Blaine Price

Ian Kennedy, Arosha Bandara, Blaine Price

Following a series of high profile miscarriages of justice in the UK linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008. The main objective of this role is to improve the standard of practitioner competences and forensic procedures. One of the key strategies deployed to achieve this is the push to incorporate a greater level of scientific conduct in the various fields of forensic practice. Currently there is no statutory requirement for practitioners to become accredited to continue working with the Criminal Justice System of England and Wales. However, the Forensic Science Regulator is lobbying the UK Government to make this mandatory. This paper focuses upon the challenge of incorporating a scientific methodology to digital forensic investigations where malicious software ('malware') has been identified. One aspect of such a methodology is the approach followed to both select and evaluate the tools used to perform dynamic malware analysis during an investigation. Based on the literature, legal, regulatory and practical needs we derive a set of requirements to address this challenge. We present a framework, called the 'Malware Analysis Tool Evaluation Framework' (MATEF), to address this lack of methodology to evaluate software tools used to perform dynamic malware analysis during investigations involving malware and discuss how it meets the derived requirements.

Camilla Elphick, Richard Philpot, Min Zhang et al.

Perceptions of police trustworthiness are linked to citizens' willingness to cooperate with police. Trust can be fostered by introducing accountability mechanisms, or by increasing a shared police/citizen identity, both which can be achieved digitally. Digital mechanisms can also be designed to safeguard, engage, reassure, inform, and empower diverse communities. We systematically scoped 240 existing online citizen-police and relevant third-party communication apps, to examine whether they sought to meet community needs and policing visions. We found that 82% required registration or login details, 55% of those with a reporting mechanism allowed for anonymous reporting, and 10% provided an understandable privacy policy. Police apps were more likely to seek to reassure, safeguard and inform users, while third-party apps were more likely to seek to empower users. As poorly designed apps risk amplifying mistrust and undermining policing efforts, we suggest 12 design considerations to help ensure the development of high quality/fit for purpose Police/Citizen apps.

Charith Perera, Mahmoud Barhamgi, Arosha K. Bandara et al.

Internet of Things (IoT) applications typically collect and analyse personal data that can be used to derive sensitive information about individuals. However, thus far, privacy concerns have not been explicitly considered in software engineering processes when designing IoT applications. The advent of behaviour driven security mechanisms, failing to address privacy concerns in the design of IoT applications can have security implications. In this paper, we explore how a Privacy-by-Design (PbD) framework, formulated as a set of guidelines, can help software engineers integrate data privacy considerations into the design of IoT applications. We studied the utility of this PbD framework by studying how software engineers use it to design IoT applications. We also explore the challenges in using the set of guidelines to influence the IoT applications design process. In addition to highlighting the benefits of having a PbD framework to make privacy features explicit during the design of IoT applications, our studies also surfaced a number of challenges associated with the approach. A key finding of our research is that the PbD framework significantly increases both novice and expert software engineers' ability to design privacy into IoT applications.