Jantje A. M. Silomon

Evaluation of Evidence in Internet Auction Fraud Investigations

Internet auction fraud has become prevalent. Methodologies for detecting fraudulent transactions use historical information about Internet auction participants to decide whether or not a user is a potential fraudster. The information includes reputation scores, values of items, time frames of various activities and transaction records. This paper presents a distinctive set of fraudster characteristics based on an analysis of 278 allegations about the sale of counterfeit goods at Internet auction sites. Also, it applies a Bayesian approach to analyze the relevance of evidence in Internet auction fraud cases.

A Complexity Based Model for Quantifying Forensic Evidential Probabilities

An operational complexity model (OCM) is proposed to enable the complexity of both the cognitive and the computational components of a process to be determined. From the complexity of formation of a set of traces via a specified route a measure of the probability of that route can be determined. By determining the complexities of alternative routes leading to the formation of the same set of traces, the odds ratio indicating the relative plausibility of the alternative routes can be found. An illustrative application to a BitTorrent piracy case is presented, and the results obtained suggest that the OCM is capable of providing a realistic estimate of the odds ratio for two competing hypotheses. It is also demonstrated that the OCM can be straightforwardly refined to encompass a variety of circumstances.

Triage template pipelines in digital forensic investigations

This paper addresses the increasing resources overload being experienced by law enforcement digital forensics units with the proposal to introduce triage template pipelines into the investigative process, enabling devices and the data they contain to be examined according to a number of prioritised criteria.

A Complexity Based Forensic Analysis of the Trojan Horse Defence

The Operational Complexity Model (OCM) has been used to derive the complexities of the five most prevalent cyber-crimes occurring in southeast Asia, namely peer-to-peer (P2P) multimedia piracy, online auction fraud, online storage of offensive material, theft of online game weapons, and distributed denial of service (DDoS) attacks. In each case the complexity of the simplest Trojan horse process that might be invoked as an alternative explanation for the recovered digital evidence is also determined using the OCM, and the results are used to assess the relative plausibility of the two competing explanations in each case. Finally, the forensically determined circumstances under which a Trojan horse defence is most likely to be successful are outlined.

Sensitivity Analysis of a Bayesian Network for Reasoning about Digital Forensic Evidence

A Bayesian network representing an actual prosecuted case of illegal file sharing over a peer-to-peer network has been subjected to a systematic and rigorous sensitivity analysis. Our results demonstrate that such networks are usefully insensitive both to the occurrence of missing evidential traces and to the choice of conditional evidential probabilities. The importance of this finding for the investigation of digital forensic hypotheses is highlighted.

Quantification of digital forensic hypotheses using probability theory

The issue of downloading illegal material from a website onto a personal digital device is considered from the perspective of conventional (Pascalian) probability theory. We present quantitative results for a simple model system by which we analyse and counter the putative defence case that the forensically recovered illegal material was downloaded accidentally by the defendant. The model is applied to two actual prosecutions involving possession of child pornography.