Browsing NTNU Open by Author "Axelsson, Stefan"

Now showing items 1-20 of 22

    • Analysis of fraud controls using the PaySim financial simulator 

      Lopez Rojas, Edgar Alonso; Axelsson, Stefan; Baca, Dejan (Journal article; Peer reviewed, 2018)
      Fraud controls for financial transactions are needed and required by law enforcement agencies to flag suspicious criminal activity. These controls however require deeper analysis of the effectiveness and the negative impact ...

    • Chip chop — smashing the mobile phone secure chip for fun and digital forensics 

      Alendal, Gunnar; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Peer reviewed; Journal article, 2021)
      Performing mobile phone acquisition today requires breaking—often hardware assisted—security. In recent years, Embedded Secure Element (eSE) hardware has been introduced in mobile phones, with a view towards increasing the ...

    • Creating a map of user data in NTFS to improve file carving 

      Karresand, Nils Martin Mikael; Warnqvist, Asalena; Lindahl, David; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      Digital forensics and, especially, file carving are burdened by the large amounts of data that need to be processed. Attempts to solve this problem include efficient carving algorithms, parallel processing in the cloud and ...

    • Digital Forensic Acquisition Kill Chain – Analysis and Demonstration 

      Alendal, Gunnar; Dyrkolbotn, Geir Olav; Axelsson, Stefan (Journal article; Peer reviewed, 2021)
      The increasing complexity and security of consumer products pose major challenges to digital forensics. Gaining access to encrypted user data without user credentials is a very difficult task. Such situations may require ...

    • Digital Forensic Acquisition of mobile phones in the Era of Mandatory Security: Offensive Techniques, Security Vulnerabilities and Exploitation 

      Alendal, Gunnar (Doctoral theses at NTNU;2022:94, Doctoral thesis, 2022)
      The increased use of consumer electronics like computers, mobile phones, smart watches, external hard drives, etc. has made digital forensics more important for law enforcement. Consumer products now contain more information ...

    • Digital Forensic Usage of the Inherent Structures in NTFS 

      Karresand, Nils Martin Mikael (Doctoral theses at NTNU;2023:171, Doctoral thesis, 2023)
      Digital forensic investigators have for a long time been burdened by an increasing amount of data to handle. Many solutions have been proposed. A yet unexplored feature is to use the inherent structures left by the allocation ...

    • Disk Cluster Allocation Behavior in Windows and NTFS 

      Karresand, Nils Martin Mikael; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      The allocation algorithm of a file system has a huge impact on almost all aspects of digital forensics, because it determines where data is placed on storage media. Yet there is only basic information available on the ...

    • An Empirical Study of the NTFS Cluster Allocation Behavior Over Time 

      Karresand, Nils Martin Mikael; Dyrkolbotn, Geir Olav; Axelsson, Stefan (Peer reviewed; Journal article, 2020)
      The amount of data to be handled in digital forensic investigations is continuously increasing, while the tools and processes used are not developed accordingly. This especially affects the digital forensic subfield of ...

    • Exploiting Vendor-Defined Messages in the USB Power Delivery Protocol 

      Alendal, Gunnar; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      The USB Power Delivery protocol enables USB-connected devices to negotiate power delivery and exchange data over a single connection such as a USB Type-C cable. The protocol incorporates standard commands;however, it also ...

    • Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria Mode 

      Alendal, Gunnar; Dyrkolbotn, Geir Olav; Axelsson, Stefan (Journal article; Peer reviewed, 2018)
      The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security ...

    • Interpretation of File System Metadata in a Criminal Investigation Context 

      Nordvik, Rune (Doctoral theses at NTNU;2024:115, Doctoral thesis, 2024)
      The reliable reconstruction of digital events is imperative for solving criminal cases. Computers, servers, mobile and IoT devices, vehicles, and EV charging infrastructure all use either local or remote storage (cloud). ...

    • iPhone Acquisition Using Jailbreaking Techniques 

      Varenkamp, Peter (Master thesis, 2019)
      Abstract Varenkamp Digital devices are a part of most peoples lives today. Using digital devices leaves traces. These traces can be urgent to solve a criminal case. Knowing this, forensic work has the goal to get as much ...

    • It is about time–Do exFAT implementations handle timestamps correctly? 

      Nordvik, Rune; Axelsson, Stefan (Peer reviewed; Journal article, 2022)
      Digital forensic investigations require that file metadata are interpreted correctly. In this paper we focus on the timestamps of the exFAT file system. How these timestamps are written may depend on the implementation of ...

    • Legal and technical questions of file system reverse engineering 

      Stoykova, Radina; Nordvik, Rune; Ahmed, Munnazzar; Franke, Katrin; Axelsson, Stefan; Toolan, Fergus (Peer reviewed; Journal article, 2022)
      Reverse engineering of file systems is indispensable for tool testing, accurate evidence acquisition, and correct interpretation of data structures by law enforcement in criminal investigations. This position paper examines ...

    • Leveraging The USB Power Delivery Implementation For Digital Forensic Acquisition 

      Alendal, Gunnar; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Peer reviewed; Journal article, 2021)
      Modern consumer devices present major challenges in digital forensic investigations due to security mechanisms that protect user data. The entire physical attack surface of a seized device such as a mobile phone must be ...

    • Reliability assessment of digital forensic investigations in the Norwegian police 

      Stoykova, Radina; Andersen, Stig; Franke, Katrin; Axelsson, Stefan (Journal article; Peer reviewed, 2022)

    • Reliability validation for file system interpretation 

      Nordvik, Rune; Stoykova, Radina Raychova; Franke, Katrin; Axelsson, Stefan; Toolan, Fergus (Peer reviewed; Journal article, 2021)
      This paper examines current best practices for Digital Forensic (DF) tool and method validation in the context of file system interpretation for digital evidence. In order to meet the legal and scientific requirements in ...

    • Resilient Filesystem 

      Georges, Henry (Master thesis, 2018)
      MICROSOFT developed a new Filesystem, REFS. This Resilient FileSystem is intended to replace NTFS, hence the importance and usage of REFS should increase over the next few years. Although we have been able to use REFS since ...

    • Reverse engineering of ReFS 

      Nordvik, Rune; Georges, Henry; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)
      File system forensics is an important part of Digital Forensics. Investigators of storage media have traditionally focused on the most commonly used file systems such as NTFS, FAT, ExFAT, Ext2-4, HFS+, APFS, etc. NTFS is ...

    • Timestamp prefix carving for filesystem metadata extraction 

      Porter, Kyle; Nordvik, Rune; Toolan, Fergus; Axelsson, Stefan (Peer reviewed; Journal article, 2021)
      While file carving is a popular and effective method for extracting file content from unallocated space in a forensic image, it can be time consuming to carve for the wide variety of possible file signatures. Furthermore, ...