Digital Meta-Forensics: Quantifying the Investigation. Richard E Overill and Jantje A M Silomon

Size: px
Start display at page:

Download "Digital Meta-Forensics: Quantifying the Investigation. Richard E Overill and Jantje A M Silomon"

Transcription

1 Digital Meta-Forensics: Quantifying the Investigation Richard E Overill and Jantje A M Silomon Department of Computer Science, King's College London, Strand, London WC2R 2LS, UK {richard.overill jantje.a.silomon}(at)kcl.ac.uk Abstract We review, analyse and evaluate recent developments in two related areas of digital forensics. The first involves quantifying the extent to which the recovered digital evidential traces support the prosecution s contention that a particular digital crime has been committed. The second addresses the issue of quantifying the cost-effectiveness of the digital forensic investigative process, in order to optimise the deployment of valuable and scarce resources for maximum efficacy. Keywords: conditional probability; Bayesian network; likelihood ratio; odds ratio; complexity; cost-effectiveness; return on investment; cost-benefit ratio; forensic triage. 1. Introduction and Background Digitial forensic analysis has up to now not kept pace with conventional forensic analysis in the matter of quantifying the degree of certainty with which a hypothesis and a corresponding set of evidential traces can be causally linked. For example, in the case of fingerprint or DNA analyses the probability of two distinct individuals exhibiting a match is known and hence the plausibility of the hypothesis can be determined quantitatively in the form of a likelihood ratio. In the context of digital forensic evidence however, qualitative statements, such as "very likely" are routinely used by forensic examiners and expert witnesses. Not surprisingly, defence lawyers assigned to digital crime cases have become aware of this discrepancy and have attempted to exploit it to persuade the court that the prosecution does not possess evidence of sufficient probative value. However, the development of potentially suitable methodologies and techniques for the quantitative interpretation of digital forensic investigations is underway [1-4] and offers the prospect of bringing a degree of numerical certitude to the recovered evidence in such cases. At the same time, metrics for analysing the cost-effectiveness of digital forensic investigations are also being developed [5, 6], as are their implementation in the form of practical software solutions that can be used by digital forensic technicians to perform a type of forensic triage [7]. These developments are particularly significant in view of the current severe shortage of experienced digital forensic examiners and the accelerating increase in digital crimes, all in the context of a global economic recession. In this paper we review the latest developments in both of the areas referred to above and additionally highlight those issues that remain problematic or have yet to be fully addressed.

2 2. Concepts and Methodologies 2.1 Metrics for Plausibility The remainder of this subsection describes a top-down and a bottom-up approach to quantifying the degree of plausibility of a (prosecution or defence) hypothesis regarding the putative sequence of events in relation to the recovered digital evidential traces. A top-down approach makes use of Bayesian conditional probabilities, i.e. the probability of recovering the evidential traces E given that the hypothesis H is correct: Pr(E H). A bottom-up approach, on the other hand, makes use of Bayesian posterior probabilities, i.e. the probability that the hypothesis H is correct given that the evidential traces E have been recovered: Pr(H E). The Likelihood Ratio (LR) is a top-down plausibility metric, which is used routinely by conventional forensic scientists (see, for example, [8, 9]). The generalised LR [10] is given by: Λ = Pr(E H) / Pr(E H c ) where H c is the logical complement of H. In the context of a Bayesian network representation of an actual digital crime investigation (see, for example, [1, 2] and Figure 1), the numerator of Λ is obtained by setting the value of the main hypothesis to true and then multiplying together the resulting probabilities for each of the evidential traces, under the assumption that the evidential traces are mutually independent; similarly, setting the value of the main hypothesis to false yields the denominator. The Odds Ratio (OR), on the other hand, is a bottom-up plausibility metric, which is also widely used by forensic scientists [9]. The OR is given by: Ο = Pr(H E) / Pr(H c E) and cannot be obtained directly from a Bayesian network representation. Instead, a complexity based model such as the Operational Complexity Model (OCM) [3] can be used to estimate the work (both computational and human) involved in producing the observed evidential traces E via the route specified by H, and also via all the remaining enumerated feasible routes satisfying H c. In the OCM, computational complexity [11] and GOMS-KLM [12] represent the computational and human contributions respectively. A major conceptual step of the OCM is the postulate that the probability of a given feasible route k (as specified by hypothesis H k ) is inversely proportional to its complexity, C k : Pr(H k E) C k -1 where the proportionality constant α is uniquely determined by the normalisation condition on the sum of the probabilities over all feasible routes: α = ( C k -1 ) -1 Thus, by enumerating all feasible routes k leading to the formation of the observed evidential traces E and evaluating their respective complexities C k, a numerical estimation of the OR for any one particular route over all other feasible routes can be obtained.

3 It should be noted that although a simple proportionality relationship exists between LR and OR: Ο Λ, the constant of proportionality in this case is: β = Pr(H) / Pr(H c ) that is, the (prior) odds of H, which is not usually known. For this reason LR and OR are not normally inter-convertible. 2.2 Metrics for Cost-effectiveness With law enforcement resources (principally manpower, money and time) already overstretched in relation to the number of digital forensic investigations requested, it becomes important to develop methods of determining whether or not any particular investigation is worthwhile undertaking. This leads naturally to the concepts of forensic triage and prioritisation. A preliminary filtering or prescreening phase will enable evidentially hopeless investigations to be abandoned quickly, and the remainder to be ranked in probable order of evidential strength. A number of criteria have been proposed for making the initial assessment, including cost-efficiency [5] and return-on-investment (ROI) [6]. Cost-efficiency ranks the recovered evidence against the expected evidence for a known type of crime. A forensic technician is guided through the assessment by a software application (for example, Digital Forensic Advisor [7]) in a pre-determined sequence which seeks out the most evidentially significant traces first, and, among traces of equal evidential weight, the lowest cost traces first [5]. In this way, an evidentially hopeless assessment can be detected early on and abandoned, while only those assessments which exceed a pre-determined evidential threshold (for example, 80% of the expected evidence) are passed on to an experienced forensic examiner for full processing. Return-on-Investment is a familiar business decision making concept which is inversely related to the equally familiar cost-benefit ratio (CBR). If the evidential weight of a given trace i is w i and its corresponding cost is c i then its ROI is given by w i / c i and its CBR by c i / w i. The evidential traces for a known type of crime can be ranked in order of descending ROI (or of ascending CBR) and then assessed in that order. Refinement of this scheme is possible: for example, where a particular trace i contributes to n i >1 evidentiary chains then its effective weight is given by w i = n i w i and the effective ROI is then (n i w i ) / c i [6]. Alternative ranking metrics, such as n i + (c i /10) and (n i /c i ), have also been proposed [6]. Each metric yields a subtly different assessment ranking for the evidentiary traces (see [6], Table 2). A digital forensic laboratory s choice of which ranking to adopt will depend on its individual priorities (for example, throughput versus resources) as well as on the nature of the suspected digital crime (for example, civil versus criminal, or large scale versus small scale).

