AN INTERESTING READ AND SITE

bigjon, although my name appears in the list of International Editorial Board I can confirm that I have never been permitted to see drafts of the reports prior to their publication, as per the requirement of peer review of the Editorial Board, relating to mobile telephone forensics and examination. I suspect there are many others that haven't peer reviewed those reports either.

I withdrew from SSDDJ as I believe that SSDDJ portray an image that all the Editorial Board are conducting the peer reviews for all reports published. Well if I am, and if other Board members, are NOT seeing the draft reports for peer review, what is the point of having such an organisation in the first place?

I emailed Professor Rick Mislan highlighting my concerns well over a year ago and the Rick Mislan emailed back saying fair enough, implying that the practise would stop. Nothing more has happened after that, yet they continue to publish report, hence why I pulled away.

It is disappointing that I should have to bring this out in the open and highlights a rather disappointing approach by people in my view who should know better, as they are holding themselves out as an organisatiion disseminating standards in forensics and examination.

May help with certain enqs, quite a good read in parts

http//www.ssddfj.org/papers/SSDDFJ_V3_1_Dankner_Ayers_Mislan.pdf

To me it seemed the paper stopped just as it was about to become interesting…

To summarise the findings presented
- copying image file to destination phone by <various methods> generates an identical binary on the destination phone
- sending image via MMS can result in image stored on destination phone which is not identical binary (and on one model of one phone the destination binary is different if the test is repeated).

Unfortunately (unless I missed it) the paper does not examine why the destination file is not identical (e.g. image being resized, or tagged with EXIF data), which I would expect to be the key point of interest from a case perspective. Assuming the cause of modification is known and deterministic, this would then potentially allow validation that the image on the destination is consistent with sending of the original (e.g. if the image is tagged with data showing the receipt time or phone model). Am surprised the paper stopped where it did, since it would seem to have been so little additional work to examine the cause of the discrepancy and a much more informative result - wonder if they still have the binaries…

Phil.

I don't usually find myself lurking here, but when a colleague mentioned that the SSDDFJ journal and its related research findings were being called into question, I thought I should respond and inform our various readers. And so, I have composed the following regarding the research and the SSDDFJ.

Regarding the Hashing Article
An anomaly has been found and published. It is up to further research and researchers to find out what the anomaly is and what it is attributed to. There has been suggestions that it is related to Quality of Service compression techniques from the wireless providers. That should come out in future research given that this was an initial investigation of testing a theory of hashing validity.

Yes, the researchers didn't satisfy everyone's needs and immediately point out the simple answer. Remember, that "the objective of the tests conducted at Purdue University was to determine if reported hash values for graphic files remain consistent between mobile device forensic tools and a forensic workstation." That objective was completed in conjunction with Rick Ayers at the National Institute of Standards and Technology. The results were as they were posted.

Points to take away
1. "Researching the behavior and reliability of mobile device forensic tools is advantageous for toolmakers and the forensic community."

2. "While minimal research has been conducted on the hash values calculated for mobile device data objects, future research exploring the effects of additional data objects audio, documents, video) commonly found on mobile devices is paramount."

IOW
"Doveryai, no proveryai"
Trust but verify.
- Russian Proverb

The forensic tools we have are what we have…whether through the Data Synchronization vendors turned Mobile Forensic vendors (Cellebrite, Susteen, MobilEdit, Oxygen, etc.) or through Computer Forensic vendors turned Mobile Forensics vendors (Paraben, Guidance Software, etc.). Ideally, we must make sure our tools are giving us evidence as it is found on the device. This may not always be the case, and this single paper is a step in that direction helping other examiners realize that.

The image may look exactly the same (since it really is…), but the hash doesn't match…In "essence" (and through transferrence), it is the same image…The real question is, how does one convey the matching of the essence to the original? That is for tomorrow's researcher…

Regarding the SSDDFJ
Mr. Greg Smith (trewMTE), you have been removed from the editorial board as per your earlier request (which I would search through archived email for but really don't care to…). It is unfortunate that I should have to read about your displeasure with your dealing with SSDDFJ through a posting here at this time. I'm sure the moderators of this forum may have their own opinions about this as well. Be it known that many other peer reviewers (including those that may not have been so prominently mentioned at the SSDDFJ website) have responded timely to their reviewer requests and have seen this and the other articles that have been published and have applauded the groundbreaking accomplishments of this journal. Many times the articles found in SSDDFJ are the resultant work of worthy university and college research students joining forces with practitioners from the law enforcement community. Overall, it is the work of these academics, practitioners, researchers, and members of the forensic community that is helping to make this journal so popular amongst the mobile forensics world. It is unfortunate that you should trash it in a forum it because you weren't thoroughly satisifed with all of the results or didn't feel included. To keep things professional, I would like to have nothing more in the public forum regarding this personal issue and will welcome any replies to my professional email at rmislan (at) purdue (dot) edu.

