Volume 2

Abstract：Currently, mobile devices are widely used in various walks of life. The Android operating system has the highest market share of the mobile devices operating system market. Android can be installed in physical mobile devices; however, Android mobile operating system emulators are also available. Users can install applications (APPs) in an emulator for convenient use without physical mobile devices. There are several message hiding APPs (e.g., Wickr) that provide end-to-end encryption and message self-destruction mechanisms. Criminals can use these message hiding APPs, with their anti-forensic features, to send secret messages. These message-hiding APPs, installed in an Android emulator to evade criminal investigation, make digital
forensics very challenging. Investigators need to know how criminals install and use such emulators in physical devices, how criminals install and use message-hiding APPs in the emulator, and how messages can be. This study explores applications of digital forensic tools and forensic procedures to identify and analyze four message hiding APPs installed in emulators: Wickr, Surespot, Cyber Dust, and ChatSecure. The emulators used in the study are AMIDuOS, Andy, BlueStacks App Player, Droid4X, Genymotion, KOPLAYER, Memu, Nox App Player, Windroy, Xamarin Android Player, and YouWave Android. Their forensic signatures and application characteristic values are sorted and summarized for digital forensics, so that digital forensic personnel can refer to this digital forensic method when analyzing criminal evidence using an Android emulator.

Species Identification of The Suspected Bear Palms by The Genes of Cytb and COI

Hsing-Mei Hsieh ; James Chun-I Lee ; Ya-Ling Yang ; Yuan-Ning Chen ; Li-Chin Tsai

Abstract： We reported on a case of species identification for three confiscated specimens suspected to be from bear palms. All the species of Ursidae are listed on the CITES appendices and IUCN Red List of Threatened Species. To identify the unambiguous species of confiscated animal products which are suspected from bears is very important for the purpose of wildlife conservation. In this case, cytb and COI genes of mitochondrial genome were used to identify the animal species of these confiscated specimens. The results showed that these three animal palms were identified as the species of Ursidae : one is from Ursus thibetanus, the others are from Helarctos malayanus. These two species are listed on the appendix I of CITES and classified as “Vulnerable” by the IUCN Red List of Threatened Species.
　

Applying the Sensor Noise based Camera Identification Technique to Trace Origin of Digital Images in Forensic Sciences

Abstract： With the rapid development of digital technologies, cameras and video recorders play an important role in our life, such as cell phones, cameras, or vehicle recorders. As a result, the easier we can access to those imaging devices, the more likely a perpetrator can use it to commit a crime, such as the invasion of privacy. Therefore, in recent years digital images and videos often play an important role as an evidence for coming a crime in court. Due to the rapid development of cloud and network technologies, we can easily spread digital images and videos via email or social media. However, it is difficult for us to trace the origin of the digital image/video contents. In many crime events, such as spreading national secrecy or maliciously spreading privacy cases, the ability of determining the source of the digital image/ video contents is important. In this paper, an origin-tracing method based on sensor noise is proposed to tackle this issue. The experiment result shows that the classification accuracy is close to 100 percent in some cases.

Abstract： A web browser is a widely used application to access data or use cloud applications on the Internet. In crime scenes, forensic artifacts left by a web browser after a session include, but are not limited to, browsing cache and history, cookies, login information and lists of file download. In particular, the login information is a very useful tool for investigators to trace criminal relative evidence in urgent need, because the memory forensic technique can catch the login information in physical memory used for a web browser. Due to the privacy necessary for web browser users, web browsers add “Private Browsing” which prevented the browser from leaving traces of browsing history, temporary files, usernames, and passwords on a system. In recent crime cases, in order to prevent the browser from leaving trace of the criminal relative information, many suspects use “Private Browsing” to access criminal data, or use cloud applications on the Internet. In this paper, we focus on applying the memory forensic technique to the investigation of memory artifacts of “Private Browsing” in popular web browsers. According to the experimental results, we not only determine that the login information can be caught from physical memory when suspect uses “Private Browsing” in four popular browsers, but find out necessary information to retrieve login information without usernames.

Chia-Hung Huang; Tsun-Ying Huang; Fang-Chen Chung,; Chu-Chun Hsu; Guan-Cheng Peng; Yi-Ting Chang; Chun-Yen Lin

Abstract： Sequencing for forensic DNA identification is usually performed by using the Sanger method with capillary electrophoresis presently. However, it still has some problems by using this system such as determinations of the number of C for C-stretch and the sequence heteroplasmy in mitochondrial DNA D-loop region used in forensic identification. The new technology NGS is with the potential to resolve these problems. In this study, sequencing of the mitochondrial DNA for 39 forensic samples were successfully performed by NGS. Three samples of them were observed with the sequence heteroplasmy but not observed from sequencing by the Sanger method with capillary electrophoresis. Totally there were 14 types of C-stretch for HV1 and HV2 combinations. The results showed the feasibility for applications of NGS on mitochondrial DNA analysis for forensic samples. This is the first report for sequencing the forensic samples by using NGS in Taiwan..