107 resultados para forensic


Relevância:

10.00% 10.00%

Publicador:

Resumo:

This work is concerned with the genetic basis of normal human pigmentation variation. Specifically, the role of polymorphisms within the solute carrier family 45 member 2 (SLC45A2 or membrane associated transporter protein; MATP) gene were investigated with respect to variation in hair, skin and eye colour ― both between and within populations. SLC45A2 is an important regulator of melanin production and mutations in the gene underly the most recently identified form of oculocutaneous albinism. There is evidence to suggest that non-synonymous polymorphisms in SLC45A2 are associated with normal pigmentation variation between populations. Therefore, the underlying hypothesis of this thesis is that polymorphisms in SLC45A2 will alter the function or regulation of the protein, thereby altering the important role it plays in melanogenesis and providing a mechanism for normal pigmentation variation. In order to investigate the role that SLC45A2 polymorphisms play in human pigmentation variation, a DNA database was established which collected pigmentation phenotypic information and blood samples of more than 700 individuals. This database was used as the foundation for two association studies outlined in this thesis, the first of which involved genotyping two previously-described non-synonymous polymorphisms, p.Glu272Lys and p.Phe374Leu, in four different population groups. For both polymorphisms, allele frequencies were significantly different between population groups and the 272Lys and 374Leu alleles were strongly associated with black hair, brown eyes and olive skin colour in Caucasians. This was the first report to show that SLC45A2 polymorphisms were associated with normal human intra-population pigmentation variation. The second association study involved genotyping several SLC45A2 promoter polymorphisms to determine if they also played a role in pigmentation variation. Firstly, the transcription start site (TSS), and hence putative proximal promoter region, was identified using 5' RNA ligase mediated rapid amplification of cDNA ends (RLM-RACE). Two alternate TSSs were identified and the putative promoter region was screened for novel polymorphisms using denaturing high performance liquid chromatography (dHPLC). A novel duplication (c.–1176_–1174dupAAT) was identified along with other previously described single nucleotide polymorphisms (c.–1721C>G and c.–1169G>A). Strong linkage disequilibrium ensured that all three polymorphisms were associated with skin colour such that the –1721G, +dup and –1169A alleles were associated with olive skin in Caucasians. No linkage disequilibrium was observed between the promoter and coding region polymorphisms, suggesting independent effects. The association analyses were complemented with functional data, showing that the –1721G, +dup and –1169A alleles significantly decreased SLC45A2 transcriptional activity. Based on in silico bioinformatic analysis that showed these alleles remove a microphthalmia-associated transcription factor (MITF) binding site, and that MITF is a known regulator of SLC45A2 (Baxter and Pavan, 2002; Du and Fisher, 2002), it was postulated that SLC45A2 promoter polymorphisms could contribute to the regulation of pigmentation by altering MITF binding affinity. Further characterisation of the SLC45A2 promoter was carried out using luciferase reporter assays to determine the transcriptional activity of different regions of the promoter. Five constructs were designed of increasing length and their promoter activity evaluated. Constitutive promoter activity was observed within the first ~200 bp and promoter activity increased as the construct size increased. The functional impact of the –1721G, +dup and –1169A alleles, which removed a MITF consensus binding site, were assessed using electrophoretic mobility shift assays (EMSA) and expression analysis of genotyped melanoblast and melanocyte cell lines. EMSA results confirmed that the promoter polymorphisms affected DNA-protein binding. Interestingly, however, the protein/s involved were not MITF, or at least MITF was not the protein directly binding to the DNA. In an effort to more thoroughly characterise the functional consequences of SLC45A2 promoter polymorphisms, the mRNA expression levels of SLC45A2 and MITF were determined in melanocyte/melanoblast cell lines. Based on SLC45A2’s role in processing and trafficking TYRP1 from the trans-Golgi network to stage 2 melanosmes, the mRNA expression of TYRP1 was also investigated. Expression results suggested a coordinated expression of pigmentation genes. This thesis has substantially contributed to the field of pigmentation by showing that SLC45A2 polymorphisms not only show allele frequency differences between population groups, but also contribute to normal pigmentation variation within a Caucasian population. In addition, promoter polymorphisms have been shown to have functional consequences for SLC45A2 transcription and the expression of other pigmentation genes. Combined, the data presented in this work supports the notion that SLC45A2 is an important contributor to normal pigmentation variation and should be the target of further research to elucidate its role in determining pigmentation phenotypes. Understanding SLC45A2’s function may lead to the development of therapeutic interventions for oculocutaneous albinism and other disorders of pigmentation. It may also help in our understanding of skin cancer susceptibility and evolutionary adaptation to different UV environments, and contribute to the forensic application of pigmentation phenotype prediction.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

