faculty of business and information technology · pdf fileinvestigates digital forensics and...
TRANSCRIPT
Whitireia NZ Porirua Wellington © Leutele Grey 2013 Digital Forensics Model for Lay People
11/26/2013
Academic Journal Topic: Computer (Digital) Forensic Tools and Biometrics
Post Graduate Diploma
Paper
IT8417 - Network Security & Forensics
By
Leutele Lucia Maria Grey
Tutor: Steve Cosgrove
ASSIGNMENT THREE
Faculty of Business and Information Technology
2013
1
Abstract
Governments and organisations
worldwide are increasingly adopting
biometric technologies as an effective
countermeasure in combating against
Identification fraud. In particular, the
worldwide adoption of biometric
Identification documents means that the
entire world population will eventually
become holders of identification
documents such as biometric e-passport,
bankcards etc. This paper argues that any
person who attempts to fraudulently
obtained, illegally issued, forged and
counterfeit documents, is likely to breach
the law. This study considers the lay and
non-technical people who may experience
being hacked and do not understand how
to go about in getting help. This paper
describes the computer (digital) Forensic
processes and applications to biometric
systems. It explores some existing modern
biometric Toolkits, discusses several
digital forensic models and compares
several modern Forensic Toolkits.
Finally, the study proposes a generic
computer digital forensic Model and
applications for the non- technical and
lay members of society.
Keywords: Computer (Digital) Forensic,
Forensic Tools, Biometric Systems,
Biometric tool kits, Biometric
countermeasures
1. Introduction
In the past decade, many people wouldn’t
have imagined that computers would be
the integral part of the daily living. Now
computers as well as other technological
devices have become the commonplace for
criminal activities, with the technological
device as the instrument of the crime, the
target of the crime, and, by its nature, the
storage for evidence. This study
investigates digital forensics and biometric
systems. Gorodnichy (2009) describes a
biometric system as an automated
technique for measuring the physical
biometric characteristics of a person such
as the face image, the iris, a fingerprint,
the palm of the hand etc. (Jain, Hong &
Pankanti, 2000) for the purpose of
recognizing him or her (Poli, Arcot, &
Charapanamjeri, 2009). The United Nations
Office in Drugs and Crime (UNODC)
(2010) had reported that fraudulent
identity and security documents are
integral prerequisites for: the smuggling of
migrants, people trafficking, terrorist
mobility, to facilitate the smuggling of
drugs, weapons and other goods, and to
commit fraud. The report also defined
‘security documents’ as those documents
(e.g. passports, identity cards, driving
licenses, currency, social security cards,
travel visas etc.,) that contained
incorporated security features in order to
protect the value of the document. Al-
Fedaghi and Al-Babtain (2012) define
digital (computer) forensics as the
“analytical and investigative techniques
used for the preservation, identification,
extraction, documentation, analysis and
interpretation of computer media (digital
data) which is stored or encoded for
evidentiary and/or root cause analysis”.
This paper argues that in general, digital
Computer (Digital) Forensic Tools and Biometrics
By
Leutele Lucia Maria Grey
25 November 2013
2
forensic law enforcement should cover all
aspects of Information Technology,
Computer and network that are obviously
susceptible to security intrusion and
fraudulent activities. This includes
consideration for the lay non-technical
users of such technologies. The digital
forensic investigation seeks to support
court processing of criminal cases relative
to computers and networks as well as
internal corporate investigations and
disciplinary hearings (Al-Fedaghi, et al,
2012). In addition, it involved the
acquisition and analysis of digital
evidences, authentication of documents,
identification of sources, suspects, and so
forth (Al-Fedaghi, et al, 2012). The rest of
this paper is structured as follow: Section
two discuses other related work. Section
three presents the problem statement.
Section four discusses biometric systems
and modern tool kits while section five
introduces digital forensics, compares
some of the modern digital forensic
toolkits and examines several forensic
models. Section six presents the Case
Study. Section seven, in the results and
discussion presents the proposed Digital
Forensic Investigation Model - for Non-
Technical Lay People (DFIM - FNTLP)
and the report concluded in section eight.
2. Other Related Work
A number of researchers have been
engaged in developing forensic models
and software toolkits required to improve
forensic investigation as well as procedural
and training equipment, and facilities.
Noblett, Pollitt and Presley (2000)
proposed a three-level hierarchical model
containing the following components:
examination, policies and practices,
procedures and technique. Baryamureeba
and Tushabe (2004) proposed the
Integrated Digital Investigation Model,
while Kohn, Olivier and Eloff (2006)
introduced a systematic framework for the
collection of court evidence and proposed
a three phase framework which combined
several existing forensic models. Grobler
and Von Solms (2009) discussed the South
African Liforac model which is related to
the live forensic acquisition. Satpathy,
Radhan and Ray (2010) contrasted various
forensic investigation models and
proposed a fusion based investigation tool,
while Bhat, Rao, Abhilash, Shenoy,
Venugopal and Patnaik (2010) proposed a
digital forensic practical framework for
flash drives. Yusoff, Ismail and Hassan
(2011) proposed the computer forensics
investigation model (GCFIM) while
Valjarevic and Venter (2011) defined the
basic postulates of a Digital Forensic
Readiness Framework for PKI systems.
