• Analysis of fraud controls using the PaySim financial simulator 

      Lopez Rojas, Edgar Alonso; Axelsson, Stefan; Baca, Dejan (Journal article; Peer reviewed, 2018)
      Fraud controls for financial transactions are needed and required by law enforcement agencies to flag suspicious criminal activity. These controls however require deeper analysis of the effectiveness and the negative impact ...
    • Creating a map of user data in NTFS to improve file carving 

      Karresand, Nils Martin Mikael; Warnqvist, Asalena; Lindahl, David; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      Digital forensics and, especially, file carving are burdened by the large amounts of data that need to be processed. Attempts to solve this problem include efficient carving algorithms, parallel processing in the cloud and ...
    • Disk Cluster Allocation Behavior in Windows and NTFS 

      Karresand, Nils Martin Mikael; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      The allocation algorithm of a file system has a huge impact on almost all aspects of digital forensics, because it determines where data is placed on storage media. Yet there is only basic information available on the ...
    • Exploiting Vendor-Defined Messages in the USB Power Delivery Protocol 

      Alendal, Gunnar; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      The USB Power Delivery protocol enables USB-connected devices to negotiate power delivery and exchange data over a single connection such as a USB Type-C cable. The protocol incorporates standard commands;however, it also ...
    • Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria Mode 

      Alendal, Gunnar; Dyrkolbotn, Geir Olav; Axelsson, Stefan (Journal article; Peer reviewed, 2018)
      The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security ...
    • iPhone Acquisition Using Jailbreaking Techniques 

      Varenkamp, Peter (Master thesis, 2019)
      Abstract Varenkamp Digital devices are a part of most peoples lives today. Using digital devices leaves traces. These traces can be urgent to solve a criminal case. Knowing this, forensic work has the goal to get as much ...
    • Resilient Filesystem 

      Georges, Henry (Master thesis, 2018)
      MICROSOFT developed a new Filesystem, REFS. This Resilient FileSystem is intended to replace NTFS, hence the importance and usage of REFS should increase over the next few years. Although we have been able to use REFS since ...
    • Reverse engineering of ReFS 

      Nordvik, Rune; Georges, Henry; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)
      File system forensics is an important part of Digital Forensics. Investigators of storage media have traditionally focused on the most commonly used file systems such as NTFS, FAT, ExFAT, Ext2-4, HFS+, APFS, etc. NTFS is ...
    • Using NTFS cluster allocation behavior to find the location of user data 

      Karresand, Nils Martin Mikael; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      Digital forensics is heavily affected by the large and increasing amount of data to be processed. To solve the problem there is ongoing research to find more efficient carving algorithms, use parallel processing in the ...
    • Using the object ID index as an investigative approach for NTFS file systems 

      Nordvik, Rune; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)
      When investigating an incident it is important to document user activity, and to document which storage device was connected to which computer. We present a new approach to documenting user activity in computer systems ...