• Introduction: Concern and action for rural road safety is relatively new in Australia in comparison to the field of traffic safety as a whole. In 2003, a program of research was begun by the Centre for Accident Research and Road Safety - Queensland (CARRS-Q) and the Rural Health Research Unit (RHRU) at James Cook University to investigate factors contributing to serious rural road crashes in the North Queensland region. This project was funded by the Premier’s Department, Main Roads Department, Queensland Transport, QFleet, Queensland Rail, Queensland Ambulance Service, Department of Natural Resources and Queensland Police Service. Additional funding was provided by NRMA Insurance for a PhD scholarship. In-kind support was provided through the four hospitals used for data collection, namely Cairns Base Hospital, The Townsville Hospital, Mount Isa Hospital and Atherton Hospital.----- The primary aim of the project was to: Identify human factors related to the occurrence of serious traffic incidents in rural and remote areas of Australia, and to the trauma suffered by persons as a result of these incidents, using a sample drawn from a rural and remote area in North Queensland.----- The data and analyses presented in this report are the core findings from two broad studies: a general examination of fatalities and casualties from rural and remote crashes for the period 1 March 2004 until 30 June 2007, and a further linked case-comparison study of hospitalised patients compared with a sample of non-crash-involved drivers.----- • Method: The study was undertaken in rural North Queensland, as defined by the Australian Bureau of Statistics (ABS) statistical divisions of North Queensland, Far North Queensland and North-West Queensland. Urban areas surrounding Townsville, Thuringowa and Cairns were not included. The study methodology was centred on serious crashes, as defined by a resulting hospitalisation for 24 hours or more and/or a fatality. Crashes meeting this criteria within the North Queensland region between 1 March 2004 and 30 June 2007 were identified through hospital records and interviewed where possible. Additional data was sourced from coroner’s reports, the Queensland Transport road crash database, the Queensland Ambulance Service and the study hospitals in the region.----- This report is divided into chapters corresponding to analyses conducted on the collected crash and casualty data.----- Chapter 3 presents an overview of all crashes and casualties identified during the study period. Details are presented in regard to the demographics and road user types of casualties; the locations, times, types, and circumstances of crashes; along with the contributing circumstances of crashes.----- Chapter 4 presents the results of summary statistics for all casualties for which an interview was able to be conducted. Statistics are presented separately for drivers and riders, passengers, pedestrians and cyclists. Details are also presented separately for drivers and riders crashing in off-road and on-road settings. Results from questionnaire data are presented in relation to demographics; the experience of the crash in narrative form; vehicle characteristics and maintenance; trip characteristics (e.g. purpose and length of journey; periods of fatigue and monotony; distractions from driving task); driving history; alcohol and drug use; medical history; driving attitudes, intentions and behaviour; attitudes to enforcement; and experience of road safety advertising.----- Chapter 5 compares the above-listed questionnaire results between on-road crash-involved casualties and interviews conducted in the region with non-crash-involved persons. Direct comparisons as well as age and sex adjusted comparisons are presented.----- Chapter 6 presents information on those casualties who were admitted to one of the study hospitals during the study period. Brief information is given regarding the demographic characteristics of these casualties. Emergency services’ data is used to highlight the characteristics of patient retrieval and transport to and between hospitals. The major injuries resulting from the crashes are presented for each region of the body and analysed by vehicle type, occupant type, seatbelt status, helmet status, alcohol involvement and nature of crash. Estimates are provided of the costs associated with in-hospital treatment and retrieval.----- Chapter 7 describes the characteristics of the fatal casualties and the nature and circumstances of the crashes. Demographics, road user types, licence status, crash type and contributing factors for crashes are presented. Coronial data is provided in regard to contributing circumstances (including alcohol, drugs and medical conditions), cause of death, resulting injuries, and restraint and helmet use.----- Chapter 8 presents the results of a comparison between casualties’ crash descriptions and police-attributed crash circumstances. The relative frequency of contributing circumstances are compared both broadly within the categories of behavioural, environmental, vehicle related, medical and other groupings and specifically for circumstances within these groups.----- Chapter 9 reports on the associated research projects which have been undertaken on specific topics related to rural road safety.----- Finally, Chapter 10 reports on the conclusions and recommendations made from the program of research.---- • Major Recommendations : From the findings of these analyses, a number of major recommendations were made: + Male drivers and riders - Male drivers and riders should continue to be the focus of interventions, given their very high representation among rural and remote road crash fatalities and serious injuries.----- - The group of males aged between 30 and 50 years comprised the largest number of casualties and must also be targeted for change if there is to be a meaningful improvement in rural and remote road safety.