In the development of the forensic
procedural and training sectors, Geradts
and Ruifrok (2003) provided an overview
of the information that is important to
know prior to a forensic investigation and
examination. Arthur and Venter (2004)
investigated Forensic tools and address
commonalities and differences. Ieong
(2006) highlighted the fundamental
principle of digital forensic investigation
(Reconnaissance, Reliability and
Relevancy) and Ayers (2009) proposed
several useful metrics for measuring the
efficacy and performance of computer
forensic tools and presented a second
generation computer forensic analysis
system. On the one hand, Lalla and
Flowerday (2010) compared tools
including Stylometry, autnominer
algorithm, ProDiscover IR (PDIR) 3.5 and
EnCase Enterprise Edition (EEE) 4.19a.
On the other hand, Canales, Monaco,
Murphy, Zych, Stewart, Tappert and
Truley (2011) experimented on a
Keystroke Biometric System which
measured the typing characteristics
believed to be unique to an individual and
difficult to duplicate. Agarwal, Gupta,
Gupta, & Gupta, (2011) proposed a
systematic digital forensic procedure
framework. Cantrell, Dampier, Dandass,
Niu and Bogen (2012) proposed a digital
triage process model and finally, James
and Jang (2013) presented a training
3
development model, aimed to expand the
investigation capability as well as the
capacity of investigators and units.
3. Problem Statement
Today, many commercial, public
and private-sector applications are
increasingly using biometric technologies
to establish personal recognition. In
particular, Governments of countries
worldwide are using biometric
technologies as countermeasure to mitigate
Personal Identification risks. In terms of
travel, every individual in the planet will
eventually become the holder of a
biometric passport. Unfortunately, the lay
members of society are increasingly
experiencing difficulties in figuring out the
complexity of bureaucratic systems
particularly in government departments
and non-government organisations and
business. What happens if a lay member of
Society has been hacked? The paper
proposed a simple model which provides
steps on what to do if someone’s biometric
passport or other personal identification
card or document have been hacked, which
is presented and discussed in full in section
seven.
4. Biometric Systems
Gorodnichy (2009) argues that
biometric systems have evolved
significantly over the past years. For
example, biometric systems ranged from a
single sample fully controlled verification
matcher to a wide range of multiple-
sample multi-modal full automated person
recognition systems that are working in a
diverse range of unconstrained
environments and behaviours. Sprokkereef
and De Hert (2007) state that the modern
biometric technologies are set up to
identify individuals by means of the body
characteristics for identification or
authentication purposes. Arguably,
biometric systems’ evaluation
methodologies continued to remain
unchanged, imposing limitations when
reporting false match and non-matching
rates and trade-off curves (Goronichy,
2009, 2010, 2011). Therefore, there is a
need for developing and standardizing new
biometric systems for effective
investigation and examination of biometric
evidences.
4.1 Biometric System
A generic biometric system
contained components which include: data
collection, data storage, data transmission,
signalling processes and the decision
phase. Jain, Nandakumar and Nagar
(2008) explain that a typical biometric
system as demonstrated in Figure 1
contained several modules.
Figure 1. A Simple Biometric System and Components.
Source: Ratha, Connell, & Bolle. 2001. Enhancing Security
and Privacy in Biometrics-Based Authentication Systems
For example, the sensor module acquires
the raw biometric data of an individual in
the form of an image, video, audio or some
other signal (Jain, et al, 2008). In addition,
while the feature extraction module
operates on the biometric signal, it also
extracted a salient set of features that
represent the signal (Jain, et al, 2008).
Further, during the user enrolment, the
extracted feature set (or Template) that is
labelled with the user identity is stored in
the biometric system (Johnson, 2004). This
in turn allowed the matching module to
4
compare the extracted feature set during
authentication with the enrolled
template(s) which generates match scores
in order to either determine or verify the
identity of an individual (Johnson, 2004).
Ratha, Connell and Bolle (2001), as cited
by Jain, et al, (2008) argue that there are
several different levels of attacks that can
be launched against a biometric system.
For example, a fake biometric trait such as
an artificial finger may be presented at the
sensor illegally or intercepted data may be
resubmitted to the system (Jain, et al,
2008). Moreover, while the feature
extractor may be replaced by a Trojan
horse program that produces pre-
determined feature set, a legitimate feature
set may be replaced with a synthetic
feature set (Jain, et al, 2008). Also the
matcher may be replaced by a Trojan horse
program that always outputs high scores
thereby defying system security while the
templates stored in the database may be
modified or removed or new templates
may be introduced in the database (Jain, et
al, 2008). Further, while the data in the
communication channel between various
modules of the system may be altered, this
could lead to an overridden final decision
output by the system (Jain, et al, 2008).
