pp. 1418-1429).

Jain, A. K., Klare, B., & Park, U. (2011,

March). Face recognition: Some

challenges in forensics. In Automatic Face

& Gesture Recognition and Workshops

(FG 2011), 2011 IEEE International

Conference on (pp. 726-733). IEEE

Jain, A. K., Hong, L., & Kulkarni, Y.

(1999, March). A multimodal biometric

system using fingerprint, face and speech.

In Proceedings of 2nd Int'l Conference on

Audio-and Video-based Biometric Person

Authentication, Washington DC (pp. 182-

187).

Jain, A. K., Ross, A., & Pankanti, S.

(2006). Biometrics: a tool for information

security. Information Forensics and

Security, IEEE Transactions on, 1(2), 125-

143.

Jain, A. K., Klare, B., & Park, U. (2011,

March). Face recognition: Some

challenges in forensics. In Automatic Face

& Gesture Recognition and Workshops

(FG 2011), 2011 IEEE International

Conference on (pp. 726-733). IEEE

Jain, A. K., & Kumar, A. (2010).

Biometrics of next generation: An

overview. Second Generation Biometrics.

Jain, A. K., Ross, A., & Pankanti, S.

(2006). Biometrics: a tool for information

security. Information Forensics and

Security, IEEE Transactions on, 1(2), 125-

143.

Jain, A., Ross, A., & Prabhakar, S. (2001).

Fingerprint matching using minutiae and

texture features. In Image Processing,

2001. Proceedings. 2001 International

Conference on (Vol. 3, pp. 282-285).

IEEE.

Jain, A. K., & Uludag, U. (2003). Hiding

biometric data. Pattern Analysis and

Machine Intelligence, IEEE Transactions

on, 25(11), 1494-1498

Juels, A., Molnar, D., & Wagner, D.

(2005, September). Security and Privacy

Issues in E-passports. In Security and

Privacy for Emerging Areas in

Communications Networks, 2005.

SecureComm 2005. First International

Conference on (pp. 74-88). IEEE.

Kosmerlj, M. (2004). Passport of the

Future: Biometrics against Identity Theft?

Kerr, D., Gammack, J. G., & Bryant, K.

(2010). Digital Business Security

Development: Management Technologies.

IGI Global.

Kong, A. W. K., Zhang, D., & Lu, G.

(2006). A study of identical twins’

palmprints for personal verification.

Pattern Recognition, 39(11), 2149-2156.

Labati, R. D., Piuri, V., & Scotti, F.

(2012). Biometric Privacy Protection:

Guidelines and Technologies. In E-

Business and Telecommunications (pp. 3-

19). Springer Berlin Heidelberg. Maguire, M. (2009). The birth of biometric

security. Anthropology today, 25(2), 9-14.

14

Manivannan, N., Tigli, C., Noor, A., &

Memon, S. (2011).Fingerprint Biometric

for Identity management.

Masters, G., & Turner, P. (2007). Forensic

data recovery and examination of magnetic

swipe card cloning devices. Digital

investigation, 4, 16-22.

Mohammadi, S., & Kaldi, A. (2008,

December). Adoption of iris-based

authentication. In Industrial Engineering

and Engineering Management, 2008.

IEEM 2008. IEEE International

Conference on (pp. 1582-1586). IEEE.

Mordini, E., & Green, M. (2009). Ethical

and Legal Aspects of Biometrics

(Convention 108). Identity, Security and

Democracy,

NLECTC NIJ (2001). Evaluation Report.

Evaluation of Mac Marshal™Version

2.0.3. Criminal Justice Electronic Crime

Technology Centre. NIJ Electronic Crime

Technology Center of Excellence

Noghondar, E. R. (2010). Use of

Authentication Mechanisms and

Biometrics in Norwegian Industry.

Peisert, S. P. (2007). A model of forensic

analysis using goal-oriented logging.

ProQuest.

Perumal, S. (2009). Digital forensic model

based on Malaysian investigation process.

International Journal of Computer Science

and Network Security, 9(8), 38-44.

Phillips, P. J., Martin, A., Wilson, C. L., &

Przybocki, M. (2000). An introduction

evaluating biometric systems. Computer,

33(2), 56-63.

Pollitt, M. M. (2007, April). An ad hoc

review of digital forensic models. In

Systematic Approaches to Digital Forensic

Engineering, 2007. SADFE 2007. Second

International Workshop on (pp. 43-54).

IEEE.

Potolinca, D., Sandu, I., Olteanu, G. I.,

Drochioiu, G., & Sirbu, V. (2012). The

study of documents counterfeit procedures

by analyzing the security elements. IPI, 9,

10.

Rathgeb, C., & Uhl, A. (2009). Systematic

construction of iris-based fuzzy

commitment schemes. In Advances in

Biometrics (pp. 940-949). Springer Berlin

Heidelberg

Rosenzweig, P., Kochems, A., &

Schwartz, A. (2004). Biometric

Technologies: Security, legal, and policy

implications. The Heritage Foundation,

21.

SC Magazine Staff Report (May January

2012). The CRU WiebeTech Forensic

ComboDock v5

http://www.scmagazine.com/cru-

wiebetech-forensic-combodock-

v5/review/3877/

SC Magazine Staff Report (May 01,

2012).ADF Solutions Triage-Examiner.

http://www.scmagazine.com/cru-

wiebetech-forensic-combodock-

v5/review/3877/

SC Magazine Staff Report (May January

2012).IntaForensics Lima Forensic Case

Management Software.

SC Magazine Staff Report (May January

2012).AccessData Group Forensic Toolkit

(FTK) v4.

http://www.scmagazine.com/cru-

wiebetech-forensic-combodock-

v5/review/3877/

Shields, C., Frieder, O., & Maloof, M.

(2011). A system for the proactive,

continuous, and efficient collection of

digital forensic evidence. Digital

investigation, 8, S3-S13.

Jones, A., & Martin, T. (2010). Digital

forensics and the issues of identity.

15

Information security technical report,

15(2), 67-71.

Singleton, T. W., & Singleton, A. J.

(2011). Fraud Risk Assessment (Vol. 160).

Stephenson, P. (2000, October). The

application of intrusion detection systems

in a forensic environment. In The Third

International Workshop on Recent

Advances in Intrusion Detection (RAID).

Thompson, J. B. (2005). Biometrics and

Its Use in Forensics

Wang, Y., Tan, T., & Jain, A. K. (2003,

January). Combining face and iris

biometrics for identity verification. In

Audio-and Video-Based Biometric Person

Authentication (pp. 805-813). Springer

Berlin Heidelberg.

Wang, Y., & Plataniotis, K. N. (2007,

September). Face based biometric

authentication with changeable and

privacy preservable templates. In

Biometrics Symposium, 2007 (pp. 1-6).

IEEE.

Wayman, J. L., Jain, A. K., Maltoni, D., &

Maio, D. (Eds.). (2005). Biometric

systems: technology, design and

performance evaluation. Springer.