----- + Motorcyclists - Single vehicle motorcycle crashes constitute over 80% of serious, on-road rural motorcycle crashes and need particular attention in development of policy and infrastructure.----- - The motorcycle safety consultation process currently being undertaken by Queensland Transport (via the "Motorbike Safety in Queensland - Consultation Paper") is strongly endorsed. As part of this process, particular attention needs to be given to initiatives designed to reduce rural and single vehicle motorcycle crashes.----- - The safety of off-road riders is a serious problem that falls outside the direct responsibility of either Transport or Health departments. Responsibility for this issue needs to be attributed to develop appropriate policy, regulations and countermeasures.----- + Road safety for Indigenous people - Continued resourcing and expansion of The Queensland Aboriginal Peoples and Torres Strait Islander Peoples Driver Licensing Program to meet the needs of remote and Indigenous communities with significantly lower licence ownership levels.----- - Increased attention needs to focus on the contribution of geographic disadvantage (remoteness) factors to remote and Indigenous road trauma.----- + Road environment - Speed is the ‘final common pathway’ in determining the severity of rural and remote crashes and rural speed limits should be reduced to 90km/hr for sealed off-highway roads and 80km/hr for all unsealed roads as recommended in the Austroads review and in line with the current Tasmanian government trial.----- - The Department of Main Roads should monitor rural crash clusters and where appropriate work with local authorities to conduct relevant audits and take mitigating action. - The international experts at the workshop reviewed the data and identified the need to focus particular attention on road design management for dangerous curves. They also indicated the need to maximise the use of audio-tactile linemarking (audible lines) and rumble strips to alert drivers to dangerous conditions and behaviours.----- + Trauma costs - In accordance with Queensland Health priorities, recognition should be given to the substantial financial costs associated with acute management of trauma resulting from serious rural and remote crashes.----- - Efforts should be made to develop a comprehensive, regionally specific costing formula for road trauma that incorporates the pre-hospital, hospital and post-hospital phases of care. This would inform health resource allocation and facilitate the evaluation of interventions.----- - The commitment of funds to the development of preventive strategies to reduce rural and remote crashes should take into account the potential cost savings associated with trauma.----- - A dedicated study of the rehabilitation needs and associated personal and healthcare costs arising from rural and remote road crashes should be undertaken.----- + Emergency services - While the study has demonstrated considerable efficiency in the response and retrieval systems of rural and remote North Queensland, relevant Intelligent Transport Systems technologies (such as vehicle alarm systems) to improve crash notification should be both developed and evaluated.----- + Enforcement - Alcohol and speed enforcement programs should target the period between 2 and 6pm because of the high numbers of crashes in the afternoon period throughout the rural region.----- + Drink driving - Courtesy buses should be advocated and schemes such as the Skipper project promoted as local drink driving countermeasures in line with the very high levels of community support for these measures identified in the hospital study.------ - Programs should be developed to target the high levels of alcohol consumption identified in rural and remote areas and related involvement in crashes.----- - Referrals to drink driving rehabilitation programs should be mandated for recidivist offenders.----- + Data requirements - Rural and remote road crashes should receive the same quality of attention as urban crashes. As such, it is strongly recommended that increased resources be committed to enable dedicated Forensic Crash Units to investigate rural and remote fatal and serious injury crashes.----- - Transport department records of rural and remote crashes should record the crash location using the national ARIA area classifications used by health departments as a means to better identifying rural crashes.----- - Rural and remote crashes tend to be unnoticed except in relatively infrequent rural reviews. They should receive the same level of attention and this could be achieved if fatalities and fatal crashes were coded by the ARIA classification system and included in regular crash reporting.----- - Health, Transport and Police agencies should collect a common, minimal set of data relating to road crashes and injuries, including presentations to small rural and remote health facilities.----- + Media and community education programmes - Interventions seeking to highlight the human contribution to crashes should be prioritised. Driver distraction, alcohol and inappropriate speed for the road conditions are key examples of such behaviours.----- - Promotion of basic safety behaviours such as the use of seatbelts and helmets should be given a renewed focus.----- - Knowledge, attitude and behavioural factors that have been identified for the hospital Brief Intervention Trial should be considered in developing safety campaigns for rural and remote people. For example challenging the myth of the dangerous ‘other’ or ‘non-local’ driver.----- - Special educational initiatives on the issues involved in rural and remote driving should be undertaken. For example the material used by Main Roads, the Australian Defence Force and local initiatives.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