4 3. Results and Discussion The conceptual frameworks outlined in Section 2.1 above have been applied to the evidential traces from two actual prosecuted digital crimes. 3.1 Top-down analysis In [2], the LR for an online auction fraud case was calculated under the assumption that there are just two feasible routes by which the recovered digital evidential traces could have been produced, corresponding to the prosecution s (criminal) hypothesis H p and the defence s (non-criminal) hypothesis H d. Note that, since the recovered digital evidential traces are not in dispute per se, the Bayesian networks for the two hypotheses differ only in the interpretation of the significance of the traces as reflected in their respective sub-hypotheses. In this case, the calculation yields a LR for H p over H d of 164,000, which can be qualitatively interpreted as indicating very strong evidentiary support for H p over H d [8]. This finding may be taken by the prosecuting authority as one indication inter alia that it is worthwhile proceeding to trial. It should however be pointed out here that this type of calculation may also be employed by the defence side in an adversarial judicial system in an attempt to improve or tune their own hypothesis so that it compares more favourably with the prosecution s. Another approach that the defence might wish to adopt is to challenge the validity of the individual conditional probability values Pr(E i H j ) embedded in the prosecution s Bayesian network. Each value represents the probability that the evidential trace E i is found given that the sub-hypothesis H j is true. These values may be obtained by aggregating the responses of a group of experienced digital forensic examiners to a carefully constructed questionnaire [1]. In order to study the dependence of a Bayesian network on its embedded evidential conditional probabilities, a rigorous sensitivity analysis [4] has been performed on the Bayesian network used for investigating illegal peer-to-peer (P2P) file-sharing over a BitTorrent (BT) network [1]. While simultaneously replacing every aggregated conditional probability with its minimum response value was found to produce the largest change in the Bayesian network ( 25.5%), the chances randomly selecting minimum values for all 18 evidential conditional probabilities is negligible (of order ). However, systematically replacing any one conditional probability consistently produced changes of less than 2.6% in magnitude [4]. The implication of this finding is that the BT network, and, by extension, other similar Bayesian networks for investigating digital crimes, is not particularly sensitive to the precise values employed for each of the evidential conditional probabilities. A similar observation holds with regard to missing (that is, unrecovered) evidential traces. More often than not the complete set of expected digital traces from a suspected crime is not recovered, and the defence might wish to challenge the strength of the prosecution case on these grounds. The BT sensitivity analysis [4] also studied the effect on the Bayesian network of systematically removing each individual trace, all possible pairs of traces, and a selection of groups of three or more traces. The maximum change due to one or two missing traces (out of a possible total of 18 traces for BT) was 10.3%, and the sampled cases involving three and four missing traces also fell within this bound. Taken together, these findings effectively block potential challenges on the grounds of conditional probability values or missing evidential traces.

5 3.2 Bottom-up analysis In [3], the OR for the illegal P2P file-sharing (BT) investigation was calculated under the assumption that the Trojan defence [13] was the only other feasible route to the recovered evidential traces. This approach employed the non-bayesian OCM [3], requiring the enumeration of the human and computational complexities of each step of both feasible routes. A further assumption was made that the user of the seized computer frequently participated in online filesharing. The size of the illegally shared multimedia file was taken as 4GB. In this case the initial calculation yielded an OR of 4.60 in favour of the prosecution hypothesis. However, the initial model assumed that no up-to-date anti-malware defence was operational on the seized PC. Inclusion of an anti-malware defence with a typical Trojan detection probability of 0.98 raised the OR to 277, or, put another way, the probability of the prosecution hypothesis is if the Trojan defence is the sole alternative hypothesis. This is by no means the final word on the topic of calculating the OR ab initio. It is possible to weight the human and computational complexity terms to reflect the difference in cycle times between a human brain and a PC (of order 10 7 ). Disk access, which is of order 10 5 slower than RAM access, may also be included in the model in a straightforward manner [3]. 4. Summary and Conclusions In the first instance, the quantitative analysis methods described in this paper would most naturally be employed in-house by forensic investigators to assess the likely probative value of the recovered evidence, and to decide whether or not a full digital forensic investigation is warranted. At a later stage, they could be adopted by the relevant prosecution authority (e.g. the Crown Prosecution Service of England and Wales) in reaching a decision as to whether or not to mount a prosecution given the evidence recovered from the full digital forensic investigation. Finally, they might be used within trial proceedings (possibly by both prosecution and defence counsels in an adversarial judicial system) as an additional means of persuading the court of the respective strengths and weaknesses of their own and their opponent s cases. For perfectly good reasons judicial systems tend to be inherently conservative and it is to be expected that there would be a natural time lag (of perhaps at least a decade) between each of these three phases of development.

