Abstract
Digital evidence is increasingly being used in court cases. It consists of traces left on digital devices from which one can infer information about the actions performed on those digital devices. Digital evidence can be on computers, phones, digital cameras belonging either to an alleged offender or to third parties, like servers operated by ISPs or by companies that offer web services, such as YouTube, Facebook and Gmail. Digital evidence can either be used to prove that a suspect is indeed guilty or to prove that a suspect is instead not guilty. In the latter case the digital evidence is in fact an alibi.
However digital evidence can also be forged giving an offender the possibility of creating a false digital alibi. Offenders can use false digital alibi in a variety of situations ranging from ordinary illegal actions to homeland security attacks.
The creation of a false digital alibi is system-specific since the digital evidence varies from system to system. In this paper we investigate the possibility of creating a false digital alibi on a system running the Mac OS X 10.7 Lion operating system. We show how to construct an automated procedure that creates a (false) digital alibi on such a system.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Albano, P., Castiglione, A., Cattaneo, G., De Maio, G., De Santis, A.: On the Construction of a False Digital Alibi on the Android OS. In: Proceedings of the Third International Conference on Intelligent Networking and Collaborative Systems (INCoS 2011), Fukuoka Institute of Technology, Fukuoka, Japan, November 30-December 2, pp. 685–690. IEEE (2011)
Carvey, H.: Windows Forensics Analysis, 2nd edn. Syngress (2009)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41(3) (July 2009)
Craig, W., Dave, K., Shyaam, S.R.S.: Overwriting Hard Drive Data: The Great Wiping Controversy. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 243–257. Springer, Heidelberg (2008)
Castiglione, A., Cattaneo, G., De Santis, A., De Maio, G.: Automatic and Selective Deletion Resistant Against Forensics Analysis. In: Proceedings of the 2011 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA 2011), Barcelona, Spain, pp. 392–398. IEEE (2011)
De Santis, A., Castiglione, A., Cattaneo, G., De Maio, G., Ianulardo, M.: Automated Construction of a False Digital Alibi. In: Tjoa, A.M., Quirchmayr, G., You, I., Xu, L. (eds.) ARES 2011. LNCS, vol. 6908, pp. 359–373. Springer, Heidelberg (2011)
De Maio, G., Castiglione, A., Cattaneo, G., Costabile, G., De Santis, A., Epifani, M.: The Forensic Analysis of a False Digital Alibi. In: Proceedings of the Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS 2012), Palermo, Italy, July 4-6, IEEE (2012)
Fierer, N., Lauber, C.L., Zhou, N., McDonald, D., Costello, E.K., Knight, R.: Forensic identification using skin bacterial communities. Proceedings of the National Academy of Sciences, Abstract (March 2010), http://www.pnas.org/content/early/2010/03/01/1000162107.abstract
Gutmann, P.: Data Remanence in Semiconductor Devices. In: 2001 Usenix Security Symposium, Washington DC (August 2001), http://www.cypherpunks.to/~peter/usenix01.pdf
Gutmann, P.: Secure Deletion of Data from Magnetic and Solid-State Memory. In: Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22-25 (1996)
Mee, V., Tryfonas, T., Sutherland, I.: The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage. Digital Investigation 3, 166–173 (2006)
Poisel, R., Tjoa, S., Tavolato, P.: Advanced File Carving Approaches for Multimedia Files. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 2(4), 42–58 (2011)
Salem, M.B., Stolfo, S.J.: Combining Baiting and User Search Profiling Techniques for Masquerade Detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 3(1/2), 13–29 (2012)
Shelton, D.E.: The ’CSI Effect’: Does It Really Exist? National Institute of Justice Journal (259) (March 17, 2008)
Silberschatz, A., Galvin, P.B., Gagne, G.: Operating System Concepts, 7th edn. Wiley (2004)
Internet world stats (June 30, 2010), http://www.internetworldstats.com/stats.htm
U.S. Legal, Inc. Legal Definitions and Legal Terms Dictionary, http://definitions.uslegal.com
The New York Times, I’m Innocent. Just Check My Status on Facebook (November 12, 2009), http://www.nytimes.com/2009/11/12/nyregion/12facebook.html?_r=1
CNN, Facebook status update provides alibi (November 12, 2009), http://www.cnn.com/2009/CRIME/11/12/facebook.alibi/index.html
Xomba: A Writing Community. Garlasco, Alberto Stasi Acquitted (December 2009), http://www.xomba.com/garlasco_alberto_stasi_acquitted
U.S. Department of Defense, DoD Directive 5220.22, National Industrial Security Program (NISP) (February 28, 2010)
Merriam-Webster online dictionary, http://www.merriam-webster.com/
Wikipedia, KVM switch, http://en.wikipedia.org/wiki/KVM_switch
NIST Special Publication 800-88: Guidelines for Media Sanitization, p. 7 (2006)
The Erb Law Firm, Facebook Can Keep You Out of Jail (November 2009), http://www.facebook.com/note.php?note_id=199139644051
Wikipedia. Five Ws, http://en.wikipedia.org/wiki/Five_Ws
U.S. Government House of Representative, Federal Rules of Evidence (December 2006), http://afcca.law.af.mil/content/afcca_data/cp/us_federal_rules_of_evidence_2006.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Castiglione, A., Cattaneo, G., De Prisco, R., De Santis, A., Yim, K. (2012). How to Forge a Digital Alibi on Mac OS X. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds) Multidisciplinary Research and Practice for Information Systems. CD-ARES 2012. Lecture Notes in Computer Science, vol 7465. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32498-7_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-32498-7_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32497-0
Online ISBN: 978-3-642-32498-7
eBook Packages: Computer ScienceComputer Science (R0)