The analysis and value of digital evidence in an investigation has been the domain of discourse in the digital forensic community for several years. While many works have considered different approaches to model digital evidence, a comprehensive understanding of the process of merging different evidence items recovered during a forensic analysis is still a distant dream. With the advent of modern technologies, pro-active measures are integral to keeping abreast of all forms of cyber crimes and attacks. This paper motivates the need to formalize the process of analyzing digital evidence from multiple sources simultaneously. In this paper, we present the forensic integration architecture (FIA) which provides a framework for abstracting the evidence source and storage format information from digital evidence and explores the concept of integrating evidence information from multiple sources. The FIA architecture identifies evidence information from multiple sources that enables an investigator to build theories to reconstruct the past. FIA is hierarchically composed of multiple layers and adopts a technology independent approach. FIA is also open and extensible making it simple to adapt to technological changes. We present a case study using a hypothetical car theft case to demonstrate the concepts and illustrate the value it brings into the field.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

This paper will investigate the suitability of existing performance measures under the assumption of a clearly defined benchmark. A range of measures are examined including the Sortino Ratio, the Sharpe Selection ratio (SSR), the Student’s t-test and a decay rate measure. A simulation study is used to assess the power and bias of these measures based on variations in sample size and mean performance of two simulated funds. The Sortino Ratio is found to be the superior performance measure exhibiting more power and less bias than the SSR when the distribution of excess returns are skewed.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

