This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introd...This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.展开更多
Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of se...Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.展开更多
Network forensics is a security infrastructure,and becomes the research focus of forensic investigation.However many challenges still exist in conducting network forensics:network has produced large amounts of data;th...Network forensics is a security infrastructure,and becomes the research focus of forensic investigation.However many challenges still exist in conducting network forensics:network has produced large amounts of data;the comprehensibility of evidence extracting from collected data;the efficiency of evidence analysis methods,etc.To solve these problems,in this paper we develop a network intrusion forensics system based on transductive scheme that can detect and analyze efficiently computer crime in networked environments,and extract digital evidence automatically.At the end of the paper,we evaluate our method on a series of experiments on KDD Cup 1999 dataset.The results demonstrate that our methods are actually effective for real-time network forensics,and can provide comprehensible aid for a forensic expert.展开更多
The Enhanced Complexity Model( ECM) developed previously has been further extended to produce a Motivationally Enhanced Complexity Model( MECM) which enables the degree of motivation,capability and opportunity of a hy...The Enhanced Complexity Model( ECM) developed previously has been further extended to produce a Motivationally Enhanced Complexity Model( MECM) which enables the degree of motivation,capability and opportunity of a hypothetical Trojan Horse author to be included in quantifying the relative plausibility of competing explanations for the existence of uncontested digital evidence.This new model has been applied to the case of the Trojan Horse defence( THD) against the possession of child pornography.Our results demonstrate that the THD in this case cannot be plausibly sustained unless it can be shown that an ‘off-theshelf'( OTS) Trojan Horse for this task is available and it is not detectable by the target computer,at the material time.展开更多
Forensic entomology evidence collected by police and mortuary staff may be delayed in getting to the entomologist.Live samples may continue developing and alter minimum postmortem interval (PMImin) estimates.This stud...Forensic entomology evidence collected by police and mortuary staff may be delayed in getting to the entomologist.Live samples may continue developing and alter minimum postmortem interval (PMImin) estimates.This study investigated development of simulated evidential samples of Calliphora vicina Robineau-Desvoidy and Chrysomya rufifacies (Macquart) (Diptera: Calliphoridae) maggots.Maggots of each species were studied in three developmental classes: "small" (late second/early third instar),"mid" (mid third instar) and "large" (late third instar).Seven replicates of 11 maggots in each class were assigned without food to four treatments: (1) 24 h at 20 ℃;(2) 24 h at 4 ℃;(3) 48 h at 20 ℃ and (4) 48 h at 4 ℃.There was a significant difference in absolute length change across treatments,reflecting size for C vicina,and interaction between size,time and temperature for Ch.rufifacies.Calliphora vicina maggots showed minimal mortality,and most second instar larvae moulted by the experiment's end.Chrysomya rufifacies showed heavy mortality and minimal moulting from the second to third instar.Only "large" Ch.rutifacies maggots kept at room temperature for 48 h pupariated.Since these results confirm that development can continue in live unfed maggot samples after their collection,it is not advisable to delay their preservation.展开更多
Since the past half century,expert testimony has played an increasingly important role in Chinese litigation.As the amount of expert testimony has grown,the issues about its admissibility and scientific foundation rel...Since the past half century,expert testimony has played an increasingly important role in Chinese litigation.As the amount of expert testimony has grown,the issues about its admissibility and scientific foundation related to evidence are becoming to be questioned commonly.Since eighteenth central committee(China)adopted the decision of the Central Committee of China on several important issues in promoting the legal system,the evidence was redefined to become the predominance in the whole proceeding.This article reviews the expert knowledge implicit in the opinions.It argues that the expert opinions ask judges to be aware of the role of communicationg between participants.Expert opinion is not only gained from laboratory,but also socially constructed in the rational expression and communication,which requir us think logically in terms of legal perceptions of science and expert knowledge in the empirical world.展开更多
This study aimed to investigate the application of autosomal short tandem repeat(STR)loci using the ITO method and discriminant function algorithm for full‑sibling(FS)identification.A total of 342 pairs of full siblin...This study aimed to investigate the application of autosomal short tandem repeat(STR)loci using the ITO method and discriminant function algorithm for full‑sibling(FS)identification.A total of 342 pairs of full siblings(FSs)and 3900 pairs of unrelated individuals(UIs)were genotyped at 51 STR loci.The groups were in accordance with discrimination power(DP)values and the number of loci,and the values of FS index(FSI)of FSs and UIs were calculated by the ITO method.The discriminant functions of FS–UI were established using the Fisher’s discriminant analysis method with SPSS 19.0 software.All the lgFSI values in the FS and UI groups followed a normal distribution,and there were significant differences between the two pairs.A higher average DP value was associated with a more significant difference,as was a greater number of STR loci detected.Receiver operator characteristic curves showed that the accuracy of FS identification can be affected by both locus polymorphism and the number of loci detected.Comparing the rate of false positives and false negatives of discriminant function between the two groups,a higher average DP value and larger number of loci detected were associated with a lower rate of miscarriage of justice and were more helpful for FS–UI identification.The ITO‑based discriminant analysis method has high applicability in FS–UI tests.Testing of a greater number of STR loci promotes FS identification.展开更多
文摘This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.
