As the digital forensic field develops, taking steps towards ensuring a level of reliability in the processes implemented by its practitioners, emphasis on the need for effective testing has increased. In order to test, test datasets are required, but creating these is not a straightforward task. A poorly constructed and documented test dataset undermines any testing which has taken place using it, eroding the reliability of any subsequent test results. In essence, given the time, effort and knowledge required to generate datasets, the field must guide those carrying out this task to ensure that it is done right at the first instance without wasting resources. Yet, there are currently few standards and best practices defined for dataset creation in digital forensics. This work defines three categories of dataset which typically exist in digital forensic - tool/process evaluation datasets, actions datasets and scenario-based datasets, where the minimum requirements for their creation are outlined and discussed to support those creating them and to help ensure that where datasets are created, they offer maximum value to the field.

The global pandemic of COVID-19 has turned the spotlight on video conferencing applications like never before. In this critical time, applications such as Zoom have experienced a surge in its user base jump over the 300 million daily mark (ZoomBlog, 2020). The increase in use has led malicious actors to exploit the application, and in many cases perform . Therefore forensically examining Zoom is inevitable. Our work details the primary disk, network, and memory forensic analysis of the Zoom video conferencing application. Results demonstrate it is possible to find users' critical information in plain text and/or encrypted/encoded, such as chat messages, names, email addresses, passwords, and much more through network captures, forensic imaging of digital devices, and memory forensics. Furthermore we elaborate on interesting anti-forensics techniques employed by the Zoom application when contacts are deleted from the Zoom application's contact list.

This work presents the first account of evaluating learning inside a VR experience created to teach Digital Forensics (DF) concepts, and a hands-on laboratory exercise in Bagging & Tagging a crime scene with digital devices. First, we designed and developed an immersive VR experience which included a lecture and a lab. Next, we tested it with (n = 57) participants in a controlled experiment where they were randomly assigned to a VR group or a physical group. Both groups were subjected to the same lecture and lab, but one was in VR and the other was in the . We collected pre- and post-test results to assess the participants' knowledge in DF concepts learned. Our experimental results indicated no significant differences in scores between the immersive VR group and the physical group. However, our results showed faster completion times in VR by the participants, which hints at VR being more time efficient, as virtual environments can be spun programmatically with little downtime.

On August 6, 2019, the 119 members of the School of criminal justice, forensic science and criminology at the University of Lausanne were the target of an online scammer. His/her modus operandi consisted of email masquerading as the Director of the School in an attempt to induce the victims to buy digital gift cards and to transmit the card usage code to the perpetrator. The first author of this paper is the Director of the School, and the second is an expert in digital forensic science and a professor of the School. They worked together in real time to deal with the fraud. Because the fraud occurred in a School of forensic science and criminology, it raised many questions on a variety of overlapping dimensions. The objective of this study was, therefore, to draw lessons from this case from several perspectives ranging from forensic science to cybersecurity, and from practical to academic. The response to the incident has been treated in four typical distinguishable phases: (1) fraud detection; (2) crisis management; (3) post-incident analysis; and (4) reporting to different communities. We conclude this paper by taking lessons from the case to express the essential role of forensic knowledge and crime analysis in interpreting the information conveyed by digital traces to develop innovative cross-disciplinary models for preventing, detecting, analysing, investigating and responding to online fraud.