This paper discusses the use of models in automatic computer forensic analysis, and proposes and elaborates on a novel model for use in computer profiling, the computer profiling object model. The computer profiling object model is an information model which models a computer as objects with various attributes and inter-relationships. These together provide the information necessary for a human investigator or an automated reasoning engine to make judgements as to the probable usage and evidentiary value of a computer system. The computer profiling object model can be implemented so as to support automated analysis to provide an investigator with the information needed to decide whether manual analysis is required.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Automatic recognition of people is an active field of research with important forensic and security applications. In these applications, it is not always possible for the subject to be in close proximity to the system. Voice represents a human behavioural trait which can be used to recognise people in such situations. Automatic Speaker Verification (ASV) is the process of verifying a persons identity through the analysis of their speech and enables recognition of a subject at a distance over a telephone channel { wired or wireless. A significant amount of research has focussed on the application of Gaussian mixture model (GMM) techniques to speaker verification systems providing state-of-the-art performance. GMM's are a type of generative classifier trained to model the probability distribution of the features used to represent a speaker. Recently introduced to the field of ASV research is the support vector machine (SVM). An SVM is a discriminative classifier requiring examples from both positive and negative classes to train a speaker model. The SVM is based on margin maximisation whereby a hyperplane attempts to separate classes in a high dimensional space. SVMs applied to the task of speaker verification have shown high potential, particularly when used to complement current GMM-based techniques in hybrid systems. This work aims to improve the performance of ASV systems using novel and innovative SVM-based techniques. Research was divided into three main themes: session variability compensation for SVMs; unsupervised model adaptation; and impostor dataset selection. The first theme investigated the differences between the GMM and SVM domains for the modelling of session variability | an aspect crucial for robust speaker verification. Techniques developed to improve the robustness of GMMbased classification were shown to bring about similar benefits to discriminative SVM classification through their integration in the hybrid GMM mean supervector SVM classifier. Further, the domains for the modelling of session variation were contrasted to find a number of common factors, however, the SVM-domain consistently provided marginally better session variation compensation. Minimal complementary information was found between the techniques due to the similarities in how they achieved their objectives. The second theme saw the proposal of a novel model for the purpose of session variation compensation in ASV systems. Continuous progressive model adaptation attempts to improve speaker models by retraining them after exploiting all encountered test utterances during normal use of the system. The introduction of the weight-based factor analysis model provided significant performance improvements of over 60% in an unsupervised scenario. SVM-based classification was then integrated into the progressive system providing further benefits in performance over the GMM counterpart. Analysis demonstrated that SVMs also hold several beneficial characteristics to the task of unsupervised model adaptation prompting further research in the area. In pursuing the final theme, an innovative background dataset selection technique was developed. This technique selects the most appropriate subset of examples from a large and diverse set of candidate impostor observations for use as the SVM background by exploiting the SVM training process. This selection was performed on a per-observation basis so as to overcome the shortcoming of the traditional heuristic-based approach to dataset selection. Results demonstrate the approach to provide performance improvements over both the use of the complete candidate dataset and the best heuristically-selected dataset whilst being only a fraction of the size. The refined dataset was also shown to generalise well to unseen corpora and be highly applicable to the selection of impostor cohorts required in alternate techniques for speaker verification.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

In a recent decision by Mr Justice Laddie, a patent was held anticipated by, inter alia, prior use of a device which fell within the claims of the patent in suit, even though its circuitry was enclosed in resin. The anticipating invention had been "made available to the public" within the terms of section 2 (2) of the Patents Act 1977 because its essential integers would have been revealed by an interesting character, the "skilled forensic engineer".