6 References [1] Kwan M, Chow K-P, Law F & Lai P, Reasoning About Digital Evidence Using Bayesian Networks, Advances in Digital Forensics IV, Ch.12, pp , Springer (2008). [2] Kwan Y K, Overill R E, Chow K P, Silomon J A M, Tse H, Law Y W & Lai K Y, Evaluation of Evidence in Internet Auction Fraud Investigations, Proc.6th Annual IFIP WG 11.9 International Conference on Digital Forensics, Hong Kong, 3-6 January 2010, Advances in Digital Forensics VI, Ch.7, pp , Springer (2010). [3] Overill R E, Silomon J A M & Chow K-P, A Complexity Based Model for Quantifying Forensic Evidential Probabilities, Proc.3rd International Workshop on Digital Forensics (WSDF 2010), Krakow, Poland, February 2010, pp [4] Overill R E, Silomon J A M, Kwan Y K, Chow K-P, Law Y W & Lai K Y, Sensitivity Analysis of a Bayesian Network for Reasoning about Digital Forensic Evidence, Proc.4th International Workshop on Forensics for Future Generation Communication environments (F2GC-10), Cebu, Philippines, August 2010 (to appear). [5] Overill R E, Kwan Y K, Chow K-P, Lai K Y & Law Y W, A Cost-Effective Digital Forensics Investigation Model, Proc. 5th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 2009, Advances in Digital Forensics V, Ch.15, pp , Springer (2009). [6] Cohen F, Two Models of Digital Forensic Analysis, Proc.4th International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE-2009), Oakland, CA, 21 May 2009, pp [7] Digital Forensic Advisor, a software application developed jointly by King's College London and Hong Kong University, funded by Innovation China UK (June 2010). [8] Keppens J, Towards Qualitative Approaches to Bayesian Evidential Reasoning, Proc.11th ACM International Conference on Artificial Intelligence and Law (ICAIL 07), Stanford, CA, 4-8 June 2007, pp.17 25, Table2. [9] Lucy D, Introduction to Statistics for Forensic Scientists, Wiley, Chichester, UK (2005). [10] Evett I, Establishing the evidential value of a small quantity of material found at a crime scene, J For Sci Soc, 33(2) (1993) [11] Papadimitriou C H, Computational Complexity, Addison-Wesley, Reading, MA (1994). [12] Kieras D, Using the Keystroke-Level Model to Estimate Execution Times, University of Michigan (2001), available online at: [13] Haagman D and Ghavalas B, Trojan Defence: A Forensic View, Digital Investigation, 2 (2005)

7 HYPOTHESES: H The seized computer was used as the initial seeder to share the pirated file on a BitTorrent network H 1 The pirated file was copied from the seized optical disk to the seized computer H 2 A torrent file was created from the copied file H 3 The torrent file was sent to newsgroups for publishing H 4 The torrent file was activated, which caused the seized computer to connect to the tracker server H 5 The connection between the seized computer and the tracker server was maintained EVIDENCE: E 1 Modification time of the destination file equals that of the source file E 2 Creation time of the destination file is after its own modification time E 3 Hash value of the destination file matches that of the source file E 4 BitTorrent client software is installed on the seized computer E 5 File link for the shared file is created E 6 Shared file exists on the hard disk E 7 Torrent file creation record is found E 8 Torrent file exists on the hard disk E 9 Peer connection information is found E 10 Tracker server login record is found E 11 Torrent file activation time is corroborated by its MAC time and link file E 12 Internet history record about the publishing website is found E 13 Internet connection is available E 14 Cookie of the publishing website is found E 15 URL of the publishing website is stored in the web browser E 16 Web browser software is available E 17 Internet cache record about the publishing of the torrent file is found E 18 Internet history record about the tracker server connection is found Figure 1 BitTorrent Network Diagram [1]

Digital Forensonomics the Economics of Digital Forensics

Digital Forensonomics the Economics of Digital Forensics Digital Forensonomics the Economics of Digital Forensics Richard E Overill Department of Informatics, King s College London, Strand, London WC2R 2LS, UK richard.overill@kcl.ac.uk Abstract. This paper introduces

More information

Computer Forensics using Bayesian Network: A Case Study

Computer Forensics using Bayesian Network: A Case Study Computer Forensics using Bayesian Network: A Case Study Michael Y.K. Kwan, K.P. Chow, Frank Y.W. Law, Pierre K.Y. Lai {ykkwan,chow,ywlaw,kylai}@cs.hku.hk The University of ong Kong Abstract Like the traditional

More information

What is Digital Forensics?

What is Digital Forensics? DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?

More information

Tools and Technology for Computer Forensics: Research and Development in Hong Kong (Invited Paper)

Tools and Technology for Computer Forensics: Research and Development in Hong Kong (Invited Paper) Tools and Technology for Computer Forensics: Research and Development in Hong Kong (Invited Paper) Lucas C.K. Hui, K.P. Chow, and S.M. Yiu Department of Computer Science The University of Hong Kong Hong

More information

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS Chapter 22 CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS April Tanner and David Dampier Abstract Research in digital forensics has yet to focus on modeling case domain information involved in investigations.

More information

Concepts of digital forensics

Concepts of digital forensics Chapter 3 Concepts of digital forensics Digital forensics is a branch of forensic science concerned with the use of digital information (produced, stored and transmitted by computers) as source of evidence

More information

Your Motor Legal Protection Insurance Policy Wording

Your Motor Legal Protection Insurance Policy Wording Your Motor Legal Protection Insurance Policy Wording www.debenhamscarinsurance.co.uk Contents Your Motor Legal Protection Insurance Policy Wording... 3 General Exceptions... 10 2 Your Motor Legal Protection

More information

Digital Evidence Search Kit

Digital Evidence Search Kit Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University

More information

HC 677 SesSIon 2010 2011 17 December 2010. HM Revenue & Customs. Managing civil tax investigations

HC 677 SesSIon 2010 2011 17 December 2010. HM Revenue & Customs. Managing civil tax investigations Report by the Comptroller and Auditor General HC 677 SesSIon 2010 2011 17 December 2010 HM Revenue & Customs Managing civil tax investigations 4 Summary Managing civil tax investigations Summary 1 In 2009-10,

More information

BOR 6432 Cybersecurity and the Constitution. Course Bibliography and Required Readings:

BOR 6432 Cybersecurity and the Constitution. Course Bibliography and Required Readings: BOR 6432 Cybersecurity and the Constitution Course Description This course examines the scope of cybercrime and its impact on today s system of criminal justice. Topics to be studied include: cybercrime