Finally, thank you bigjohn for reading the article and posting it here at Forensic Focus for others to read. Also, thank you Phil for your professional insight. The binaries are still available and through an email, I can pass you on to the graduate student who did this research, presented at Mobile Forensics World (HashingIntegrityandMobilePhones.pdf), and would love to help further the research with willing partnerships. Please let me know as I would much rather spend my time helping to advance the knowledge of this community!

Thanks again,
Rick

9 out of 10 references are off the internet. A few of them are already offline. I bet you could have found references which were published at conferences or in books covering the same topics.

Rick I haven't responded to your comments above because frankly they do not address the issues raised.

The bit about suggesting it is all well meaning and the authors are well meaning, is not the point and nothing in my comments referred to that. Peer Review is the vehicle the authors used to bring their reports to the marketplace through SSDDFJ. So we're looking at and talking about the operation of your SSDDFJ Peer Review vehicle Rick.

You asked me to become a mobile telephone forensics & evidence reviewer. As far as I am aware Peer Review by the complete editorial board (the list is below, before I pulled out) is supposed to represent that we all endorse the Reports published through SSDDFJ. Well if we don't get to see them, how can we Peer Review them? More importantly how can we get Peer Reviews back on time to SSDDFJ if we didn't have the draft mobile telephone reports in the first place?

I record below the SSDDFJ publicly stated policy for Peer Review. Therefore that policy leads people to believe, and I believed you Rick when you promised that was what you were going to do, that Peer Review would be by highly experienced people. Do remember Rick, even as a Associate Professor, you are relatively new to our forensic field, so I can understand why you wouldn't be doing Peer Review yourself and why you needed to invite people to the SSDDFJ Board.

So why didn't you provide to me in the last 2-years one single draft mobile telephone report for Peer Review?

Are you saying the named Board members below endorsed those reports SSDDFJ has published todate?

================
SSDDFJ Submission Review Process
Manuscripts will be reviewed for the following
- Importance of the article's subject matter to the SSDDFJ's readers
- Does article provides new perspectives, influence further research or the direction of research in this area, and what is the likelihood of this article being cited by others?
- Quality of methods and accuracy of information
- Originality of article and/or concepts within
- Soundness of technical issues and arguments
- Quality and organization of the writing, i.e. concise, clear and interesting

Each peer reviewer will choose a following recommendation for their feedback
- Accepted
- Accepted with minor revisions
- Rejected, but encouraged to make revisions and resubmit
- Rejected, major problems exist that are not likely to be remedied in a revision

There are to be 2 manuscript submissions
1. One with Contact Information, Authors Names, Biography, and Acknowledgements, and
2. For the Blind Review Process, the second submitted manuscript should not include Contact Information Authors Names, Biography, or Acknowledgments.
=======================

=========================

International Editorial Board
Editors
Rick Mislan, ABD, Assistant Professor
Cyber Forensics, Purdue University
West Lafayette, Indiana, USA
rmislan@purdue.edu
Marcus Rogers, Ph.D, Professor
Cyber Forensics, Purdue University
West Lafayette, Indiana, USA
rogersmk@purdue.edu

Editorial Board
Rick Ayers, Computer Scientist, Computer Security Division
National Institute of Standards and Technology
Gaithersburg, Maryland, USA

Joe Grand
Grand Idea Studio
San Diego, California, USA

Wayne Jansen, Computer Scientist, Computer Security Division
National Institute of Standards and Technology
Gaithersburg, Maryland, USA

David Naccache, Professor
University of Paris
Paris, France

Michael Neubauer, National Program Office
Federal Bureau of Investigations
Washington, DC, USA

Sujeet Shenoi, Professor
Center for Information Security, University of Tulsa
Tulsa, Oklahoma, USA

Christine Siedsma, CFRDC Program Director,
Utica College
Utica, New York, USA

Dr. Jill Slay, Associate Professor
School of Electrical and Information Engineering
University of South Australia, Mawson Lakes Campus
Mawson Lakes, Australia

Greg Smith,
Trew & Co.
Kent, England

Ronald van der Knjiff, Forensic Scientist,
Digital Technology & Biometrics Department
Netherlands Forensic Institute,
Ministry of Justice The Hague, The Netherlands

Svein Willassen, Researcher
Norwegian University of Science and Technology
Oslo, Norway