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Speaker verification is the process of verifying the identity of a person by analysing their speech. There are several important applications for automatic speaker verification (ASV) technology including suspect identification, tracking terrorists and detecting a person’s presence at a remote location in the surveillance domain, as well as person authentication for phone banking and credit card transactions in the private sector. Telephones and telephony networks provide a natural medium for these applications. The aim of this work is to improve the usefulness of ASV technology for practical applications in the presence of adverse conditions. In a telephony environment, background noise, handset mismatch, channel distortions, room acoustics and restrictions on the available testing and training data are common sources of errors for ASV systems. Two research themes were pursued to overcome these adverse conditions: Modelling mismatch and modelling uncertainty. To directly address the performance degradation incurred through mismatched conditions it was proposed to directly model this mismatch. Feature mapping was evaluated for combating handset mismatch and was extended through the use of a blind clustering algorithm to remove the need for accurate handset labels for the training data. Mismatch modelling was then generalised by explicitly modelling the session conditions as a constrained offset of the speaker model means. This session variability modelling approach enabled the modelling of arbitrary sources of mismatch, including handset type, and halved the error rates in many cases. Methods to model the uncertainty in speaker model estimates and verification scores were developed to address the difficulties of limited training and testing data. The Bayes factor was introduced to account for the uncertainty of the speaker model estimates in testing by applying Bayesian theory to the verification criterion, with improved performance in matched conditions. Modelling the uncertainty in the verification score itself met with significant success. Estimating a confidence interval for the "true" verification score enabled an order of magnitude reduction in the average quantity of speech required to make a confident verification decision based on a threshold. The confidence measures developed in this work may also have significant applications for forensic speaker verification tasks.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Forensic imaging has been facing scalability challenges for some time. As disk capacity growth continues to outpace storage IO bandwidth, the demands placed on storage and time are ever increasing. Data reduction and de-duplication technologies are now commonplace in the Enterprise space, and are potentially applicable to forensic acquisition. Using the new AFF4 forensic file format we employ a hash based compression scheme to leverage an existing corpus of images, reducing both acquisition time and storage requirements. This paper additionally describes some of the recent evolution in the AFF4 file format making the efficient implementation of hash based imaging a reality.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Aim: Researchers have suggested that approximately 1% of individuals with psychopathic tendencies can successfully function within the community, although there has been a lack of research to support this claim. The current study aimed to identify individuals with psychopathic tendencies within a community sample and furthermore the socio-demographic correlates of this community integrated psychopath (e.g. relationship stability, substance use, and employment status). Procedure: 300 participants completed the Self-Reported Psychopathy scale – version 3 which contains four core psychopathy subfactors: (a) Interpersonal Manipulation, (b) Callous Affect, (c) Erratic Lifestyle and (d) Criminal Tendencies as well as the Paulhus Deception Scales to explore the effect of impression management and self-deception on the identification of psychopathy. Findings: Results indicated that at least 1% of the current community displayed characteristics consistent with psychopathic tendencies. A series of bivariate and multivariate statistical analyses were conducted which indicated that gender, age and alcohol misuse were predictive of psychopathy scores for this sample. More specifically, younger males who tend to misuse alcohol were found to be most likely to have psychopathic tendencies. Interestingly, impression management and self-deception was not associated with such tendencies. Discussion: The results provide some support for the assertion that individuals with psychopathic tendencies can be identified within the community (regardless of impression management techniques) and that such tendencies are associated with specific socio-demographic characteristics.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Digital forensic examiners often need to identify the type of a file or file fragment based only on the content of the file. Content-based file type identification schemes typically use a byte frequency distribution with statistical machine learning to classify file types. Most algorithms analyze the entire file content to obtain the byte frequency distribution, a technique that is inefficient and time consuming. This paper proposes two techniques for reducing the classification time. The first technique selects a subset of features based on the frequency of occurrence. The second speeds classification by sampling several blocks from the file. Experimental results demonstrate that up to a fifteen-fold reduction in file size analysis time can be achieved with limited impact on accuracy.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Spatially offset Raman spectroscopy (SORS) is a powerful new technique for the non-invasive detection and identification of concealed substances and drugs. Here, we demonstrate the SORS technique in several scenarios that are relevant to customs screening, postal screening, drug detection and forensics applications. The examples include analysis of a multi-layered postal package to identify a concealed substance; identification of an antibiotic capsule inside its plastic blister pack; analysis of an envelope containing a powder; and identification of a drug dissolved in a clear solvent, contained in a non-transparent plastic bottle. As well as providing practical examples of SORS, the results highlight several considerations regarding the use of SORS in the field, including the advantages of different analysis geometries and the ability to tailor instrument parameters and optics to suit different types of packages and samples. We also discuss the features and benefits of SORS in relation to existing Raman techniques, including confocal microscopy, wide area illumination and the conventional backscattered Raman spectroscopy. The results will contribute to the recognition of SORS as a promising method for the rapid, chemically-specific analysis and detection of drugs and pharmaceuticals.