More information

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail. Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.com Why should we care about CYBER CRIME & CYBER SECURITY? Clarification

More information

Specialists in Strategic, Enterprise and Project Risk Management. PROJECT RISK MANAGEMENT METHODS Dr Stephen Grey, Associate Director

Specialists in Strategic, Enterprise and Project Risk Management. PROJECT RISK MANAGEMENT METHODS Dr Stephen Grey, Associate Director BROADLEAF CAPITAL INTERNATIONAL PTY LTD ACN 054 021 117 23 Bettowynd Road Tel: +61 2 9488 8477 Pymble Mobile: +61 419 433 184 NSW 2073 Fax: + 61 2 9488 9685 Australia www.broadleaf.com.au Cooper@Broadleaf.com.au

More information

Open Source Digital Forensics Tools

Open Source Digital Forensics Tools The Legal Argument 1 carrier@cerias.purdue.edu Abstract This paper addresses digital forensic analysis tools and their use in a legal setting. To enter scientific evidence into a United States court, a

More information

Guiding principles of the Netherlands regarding the implementation of the Council conclusions

Guiding principles of the Netherlands regarding the implementation of the Council conclusions Guiding principles of the Netherlands regarding the implementation of the Council conclusions for the realisation of a European Forensic Science Area by 2020. The Netherlands consider the Council conclusions

More information

CRIMINAL JOURNEY MAPPING

CRIMINAL JOURNEY MAPPING The Quarterly Magazine for Digital Forensics Practitioners Issue 23 May 2015 Digital ForensicS / magazine WIN! an ipod Nano CRIMINAL JOURNEY MAPPING How to use Cyber Criminal Journeys to support forensics

More information

Chapter 14 Managing Operational Risks with Bayesian Networks

Chapter 14 Managing Operational Risks with Bayesian Networks Chapter 14 Managing Operational Risks with Bayesian Networks Carol Alexander This chapter introduces Bayesian belief and decision networks as quantitative management tools for operational risks. Bayesian

More information

briefing Guide to litigation funding

briefing Guide to litigation funding briefing Guide to litigation funding The potential cost of litigation can be a major deterrent to bringing or defending legal proceedings even where there is a good chance of succeeding. Cost can be the

More information

Evaluating the Effectiveness of a BitTorrent-driven DDoS Attack

Evaluating the Effectiveness of a BitTorrent-driven DDoS Attack Evaluating the Effectiveness of a BitTorrent-driven DDoS Attack Jurand Nogiec University of Illinois Fausto Paredes University of Illinois Joana Trindade University of Illinois 1. Introduction BitTorrent

More information

FIGHTING INTELLECTUAL PROPERTY FRAUD

FIGHTING INTELLECTUAL PROPERTY FRAUD FIGHTING INTELLECTUAL PROPERTY FRAUD Intellectual property frauds have become more and more organized and globalized. Developing innovative enforcement strategies and tactics through private-public partnership

More information

Review Protocol Agile Software Development

Review Protocol Agile Software Development Review Protocol Agile Software Development Tore Dybå 1. Background The concept of Agile Software Development has sparked a lot of interest in both industry and academia. Advocates of agile methods consider

More information

Collaborative Forecasting

Collaborative Forecasting Collaborative Forecasting By Harpal Singh What is Collaborative Forecasting? Collaborative forecasting is the process for collecting and reconciling the information from diverse sources inside and outside

More information

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements 9 April 2013 Facilitator: Dr. Sheau-Dong Lang, Coordinator Master of Science in Digital Forensics University

More information

70250 Graduate Certificate in Digital Forensics

70250 Graduate Certificate in Digital Forensics 70250 Graduate Certificate in Digital Forensics Course overview The certificate course was inspired by experienced practitioners working in academia and the field of Digital Forensics, who saw the benefits

More information

Legal view of digital evidence

Legal view of digital evidence Chapter 2 Legal view of digital evidence Before developing a model or a theory, it is important to understand the requirements of the domain in which the model or the theory is going to be used. The ultimate

More information

Submission to the Access to Justice Review

Submission to the Access to Justice Review Submission to the Access to Justice Review Summary In this submission, the Human Rights Commission responds to a consultation on reforming the legal aid system. We stress the need to ensure that legal

More information

The criminal and civil justice systems in England and Wales

The criminal and civil justice systems in England and Wales The criminal and civil justice systems in England and Wales Introduction Important differences exist between UK civil and criminal proceedings that have implications for fraud investigations, including

More information

Chapter 6A PRIORITY MATTER GUIDELINES FOR LEGAL ASSISTANCE IN STATE MATTERS. Last Amended: 1 July 2006 (Version 3) Manual of Legal Aid

Chapter 6A PRIORITY MATTER GUIDELINES FOR LEGAL ASSISTANCE IN STATE MATTERS. Last Amended: 1 July 2006 (Version 3) Manual of Legal Aid Chapter 6A PRIORITY MATTER GUIDELINES FOR LEGAL ASSISTANCE IN STATE MATTERS Last Amended: 1 July 2006 (Version 3) Manual of Legal Aid TABLE OF CONTENTS CHAPTER 6A - PRIORITY MATTER GUIDELINES FOR LEGAL

More information

INTRODUCTION AREAS OF SPECIALIZATION

INTRODUCTION AREAS OF SPECIALIZATION Eoghan-Intro.qxd 1/6/04 3:01 PM Page 1 INTRODUCTION INTRODUCTION In the years since the first edition of this book, there has been an explosion of interest in digital evidence. This growth has sparked

More information

Online Storage and Content Distribution System at a Large-scale: Peer-assistance and Beyond

Online Storage and Content Distribution System at a Large-scale: Peer-assistance and Beyond Online Storage and Content Distribution System at a Large-scale: Peer-assistance and Beyond Bo Li Email: bli@cse.ust.hk Department of Computer Science and Engineering Hong Kong University of Science &

