research project 2 forensic challenge
play

Research Project 2: Forensic Challenge Axel Puppe & Joeri - PowerPoint PPT Presentation

May 20, 2023 •229 likes •413 views

Outline Introduction Method FAT Walker Xarver Investigation Conclusion Research Project 2: Forensic Challenge Axel Puppe & Joeri Blokhuis June 30, 2010 Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge Outline

  1. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Research Project 2: Forensic Challenge Axel Puppe & Joeri Blokhuis June 30, 2010 Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  2. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Introduction Method FAT Walker Xarver Investigation Conclusion Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  3. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Digital Forensic Research Workshop (DFRWS) ◮ Founded in 2001, annual meeting ◮ Advancing digital forensic science ◮ Target crowd: ◮ University researchers ◮ Computer forensic examiners ◮ Analysts ◮ Since 2005 annual challenge Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  4. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Scenario ◮ Suspected arms dealer ◮ Recovered phone from canal (memory dumps) ◮ Questions: ◮ Evidence connecting suspect to the sale of arms ◮ Evidence of the receipt of payment ◮ Recovery of any other leads: individuals, companies, or bank accounts Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  5. Outline Introduction Method FAT Walker Xarver Investigation Conclusion What information can be expected in a mobile phone? ◮ Phone data ◮ Internet data ◮ Log ◮ Browser ◮ Phone calls ◮ History ◮ Text messages ◮ Cache ◮ Bookmarks ◮ Calendar ◮ E-mail ◮ Appointments ◮ Reminders ◮ Sent ◮ Birthdays ◮ Received ◮ Drafts ◮ Address book ◮ Deleted ◮ File data ◮ Account settings ◮ Multimedia files ◮ Instant messaging ◮ Audio ◮ Video ◮ Photos ◮ Documents Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  6. Outline Introduction Method FAT Walker Xarver Investigation Conclusion ◮ Standard forensic tools ◮ Developed forensic tools ◮ FAT Walker ◮ Xarver Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  7. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Standard Forensic tools ◮ Unsuccessful : Autopsy/Sleuthkit, Encase, FTK, Paraben Cell Seizure, pyflag ◮ Beneficial : Scalpel(carving), Standard Linux commands(strings, file, grep), Google goggles. Figure: Picture taken and identified by Google goggles Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  8. Outline Introduction Method FAT Walker Xarver Investigation Conclusion FAT ◮ Extract Directory Table Entries ◮ On physical memory dumps ◮ Filenames/Extension, MAC times ( Modified/Access/Creation ) ◮ Benefits for a forensic investigator: ◮ Initial research ◮ Possible user behaviour on the phone ◮ Last created files ◮ Build an absolute path (depending on the parent and current directory) Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  9. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Screenshot ◮ Memory dump 1: ◮ Only two distinct MAC times ◮ Memory dump 2: ◮ Clear gap from 2008 to 2010 ◮ Top files created since 2010: JPG, BIN, DAT and XML. ◮ Not updated: Access and Modification time ◮ Decide possible focus! Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  10. Outline Introduction Method FAT Walker Xarver Investigation Conclusion XML <?xml version="1.0" encoding="UTF-8" ?> <Forensics> <Unit> <Name> The Netherlands Forensic Institute </Name> <City> The Hague </City> </Unit> <Unit> <Name> New Scotland Yard </Name> <City> London </City> </Unit> </Forensics> Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  11. Outline Introduction Method FAT Walker Xarver Investigation Conclusion XML ◮ XML Usage: ◮ Sim Cards ◮ Databases ◮ Open Office XML ◮ Mobile phone (Android) applications ◮ And more. . . ◮ Xarver features: ◮ Read raw data ◮ Build XML tree ◮ Deal with damaged XML ◮ Gives offsets of original data Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  12. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Screenshot Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  13. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Combining the tools Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  14. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Xarver results ◮ MMS ◮ Subjects: Look at this, This?, Contact, . . . ◮ Email ◮ Subjects: Buy, Engine, Payment, . . . ◮ Email Settings ◮ Email address ◮ Username ◮ Password ◮ And more. . . ◮ Call log Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  15. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Pictures Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  16. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Conclusion ◮ Evidence connecting suspect to the sale of arms ◮ Found emails + pictures ◮ Evidence of the receipt of payment ◮ Suspected email (subject: ‘payment’) ◮ Recovery of any other leads: individuals, companies, or bank accounts ◮ Individuals yes, Companies/Bank account(s) nothing so far. . . Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

  17. Outline Introduction Method FAT Walker Xarver Investigation Conclusion Questions Questions? Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic Challenge V2.0 * Conclusions Introduction Why this forensic Challenge ? * To promote and impulse the Forensic Analysis in our Region -- Hispanoamerica--

558 views • 19 slides
Why This Workshop? In 2009 the Research Council of the National Academy of Sciences issues a

Why This Workshop? In 2009 the Research Council of the National Academy of Sciences issues a