4.2. Advantages of Biometric
Anil and Arun (2004) argue that while
biometric systems have their limitations,
they performed better than traditional
security methods in that they cannot be
easily stolen or shared. In addition,
biometric systems may enhance user
convenience by alleviating the need to
design and remember passwords (Anil, et
al, 2004). In addition, biometrics
contained unique characteristics and it can
be used as a technique to discover negative
recognition where the system determines
whether the person is who he or she denies
(Anil, et al, 2004). A case in point
involved the Citizenship and Immigration
Canada (2008) Biometric Planning Project
which utilized a Biometric Field Trial that
tested many individuals and proved that
the biometric technology is an effective
tool for confirming identity and detecting
fraud.
4.3. Biometric Toolkits
Table 1 provides a list of modern multi-
biometric toolkits currently on the market
that are favoured by biometric
organisations mainly because of their
potentials to alleviate a few of the
problems that have been observed in
unimodal biometric systems.
Table 1: List of Biometric Tool Kits
While biometric tools improved matching
performance, they also have the capability
to address the problems of non-
universality and spoofing (Smith, 2006).
In addition, multi-biometric systems can
integrate information at various levels
(Imamverdiyev, Karimova, Musayev,
Wayman, & Concealers, 2008). An
example, involves the fusion at the
matching score level where the score
output by the individual matchers are
being integrated (Karray, Saleh, Arab, &
Alemzadeh, 2007). Over all, while the
Biometric Login, the Bioteps, the C_BET
Biometric, the BAT Automated (Biometric
Taskforce. 2007) and the HIDE Handled
Interagency multimode Biometric Toolkits
5
all detained high levels of unique strengths
and improved performance, all of them
shared common weaknesses - that is all are
non-error free and hackers can still access
private confidential personal data.
5. Digital Forensic Tools
5.1. Evolution
Ruibin, Yun and Gaertner (2005)
define the concept of digital forensic
investigation as the process of
"identifying, preserving, analysing, and
presenting digital evidence in a manner
that is legally acceptable through the
application of computer technology to the
investigation of computer based crime.
Coincidentally, while computers also
became more networked, computer
forensics also evolved into a term for
post-incident analysis of computers that
have been victimized by intrusion or
malicious code (Rubin, et al, 2005). As a
result, people would often describe the
former hacking instance, in which
network traffic has been captured and
analysed as network forensics (Kent,
Chevalier, Grance, & Dang, 2006). Kent,
et al, (2006) argue that in a digital
forensic investigation process, the
accurate application of science is
paramount to the identification,
collection, examination, and analysis of
data while preserving the integrity of the
information and maintaining a strict chain
of custody for the data (Kent, et al, 2006).
Since organizations needs for data
continued to increase and from many
sources, therefore digital forensic tools
and techniques can be utilized for many
purposes such as investigating crimes and
internal policy violations, reconstructing
computer security incidents,
troubleshooting operational problems;
recovering from accidental system
damage operational troubleshooting, log
monitoring and so forth (Kent et al,
2006).
5.2. Digital Forensics 2013 Modern
Toolkits
Table 2 provides a list of Digital Forensic
Tool Kits. In general the NIKSUN
NetDetector/NetVCR Alpine 4.2.1, the
CRU WiebeTech Forensic ComboDock
v5; the Cyber Security Technologies Mac
Marshal; the ADF Solutions Triage-G2;
the AccessData Forensic Suite; and the
IntaForensics Lima Forensic Case
Management Software are all sophisticated
and improved multi-purpose forensic tools
(SC Magazine for IT Security
Professionals, 2013). However, while each
of the tools contained unique strengths all
of them also detained security weaknesses
and still can be easily hacked by educated
hackers,
Table 2: Digital Forensic Modern Tools
Comparison
6
5.3. Digital Forensic Models
In order to determine what events
have occurred within digital forensic
systems and networks, many efforts have
been contributed in constituting a flexible
and standardized digital forensic model
that can provide detailed information
concerning the files, operating systems,
network traffic and applications. The sub-
section that follows describes some of the
early computer (digital) forensic models
and applications.
5.3.1. The Forensic Process Model
The Department of Justice (DOJ) and the
National Institute of Standards and
Technology (NIST) define the basic
forensic process based on the four modules
including: Collection, Analysis,
Examination and Reporting as
demonstrated and explained in Figure 2.
(Carrier & Spafford, 2003).
Figure 2: NIST Forensic Model. Source:
Shrivastava, Sharma & Dwivedi (2012).
5.3.2. The Abstract Digital Forensic
Model
Reith, Carr and Gunsch (2002) proposed
the ADFM model which contained nine
specific components as demonstrated in
Figure 3.
Figure 3: The Abstract Forensic Model:
Source Reith, Carr & Gunsch (2002).
1) The Identification Phase - helps in
recognizing & identifying the type
of incident and has influence on
other steps or phases of the model.
