This page has only limited features, please log in for full access.

Prof. Dr. Da-Yu KAO
Central Police University, Taiwan

Basic Info


Research Keywords & Expertise

0 Crime Scene Reconstruction
0 Cybercrime Investigation
0 Digital Forensics
0 Information Security
0 Law Enforcement

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

Da-Yu Kao is an Associate Professor at the Department of Information Management, Central Police University, Taiwan. I am responsible for various recruitment efforts and training programs for Taiwan civil servants, police officers, or ICT technicians. I have an extensive background in law enforcement and a keen interest in information security, ICT governance, technology-based investigation, cyber forensics, human resource development, and public sector globalization. I was a detective and forensic police officer at Taiwan's Criminal Investigation Bureau (under the National Police Administration). With a Master's degree in Information Management and a Ph.D. degree in Crime Prevention and Correction, I had led several investigations in cooperation with police agencies from other countries for the past 20 years. I am now the director of Computer Crime Investigation Lab at Central Police University and the webmaster of Cybercrime Investigation and Digital Forensics in the Facebook Group. I can be reached at [email protected]

Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Journal article
Published: 07 July 2020 in Applied Sciences
Reads 0
Downloads 0

When computer systems are increasingly important for our daily activities, cybercrime has created challenges for the criminal justice system. Data can be hidden in ADS (Alternate Data Stream) without hindering performance. This feature has been exploited by malware authors, criminals, terrorists, and intelligence agents to erase, tamper, or conceal secrets. However, ADS problems are much ignored in digital forensics. Rare researches illustrated the contact artifacts of ADS timestamps. This paper performs a sequence of experiments from an inherited variety and provides an in-depth overview of timestamp transfer on data hiding operations. It utilizes files or folders as original media and uses the timestamp rules as an investigative approach for the forensic exchange analysis of file sets. This paper also explores timestamp rules using case examples, which allow practical applications of crime scene reconstruction to real-world contexts. The experiment results demonstrate the effectiveness of temporal attributes, help digital forensic practitioners to uncover hidden relations, and trace the contact artifacts among crime scenes, victims, and suspects/criminals.

ACS Style

Da-Yu Kao. Forensic Exchange Analysis of Contact Artifacts on Data Hiding Timestamps. Applied Sciences 2020, 10, 4686 .

AMA Style

Da-Yu Kao. Forensic Exchange Analysis of Contact Artifacts on Data Hiding Timestamps. Applied Sciences. 2020; 10 (13):4686.

Chicago/Turabian Style

Da-Yu Kao. 2020. "Forensic Exchange Analysis of Contact Artifacts on Data Hiding Timestamps." Applied Sciences 10, no. 13: 4686.

Journal article
Published: 01 January 2020 in Procedia Computer Science
Reads 0
Downloads 0

Ransomware activities have been rising steadily. The network traffic characteristics in a network packet analysis are available immediately to explore anomalies and find any offensive behaviors. This paper applies a lightweight ICEAP (Identify-Collect-Examine-Analyze-Present) approach for effectively identifying LooCipher ransomware activities instead of establishing complex systems or creating various programs. This proposed approach tracks online behaviors and understands the source/destination entities. With this innovative detection method, analysts can merge the eigenvalues into security mechanisms, uncover network threats by analyzing the full payload, and detect infected ransomware in a minimum effort.

ACS Style

Te-Min Liu; Da-Yu Kao; Yun-Ya Chen. LooCipher Ransomware Detection Using Lightweight Packet Characteristics. Procedia Computer Science 2020, 176, 1677 -1683.

AMA Style

Te-Min Liu, Da-Yu Kao, Yun-Ya Chen. LooCipher Ransomware Detection Using Lightweight Packet Characteristics. Procedia Computer Science. 2020; 176 ():1677-1683.

Chicago/Turabian Style

Te-Min Liu; Da-Yu Kao; Yun-Ya Chen. 2020. "LooCipher Ransomware Detection Using Lightweight Packet Characteristics." Procedia Computer Science 176, no. : 1677-1683.

Journal article
Published: 14 October 2019 in Procedia Computer Science
Reads 0
Downloads 0

In recent years, drug abuse and drug addiction have become a major burden to the society. In order to achieve the public expectation for drug crime prevention, law enforcement agencies devote considerable resources hoping to strengthen the intensity of interventions. However, with the rapid changes in social patterns, the drug criminals also look for ways to avoid law enforcement investigations by producing, transporting and selling drugs through different regions, making drug prevention more difficult. Thus, developing dominant strategies to deal with this issue is a main task for police agencies. For more effectively analyze the structural influences of drug crime, we utilize social network analysis (SNA) techniques to discover implications of drug related crime networks. The macro-level perspective of co-offender network indicates that criminals intend to set blocks between network members to prevent law enforcement interventions. The micro-level perspective of individuals provides significant social features to predict drug recidivism. The experimental results indicate superior performance when adopting both personal and social features in classification task. Applying SNA to recidivism prediction is a leading endeavor, and the approach presented in this paper offers remarkable improvement on traditional methods. The results of this paper reveals the advantages of structural implications in analyzing drug related crime, as well as its ability to facilitate the cognition of crime prevention and intervention strategies.

ACS Style

Fu-Ching Tsai; Ming-Chun Hsu; Chien-Ta Chen; Da-Yu Kao. Exploring drug-related crimes with social network analysis. Procedia Computer Science 2019, 159, 1907 -1917.

