University of Illinois Urbana-Champaign

Forensic analysis of computer evidence

Palmer, Imani Nkechinyere

Content Files
PALMER-DISSERTATION-2018.pdf

Permalink

https://hdl.handle.net/2142/101030

Description

Title
Forensic analysis of computer evidence
Author(s)
Palmer, Imani Nkechinyere
Issue Date
2018-04-19
Director of Research (if dissertation) or Advisor (if thesis)
Campbell, Roy H.
Doctoral Committee Chair(s)
Campbell, Roy H.
Committee Member(s)
  • Bates, Adam
  • Gunter, Carl
  • Kesan, Jay
  • Gelfand, Boris
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Date of Ingest
2018-09-04T20:27:20Z
Keyword(s)
Digital Forensics, Graph Theory, Digital Forensic Investigations
Abstract
Digital forensics is the science involved in the discovery, preservation, and analysis of evidence on digital devices. The end goal of digital forensics is to determine the events that occurred, who performed them, and how were they performed. In order for an investigation to lead to a sound conclusion, it must demonstrate that it is the product of sound scientific methodology. Digital forensics is inundated with many problems. These problems include an insufficient number of capable examiners, without a standard for certification there is a lack of training for examiners and current tools are unable to deal with the more complex cases, and lack of intelligent automation. This work perpetuates the ability of computer science principles to digital forensics creates a basis of acceptance for digital forensics in both the legal and forensic science community. This work focuses on three solutions. In terms of education, there is a lack of mandatory standardization, certification, and accreditation. Currently, there is a lack of standards in the interpretation of forensic evidence. The current techniques used by forensic investigators during analysis generally involve ad-hoc methods based on the vague and untested understanding of the system. These forensic techniques are the root of the significant differences in the testimony conducted by digital forensic expert witnesses. Lastly, digital forensic expert witness testimony is under great scrutiny because of the lack of standards in both education and investigative methods. To remedy this situation, we developed multiple avenues to facilitate more effective investigations. To improve the availability and standardization of education, we developed a multidisciplinary digital forensics curriculum. To improve the standards of forensic evidence interpretation, we developed a methodology based on graph theory to develop a logical view of low-level forensic data. To improve the admissibility of evidence, we developed a methodology to assign a likelihood to the hypotheses determined by forensic investigators. Together, these methods significantly improve the effectiveness of digital forensic investigations. Overall, this work calls the computer science community to join forces with the digital forensics community in order to develop, test and implement established computer science methodology in the application of digital forensics.
Graduation Semester
2018-05
Type of Resource
text
Permalink
http://hdl.handle.net/2142/101030
Copyright and License Information
Copyright 2018 Imani Palmer

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Computer Science
Dissertations and Theses from the Siebel School of Computer Science