Joshua I. James

Dr. Joshua I. James is a lecturer and researcher with the Hallym University Digital Forensics Investigation Research Laboratory. Coming from a background in network security and administration, his focus is now on the formalization and automation of digital forensic investigation methods, and the application of these methods in low cost, open source solutions for digital investigators.

Jan 012014
DigitalFIRE Mutual Legal Assistance Study

Please help DigitalFIRE Labs understand the current state of Mutual Legal Assistance Requests relating to digital evidence, and be entered for a chance to win a FIREBrick write-blocker or an Amazon gift card. The survey on Mutual Legal Assistance Requests Concerning Digital Evidence can be found here: This survey has been commissioned by the United Nations Office […]

Aug 032013
An Argument for Assumed Extra-territorial Consent During Cybercrime Investigations

During cybercrime investigations it’s common to find that a suspect has used technology in a country outside of the territorial jurisdiction of Law Enforcement investigating the case. The suspects themselves may also be located outside of the territory of the investigating group. A country may be able to claim jurisdiction over a suspect or device […]

Jul 172013
Challenges with Automation in Digital Forensic Investigations

Abstract The use of automation in digital forensic investigations is not only a technological issue, but also has political and social implications. This work discusses some challenges with the implementation and acceptance of automation in digital forensic investigation, and possible implications for current digital forensic investigators. Current attitudes towards the use of automation in digital forensic investigations are examined, as […]

Apr 082013
Automated Network Traige

In many police investigations today, computer systems are somehow involved. The number and capacity of computer systems needing to be seized and examined is increasing, and in some cases it may be necessary to quickly find a single computer system within a large number of computers in a network. To investigate potential evidence from a […]

Apr 042013
What is Cybersecurity?

Last week, a number of Korean organizations fell victim to cyber attacks. This has prompted discussions about cybersecurity in Korea, and while following this issue I’ve realized that Korea’s main challenge appears to be understanding what cybersecurity actually is. From many of the discussions, representatives from various organizations appear to believe that security is a […]

Mar 262013
Legal Protest and Distributed Denial of Service

The United States government, via the “We the People” portal (, was petitioned by Dylan K. [1] to “Make, distributed denial-of-service (DDoS), a legal form of protest”. The petition states that: With the advance in [Internet technology], comes new grounds for protesting. Distributed denial-of-service (DDoS), is not any form of hacking in any way. It […]

Mar 192013
Digital Forensic Investigation and Cloud Computing

Earlier this year, researchers from the Digital Forensic Investigation Research Group had a chapter published in the book “Cybercrime and Cloud Forensics: Applications for Investigation Processes“.  There were contributions from authors discussing practical as well as theoretical aspects of digital crime, investigation, side channel attacks, law, international cooperation, and the future of crime and Cloud […]

Feb 272013
Signature Based Detection of User Events for Post-Mortem Forensic Analysis

The concept of signatures is used in many fields, normally for the detection of some sort of pattern. For example, antivirus and network intrusion detection systems sometimes implement signature matching to attempt to differentiate legitimate code or network traffic from malicious data. The principle of these systems that that within a given set of data, malicious data […]

Nov 082012
Social Media and Intelligence Gathering

Online social media has changed the way many people, businesses and even governments interact with each other. Because of Twitter’s popularity and its ability to broadcast small pieces of information to a large number of people, it is an effective form of mass communication. However, ease in communication that allows the public to freely communicate […]

Sep 132012
Automata Intersection to Test Possibility of Statements in Investigations

When conducting an investigation, many statements are given by witnesses and suspects. A “witness” could be considered as anything that provides information about the occurrence of an event. While a witness may traditionally be a human, a digital device – such as a computer or cell phone – could also help to provide information about […]