Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Browser security : a requirements-based approach

A browser is a convenient way to access resources located remotely on computer networks. Security in browsers has become a crucial issue for users who use them for sensitive applications without knowledge ofthe hazards. This research utilises a structure approach to analyse and propose enhancements to browser security. Standard evaluation for computer products is important as it helps users to ensure that the product they use is appropriate for their needs. Security in browsers, therefore, has been evaluated using the Common Criteria. The outcome of this was a security requirements profile which attempts to formalise the security needs of browsers. The information collected during the research was used to produce a prototype model for a secure browser program. Modifications to the Lynx browser were made to demonstrate the proposed enhancements.

Vibrational spectroscopic studies of wool

Fourier transfonn (FT) Raman, Raman microspectroscopy and Fourier transform infrared (FTIR) spectroscopy have been used for the structural analysis and characterisation of untreated and chemically treated wool fibres. For FT -Raman spectroscopy novel methods of sample presentation have been developed and optimised for the analysis of wool. No significant fluorescence was observed and the spectra could be obtained routinely. The stability of wool keratin to the laser source was investigated and the visual and spectroscopic signs of sample damage were established. Wool keratin was found to be extremely robust with no signs of sample degradation observed for laser powers of up to 600 m W and for exposure times of up to seven and half hours. Due to improvements in band resolution and signal-to-noise ratio, several previously unobserved spectral features have become apparent. The assignment of the Raman active vibrational modes of wool have been reviewed and updated to include these features. The infrared spectroscopic techniques of attenuated total reflectance (ATR) and photoacoustic (P A) have been used to examine shrinkproofed and mothproofed wool samples. Shrinkproofing is an oxidative chemical treatment used to selectively modifY the surface of a wool fibre. Mothproofing is a chemical treatment applied to wool for the prevention of insect attack. The ability of PAS and A TR to vary the penetration depth by varying certain instrumental parameters was used to obtain spectra of the near surface regions of these chemically treated samples. These spectra were compared with those taken with a greater penetration depth, which therefore represent more of the bulk wool sample. The PA and ATR spectra demonstrated that oxidation was restricted to the near-surface layer of wool. Extensive curve fitting of ATR spectra of untreated wool indicated that cuticle was composed of a mixed protein conformation, but was predominately that of an a.-helix. The cortex was proposed to be a mixture of both a.helical and ~-pleated sheet protein conformations. These findings were supported by PAS depth profiling results. Raman microspectroscopy was used in an extensive investigation of the molecular structure of the wool fibre. This included determining the orientation of certain functional groups within the wool fibre and the symmetry of particular vibrations. The orientation ofbonds within the wool fibre was investigated by orientating the wool fibre axis parallel and then perpendicular to the plane of polarisation of the electric vector of the incident radiation. It was experimentally determined that the majority of C=O and N-H bonds of the peptide bond of wool lie parallel to the fibre axis. Additionally, a number of the important vibrations associated with the a-helix were also found to lie parallel to the fibre axis. Further investigation into the molecular structure of wool involved determining what effect stretching the wool fibre had on bond orientation. Raman spectra of stretched and unstretched wool fibres indicated that extension altered the orientation ofthe aromatic rings, the CH2 and CH3 groups of the amino acids. Curve fitting results revealed that extension resulted in significant destruction of the a-helix structure a substantial increase in the P-pleated sheet structure. Finally, depolarisation ratios were calculated for Raman spectra. The vibrations associated with the aromatic rings of amino acids had very low ratios which indicated that the vibrations were highly symmetrical.