The Association of Digital Forensics, Security and Law (ADFSL)
As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild and analyzes the challenges that were confronted. Amalgamating these insights, the research presents a compendium of practices for addressing the issues that can arise in-the-wild when conducting residual data research. The practices identified in this research can be used to critique current projects and assess the feasibility of proposed future research.
Belanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS Q., 35(4), 1017-1042.
Berman, K., Glisson, W. B., & Glisson, L. M. (2015). Investigating the Impact of Global Positioning System (GPS) Evidence in Court Cases. Paper presented at the Hawaii International Conference on System Sciences (HICSS-48), Kauai, Hawaii
British Psychological Society. (2010). Code of Human Research Ethics. Retrieved from http://www.bps.org.uk/sites/default/files/documents/code_of_human_research_ethics.pdf
Chamberlain, A., Crabtree, A., Rodden, T., Jones, M., & Rogers, Y. (2012). Research in the wild: understanding 'in the wild' approaches to design and development. Paper presented at the Proceedings of the Designing Interactive Systems Conference, Newcastle Upon Tyne, United Kingdom.
Clarke, R. (1999). Internet privacy concerns confirm the case for intervention. Communications of the ACM, 42(2), 60-67. doi:10.1145/293411.293475
CMS. (2013). HIPAA - General Information. Retrieved from http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/index.html.
Garfinkel, S., Farrell, P., Roussev, V., & Dinolt, G. (2009). Bringing science to digital forensics with standardized forensic corpora. Digital Investigation, 6(Supplement 1), S2-S11. doi:DOI: 10.1016/j.diin.2009.06.016
Garfinkel, S. L., & Shelat, A. (2003). Remembrance of data passed: a study of disk sanitization practices. Security & Privacy, IEEE, 1(1), 17-27. Retrieved from http://ieeexplore.ieee.or/xpls/abs_all.jsp?arnumber=5558244
Gartner. (2012). Gartner Says That Consumers Will Store More Than a Third of Their Digital Content in the Cloud by 2016. Retrieved from http://www.gartner.com/it/page.jsp?id=2060215
Gartner. (2016). Gartner Says Global Smartphone Sales to Only Grow 7 Per Cent in 2016. Retrieved from http://www.gartner.com/newsroom/id/3270418
Glisson, W. B., & Storer, T. (2013). Investigating Information Security Risks of Mobile Device Use Within Organizations Paper presented at the Americas Conference on Information Systems (AMCIS). http://amcis2013.aisnet.org/
Glisson, W. B., Storer, T., Mayall, G., Moug, I., & Grispos, G. (2011). Electronic retention: what does your mobile phone reveal about you? International Journal of Information Security, 10(6), 337-349. doi:10.1007/s10207-011-0144-3
Grispos, G., Glisson, W. B., Pardue, J. H., & Dickson, M. (2015). Identifying User Behavior from Residual Data in Cloud-based Synchronized Apps. Journal of Information Systems Applied Research, 8(2), 4-14
Grispos, G., Storer, T., & Glisson, W. B. (2012). Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics (pp. 28-48): IGI Global.
Hagen, P., Robertson, T., Kan, M., & Sadler, K. (2005). Emerging research methods for understanding mobile technology use. Paper presented at the Proceedings of the 17th Australia conference on Computer-Human Interaction: Citizens Online: Considerations for Today and the Future, Canberra, Australia.
Health.com. (2010). 10 Jobs With High Depression Rates. Forbes. Retrieved from http://www.health.com/health/gallery/0,,20428990,00.html
Information Commissioner's Office. (2012). Guidance on the use of cloud computing. Retrieved from http://ico.org.uk/for_organisations/data_protection/topic_guides/online/cloud_computing
International Telecommunication Union. (2015). ITU releases 2015 ICT figures. Retrieved from https://www.itu.int/net/pressoffice/press_releases/2015/17.aspx
Jones, A., Dardick, G. S., Davies, G., Sutherland, I., & Valli, C. (2009). The 2008 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market. Journal of International Commercial Law and Technology, 4(3). Retrieved from http://www.jiclt.com/index.php/jiclt/index
Jones, A., Valli, C., & Dabibi, G. (2009). The 2009 Analysis of Information Remaining on USB Storage Devices Offered for Sale on the Second Hand Market. Paper presented at the Australian Digital Forensics Conference, Perth, Australia. http://ro.ecu.edu.au/adf/61/
Jones, A., Valli, C., Sutherland, I., & Thomas, P. (2008). An Analysis of Information Remaining on Disks offered for sale on the second hand market. Journal of
Journal of Digital Forensics, Security and Law, Vol. 9(2)
Digital Security, Forensics & Law 3(1). Retrieved from http://www.jdfsl.org/Issues/JDFSL-v3n1.pdf
McMillan, J., Glisson, W. B., & Bromby, M. (2013). Investigating the Increase in Mobile Phone Evidence in Criminal Activities. Paper presented at the Hawaii International Conference on System Sciences (HICSS-46), Wailea, Hawaii.
Rogers, Y. (2011). Interaction design gone wild: striving for wild theory. interactions, 18(4), 58-62. doi:10.1145/1978822.1978834
Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS Q., 35(4), 989-1016.
Smith, H. J., & Milberg, S. J. (1996). Information privacy: measuring individuals' concerns about organizational practices. MIS Q., 20(2), 167-196. doi:10.2307/249477
Szewczyk, P., & Sansurooah, K. (2011). A 2011 investigation into remnant data on second hand memory cards sold in Australia. Paper presented at the 9th Australian Digital Forensics Conference Perth, Western Australia.
UK Parliament. (1990, 2000). Computer Misuse Act 1990. Retrieved from http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm
UK Parliament. (1998). Data Protection Act 1998. Retrieved from http://www.legislation.gov.uk/ukpga/1998/29/section/2
Wolthusen, S. D. (2009, 15-17 Sept. 2009). Overcast: Forensic Discovery in Cloud Environments. Paper presented at the IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on.
Working Party. (2012). Opinion 05/2012 on Cloud Computing Retrieved from http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf
Glisson, William B.; Storer, Tim; Blyth, Andrew; Grispos, George; and Campbell, Matt
"In-The-Wild Residual Data Research and Privacy,"
Journal of Digital Forensics, Security and Law: Vol. 11
, Article 1.
Available at: http://commons.erau.edu/jdfsl/vol11/iss1/1