2) The Preparation Phase - prepares
procedures, techniques, and search
warrants.
3) The Approach Strategy - involves
the formulation of procedures and
approaches to be used in the
collection of evidence.
4) The Preservation Phase - deals
with securing and preserving the
evidence.
5) The Collection Phase - involves
the collection of evidence using
standardized procedures to record
them from the physical scene.
7
6) The Examination Phase - deals
with searching evidence of the
related suspects.
7) The Analysis Phase - involves the
inspection of examined products.
8) The Presentation Phase - explains
all the investigation and
examination phases.
9) The Returning Evidence –
requires returning of the digital
sources back to the right owner.
5.3.3. The Integrated Digital
Investigation Model
Carrier and Spafford (2003) proposed the
Integrated Digital Information model that
manages the forensic process into five groups
as demonstrated in Figure 4.
Figure 4: Digital Forensic IDI Model
Source: Carrier & Spafford (2003).
1) The Readiness Phase - ensures
that the operations and
infrastructure are able to fully
support an investigation.
2) The Deployment Phase - provides
a mechanism for an incident to be
detected and confirmed.
3) The Physical Crime Scene
Investigation Phase - collects and
analyzes physical evidence and
reconstructs the actions that took
place during the incident.
4) The Digital Crime Scene
Investigation Phase - collects and
analyzes digital evidence.
5) The Review Phase - reviews the
whole investigation and identifies
areas of Improvement.
6. Case Study
6.1. A Computer Forensics Case Study
Yasinsac, Erbacher, Marks, Pollitt &
Sommer (2003). Computer forensics
education. Security & Privacy, IEEE, 1(4),
15-23.
A system administrator (sysadmin)
was troubleshooting a network problem
when she captured several minutes’ worth
of network traffic to review with a
protocol analyzer. While conducting the
review, she noticed some odd traffic in
which a user’s desktop has sent a well-
formed packet to an obscure port on an
unfamiliar IP address outside the
company’s firewall. Shortly thereafter, one
of the company’s research and
development database servers had
transmitted a packet that did not conform
to any of the company’s standard formats
to the same IP address. This intrigued the
sysadmin, who did a lookup of the IP
address which came back as one of the
firm’s competitors. The sysadmin called
her boss and the boss instructed her to
preserve the collected packets immediately
and he proceeded in contacting the
company’s chief information security
officer (CISO) and informed him of the
situation. The CISO recognized this as a
security incident that could compromised
the company’s proprietary information and
8
trade secrets. Further, it could also
involved
the employee whose workstation contacted
the competition’s IP address. Fortunately,
the company already have a Digital
Forensic Policy in place. The CISO
assigned an incident manager from his
organization to oversee the event. The
incident manager then contacted the
company’s general counsel to discuss
various legal issues involved in the
investigation. Next, he called out a
forensics technician to collect and preserve
the evidence at the sysadmin’s computer,
the employee’s workstation, the database
server, and the firewall. After conducting a
routine examination of the collected
material, the forensic technician noticed a
substantial amount of proprietary
information on the employee’s hard drive
that he does not appear to need. Moreover,
the forensic technician couldn’t identify
the mechanism used to communicate with
the competitor’s computer. Further, the
analysis of the server and firewall logs
revealed lots of information that have been
transferred from the database server to the
competition. After obtaining the general
counsel’s approval, the incident manager
engaged a researcher at a major university
to review the examination results and work
product who identified a code on both the
employee workstation and the database
server that’s written to send information
from the database server to the
competitor’s computer on command from
the employee’s workstation. This
command was determined to be the first
and middle name of the employee’s oldest
daughter. The incident manager used the
reports from the forensic technician and
the researcher to write an incident report
for the executive management. On the
basis of this incident report, the employee
confessed to cooperating with an associate
employed by the competition. The general
counsel sued the competitor for damages,
obtaining a restraining order against the
competition while demonstrating the
company’s aggressive protection of its
trade secrets.
7. Results and Discussions
7.1. The Proposed Digital Forensic
Investigation Model - for Non-Technical
Lay People (DFI Model - FNTLP)
Biometric data are increasingly
being adopted by country governments and
commercial organisations worldwide for
Personal Identification and Recognition.
This implied that Individuals of all walks
of life may very soon become holders of
biometric E-Passports, Visa and Credit
cards, as well as other biometric
identification documents. A core problem
already suffered by the general lay and
non-technical members of society involved
the complex technical and fragmented
settings of bureaucratic systems. How does
one go about in reporting a hacking
incident? The proposed Forensic Model as
illustrated in Figure 5 provides an easy
‘do it yourself’
Figure 5: The Proposed Digital Forensic
Investigation Model - for
Non-Technical Lay People (DFI Model -
FNTLP). Leutele Grey November 2013
prescription for all non-technical lay
people in organisations or home computer
9
users or holders of any form of legal
identification document in case of a
potential breach of the law. The forensic
investigation components contained all
tasks expected to be carried out during
each phase of the model. The three Phases
of the model include:
1. The Basic Phase - signifies the
beginning of the forensic investigation
process once the user realized that he/she
has been hacked.