More information

The Role and uses of Peer-to-Peer in file-sharing. Computer Communication & Distributed Systems EDA 390

The Role and uses of Peer-to-Peer in file-sharing. Computer Communication & Distributed Systems EDA 390 The Role and uses of Peer-to-Peer in file-sharing Computer Communication & Distributed Systems EDA 390 Jenny Bengtsson Prarthanaa Khokar jenben@dtek.chalmers.se prarthan@dtek.chalmers.se Gothenburg, May

More information

Digital Forensics. Larry Daniel

Digital Forensics. Larry Daniel Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters

More information

Uncovering More Insurance Fraud with Predictive Analytics Strategies for Improving Results and Reducing Losses

Uncovering More Insurance Fraud with Predictive Analytics Strategies for Improving Results and Reducing Losses white paper Uncovering More Insurance Fraud with Predictive Analytics Strategies for Improving Results and Reducing Losses April 2012 Summary Predictive analytics are a powerful tool for detecting more

More information

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge

More information

I. THE INTERNATIONAL MONETARY FUND STAFFS ML/FT NRA METHODOLOGY

I. THE INTERNATIONAL MONETARY FUND STAFFS ML/FT NRA METHODOLOGY I. THE INTERNATIONAL MONETARY FUND STAFFS ML/FT NRA METHODOLOGY 1. The Fund staffs methodology for conducting a national money laundering (ML) or financing of terrorism (FT) risk assessment (NRA), follows

More information

GUIDELINES ON COMPLIANCE WITH AND ENFORCEMENT OF MULTILATERAL ENVIRONMENTAL AGREEMENTS

GUIDELINES ON COMPLIANCE WITH AND ENFORCEMENT OF MULTILATERAL ENVIRONMENTAL AGREEMENTS GUIDELINES ON COMPLIANCE WITH AND ENFORCEMENT OF MULTILATERAL ENVIRONMENTAL AGREEMENTS 1. In its decision 21/27, dated 9 February 2001, the Governing Council of the United Nations Environment Programme

More information

ATTORNEY GENERAL S GUIDELINES ON PLEA DISCUSSIONS IN CASES OF SERIOUS OR COMPLEX FRAUD

ATTORNEY GENERAL S GUIDELINES ON PLEA DISCUSSIONS IN CASES OF SERIOUS OR COMPLEX FRAUD ATTORNEY GENERAL S GUIDELINES ON PLEA DISCUSSIONS IN CASES OF SERIOUS OR COMPLEX FRAUD A FOREWORD A1. These Guidelines set out a process by which a prosecutor may discuss an allegation of serious or complex

More information

United Nations Office on Drugs and Crime

United Nations Office on Drugs and Crime UNODC contribution to combat Crime A UNODC contribution to combat CRIME A A product of the Information Technology Service Nations Office on Drugs and Crime United Nations Office on Drugs and Crime United

More information

Pinsent Masons. Competition Law Dawn Raid Checklist & Guidelines. What to do in the first hour of a dawn raid

Pinsent Masons. Competition Law Dawn Raid Checklist & Guidelines. What to do in the first hour of a dawn raid Pinsent Masons Competition Law Dawn Raid Checklist & Guidelines What to do in the first hour of a dawn raid What to do in the first hour of a Competition Dawn Raid Checklist Action Point Done? The Officials

More information

DDoS Vulnerability Analysis of Bittorrent Protocol

DDoS Vulnerability Analysis of Bittorrent Protocol DDoS Vulnerability Analysis of Bittorrent Protocol Ka Cheung Sia kcsia@cs.ucla.edu Abstract Bittorrent (BT) traffic had been reported to contribute to 3% of the Internet traffic nowadays and the number

More information

the parties may request a review of the provisions of this MoU.

the parties may request a review of the provisions of this MoU. MEMORANDUM OF UNDERSTANDING between THE CROWN PROSECUTION SERVICE and the AIR ACCIDENTS INVESTIGATION BRANCH, MARINE ACCIDENT INVESTIGATION BRANCH, AND RAIL ACCIDENT INVESTIGATION BRANCH. Introduction

More information

Computer Forensics Preparation

Computer Forensics Preparation Computer Forensics Preparation This lesson covers Chapters 1 and 2 in Computer Forensics JumpStart, Second Edition. OBJECTIVES When you complete this lesson, you ll be able to Discuss computer forensics

More information

Website Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html. Disclaimer 1

Website Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html. Disclaimer 1 Website Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html (1) Introduction Disclaimer 1 This disclaimer governs your use of our website; by using our website, you accept this disclaimer in

More information

Path Selection Methods for Localized Quality of Service Routing

Path Selection Methods for Localized Quality of Service Routing Path Selection Methods for Localized Quality of Service Routing Xin Yuan and Arif Saifee Department of Computer Science, Florida State University, Tallahassee, FL Abstract Localized Quality of Service

More information

MINIMUM EFFORT AND SHORTEST DEVELOPMENT TIME TO SAFETY AND HEALTH MANAGEMENT SYSTEM

MINIMUM EFFORT AND SHORTEST DEVELOPMENT TIME TO SAFETY AND HEALTH MANAGEMENT SYSTEM MINIMUM EFFORT AND SHORTEST DEVELOPMENT TIME TO SAFETY AND HEALTH MANAGEMENT SYSTEM GARY CH MA, FENKINS LY CHOW AND JONATHAN F CHUNG The Hong Kong Polytechnic University Hung Hom, Kowloon Hong Kong SAR

More information

Prediction of Stock Performance Using Analytical Techniques

Prediction of Stock Performance Using Analytical Techniques 136 JOURNAL OF EMERGING TECHNOLOGIES IN WEB INTELLIGENCE, VOL. 5, NO. 2, MAY 2013 Prediction of Stock Performance Using Analytical Techniques Carol Hargreaves Institute of Systems Science National University

More information

Case study on asset tracing

Case study on asset tracing Recovering Stolen Assets: A Practitioner s Handbook ARNO THUERIG * Case study on asset tracing I. Case study background The client adviser of a Swiss private bank transferred approximately USD 1 million

