Abstract
Recent legal cases have shown that digital evidence is becoming more widely used in court proceedings (by defense, accusation, public prosecutor, etc.). Digital tracks can be left on computers, phones, digital cameras as well as third party servers belonging to Internet Service Providers (ISPs), telephone providers and companies that provide services via Internet such as YouTube, Facebook and Gmail.
This work highlights the possibility to set up a false digital alibi in a fully automatic way without any human intervention. A forensic investigation on the digital evidence produced cannot establish whether such traces have been produced through either human activity or by an automated tool. These considerations stress the difference between digital and physical - namely traditional - evidence. Essentially, digital evidence should be considered relevant only if supported by evidence collected using traditional investigation techniques. The results of this work should be considered by anyone involved in a Digital Forensics investigation, due to it demonstrating that court rulings should not be based only on digital evidence, with it always being correlated to additional information provided by the various disciplines of Forensics Sciences.
Chapter PDF
Similar content being viewed by others
Keywords
References
Internet World Stats, June 30 (2010), http://www.internetworldstats.com/stats.htm
Beltrami, D.: The New York Times, I’m Innocent. Just Check My Status on Facebook, November 12 (2009), http://www.nytimes.com/2009/11/12/nyregion/12facebook.html?_r=1
Juarez, V.: CNN, Facebook status update provides alibi, November 12 (2009), http://www.cnn.com/2009/CRIME/11/12/facebook.alibi/index.html
Xomba: A Writing Community, Garlasco, Alberto Stasi acquitted (December 2009), http://www.xomba.com/garlasco_alberto_stasi_acquitted
U.S. Department of Defense. DoD Directive 5220.22, National Industrial Security Program (NISP), February 28 (2010)
Gutmann, P.: Secure Deletion of Data from Magnetic and Solid-State Memory. In: Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22-25 (1996)
Fierer, N., Lauber, C.L., Zhou, N., McDonald, D., Costello, E.K., Knight, R.: Forensic identification using skin bacterial communities. In: Proceedings of the National Academy of Sciences, Abstract (March 2010)
Bennett, J.: AutoIt v3.3.6.0, March 7 (2010), http://www.autoitscript.com/autoit3/
Di Crescenzo, G., Ghosh, A., Kampasi, A., Talpade, R., Zhang, Y.: Detecting anomalies in active insider stepping stone attacks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(1), 103–120 (2011)
Mee, V., Tryfonas, T., Sutherland, I.: The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage. Journal of Digital Investigation 3(3), 166–173 (2006)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41(3), 15:1–15:58 (2009)
Shelton, D.E.: The “CSI Effect”: Does It Really Exist? National Institute of Justice, Journal No. 259, March 17 (2008)
Russinovich, M., Cogswell, B.: Microsoft Sysinternals Process Monitor, April 13 (2011), http://technet.microsoft.com/en-us/sysinternals/bb896645
Merriam-Webster Dictionary, http://www.merriam-webster.com/dictionary/alibi
Wikipedia, KVM switch, http://en.wikipedia.org/wiki/KVM_switch
Carvey, H.: Windows Forensics Analysis, 2nd edn. Syngress (2009)
Craig, W., Dave, K., Shyaam, S.R.S.: Overwriting Hard Drive Data: The Great Wiping Controversy. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 243–257. Springer, Heidelberg (2008)
Castiglione, A., Cattaneo, G., De Maio, G., De Santis, A.: Automatic, Selective and Secure Deletion of Digital Evidence. In: Proceedings of the Sixth International Conference on Broadband and Wireless Computing, Communication and Applications, BWCCA 2011, Barcelona, Spain, October 26-28 (2011)
Silberschatz, A., Galvin, P.B., Gagne, G.: Operating System Concepts, 7th edn. Wiley, Chichester (2004)
NIST Special Publication 800-88: Guidelines for Media Sanitization, p. 7 (2006)
The Erb Law Firm, Facebook Can Keep You Out of Jail (November 2009), http://www.facebook.com/note.php?note_id=199139644051
Berger, M.A.: What Has a Decade of Daubert Wrought? American Journal of Public Health 95(S1), S59–S65 (2005)
U.S. House of Representative, Federal Rules of Evidence (December 2006), http://afcca.law.af.mil/content/afcca_data/cp/us_federal_rules_of_evidence_2006.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
De Santis, A., Castiglione, A., Cattaneo, G., De Maio, G., Ianulardo, M. (2011). Automated Construction of a False Digital Alibi. In: Tjoa, A.M., Quirchmayr, G., You, I., Xu, L. (eds) Availability, Reliability and Security for Business, Enterprise and Health Information Systems. CD-ARES 2011. Lecture Notes in Computer Science, vol 6908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23300-5_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-23300-5_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23299-2
Online ISBN: 978-3-642-23300-5
eBook Packages: Computer ScienceComputer Science (R0)