Högskolan i Skövde

While the prevalent use of digital devices has many benefits in a modern society, it has also increased the complexity of evidence acquisition in crime investigations. With a digital device being seized in almost all criminal cases, creating investigation backlogs, a need for investigating how this challenge affects victims’ willingness to report crimes is rising. Previous research show that victims are less inclined to report crimes when having to hand in a mobile phone for evidence acquisition. However, why that is remains unclear. Taking a quantitative approach, we investigate the assumed relation between the willingness to report crimes and the time a mobile phone is seized for evidence collection. A survey was sent out to 500 Swedish citizens inquiring how likely they are to report various crimes in relation to the time their mobile phone would be seized by the police. The results show a significantly reduced willingness to report crimes as the seizure times increase, consequently resulting in unreported crimes. The findings also indicate a variation in reporting willingness among various crimes, suggesting a reluctance to report crimes of less monetary consequence, ultimately accepting victimization and enabling unlawful behavior.

Multi-Factor Authentication (MFA) is commonly suggested as a good mechanism to overcome inherent security problems with the use of passwords. However, research suggests that MFA has so far failed to attract enough interest from users. Additionally, older users seem to be even more reluctant to use MFA. In Sweden, users are more or less required to use MFA to use services such as online banking, book doctors appointments online, and complete tax reports online. As such, Sweden is an interesting case for studying MFA adoption. This paper reports on mixed-methods research investigating how Swedish users in different age groups compare with respect to the adoption of MFA. The results suggest that users of different age are willing to adopt MFA when it is required for services they want or need to use. However, younger users appear to be more prone to voluntarily adopt MFA.

The willingness of victims to report crimes is declining, which leads to an increase in the dark figure of crime and undermines effective crime control. One possible reason is that victims are reluctant to report crimes if they are required to submit their digital devices for forensic examination. Today, a mobile phone holds vast amounts of information that may be valuable for police forensics experts, showing that victims’ phones could be critical in crime investigations. This interview study has investigated the factors that influence Swedish citizens’ willingness to report crimes when reporting involves surrendering their own mobile phones for forensic analysis. The study also uncovered factors that increase their willingness to report crimes under the same circumstances. The gathered data was subjected to a qualitative analysis with thematic coding, resulting in four distinct themes with 12 categories distributed among them. The analysis reveals that the primary factors affecting Swedish citizens’ willingness to report crimes are privacy concerns, with participants feeling uneasy about others accessing their private data, and anxiety over being separated from their mobile phones. Furthermore, the study yields that the most significant factors for increasing the willingness to report crimes are enhanced information and transparency from the police. Participants suggested that better understanding of the process, and increased openness would increase their willingness to report.

The use of encryption is increasing, and while that is good for cybersecurity it is a core challenge for digital forensics. Encrypted information cannot be analyzed unless it is first decrypted, which is a complex and time-consuming process. Using a brute force attack to guess the password used for encryption is deemed impractical as even a simple password, being long enough, could take weeks, months, or even years to find. A more feasible approach is to use a dictionary attack where each word in a list is tested. However, a dictionary attack is only successful if the password is in the list, making the process of creating that list a crucial part of decrypting passwords. This research builds on existing literature showing that users commonly use strategies to create passwords, and the aim is to propose a method for creating dictionaries that are grounded in theories of password construction. An initial model was developed using a selective literature review with the purpose of identifying common elements included in biographical passwords, and in what order the elements are used. To improve the model, the study utilized semi-structured interviews with forensic experts from the Swedish police and the Swedish National Forensic Center (NFC). The main contribution of this research is a readily available model for creating dictionaries that can be used by practitioners. The model can also serve as a theoretical contribution that describes how users commonly construct biographical passwords.

Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remain the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to find strategies that allow for the generation of passwords that are both memorable and computationally secure. Design/methodology/approach The study began with a literature review that was used to identify cognitive password creation strategies that facilitate the creation of passwords that are easy to remember. Using an action-based approach, attack models were created for the resulting creation strategies. The attack models were then used to calculate the entropy for passwords created with different strategies and related to a theoretical cracking time. Findings The result of this study suggests that using phrases with four or more words as passwords will generate passwords that are easy to remember and hard to attack. Originality/value This paper considers passwords from a socio-technical approach and provides insight into how passwords that are easy to remember and hard to crack can be generated. The results can be directly used to create password guidelines and training material that enables users to create usable and secure passwords.