More information

CRIME SCENE INVESTIGATION THROUGH DNA TRACES USING BAYESIAN NETWORKS

CRIME SCENE INVESTIGATION THROUGH DNA TRACES USING BAYESIAN NETWORKS CRIME SCENE INVESTIGATION THROUGH DNA TRACES USING BAYESIAN NETWORKS ANDRADE Marina, (PT), FERREIRA Manuel Alberto M., (PT) Abstract. The use of biological information in crime scene identification problems

More information

MEMORANDUM OF UNDERSTANDING BETWEEN NHSPROTECT AND THE CROWN PROSECUTION SERVICE

MEMORANDUM OF UNDERSTANDING BETWEEN NHSPROTECT AND THE CROWN PROSECUTION SERVICE MEMORANDUM OF UNDERSTANDING BETWEEN NHSPROTECT AND THE CROWN PROSECUTION SERVICE Introduction 1. This Memorandum of Understanding (MOU) between NHS Protect!,.the Crown Prosecution Service (CPS) describes

More information

The Best Use of Stop and Search Scheme was announced by the Home Secretary in her statement to Parliament on 30th April 2014.

The Best Use of Stop and Search Scheme was announced by the Home Secretary in her statement to Parliament on 30th April 2014. Summary The Best Use of Stop and Search Scheme was announced by the Home Secretary in her statement to Parliament on 30th April 2014. The principal aims of the Scheme are to achieve greater transparency,

More information

A BEST PRACTICE APPROACH TO LIVE FORENSIC ACQUISITION

A BEST PRACTICE APPROACH TO LIVE FORENSIC ACQUISITION A BEST PRACTICE APPROACH TO LIVE FORENSIC ACQUISITION MM Grobler 1, SH von Solms 2 1 Council for Scientific and Industrial Research, Pretoria, South Africa 2 Academy for Information Technology, University

More information

Quaternary Privacy-Levels Preservation in Computer Forensics Investigation Process

Quaternary Privacy-Levels Preservation in Computer Forensics Investigation Process Quaternary Privacy-Levels Preservation in Computer Forensics Investigation Process Waleed Halboob, Muhammad Abulaish, Khaled S. Alghathbar Center of Excellence in Information Assurance King Saud University

More information

Cyber Crime and Digital Forensics in Japan

Cyber Crime and Digital Forensics in Japan Cyber Crime and Digital Forensics in Japan Tetsutaro UEHARA Academic Center for Computing and Media Studies, Kyoto University uehara@media.kyoto-u.ac.jp Table of Contents Introduction: Motivation and Background

More information

Technical Questions on Data Retention

Technical Questions on Data Retention Technical Questions on Data Retention 1) The list of data in the annex of the proposed Directive on Data retention is practically identical to the information required in the Council draft Framework Decision.

More information

NOTTINGHAMSHIRE POLICE JOB DESCRIPTION. Volume Crime Scene Investigator. Divisional Bases

NOTTINGHAMSHIRE POLICE JOB DESCRIPTION. Volume Crime Scene Investigator. Divisional Bases NOTTINGHAMSHIRE POLICE JOB DESCRIPTION Job title: Department/ Location: Responsible to: Responsible for: Volume Crime Scene Investigator Crime Scene Investigation Department, Divisional Bases Crime Scene

More information

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre E-Discovery PRELIMINARY DISCOVERY OF ELECTRONIC DOCUMENTS In matters involving

More information

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015 Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015 About this guidance An overview of appeals Appeals relating to immigration enforcement investigation cases The

More information

Whitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations

Whitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations Whitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations Bradley J Erickson, Tony Pan, Daniel J Marcus, CTSA Imaging Informatics Working Group Introduction The use of

More information

Debt Recovery Guidance Page 1 of 5

Debt Recovery Guidance Page 1 of 5 Page 1 of 5 The guidance provided does not cover Insolvency Law but further details can be provided on request. Legal proceedings cannot be commenced until this deadline has passed. ROLE OF THE COURTS

More information

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of computer

More information

Introduction to method validation

Introduction to method validation Introduction to method validation Introduction to method validation What is method validation? Method validation provides documented objective evidence that a method measures what it is intended to measure,

More information

Computer Forensics as an Integral Component of the Information Security Enterprise

Computer Forensics as an Integral Component of the Information Security Enterprise Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,

More information

VHCC - Legal Aid Agency Clinical Negligence Funding Checklist April 2013 v1 Version: Issue date: Last review date: Owned by:

VHCC - Legal Aid Agency Clinical Negligence Funding Checklist April 2013 v1 Version: Issue date: Last review date: Owned by: VHCC - Legal Aid Agency Clinical Negligence Funding Checklist April 2013 v1 Version: Issue date: Last review date: Owned by: 1 01.04.2013 01.04.2013 Special Cases Unit Version History Version: Date Reason

More information

Fuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009

Fuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009 Fuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009 Abstract Fuzzy hashing allows the investigator to focus on potentially incriminating documents that may not

More information

Temporal Analysis in Digital Evidence. Frank LAW Department of Computer Science University of Hong Kong

Temporal Analysis in Digital Evidence. Frank LAW Department of Computer Science University of Hong Kong Temporal Analysis in Digital Evidence Frank LAW Department of Computer Science University of Hong Kong Consider the situation An investigator raid a premises and locate a male who is suspected to have

More information

E.33 SOI (2009-2014) Statement of Intent. Crown Law For the Year Ended 30 June 2010

E.33 SOI (2009-2014) Statement of Intent. Crown Law For the Year Ended 30 June 2010 E.33 SOI (2009-2014) Statement of Intent Crown Law For the Year Ended 30 June 2010 Contents Foreword: Attorney-General 3 Introduction from the Solicitor-General 4 Nature and Scope of Functions 6 Strategic

More information

Effectiveness and Cost Efficiency of DNA Evidence in Volume Crime Denver Colorado Site Summary

