Open Access Repository

Forensic computing : exploring paradoxes : an investigation into challenges of digital evidence and implications for emerging responses to criminal, illegal and inappropriate on-line behaviours

Broucek, Vlastimil 2009 , 'Forensic computing : exploring paradoxes : an investigation into challenges of digital evidence and implications for emerging responses to criminal, illegal and inappropriate on-line behaviours', PhD thesis, University of Tasmania.

PDF (Whole thesis excluding published material)
whole_BroucekVl...pdf | Download (11MB)
Available under University of Tasmania Standard License.

| Preview
[img] PDF (Whole thesis)
whole_BroucekVl...pdf | Document not available for request/download
Full text restricted
Available under University of Tasmania Standard License.


This research thesis explores technical, legal and organisational challenges of
digital evidence and the implications of their inter-relationships for responses
to criminal, illegal and inappropriate on-line behaviours. From a forensic
computing perspective the solutions to these challenges have tended to focus
on discrete sets of technical, legal or organisational issues individually. Lack of
understanding of the inter-relationships between these issues is inhibiting the
development of integrated and coordinated solutions that can effectively
balance requirements for the generation of legally admissible digital evidence,
e-security and privacy. More significantly, this research highlights that the
fragmented nature of these discrete approaches may be impairing the overall
effectiveness of the responses developed.
The methodological framework underpinning this exploratory research adopts
a subjective ontology and employs an interpretative epistemology. The
research strategy involves the examination of three cases on technical, legal
and organisational challenges of digital evidence respectively. Each case is
analysed independently and the interpretation and discussion adopts a forensic
computing perspective to interpret and discuss the inter-relationships across
these areas and to explore the implications for digital evidence and the
underlying problematic on-line behaviours. Case A examines the validity of
quantitative data collected by running a network intrusion detection system
(NIDS) SNORT on University network. Case B examines an Australian
Federal Court case illustrating legal arguments applied to digital evidence, its
discovery and presentation. Case C examines the Cyber Tools On-line Search
for Evidence (CTOSE) project highlighting the difficulties of developing and
implementing organisational level processes for digital evidence handling.
Analysis of Case A involves descriptive statistical analysis of network data and
reveals significant problems with the validity and quality of the data. The
results of the case analysis show that data collected by SNORT are not
sufficient to track and trace the sources of the attacks. The analysis also
reveals that the data sets collected may be flawed, erroneous or already have
been tampered with. Despite significant fine tuning, SNORT continued to
generate numerous false positive alerts and/or wrongly identified sources of
attacks. This case highlights that intrusion detection systems can play an
important role in protecting information systems infrastructure, but to be
effective they require the attention of highly trained security personnel/system
administrators. These personnel also need to engage in regular monitoring and
analysis of alerts and other log files, and to ensure regular updating of the rule
sets used by these systems.
Analysis of Case B reveals the impact of legal misconceptualisations about the
nature of digital systems on court decisions and on the generation of legal
precedents that have potentially broader social implications. The results of the
analysis reveal serious flaws in understanding amongst all participants in the
case over the nature of digital evidence and how it should best be collected,
analysed and presented. More broadly, the judgement also appears to have
worrying implications for individual privacy and data protection.
Analysis of Case C highlights the practical challenges faced at the
organisational level in the implementation of models and tools for digital
evidence handling. The analysis highlights that models and tools that have been
developed for handling digital evidence are by their very nature and
complexity highly problematic to adopt and utilise in organisational settings.
A key element that continues to inhibit their use is the lack of early and
comprehensive end-user education. The results from this case highlight the
critical need for organisations to have greater 'forensic readiness' for dealing
with criminal, illegal or inappropriate on-line behaviours.

Item Type: Thesis - PhD
Authors/Creators:Broucek, Vlastimil
Keywords: Forensic sciences, Computer crimes, Evidence, Criminal, Electronic evidence, Computer security
Copyright Holders: The Author
Copyright Information:

Copyright 2009 the author.

Additional Information:

Thesis (PhD)--University of Tasmania, 2009. Includes bibliographical references. Ch. 1. Introduction -- Ch. 2. Literature review -- Ch. 3. Research methodology -- Ch. 4. Data analysis Case A - SNORT -- Ch. 5. Data analysis Case B - MP3 -- Ch. 6. Data analysis Case C -- CTOSE -- Ch. 7. Interpretation and discussion: forensic computing perspective -- Ch. 8. Conclusion and future work

Item Statistics: View statistics for this item

Actions (login required)

Item Control Page Item Control Page