2. The Advanced Phase– refers to the
more detailed examination of evidence
involving more sophisticated computer
and experienced staff or others.
3. The Specialist Phase - refers to a
complete investigation analysis,
examination and live presentation of
evidences by the Forensic Scientific
Laboratory Team with specialized
equipment.
7.3. Applications for Non-Technical
Lay Members of Society.
1. The Basic Phase– If an individual had
suspected that any of his or her
Identification Documents have been
hacked, the basic step requires conducting
an in-house investigation using the easy
flexible digital forensic investigation
components including: collecting,
examining, reporting, presenting and
preserving the information. Do not
attempt to make changes in the documents.
2.The Advanced Phase - Immediately
report the incident to any of the
community not-for-profit organisations
such as the Community Law Centre;
Citizens Advice Bureau; or ring the local
police; or even contact some experienced
friends to help with the forensic processes.
The advanced level staff will then make
appropriate referral to the Specialist Level.
3. The Specialist Phase - will conduct the
forensic investigation, examination and
presentation of evidences in a court of law.
8. Conclusion
While forensic examination of
documents are useful to guide and support
criminal investigations and border control
activities, they also have the potential to
generate useful data on the means of
forging/altering documents. The forensic
examination and analyses performed on
fraudulent identity documents, security,
documents and non-security documents
aimed to:
Detect fraudulent documents (both
altered and counterfeited
documents);
Determine authenticity of security
features;
Determine authenticity of
documents by comparing with
known standards;
Determine the author of signatures;
Identify methods used to alter
documents and to produce
counterfeit documents;
Provide intelligence information;
Provide advice for the development
of new security features for identity
and security documents;
Provide other relevant information
related to the content of the
document.
9. Acknowledgement
The author wishes to acknowledge the
Whitireia Community Polytechnic in
particular the Faculty of Business and
Information Technology 2013.
10. References
Anil, K., & Arun, R. (2004).Multi-
biometric systems. Communication of the
ACM. Vol.47.No.1.
10
Agarwal, M. A., Gupta, M. M., Gupta, M.
S., & Gupta, S. C. (2011). Systematic
digital forensic investigation model.
International Journal of Computer Science
and Security (IJCSS), 5(1), 118.
Al-Fedaghi, S., & Al-Babtain, B. (2012).
Modelling the forensics process. Int. J.
Security Appl, 6(4).
Arthur, K. K., & Venter, H. S. (2004,
June). An Investigation into computer
forensic tools. In ISSA (pp. 1-11
Ayers, D. (2009). A second generation
computer forensic analysis system. Digital
Investigation, 6, S34-S42.
Baryamureeba, V., & Tushabe, F.
(2004).The enhanced digital investigation
process model. In Proceedings of the
Fourth Digital Forensic Research
Workshop.
Bhat, V. H., Rao, P. G., Abhilash, R. V.,
Shenoy, P. D., Venugopal, K. R., &
Patnaik, L. M. (2010). A data mining
approach for data generation and analysis
for digital forensic application. IACSIT
International Journal of Engineering and
Technology, 2(3), 314-319.
Biometric Taskforce. (2007).Biometric
Automated Toolset (BAT) and Handheld
Interagency Identity Detection Equipment
(HIDE). Overview for NIST SML &
Mobile ID Workshop.
Boult, T. (2006, April). Robust distance
measures for face-recognition supporting
revocable biometric tokens. In Automatic
Face and Gesture Recognition, 2006. FGR
2006. 7th International Conference on (pp.
560-566). IEEE. Canada Border services
Agency
Canales, O., Monaco, V., Murphy, T.,
Zych, E., Stewart, J., Tappert, C., &
Truley, G. (2011). A stylometry system for
authenticating students taking online Tests.
Proceedings of Student-Faculty Research
Day, CSIS, Pace University.
Cantrell, G., Dampier, D., Dandass, Y. S.,
Niu, N., & Bogen, C. (2012). Research
toward a Partially-Automated, and Crime
Specific Digital Triage Process Model.
Computer and Information Science, 5(2),
p29.
Carrier, B., & Spafford, E. H. (2003).
Getting physical with the digital
investigation process. International
Journal of digital evidence, 2(2), 1-20.
Citizenship and Immigration Canada
(2008).Biometric Planning Project.
Biometric Field Trial Evaluation
Report.Cat.no.CI42/2008E.Citizenship and
Immigration Canada.
Geradts, Z. J., & Ruifrok, A. C. (2003,
August). Extracting forensic evidence
from biometric devices. In AeroSense 2003
(pp. 181-188). International Society for
Optics and Photonics
Gorodnichy, D. O. (2009). Evolution and
evaluation of biometric systems. In
Computational Intelligence for Security
and Defense Applications, 2009. CISDA
2009. IEEE Symposium on (pp. 1-8).
IEEE.