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18, 2015 Ohio MHAS Forensic Conference Columbus, OH Terry Kukor, Ph.D., ABPP Board Certified in Forensic Psychology Director of Forensic Services Netcare

972 views • 23 slides
Expectancy bias and Bias and forensic evidence Bias and speech research forensic speech

Expectancy bias and Bias and forensic evidence Bias and speech research forensic speech

Overview Bias effects Expectancy bias and Bias and forensic evidence Bias and speech research forensic speech research Blind forensic speech research Maartje Schreuder TMFI / Maastricht University I AFPA 2011 Bundeskrim

180 views • 7 slides
Challenges in Crime Scene Investigation Technical challenges in forensic STR profiling

Challenges in Crime Scene Investigation Technical challenges in forensic STR profiling

Epigenetics a New Perspective for Improving Forensic Science p g Hwan Young Lee, Ph.D. Department of Forensic Medicine Yonsei University College of Medicine Current Forensic DNA Typing Forensic cases -- matching suspect with evidence

247 views • 13 slides
Objectives 1. Articulate the rationale for restructuring forensic evaluation reports 2. Identify

Objectives 1. Articulate the rationale for restructuring forensic evaluation reports 2. Identify

11/5/2015 Specialized Topics in Ethical Forensic Practice, Part 1: Restructured Forensic Reports Presented For OhioMHAS Forensic Conference November 18, 2015 Terry Kukor, Ph.D., ABPP (Forensic) Joy Stankowski, M.D. Aracelis (Liz) Rivera, Psy.D.

451 views • 17 slides
T and Science of Forensic Monitoring Forensic Monitor may be employed by one Board or a

T and Science of Forensic Monitoring Forensic Monitor may be employed by one Board or a

11/5/2015 The T and Science of Forensic Monitoring Robert N. Baker, PhD Jeannie Cool, PCC-S Lottie Gray, MSSA, LISW, CDCA Julia King, PsyD, MBA T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic

389 views • 24 slides
Digital Forensics Research Workshop Challenge 2009 Wouter van Dongen, Alain van Hoof Research

Digital Forensics Research Workshop Challenge 2009 Wouter van Dongen, Alain van Hoof Research

Digital Forensics Research Workshop Challenge 2009 Wouter van Dongen, Alain van Hoof Research Project 2 1 July 2009 1 Research project 2 Introduction Challenge details Research questions Method Time zones and Linux time

353 views • 18 slides
Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18, 2015 Ohio MHAS Forensic Conference Columbus, OH Terry Kukor, Ph.D., ABPP Board Certified in Forensic Psychology Director of Forensic Services Netcare

1.29k views • 67 slides
THE NEW FORENSIC PATIENT Learning Objectives Review the epidemiology of forensic populations

THE NEW FORENSIC PATIENT Learning Objectives Review the epidemiology of forensic populations

THE NEW FORENSIC PATIENT Learning Objectives Review the epidemiology of forensic populations Explore various clinical presentations seen in forensic settings Implement evidence-based and novel treatment strategies to the new forensic

946 views • 80 slides
alcohol support groups for forensic inpatient and discharged service users Project lead: Dr

alcohol support groups for forensic inpatient and discharged service users Project lead: Dr

Improving attendance at drug and alcohol support groups for forensic inpatient and discharged service users Project lead: Dr Nikki Wood, Principal Clinical Psychologist and Head of Forensic Substance Use Support Service Project team: SUSS

247 views • 7 slides
Forensic Voice Comparison and Forensic Acoustics 1 Value and Interpretation of Biometric

Forensic Voice Comparison and Forensic Acoustics 1 Value and Interpretation of Biometric

Forensic Voice Comparison and Forensic Acoustics 1 Value and Interpretation of Biometric Evidence in Forensic Automatic Speaker Recognition Dr. Andrzej Drygajlo Speech Processing and Biometrics Group Swiss Federal Institute of Technology

546 views • 44 slides
Regional Forensic Trainings 2013 Pathways to Conditional Release: An Overview of the Forensic

Regional Forensic Trainings 2013 Pathways to Conditional Release: An Overview of the Forensic

Regional Forensic Trainings 2013 Pathways to Conditional Release: An Overview of the Forensic Mental Health System Robert N. Baker, PhD Assistant Chief Office of Forensic Services, ODMH Objectives Provide an overview of the forensic

581 views • 40 slides
T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic

T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic

The T and Science of Forensic Monitoring Robert N. Baker, PhD Jeannie Cool, PCC-S Lottie Gray, MSSA, LISW, CDCA Julia King, PsyD, MBA T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic Monitor.