AMA Style

Fu-Ching Tsai, Ming-Chun Hsu, Chien-Ta Chen, Da-Yu Kao. Exploring drug-related crimes with social network analysis. Procedia Computer Science. 2019; 159 ():1907-1917.

Chicago/Turabian Style

Fu-Ching Tsai; Ming-Chun Hsu; Chien-Ta Chen; Da-Yu Kao. 2019. "Exploring drug-related crimes with social network analysis." Procedia Computer Science 159, no. : 1907-1917.

Journal article
Published: 14 October 2019 in Procedia Computer Science
Reads 0
Downloads 0

Cyber services record almost people’s locations worldwide. Law Enforcement Agencies (LEAs) can use them to find suspects or witnesses near crime scenes. However, it runs the risk of arresting the innocent in a criminal investigation. This paper takes an intimidation case in Taiwan for example. The crime scene investigation from the viewpoint of Google Maps is explored for supporting or refuting a crime. The proposed PETLO (People-Events-Time-Locations-Objects) model is an investigative approach, which can be applied in clarifying some critical issues and explaining how a crime has happened.

ACS Style

Chih-Hung Shih; Fang-Cheng Chen; Shun-Wei Cheng; Da-Yu Kao. Using Google Maps to Track Down Suspects in a Criminal Investigation. Procedia Computer Science 2019, 159, 1900 -1906.

AMA Style

Chih-Hung Shih, Fang-Cheng Chen, Shun-Wei Cheng, Da-Yu Kao. Using Google Maps to Track Down Suspects in a Criminal Investigation. Procedia Computer Science. 2019; 159 ():1900-1906.

Chicago/Turabian Style

Chih-Hung Shih; Fang-Cheng Chen; Shun-Wei Cheng; Da-Yu Kao. 2019. "Using Google Maps to Track Down Suspects in a Criminal Investigation." Procedia Computer Science 159, no. : 1900-1906.

Conference abstract
Published: 15 July 2018 in Digital Investigation
Reads 0
Downloads 0
ACS Style

Da-Yu Kao; Yuan-Pei Chen; Neng-Hsin Shih. Reconstructing ADS data hiding in windows NTFS: A temporal analysis. Digital Investigation 2018, 26, S137 .

AMA Style

Da-Yu Kao, Yuan-Pei Chen, Neng-Hsin Shih. Reconstructing ADS data hiding in windows NTFS: A temporal analysis. Digital Investigation. 2018; 26 ():S137.

Chicago/Turabian Style

Da-Yu Kao; Yuan-Pei Chen; Neng-Hsin Shih. 2018. "Reconstructing ADS data hiding in windows NTFS: A temporal analysis." Digital Investigation 26, no. : S137.

Article
Published: 08 September 2015 in The Journal of Supercomputing
Reads 0
Downloads 0

Cyber offenders spread their influence as fast as the Internet and cloud computing develop. Cloud computing enhances challenges in collecting and analyzing digital evidence in a cybercrime investigation. Research on cloud storage forensics is scarce to obtain evidence or analyze metadata. This study proposes a time-based investigation in a complex cloud environment. Establishing timeline information using date-time stamps could help when the law enforcement agents investigate cloud-related crime. Some experiments are observed from three users (creator, coauthor and browser), four computers and five file operation processes (file created, file accessed, file modified, file shared, and file downloaded). This study presents a novel cybercrime investigation countermeasure using a created-accessed-modified (CAM) model to improve the effectiveness of forensic analysis. This may have implications when examiners analyze hard disks or when a user has synchronized files from a cloud account prior to computer seizure. The countermeasure methodology is potentially useful for evidentiary datasets and investigations.

ACS Style

Da-Yu Kao. Cybercrime investigation countermeasure using created-accessed-modified model in cloud computing environments. The Journal of Supercomputing 2015, 72, 141 -160.

AMA Style

Da-Yu Kao. Cybercrime investigation countermeasure using created-accessed-modified model in cloud computing environments. The Journal of Supercomputing. 2015; 72 (1):141-160.

Chicago/Turabian Style

Da-Yu Kao. 2015. "Cybercrime investigation countermeasure using created-accessed-modified model in cloud computing environments." The Journal of Supercomputing 72, no. 1: 141-160.

Conference paper
Published: 28 May 2015 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

The law enforcement community has faced difficulties on how best to tackle the complex and dynamic developments on the internet, cloud services, or communications technology. This creates difficulties in the consistency of handling a digital crime scene. Offenders could use cloud storage service as a media to save others’ data through the internet. This study explores the challenges of digital investigation on Windows file system, and proposes an iterative management model to explore date-time stamps in the file metadata of Windows system. We further observe the file metadata and compare their differences in the date-time stamp issues. The analysis techniques of this study may help establish event timeline, and clarify the offender’s actions to the file. It will be useful in investigations and mitigate the impact of time bias across multiple systems.

ACS Style

Da-Yu Kao; Ying-Hsuan Chiu. An Iterative Management Model of Exploring Windows Date-Time Stamps in Cloud Storage Forensics. Transactions on Petri Nets and Other Models of Concurrency XV 2015, 498 -512.

AMA Style

Da-Yu Kao, Ying-Hsuan Chiu. An Iterative Management Model of Exploring Windows Date-Time Stamps in Cloud Storage Forensics. Transactions on Petri Nets and Other Models of Concurrency XV. 2015; ():498-512.

Chicago/Turabian Style

Da-Yu Kao; Ying-Hsuan Chiu. 2015. "An Iterative Management Model of Exploring Windows Date-Time Stamps in Cloud Storage Forensics." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 498-512.