Gorodnichy, D.O. (2010). Multi-order
biometric performance analysis. Video
Surveillance & Biometrics Section Science
and Engineering Directorate. Canada
Border services Agency
Gorodnichy, D. O. (2011). Multi-order
biometric score analysis framework and its
application to designing and evaluating
biometric systems for access and border
control. In Computational Intelligence in
Biometrics and Identity Management
(CIBIM), (pp. 44-53). IEEE.
11
Grobler, M. M., & Von Solms, S. H.
(2009). Modelling live forensic
acquisition.
Ieong, R. S. (2006). FORZA–Digital
forensics investigation framework that
incorporate legal issues. Digital
investigation, 3, 29-36.
Imamverdiyev, Y., Karimova, L.,
Musayev, V., Wayman, J., & Concealers,
I. (2008).Testing biometric systems
against spoofing attacks.
Jain, A. K., Nandakumar, K., & Nagar, A.
(2008). Biometric template security.
EURASIP Journal on Advances in Signal
Processing, 2008, 113.
Jain, A., Hong, L., & Pankanti, S. (2000).
Biometric identification. Communications
of the ACM, 43(2), 90-98.
James, J. I., & Jang, Y. J. (2013). An
Assessment Model for Cybercrime
Investigation Capacity. arXiv preprint
arXiv:1307.0076.
Johnson, M. L. (2004). Biometrics and the
threat to civil liberties. Computer, 37(4),
90-92
Karray, F., Saleh, J. A., Arab, M. N., &
Alemzadeh, M. (2007). Multi modal
biometric systems: A state of the art
survey. Pattern Analysis and Machine
Intelligence Laboratory, University of
Waterloo, Waterloo, Canada
Kent, K., Chevalier, S., Grance, T., &
Dang, H. (2006). Guide to integrating
forensic techniques into incident response.
NIST Special Publication, 800-86.
Kohn, M., Olivier, M. S., & Eloff, J. H.
(2006, July). Framework for a Digital
Forensic Investigation. In ISSA (pp. 1-7).
Lalla, H., & Flowerday, S. (2010).
Towards a Standardised Digital Forensic
Process: E-mail Forensics. In ISSA.
Noblett, M. G., Pollitt, M. M., & Presley,
L. A. (2000). Recovering and examining
computer forensic evidence. Forensic
Science Communications, 2(4), 1-13.
Poli, V., Arcot, N., & Charapanamjeri, J.
(2009). Evaluation of Biometrics. IJCSNS
International Journal of Computer Science
and Network Security, 9(9), 261
Ratha, Connell, & Bolle. (2001).
Enhancing Security and Privacy in
Biometrics-Based Authentication Systems
Reith, M., Carr, C., & Gunsch, G. (2002).
An examination of digital forensic models.
International Journal of Digital Evidence,
1(3), 1-12.
Ruibin, G., Yun, T., & Gaertner, M.
(2005). Case-relevance information
investigation: binding computer
intelligence to the current computer
forensic framework. International Journal
of Digital Evidence, 4(1), 1-13.
Satpathy, S., Pradhan, S. K., & Ray, B. B.
(2010). A digital investigation tool based
on data fusion in management of cyber
security systems. Int Journal Inf Technol,
2(2), 561-565.
SC Magazine for IT Security
Professionals. (Retrieved 2013). 2013
Digital Forensics Tools.
http://www.scmagazine.com//2013-digital-
forensic-tools/slideshow/1351/#7.
Shrivastava, G., Sharma, K., & Dwivedi,
A. (2012). Forensic Computing Models:
Technical Overview. CCSEA, SEA
Smith, R. G. (2006). Identification
systems: a risk assessment framework.
Australian Institute of Criminology.
Sprokkereef, A., & De Hert, P. A. U. L.
(2007). Ethical practice in the use of
12
biometric identifiers within the EU. Law
Science and Policy, 3(2), 177
The United Nations Office in Drugs and
Crime (UNODC Report) (2010).
Valjarevic, A., & Venter, H. S. (2011,
August). Towards a Digital Forensic
Readiness Framework for Public Key
Infrastructure Systems. In Information
Security South Africa (ISSA), 2011 (pp. 1-
10). IEEE.
Yasinsac, A., Erbacher, R. F., Marks, D.
G., Pollitt, M. M., & Sommer, P. M.
(2003). Computer forensics education.
Security & Privacy, IEEE, 1(4), 15-23.
Yusoff, Y., Ismail, R., & Hassan, Z.
(2011). Common phases of computer
forensics investigation models.
International Journal of Advanced
Computer Science and Information
Technology, 3(3).
11. Bibliography
Al-Khouri, A. M. (2011). PKI in
government identity management systems.
arXiv preprint arXiv:1105.6357.
Angelopoulou, O. (2007). ID Theft: A
Computer Forensics' Investigation
Framework.