Effectiveness and Cost Efficiency of DNA Evidence in Volume Crime Denver Colorado Site Summary Effectiveness and Cost Efficiency of DNA Evidence in Volume Crime Denver Colorado Site Summary Simon Ashikhmin 1, Susan G. Berdine 2, Mitchell R. Morrissey 1, and Greggory S. LaBerge 2 1 Denver District

More information

Social Influence Benchmark Report. December 2009

Social Influence Benchmark Report. December 2009 Social Influence Benchmark Report December 2009 PUBLISHED BY: StrongMail Systems, Inc. StrongMail Systems UK, Ltd 1300 Island Drive, Suite 200 Prospect House, Crendon Street Redwood City, CA 94065 High

More information

The Code. for Crown Prosecutors

The Code. for Crown Prosecutors The Code for Crown Prosecutors January 2013 Table of Contents Introduction... 2 General Principles... 3 The Decision Whether to Prosecute... 4 The Full Code Test... 6 The Evidential Stage... 6 The Public

More information

EXECUTIVE SUMMARY. Measuring money laundering at continental level: The first steps towards a European ambition. January 2011 EUROPEAN COMMISSION

EXECUTIVE SUMMARY. Measuring money laundering at continental level: The first steps towards a European ambition. January 2011 EUROPEAN COMMISSION MONEY LAUNDERING IN EUROPE Measuring money laundering at continental level: The first steps towards a European ambition EXECUTIVE SUMMARY January 2011 EUROPEAN COMMISSION DG HOME AFFAIRS FIGHT AGAINST

More information

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

Planning to Fail - Reliability Needs to Be Considered a Priori in Multirobot Task Allocation

Planning to Fail - Reliability Needs to Be Considered a Priori in Multirobot Task Allocation Planning to Fail - Reliability Needs to Be Considered a Priori in Multirobot Task Allocation Stephen B. Stancliff, John Dolan The Robotics Institute Carnegie Mellon University Pittsburgh, PA, USA {sbs,jmd}@cmu.edu

More information

The Government propose to take a zero tolerance approach to the following 8 controlled drugs which are known to impair driving:

The Government propose to take a zero tolerance approach to the following 8 controlled drugs which are known to impair driving: Drug-Driving: Proposed New Law New law on drug driving to be introduced in the near future The new law on drug driving is designed, in part, to reduce the number of failed prosecutions under the existing

More information

Influence Discovery in Semantic Networks: An Initial Approach

Influence Discovery in Semantic Networks: An Initial Approach 2014 UKSim-AMSS 16th International Conference on Computer Modelling and Simulation Influence Discovery in Semantic Networks: An Initial Approach Marcello Trovati and Ovidiu Bagdasar School of Computing

More information

Taxation and the Criminal Law

Taxation and the Criminal Law CHAD J. BROWN Presentation Overview 1. Recent History of CRA s Criminal Investigation Program ( CIP ). 2. Offences and Penalties Overview. 3. Typical Offenders. 4. File Chronology. 5. Search Warrants.

More information

Computer Forensics US-CERT

Computer Forensics US-CERT Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further

More information

A brief guide to professional negligence claims

A brief guide to professional negligence claims A brief guide to professional negligence claims Contents Introduction Do I have a claim? Important considerations Pre-action protocol procedure Court proceedings Contact information Introduction Claims

More information

APPENDIX E THE ASSESSMENT PHASE OF THE DATA LIFE CYCLE

APPENDIX E THE ASSESSMENT PHASE OF THE DATA LIFE CYCLE APPENDIX E THE ASSESSMENT PHASE OF THE DATA LIFE CYCLE The assessment phase of the Data Life Cycle includes verification and validation of the survey data and assessment of quality of the data. Data verification

More information

Piecing Digital Evidence Together. Service Information

Piecing Digital Evidence Together. Service Information Piecing Digital Evidence Together Service Information Services Overview Mobile and Tablet Forensics Mobile Phone Forensics is the legally tested and approved systematic examination of mobile phones, SIM

More information

To Catch a Thief: Computer Forensics in the Classroom

To Catch a Thief: Computer Forensics in the Classroom To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information

Measuring Unilateral Market Power in Wholesale Electricity Markets: The California Market, 1998 2000

Measuring Unilateral Market Power in Wholesale Electricity Markets: The California Market, 1998 2000 Measuring Unilateral Market Power in Wholesale Electricity Markets: The California Market, 1998 2000 By FRANK A. WOLAK* * Department of Economics, Stanford University, Stanford, CA 94305-6072, and NBER

More information

Improved Event Logging for Security and Forensics: developing audit management infrastructure requirements

Improved Event Logging for Security and Forensics: developing audit management infrastructure requirements Improved Event Logging for Security and Forensics: developing audit management infrastructure requirements Atif Ahmad & Anthonie Ruighaver University of Melbourne, Australia Abstract The design and implementation

More information

COMPUTER- LINKED TRANSACTIONAL RECORDS FOR CRIMINAL JUSTICE STATISTICS. Steve E. Kolodney and Paul K. Wormeli Public Systems incorporated

COMPUTER- LINKED TRANSACTIONAL RECORDS FOR CRIMINAL JUSTICE STATISTICS. Steve E. Kolodney and Paul K. Wormeli Public Systems incorporated COMPUTER- LINKED TRANSACTIONAL RECORDS FOR CRIMINAL JUSTICE STATISTICS Steve E. Kolodney and Paul K. Wormeli Public Systems incorporated For years, national and state authorities, commissions and hearings

More information

2011 UK Census Coverage Assessment and Adjustment Methodology. Owen Abbott, Office for National Statistics, UK 1

2011 UK Census Coverage Assessment and Adjustment Methodology. Owen Abbott, Office for National Statistics, UK 1 Proceedings of Q2008 European Conference on Quality in Official Statistics 2011 UK Census Coverage Assessment and Adjustment Methodology Owen Abbott, Office for National Statistics, UK 1 1. Introduction

More information

Operation Turning Point: an experiment in offender desistance policing. West Midlands Police and Cambridge University

Operation Turning Point: an experiment in offender desistance policing. West Midlands Police and Cambridge University Operation Turning Point: an experiment in offender desistance policing West Midlands Police and Cambridge University Crim-PORT 1.0: Criminological Protocol for Operating Randomized Trials @ 2009 by Lawrence

More information

PRE-TRIAL CONFERENCES.. Panel presentation by. The Honourable Chief Justice Mary Batten, G. Patrick Sommervill and Wilfred Tucker

PRE-TRIAL CONFERENCES.. Panel presentation by. The Honourable Chief Justice Mary Batten, G. Patrick Sommervill and Wilfred Tucker PRE-TRIAL CONFERENCES. Panel presentation by The Honourable Chief Justice Mary Batten, G. Patrick Sommervill and Wilfred Tucker Chairman: Dean Dan Ish PRE-TRIAL CONFERENCES TABLE OF CONTENTS Page No. I.

