Graeme Horsman

Unmanned aerial vehicles

As unmanned aerial vehicles have become more affordable, their popularity with the general public and commercial organisations has seen significant growth in recent years. Whilst remaining a device for both the hobbyist and aircraft-enthusiast to enjoy, they are now also used for carrying out activities such as law enforcement surveillance, agricultural maintenance, acquiring specialist movie and sports event footage along with search and seizure activities. Conversely, despite maintaining many legitimate uses, there are also increasing media reports of unmanned aerial vehicle technology being abused, ranging from physical assaults due to negligent flights to breaches of Civil Aviation Authority Air Navigation Regulations, requiring a forensic analysis of these devices in order to establish the chain of events. This article presents an introductory discussion of unmanned aerial vehicle analysis and provides the results of a digital forensic investigation of a test Parrot Bebop unmanned aerial vehicle. Directions for the acquisition and analysis of the devices internal storage are provided along with an interpretation of on-board flight data, captured media and operating system. Further, as the device can be controlled via Android and iOS devices using the application FreeFlight3, forensic analysis of these devices is also presented. Results showed the ability to recover flight data from both the unmanned aerial vehicle and controller handsets along with captured media, however problems exist with establishing the definitive owner of the device, particularly if a user had abandoned it at the scene of a crime.

A Case Based Reasoning Framework for Improving the Trustworthiness of Digital Forensic Investigations

A novel concept for improving the trustworthiness of results obtained from digital investigations is presented. Case Based Reasoning Forensic Auditor (CBR-FA) is a method by which results from previous digital forensic examinations are stored and reused to audit current digital forensic investigations. CBR-FA provides a method for evaluating digital forensic investigations in order to provide a practitioner with a level of reassurance that evidence that is relevant to their case has not been missed. The structure of CBR-FA is discussed as are the methodologies it incorporates as part of its auditing functionality.

A survey of current social network and online communication provision policies to support law enforcement identify offenders

Abstract Online forms of harassment, stalking and bullying on social network and communication platforms are now arguably wide-spread and subject to regular media coverage. As these provision continue to attract millions of users, generating significant volumes of traffic, regulating abuse and effectively reprimanding those who are involved in it, is a difficult and sometimes impossible task. This article collates information acquired from 22 popular social network and communication platforms in order to identify current regulatory gaps. Terms of service and privacy policies are reviewed to assess existing practices of data retention to evaluate the feasibility of law enforcement officials tracking those whose actions breach the law. For each provision, account sign-up processes are evaluated and policies for retaining Internet Protocol logs and user account information are assessed along with the availability of account preservation orders. Finally, recommendations are offered for improving current approaches to regulating social network crime and online offender tracking.

User-Contributory Case-Based Reasoning for Digital Forensic Investigations

A novel concept for approaching digital investigations is presented. User-contributory case-based reasoning (UCCBR) is a method by which previous results from digital forensic (DF) examinations are stored and reused in future investigations. The advantages of a UCCBR system are discussed which include implementing UCCBR as an auditing tool, a method for optimizing evidence retrieval and anomalous file detection.

A review of quality procedures in the UK forensic sciences: What can the field of digital forensics learn?

With a reliance on the various forms of forensic science evidence in complex criminal investigations, the measures for ensuring its quality are facing increasing scrutiny. Improvements to quality management systems, to ensure both the robust application of scientific principles and the accurate interpretation and reporting of results, have arisen as a consequence of high-profile rebuttals of forensic science evidence, combined with process improvements driven by evaluation of current practice. These improvements are crucial to ensure validity of results as well as providing assurance for all those involved in the Criminal Justice System. This work first examines the quality management systems utilised for the examination and analysis of fingerprint, body fluid and DNA evidence. It then proceeds to highlight an apparent lack of comparable quality assurance mechanisms within the field of digital forensics, one of the newest branches of forensic science. Proposals are provided for the improvement of quality assurance for the digital forensics arena, drawing on the experiences of, and more well-established practices within, other forensic disciplines.

A preliminary assessment of latent fingerprint evidence damage on mobile device screens caused by digital forensic extractions

Abstract Mobile devices continue to feature heavily in criminal investigations and often bear multiple forms of potentially relevant evidence. In the context of identifying the owner of a device, both latent fingerprints and resident digital data may be crucial to investigations, yet each individual process may have a detrimental impact on the other. Fingerprint development techniques are known to impact device hardware, whilst digital extraction processes can destroy latent prints. This article examines the impact of mobile device extraction procedures on resident screen fingerprints. The impact of bare fingered, cotton gloved, latex gloved and stylus screen press and swipes on latent print destruction are examined. Results indicate that all forms of interaction cause print damage, but to a variable extent. Provisional device handling recommendations are offered.

An investigation of anonymous and spoof SMS resources used for the purposes of cyberstalking

In 2012, the United Kingdom actively sought to tackle acts of stalking through amendments to the Protection from Harassment Act 1997. Now, not only is stalking a recognised criminal offence, acts associated with stalking behaviour have finally been properly defined in legislation. Further, the role of technology in digital stalking offences, frequently termed as acts of cyberstalking, has been duly highlighted. The prosecution of such cyberstalking offences is reliant on the forensic analysis of devices capable of communication with a victim, in order to identify the offender and evidence the offending content for presentation to a court of law. However, with the recent proliferation of anonymous communication services, it is becoming increasingly difficult for digital forensic specialists to analyse and detect the origin of stalking messages, particularly those involving mobile devices. This article identifies the legal factors involved, along with a scenario-based investigation of sample anonymous and spoof SMS (Short Message Service) messages, documenting the evidence that remains on a victims handset for the purpose of locating an offender, which often may be minimal or non-existent.

A method for reducing the risk of errors in digital forensic investigations

Motivated by the concerns expressed by many academics over difficulties facing the digital forensic field, user-contributory case-based reasoning (UCCBR); a method for auditing digital forensic investigations is presented. This auditing methodology is not designed to replace a digital forensic practitioner but to aid their investigation process, acting as a method for reducing the risks of missed or misinterpreted evidence. The structure and functionality of UCCBR is discussed and its potential for implementation within a digital forensic environment.