Automated Construction of a False Digital Alibi

  • Alfredo De Santis
  • Aniello Castiglione
  • Giuseppe Cattaneo
  • Giancarlo De Maio
  • Mario Ianulardo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6908)


Recent legal cases have shown that digital evidence is becoming more widely used in court proceedings (by defense, accusation, public prosecutor, etc.). Digital tracks can be left on computers, phones, digital cameras as well as third party servers belonging to Internet Service Providers (ISPs), telephone providers and companies that provide services via Internet such as YouTube, Facebook and Gmail.

This work highlights the possibility to set up a false digital alibi in a fully automatic way without any human intervention. A forensic investigation on the digital evidence produced cannot establish whether such traces have been produced through either human activity or by an automated tool. These considerations stress the difference between digital and physical - namely traditional - evidence. Essentially, digital evidence should be considered relevant only if supported by evidence collected using traditional investigation techniques. The results of this work should be considered by anyone involved in a Digital Forensics investigation, due to it demonstrating that court rulings should not be based only on digital evidence, with it always being correlated to additional information provided by the various disciplines of Forensics Sciences.


Digital Evidence Digital Investigation Digital Forensics Anti-Forensics Counter-Forensics False Digital Evidence Automated Alibi False Alibi Digital Alibi False Digital Alibi 


  1. 1.
    Internet World Stats, June 30 (2010),
  2. 2.
    Beltrami, D.: The New York Times, I’m Innocent. Just Check My Status on Facebook, November 12 (2009),
  3. 3.
    Juarez, V.: CNN, Facebook status update provides alibi, November 12 (2009),
  4. 4.
    Xomba: A Writing Community, Garlasco, Alberto Stasi acquitted (December 2009),
  5. 5.
    U.S. Department of Defense. DoD Directive 5220.22, National Industrial Security Program (NISP), February 28 (2010)Google Scholar
  6. 6.
    Gutmann, P.: Secure Deletion of Data from Magnetic and Solid-State Memory. In: Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22-25 (1996)Google Scholar
  7. 7.
    Fierer, N., Lauber, C.L., Zhou, N., McDonald, D., Costello, E.K., Knight, R.: Forensic identification using skin bacterial communities. In: Proceedings of the National Academy of Sciences, Abstract (March 2010)Google Scholar
  8. 8.
    Bennett, J.: AutoIt v3.3.6.0, March 7 (2010),
  9. 9.
    Di Crescenzo, G., Ghosh, A., Kampasi, A., Talpade, R., Zhang, Y.: Detecting anomalies in active insider stepping stone attacks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(1), 103–120 (2011)Google Scholar
  10. 10.
    Mee, V., Tryfonas, T., Sutherland, I.: The Windows Registry as a forensic artefact: Illustrating evidence collection for Internet usage. Journal of Digital Investigation 3(3), 166–173 (2006)CrossRefGoogle Scholar
  11. 11.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys 41(3), 15:1–15:58 (2009)CrossRefGoogle Scholar
  12. 12.
    Shelton, D.E.: The “CSI Effect”: Does It Really Exist? National Institute of Justice, Journal No. 259, March 17 (2008)Google Scholar
  13. 13.
    Russinovich, M., Cogswell, B.: Microsoft Sysinternals Process Monitor, April 13 (2011),
  14. 14.
  15. 15.
  16. 16.
    Carvey, H.: Windows Forensics Analysis, 2nd edn. Syngress (2009)Google Scholar
  17. 17.
    Craig, W., Dave, K., Shyaam, S.R.S.: Overwriting Hard Drive Data: The Great Wiping Controversy. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 243–257. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Castiglione, A., Cattaneo, G., De Maio, G., De Santis, A.: Automatic, Selective and Secure Deletion of Digital Evidence. In: Proceedings of the Sixth International Conference on Broadband and Wireless Computing, Communication and Applications, BWCCA 2011, Barcelona, Spain, October 26-28 (2011)Google Scholar
  19. 19.
    Silberschatz, A., Galvin, P.B., Gagne, G.: Operating System Concepts, 7th edn. Wiley, Chichester (2004)Google Scholar
  20. 20.
    NIST Special Publication 800-88: Guidelines for Media Sanitization, p. 7 (2006)Google Scholar
  21. 21.
    The Erb Law Firm, Facebook Can Keep You Out of Jail (November 2009),
  22. 22.
    Berger, M.A.: What Has a Decade of Daubert Wrought? American Journal of Public Health 95(S1), S59–S65 (2005)CrossRefGoogle Scholar
  23. 23.
    U.S. House of Representative, Federal Rules of Evidence (December 2006),

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Alfredo De Santis
    • 1
  • Aniello Castiglione
    • 1
  • Giuseppe Cattaneo
    • 1
  • Giancarlo De Maio
    • 1
  • Mario Ianulardo
    • 2
  1. 1.Dipartimento di Informatica “R.M. Capocelli”Università degli Studi di SalernoFiscianoItaly
  2. 2.Computer Crime LawyerItaly

Personalised recommendations