More information

Freshfields Bruckhaus Deringer Changes to unfair trade practices law in Hong Kong. Summary

Freshfields Bruckhaus Deringer Changes to unfair trade practices law in Hong Kong. Summary Briefing Changes to unfair trade practices law in Hong Kong Summary Amendments to the Hong Kong Trade Descriptions Ordinance will come into force on 19. The changes broaden the application of the law to

More information

Identifying a Computer Forensics Expert: A Study to Measure the Characteristics of Forensic Computer Examiners

Identifying a Computer Forensics Expert: A Study to Measure the Characteristics of Forensic Computer Examiners Identifying a Computer Forensics Expert: A Study to Measure the Characteristics of Forensic Computer Examiners Gregory H. Carlton California State Polytechnic University Computer Information Systems Department

More information

Application of Backward Chaining Method to Computer Forensic

Application of Backward Chaining Method to Computer Forensic 119 Application of Backward Chaining Method to Computer Forensic Hofstra University, Hempstead New York najib.saylani@hofstra.edu Abstract: This paper proposes the exploration of the use of Backward Chaining

More information

Memorandum of Understanding between the Competition and Markets Authority and the Crown Office and Procurator Fiscal Service.

Memorandum of Understanding between the Competition and Markets Authority and the Crown Office and Procurator Fiscal Service. Memorandum of Understanding between the Competition and Markets Authority and the Crown Office and Procurator Fiscal Service Introduction July 2014 1. This Memorandum of Understanding (MOU) records the

More information

Terms of Use (basic) 1

Terms of Use (basic) 1 Terms of Use (basic) 1 (1) Introduction These terms of use govern your use of our website; by using our website, you accept these terms of use in full. 2 If you disagree with these terms of use or any

More information

Terrorist Protection Planning Using a Relative Risk Reduction Approach*

Terrorist Protection Planning Using a Relative Risk Reduction Approach* BNL-71383-2003-CP Terrorist Protection Planning Using a Relative Risk Reduction Approach* Session VIII: Technology Forum Focus Groups Dr. Joseph P. Indusi Nonproliferation and National Security Department

More information

Introduction to. Hypothesis Testing CHAPTER LEARNING OBJECTIVES. 1 Identify the four steps of hypothesis testing.

Introduction to. Hypothesis Testing CHAPTER LEARNING OBJECTIVES. 1 Identify the four steps of hypothesis testing. Introduction to Hypothesis Testing CHAPTER 8 LEARNING OBJECTIVES After reading this chapter, you should be able to: 1 Identify the four steps of hypothesis testing. 2 Define null hypothesis, alternative

More information

THE USE OF SIMULATION IN DIGITAL FORENSICS TEACHING

THE USE OF SIMULATION IN DIGITAL FORENSICS TEACHING THE USE OF SIMULATION IN DIGITAL FORENSICS TEACHING Jonathan Crellin School of Computing, University of Portsmouth Buckingham Building Portsmouth, PO1 3HE jonathan.crellin@port.ac.uk http://userweb.port.ac.uk/~crellinj/in

More information

How do we build and refine models that describe and explain the natural and designed world?

How do we build and refine models that describe and explain the natural and designed world? Strand: A. Understand Scientific Explanations : Students understand core concepts and principles of science and use measurement and observation tools to assist in categorizing, representing, and interpreting

More information

Phillip Kruss Chief, Information Technology Service

Phillip Kruss Chief, Information Technology Service The gocase application is UNODC s Case Management System for Member States Law Enforcement and Regulatory Agencies & Criminal Intelligence and Prosecutorial Services gocase.unodc.org UNODC s Information

More information

Research Note RN 00/91 1 November 2000 DRUG COURTS

Research Note RN 00/91 1 November 2000 DRUG COURTS Research Note RN 00/91 1 November 2000 DRUG COURTS There will be a Scottish National Party debate on Drug Courts on Thursday 2 November 2000. This brief research note gives information on the background

More information

FOR INTERNAL SCRUTINY (date of this version: 13/3/2009) UNIVERSITY OF EDINBURGH COLLEGE OF SCIENCE AND ENGINEERING SCHOOL OF INFORMATICS

FOR INTERNAL SCRUTINY (date of this version: 13/3/2009) UNIVERSITY OF EDINBURGH COLLEGE OF SCIENCE AND ENGINEERING SCHOOL OF INFORMATICS UNIVERSITY OF EDINBURGH COLLEGE OF SCIENCE AND ENGINEERING SCHOOL OF INFORMATICS COGNITIVE MODELLING (LEVEL 10) COGNITIVE MODELLING (LEVEL 11) Friday 1 April 2005 00:00 to 00:00 Year 4 Courses Convener:

More information

HARDCAT SABRE IS A COMPLETE END TO END LAW ENFORCEMENT INFORMATION MANAGEMENT SYSTEM

HARDCAT SABRE IS A COMPLETE END TO END LAW ENFORCEMENT INFORMATION MANAGEMENT SYSTEM HARDCAT SABRE IS A COMPLETE END TO END LAW ENFORCEMENT INFORMATION MANAGEMENT SYSTEM CASE/EVENT/INCIDENT MANAGEMENT EXHIBIT/PROPERTY MANAGEMENT JOB MANAGEMENT CHAIN OF CUSTODY LABORATORY INFORMATION MANAGEMENT

More information