基金supported by the National Natural Science Foundation of China under Grant No.60903166 the National High Technology Research and Development Program of China(863 Program) under Grants No.2012AA012506,No.2012AA012901,No.2012AA012903+9 种基金 Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032 the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065 the Opening Project of Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security) under Grant No.C13613 the China Postdoctoral Science Foundation General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012 the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24 the Beijing Municipal Natural Science Foundation Sponsored by Hunan Postdoctoral Scientific Program Open Research Fund of Beijing Key Laboratory of Trusted Computing Funds for the Central Universities, Contract No.2012JBM030
文摘Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.
基金supported by the National Natural Science Foundation of China under Grant No.60903166 and 61170262the National High-Tech Research and Development Plan of China under Grant Nos.2012AA012506+4 种基金Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24Open Research Fund of Beijing Key Laboratory of Trusted Computing
文摘Network forensics is a security infrastructure,and becomes the research focus of forensic investigation.However many challenges still exist in conducting network forensics:network has produced large amounts of data;the comprehensibility of evidence extracting from collected data;the efficiency of evidence analysis methods,etc.To solve these problems,in this paper we develop a network intrusion forensics system based on transductive scheme that can detect and analyze efficiently computer crime in networked environments,and extract digital evidence automatically.At the end of the paper,we evaluate our method on a series of experiments on KDD Cup 1999 dataset.The results demonstrate that our methods are actually effective for real-time network forensics,and can provide comprehensible aid for a forensic expert.
文摘The Enhanced Complexity Model( ECM) developed previously has been further extended to produce a Motivationally Enhanced Complexity Model( MECM) which enables the degree of motivation,capability and opportunity of a hypothetical Trojan Horse author to be included in quantifying the relative plausibility of competing explanations for the existence of uncontested digital evidence.This new model has been applied to the case of the Trojan Horse defence( THD) against the possession of child pornography.Our results demonstrate that the THD in this case cannot be plausibly sustained unless it can be shown that an ‘off-theshelf'( OTS) Trojan Horse for this task is available and it is not detectable by the target computer,at the material time.
基金This work was funded by the Australian Research Council[grant number LP0883711]with additional funding under this grant from the Australian Federal Police and the New South Wales Police Force.
文摘Forensic entomology evidence collected by police and mortuary staff may be delayed in getting to the entomologist.Live samples may continue developing and alter minimum postmortem interval (PMImin) estimates.This study investigated development of simulated evidential samples of Calliphora vicina Robineau-Desvoidy and Chrysomya rufifacies (Macquart) (Diptera: Calliphoridae) maggots.Maggots of each species were studied in three developmental classes: "small" (late second/early third instar),"mid" (mid third instar) and "large" (late third instar).Seven replicates of 11 maggots in each class were assigned without food to four treatments: (1) 24 h at 20 ℃;(2) 24 h at 4 ℃;(3) 48 h at 20 ℃ and (4) 48 h at 4 ℃.There was a significant difference in absolute length change across treatments,reflecting size for C vicina,and interaction between size,time and temperature for Ch.rufifacies.Calliphora vicina maggots showed minimal mortality,and most second instar larvae moulted by the experiment's end.Chrysomya rufifacies showed heavy mortality and minimal moulting from the second to third instar.Only "large" Ch.rutifacies maggots kept at room temperature for 48 h pupariated.Since these results confirm that development can continue in live unfed maggot samples after their collection,it is not advisable to delay their preservation.
基金This research was funded by Beijing Law Society through Municipal law research project(2016),Grant No.BLS(2016)C005.
文摘Since the past half century,expert testimony has played an increasingly important role in Chinese litigation.As the amount of expert testimony has grown,the issues about its admissibility and scientific foundation related to evidence are becoming to be questioned commonly.Since eighteenth central committee(China)adopted the decision of the Central Committee of China on several important issues in promoting the legal system,the evidence was redefined to become the predominance in the whole proceeding.This article reviews the expert knowledge implicit in the opinions.It argues that the expert opinions ask judges to be aware of the role of communicationg between participants.Expert opinion is not only gained from laboratory,but also socially constructed in the rational expression and communication,which requir us think logically in terms of legal perceptions of science and expert knowledge in the empirical world.
基金the Open Project of Key Laboratory of Forensic Genetics,Ministry of Public Security(2017FGKFKT03).
文摘This study aimed to investigate the application of autosomal short tandem repeat(STR)loci using the ITO method and discriminant function algorithm for full‑sibling(FS)identification.A total of 342 pairs of full siblings(FSs)and 3900 pairs of unrelated individuals(UIs)were genotyped at 51 STR loci.The groups were in accordance with discrimination power(DP)values and the number of loci,and the values of FS index(FSI)of FSs and UIs were calculated by the ITO method.The discriminant functions of FS–UI were established using the Fisher’s discriminant analysis method with SPSS 19.0 software.All the lgFSI values in the FS and UI groups followed a normal distribution,and there were significant differences between the two pairs.A higher average DP value was associated with a more significant difference,as was a greater number of STR loci detected.Receiver operator characteristic curves showed that the accuracy of FS identification can be affected by both locus polymorphism and the number of loci detected.Comparing the rate of false positives and false negatives of discriminant function between the two groups,a higher average DP value and larger number of loci detected were associated with a lower rate of miscarriage of justice and were more helpful for FS–UI identification.The ITO‑based discriminant analysis method has high applicability in FS–UI tests.Testing of a greater number of STR loci promotes FS identification.