Angelopoulou, O., Thomas, P., Xynos, K.,
& Tryfonas, T. (2007). Online ID theft
techniques, investigation and response.
International Journal of Electronic
Security and Digital Forensics, 1(1), 76-
88.
Ademu, I. O., & Imafidon, C. O.(2012).
The Influence of Security Threats and
Vulnerabilities on Digital Forensic
Investigation.
Atrey, P. K., Hossain, M. A., El Saddik,
A., & Kankanhalli, M. S. (2010).
Multimodal fusion for multimedia
analysis: a survey. Multimedia systems,
16(6), 345-379.
Beebe, N. L., & Clark, J. G. (2005). A
hierarchical, objectives-based framework
for the digital investigations process.
Digital Investigation, 2(2), 147-167.
Bos, H., Etalle, S., & Poll, E. (2012).
National cyber security research agenda.
Burde, M. R., & Khan, M. T. (2012).
Traceability in Digital Forensic
Investigation Process. International
Journal, 2(10).
Chakravarthy, A. S. N., & Kumar, T. S.
(retrieved 2013) Survey on Computer
Crime Scene Investigation Forensic Tools.
International Journal, 3.
Choo, K. K. R., Smith, R. G., McCusker,
R., & Australian Institute of Criminology.
(2007). Future directions in technology-
enabled crime: 2007-09. Australian
Institute of Criminology.
Chen, T. P., Yau, W. Y., & Jiang,
X.(2009). Token-Based Fingerprint
Authentication.
Ciardhuáin, S. Ó. (2004). An extended
model of cybercrime investigations.
International Journal of Digital Evidence,
3(1), 1-22.
Cukic, B., & Bartlow, N. (2005,
September). Biometric system threats and
countermeasures: a risk based approach. In
Proceedings of the Biometric Consortium
Conference (BCC’05).
El-Abed, M., Charrier, C., & Rosenberger,
C. (2012). Evaluation of Biometric
Systems. New Trends and Developments
in Biometrics.
Frontex, Warsaw, (July 2011). Operational
and Technical security of Electronic
Passports. European Agency for the
Management of Operational Cooperation
13
at the External Borders of the Member
States of the European Union
Geradts, Z. (2006). Forensic implications
of identity systems. Datenschutz und
Datensicherheit-DuD, 30(9), 557-559.
Grother, P. J., Quinn, G. W., & Phillips, P.
J. (2010). Report on the evaluation of 2d
still-image face recognition algorithms.
NIST Interagency Rep, (7709).
Jadhav, D. S., & Ghatule, A. P. (2012). A
study of the analysis techniques to gather
evidence for presentation in the legal
constitution. International Journal of
Research in Information Technology and
Sciences-IJRITS, 1(2).
Jamieson, R., Winchester, D., Stephens,
G., & Smith, S. (2008, June). Developing a
Conceptual Framework for Identity Fraud
Profiling. In ECIS (pp. 1418-1429).
Jain, A. K., Klare, B., & Park, U. (2011,
March). Face recognition: Some
challenges in forensics. In Automatic Face
& Gesture Recognition and Workshops
(FG 2011), 2011 IEEE International
Conference on (pp. 726-733). IEEE
Jain, A. K., Hong, L., & Kulkarni, Y.
(1999, March). A multimodal biometric
system using fingerprint, face and speech.
In Proceedings of 2nd Int'l Conference on
Audio-and Video-based Biometric Person
Authentication, Washington DC (pp. 182-
187).
Jain, A. K., Ross, A., & Pankanti, S.
(2006). Biometrics: a tool for information
security. Information Forensics and
Security, IEEE Transactions on, 1(2), 125-
143.
Jain, A. K., Klare, B., & Park, U. (2011,
March). Face recognition: Some
challenges in forensics. In Automatic Face
& Gesture Recognition and Workshops
(FG 2011), 2011 IEEE International
Conference on (pp. 726-733). IEEE
Jain, A. K., & Kumar, A. (2010).
Biometrics of next generation: An
overview. Second Generation Biometrics.
Jain, A. K., Ross, A., & Pankanti, S.
(2006). Biometrics: a tool for information
security. Information Forensics and
Security, IEEE Transactions on, 1(2), 125-
143.
Jain, A., Ross, A., & Prabhakar, S. (2001).
Fingerprint matching using minutiae and
texture features. In Image Processing,
2001. Proceedings. 2001 International
Conference on (Vol. 3, pp. 282-285).
IEEE.
Jain, A. K., & Uludag, U. (2003). Hiding
biometric data. Pattern Analysis and
Machine Intelligence, IEEE Transactions
on, 25(11), 1494-1498
Juels, A., Molnar, D., & Wagner, D.
(2005, September). Security and Privacy
Issues in E-passports. In Security and
Privacy for Emerging Areas in
Communications Networks, 2005.
SecureComm 2005. First International
Conference on (pp. 74-88). IEEE.
Kosmerlj, M. (2004). Passport of the
Future: Biometrics against Identity Theft?
