Difference between revisions of "Main Page"

From Forensics Wiki
Jump to: navigation, search
m
m
Line 11: Line 11:
  
 
<!-- ARTICLE GOES HERE -->
 
<!-- ARTICLE GOES HERE -->
<small>FEB-2010</small>
+
<small>MARCH-2010</small>
[http://www.ojp.usdoj.gov/nij/journals/259/csi-effect.htm The 'CSI Effect': Does It Really Exist?], by The Honorable Donald E. Shelton
+
;[http://portal.acm.org/citation.cfm?id=1592451.1592455  Internet geolocation: Evasion and counterevasion]
 +
; ACM Computing Surveys (CSUR), Volume 42 ,  Issue 1  (December 2009)
 +
<blockquote>
 +
Internet geolocation technology aims to determine the physical (geographic) location of Internet users and devices. It is currently proposed or in use for a wide variety of purposes, including targeted marketing, restricting digital content sales to authorized jurisdictions, and security applications such as reducing credit card fraud. This raises questions about the veracity of claims of accurate and reliable geolocation. We provide a survey of Internet geolocation technologies with an emphasis on adversarial contexts; that is, we consider how this technology performs against a knowledgeable adversary whose goal is to evade geolocation. We do so by examining first the limitations of existing techniques, and then, from this base, determining how best to evade existing geolocation techniques. We also consider two further geolocation techniques which may be of use even against adversarial targets: (1) the extraction of client IP addresses using functionality introduced in the 1.5 Java API, and (2) the collection of round-trip times using HTTP refreshes. These techniques illustrate that the seemingly straightforward technique of evading geolocation by relaying traffic through a proxy server (or network of proxy servers) is not as straightforward as many end-users might expect. We give a demonstration of this for users of the popular Tor anonymizing network.</blockquote>
  
Crime and courtroom proceedings have long been fodder for film and television scriptwriters. In recent years, however, the media's use of the courtroom as a vehicle for drama has not only proliferated, it has changed focus. In apparent fascination with our criminal justice process, many of today's courtroom dramas are based on actual cases. Court TV offers live gavel-to-gavel coverage of trials over the Internet for $5.95 a month. Now, that's "reality television"!
 
 
Reality and fiction have begun to blur with crime magazine television shows such as 48 Hours Mystery, American Justice, and even, on occasion, Dateline NBC. These programs portray actual cases, but only after extensively editing the content and incorporating narration for dramatic effect. Presenting one 35-year-old cold case, for example, 48 Hours Mystery filmed for months to capture all pretrial hearings as well as the 2-week trial; the program, however, was ultimately edited to a 1-hour episode that suggested the crime remained a "mystery" . . . notwithstanding the jury's guilty verdict....
 
  
  

Revision as of 19:55, 13 March 2010

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 686 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


Selected Forensics Research

MARCH-2010

Internet geolocation: Evasion and counterevasion
ACM Computing Surveys (CSUR), Volume 42 , Issue 1 (December 2009)
Internet geolocation technology aims to determine the physical (geographic) location of Internet users and devices. It is currently proposed or in use for a wide variety of purposes, including targeted marketing, restricting digital content sales to authorized jurisdictions, and security applications such as reducing credit card fraud. This raises questions about the veracity of claims of accurate and reliable geolocation. We provide a survey of Internet geolocation technologies with an emphasis on adversarial contexts; that is, we consider how this technology performs against a knowledgeable adversary whose goal is to evade geolocation. We do so by examining first the limitations of existing techniques, and then, from this base, determining how best to evade existing geolocation techniques. We also consider two further geolocation techniques which may be of use even against adversarial targets: (1) the extraction of client IP addresses using functionality introduced in the 1.5 Java API, and (2) the collection of round-trip times using HTTP refreshes. These techniques illustrate that the seemingly straightforward technique of evading geolocation by relaying traffic through a proxy server (or network of proxy servers) is not as straightforward as many end-users might expect. We give a demonstration of this for users of the popular Tor anonymizing network.



(Past selected articles are archived here.)


Topics



You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.