834 views • 70 slides
Oracle Database Audit Scripts, Privacy &amp; Security considerations Challenge: Forensic analysis

Oracle Database Audit Scripts, Privacy &amp; Security considerations Challenge: Forensic analysis

Oracle Database Audit Scripts, Privacy &amp; Security considerations Challenge: Forensic analysis of license French case law concluded that that Oracle's scripts are scripting much more data than what is legally relevant usage on Oracle

117 views • 9 slides
Current Forensic DNA Typing o Forensic cases -- matching suspect with evidence Involves generation

Current Forensic DNA Typing o Forensic cases -- matching suspect with evidence Involves generation

Epigenetic age signatures in the forensically relevant body fluid of semen Hwan Yong Lee Department of Forensic Medicine Yonsei University College of Medicine Seoul, Korea Current Forensic DNA Typing o Forensic cases -- matching suspect with

533 views • 14 slides
The counter-hegemonic challenge of Polish neo-traditionalism. This research is part of a project

The counter-hegemonic challenge of Polish neo-traditionalism. This research is part of a project

FATIGUE Comparative Analysis Workshop: Discourse The role of culture and tradition in the shift towards illiberal democracy: The counter-hegemonic challenge of Polish neo-traditionalism. This research is part of a project that has received

317 views • 13 slides
Calumet County Medical Examiner County Board Update June 2014 Who are we?? Medical Examiner

Calumet County Medical Examiner County Board Update June 2014 Who are we?? Medical Examiner

Calumet County Medical Examiner County Board Update June 2014 Who are we?? Medical Examiner appointed January 1, 1999 Three deputies PPP Committee Kent Katalinick Kevin Johnson Regina Behnke Personnel Michael Klaeser 1985

518 views • 20 slides
Travis County Medical Examiner's Office eee eee e Presentation to the ee ee Will iamson Cou nty

Travis County Medical Examiner's Office eee eee e Presentation to the ee ee Will iamson Cou nty

Travis County Medical Examiner's Office eee eee e Presentation to the ee ee Will iamson Cou nty e ee ee e Com missioners C ourt e May 28, 2013 1 .. &quot; OBJECTIVES

375 views • 10 slides
2016 DOJ CRI RECOMMENDATION 2.1 Recommendation 2.1 The SFPD must work with the City and

2016 DOJ CRI RECOMMENDATION 2.1 Recommendation 2.1 The SFPD must work with the City and

2016 DOJ CRI RECOMMENDATION 2.1 Recommendation 2.1 The SFPD must work with the City and County of San Francisco to develop a process that provides for timely, transparent, and factual outcomes for Officer Involved Shooting incidents.

735 views • 45 slides
A Pathologists Perspective on Naegleria Fowleri Meningoencephalitis(PAM) Dennis Drehner, D.O.

A Pathologists Perspective on Naegleria Fowleri Meningoencephalitis(PAM) Dennis Drehner, D.O.

A Pathologists Perspective on Naegleria Fowleri Meningoencephalitis(PAM) Dennis Drehner, D.O. Pediatric Pathologist Pediatrician Pathology PAM was diagnosed in only 27% of patients before death . Capewell LG, Harris AM, Yoder JS et al. J

813 views • 43 slides
HPC simula+ons of cardiac electrophysiology using pa+ent-specific models of the human heart

HPC simula+ons of cardiac electrophysiology using pa+ent-specific models of the human heart

HPC simula+ons of cardiac electrophysiology using pa+ent-specific models of the human heart CompBioMed &amp; VPH Ins2tute webinar Francesc Levrero-Florencio &amp; Ana Minchol Computa(onal Cardiovascular Science Group Department of Computer

630 views • 47 slides
Runtime Enforcement of Reactive Systems using Synchronous Enforcers Srinivas Pinisetty 1 , Partha

Runtime Enforcement of Reactive Systems using Synchronous Enforcers Srinivas Pinisetty 1 , Partha

Part-I: Introduction Preliminaries Problem Def. Functional Def. Algorithm Application to SCCharts and Results Conclusions Runtime Enforcement of Reactive Systems using Synchronous Enforcers Srinivas Pinisetty 1 , Partha Roop 3 , Steven Smyth

665 views • 39 slides
Professor Patrick J Doherty Clinical specialist in CR Chair of Rehabilitation AF and Exercise:

Professor Patrick J Doherty Clinical specialist in CR Chair of Rehabilitation AF and Exercise:

1 Professor Patrick J Doherty Clinical specialist in CR Chair of Rehabilitation AF and Exercise: Aims of the session: Understand the context of AF Why is physical activity &amp; exercise important? What is the likelihood of cardiac

673 views • 28 slides
Case 2 DR IRENE SCHEIMBERG, CONSULTANT PAEDIATRIC &amp; PERINATAL PATHOLOGIST THE ROYAL LONDON

Case 2 DR IRENE SCHEIMBERG, CONSULTANT PAEDIATRIC &amp; PERINATAL PATHOLOGIST THE ROYAL LONDON

Case 2 DR IRENE SCHEIMBERG, CONSULTANT PAEDIATRIC &amp; PERINATAL PATHOLOGIST THE ROYAL LONDON HOSPITAL, BARTS HEALTH NHS TRUST, LONDON, UK Clinical history Mother primigravida, high BMI Normal antenatal scans Reduced fetal movements

799 views • 26 slides

More recommend