Kerr, D., Gammack, J. G., & Bryant, K.
(2010). Digital Business Security
Development: Management Technologies.
IGI Global.
Kong, A. W. K., Zhang, D., & Lu, G.
(2006). A study of identical twins’
palmprints for personal verification.
Pattern Recognition, 39(11), 2149-2156.
Labati, R. D., Piuri, V., & Scotti, F.
(2012). Biometric Privacy Protection:
Guidelines and Technologies. In E-
Business and Telecommunications (pp. 3-
19). Springer Berlin Heidelberg. Maguire, M. (2009). The birth of biometric
security. Anthropology today, 25(2), 9-14.
14
Manivannan, N., Tigli, C., Noor, A., &
Memon, S. (2011).Fingerprint Biometric
for Identity management.
Masters, G., & Turner, P. (2007). Forensic
data recovery and examination of magnetic
swipe card cloning devices. Digital
investigation, 4, 16-22.
Mohammadi, S., & Kaldi, A. (2008,
December). Adoption of iris-based
authentication. In Industrial Engineering
and Engineering Management, 2008.
IEEM 2008. IEEE International
Conference on (pp. 1582-1586). IEEE.
Mordini, E., & Green, M. (2009). Ethical
and Legal Aspects of Biometrics
(Convention 108). Identity, Security and
Democracy,
NLECTC NIJ (2001). Evaluation Report.
Evaluation of Mac Marshal™Version
2.0.3. Criminal Justice Electronic Crime
Technology Centre. NIJ Electronic Crime
Technology Center of Excellence
Noghondar, E. R. (2010). Use of
Authentication Mechanisms and
Biometrics in Norwegian Industry.
Peisert, S. P. (2007). A model of forensic
analysis using goal-oriented logging.
ProQuest.
Perumal, S. (2009). Digital forensic model
based on Malaysian investigation process.
International Journal of Computer Science
and Network Security, 9(8), 38-44.
Phillips, P. J., Martin, A., Wilson, C. L., &
Przybocki, M. (2000). An introduction
evaluating biometric systems. Computer,
33(2), 56-63.
Pollitt, M. M. (2007, April). An ad hoc
review of digital forensic models. In
Systematic Approaches to Digital Forensic
Engineering, 2007. SADFE 2007. Second
International Workshop on (pp. 43-54).
IEEE.
Potolinca, D., Sandu, I., Olteanu, G. I.,
Drochioiu, G., & Sirbu, V. (2012). The
study of documents counterfeit procedures
by analyzing the security elements. IPI, 9,
10.
Rathgeb, C., & Uhl, A. (2009). Systematic
construction of iris-based fuzzy
commitment schemes. In Advances in
Biometrics (pp. 940-949). Springer Berlin
Heidelberg
Rosenzweig, P., Kochems, A., &
Schwartz, A. (2004). Biometric
Technologies: Security, legal, and policy
implications. The Heritage Foundation,
21.
SC Magazine Staff Report (May January
2012). The CRU WiebeTech Forensic
ComboDock v5
http://www.scmagazine.com/cru-
wiebetech-forensic-combodock-
v5/review/3877/
SC Magazine Staff Report (May 01,
2012).ADF Solutions Triage-Examiner.
http://www.scmagazine.com/cru-
wiebetech-forensic-combodock-
v5/review/3877/
SC Magazine Staff Report (May January
2012).IntaForensics Lima Forensic Case
Management Software.
SC Magazine Staff Report (May January
2012).AccessData Group Forensic Toolkit
(FTK) v4.
http://www.scmagazine.com/cru-
wiebetech-forensic-combodock-
v5/review/3877/
Shields, C., Frieder, O., & Maloof, M.
(2011). A system for the proactive,
continuous, and efficient collection of
digital forensic evidence. Digital
investigation, 8, S3-S13.
Jones, A., & Martin, T. (2010). Digital
forensics and the issues of identity.
15
Information security technical report,
15(2), 67-71.
Singleton, T. W., & Singleton, A. J.
(2011). Fraud Risk Assessment (Vol. 160).
Stephenson, P. (2000, October). The
application of intrusion detection systems
in a forensic environment. In The Third
International Workshop on Recent
Advances in Intrusion Detection (RAID).
Thompson, J. B. (2005). Biometrics and
Its Use in Forensics
Wang, Y., Tan, T., & Jain, A. K. (2003,
January). Combining face and iris
biometrics for identity verification. In
Audio-and Video-Based Biometric Person
Authentication (pp. 805-813). Springer
Berlin Heidelberg.
Wang, Y., & Plataniotis, K. N. (2007,
September). Face based biometric
authentication with changeable and
privacy preservable templates. In
Biometrics Symposium, 2007 (pp. 1-6).
IEEE.
Wayman, J. L., Jain, A. K., Maltoni, D., &
Maio, D. (Eds.). (2005). Biometric
systems: technology, design and
performance evaluation. Springer.