Showing papers on "Digital forensics published in 2013"

CASIA Image Tampering Detection Evaluation Database

Abstract: Image forensics has now raised the anxiety of justice as increasing cases of abusing tampered images in newspapers and court for evidence are reported recently. With the goal of verifying image content authenticity, passive-blind image tampering detection is called for. More realistic open benchmark databases are also needed to assist the techniques. Recently, we collect a natural color image database with realistic tampering operations. The database is made publicly available for researchers to compare and evaluate their proposed tampering detection techniques. We call this database CASI-A Image Tampering Detection Evaluation Database. We describe the purpose, the design criterion, the organization and self-evaluation of this database in this paper.

Big Data Analytics for Security

Abstract: Big data is changing the landscape of security tools for network monitoring, security information and event management, and forensics; however, in the eternal arms race of attack and defense, security researchers must keep exploring novel ways to mitigate and contain sophisticated attackers.

Internet of Things Forensics: Challenges and approaches

Abstract: The scope of this paper is two-fold: firstly it proposes the application of a 1-2-3 Zones approach to Internet of Things (IoT)-related Digital Forensics (DF) investigations. Secondly, it introduces a Next-Best-Thing Triage (NBT) Model for use in conjunction with the 1-2-3 Zones approach where necessary and vice versa. These two `approaches' are essential for the DF process from an IoT perspective: the atypical nature of IoT sources of evidence (i.e. Objects of Forensic Interest - OOFI), the pervasiveness of the IoT environment and its other unique attributes - and the combination of these attributes - dictate the necessity for a systematic DF approach to incidents. The two approaches proposed are designed to serve as a beacon to incident responders, increasing the efficiency and effectiveness of their IoT-related investigations by maximizing the use of the available time and ensuring relevant evidence identification and acquisition. The approaches can also be applied in conjunction with existing, recognised DF models, methodologies and frameworks.

Digital forensic research: current state of the art

Abstract: Digital forensics is the process of employing scientific principles and processes to analyze electronically stored information and determine the sequence of events which led to a particular incident. In this digital age, it is important for researchers to become aware of the recent developments in this dynamic field and understand scope for the future. The past decade has witnessed significant technological advancements to aid during a digital investigation. Many methodologies, tools and techniques have found their way into the field designed on forensic principles. Digital forensics has also witnessed many innovative approaches that have been explored to acquire and analyze digital evidence from diverse sources. In this paper, we review the research literature since 2000 and categorize developments in the field into four major categories. In recent years the exponential growth of technological has also brought with it some serious challenges for digital forensic research which is elucidated. Within each category, research is sub-classified into conceptual and practical advancements. We highlight the observations made by previous researchers and summarize the research directions for the future.

Cloud Storage Forensics

Abstract: To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. Digital forensic investigation in the cloud computing environment, however, is in infancy due to the comparatively recent prevalence of cloud computing. Cloud Storage Forensics presents the first evidence-based cloud forensic framework. Using three popular cloud storage services and one private cloud storage service as case studies, the authors show you how their framework can be used to undertake research into the data remnants on both cloud storage servers and client devices when a user undertakes a variety of methods to store, upload, and access data in the cloud. By determining the data remnants on client devices, you gain a better understanding of the types of terrestrial artifacts that are likely to remain at the Identification stage of an investigation. Once it is determined that a cloud storage service account has potential evidence of relevance to an investigation, you can communicate this to legal liaison points within service providers to enable them to respond and secure evidence in a timely manner. Learn to use the methodology and tools from the first evidenced-based cloud forensic framework Case studies provide detailed tools for analysis of cloud storage devices using popular cloud storage services Includes coverage of the legal implications of cloud storage forensic investigations Discussion of the future evolution of cloud storage and its impact on digital forensics

The Forensics Edge Management System: A Concept and Design

Abstract: This paper describes the design of the Forensics Edge Management System (FEMS), a system that autonomously provides security and forensic services within the home Internet of Things (IoT) or smart home context. Within smart homes, users are increasingly being allowed the flexibility to manage and maintain all the solutions that entail. This is evident from the growing number of commercial smart home IoT solutions which are being designed to be manageable by end users. This IoT requirement for user-manageable solutions (without direct or indirect input from vendors beyond the provision of robust systems and solutions) presents a challenge to the traditional concept of Digital Forensics (DF) which is currently an expert-led domain. The FEMS design aims to meet these requirements for autonomy and independence, it is a system that can be integrated into a home-IoT network to conduct preliminary forensic investigations and to provide basic security services.

Digital Forensics as a Big Data Challenge

Abstract: Digital Forensics, as a science and part of the forensic sciences, is facing new challenges that may well render established models and practices obsolete. The dimensions of potential digital evidence supports has grown exponentially, be it hard disks in desktop and laptops or solid state memories in mobile devices like smartphones and tablets, even while latency times lag behind. Cloud services are now sources of potential evidence in a vast range of investigations and network traffic also follows a growing trend and in cyber security the necessity of sifting through vast amount of data quickly is now paramount. On a higher level investigations - and intelligence analysis - can profit from sophisticated analysis of such datasets as social network structures, corpora of text to be analysed for authorship and attribution. All of the above highlights the convergence between so-called data science and digital forensics, to tack the fundamental challenge of analyse vast amount of data ("big data") in actionable time while at the same time preserving forensic principles in order for the results to be presented in a court of law. The paper, after introducing digital forensics and data science, explores the challenges above and proceed to propose how techniques and algorithms used in big data analysis can be adapted to the unique context of digital forensics, ranging from the managing of evidence via Map-Reduce to machine learning techniques for triage and analysis of big forensic disk images and network traffic dumps. In the conclusion the paper proposes a model to integrate this new paradigm into established forensic standards and best practices and tries to foresee future trends.

Using Smartphones as a Proxy for Forensic Evidence Contained in Cloud Storage Services

Abstract: Cloud storage services such as Drop box, Box and Sugar Sync have been embraced by both individuals and organizations This creates an environment that is potentially conducive to security breaches and malicious activities The investigation of these cloud environments presents new challenges for the digital forensics community It is anticipated that smart phone devices will retain data from these storage services Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service The contribution of this paper is twofold First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices This view acts as a proxy for data stored in the cloud Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services

Cognitive Approaches for Digital Forensic Readiness Planning

Abstract: This paper focuses on the use of cognitive approaches for digital forensic readiness planning. Research has revealed that a well-thought-out and legally contextualized digital forensic readiness strategy can provide organizations with an increased ability to respond to security incidents while maintaining the integrity of the evidence gathered and keeping investigative costs low. This paper contributes to the body of knowledge in digital forensics related to the design and implementation of digital forensic readiness plans aimed at maximizing the use of digital evidence in organizations. The study uses interviews as part of a mixed-methods approach. In particular, it employs a mix of informal conversational and standardized open-ended interview styles conducted with industry experts over a variety of communication media.

Exploring Static and Live Digital Forensics: Methods, Practices and Tools

Abstract: Analysis and examination of data is performed in digital forensics. Nowadays computer is the major source of communication which can also be used by the investigators to gain forensically relevant information. Forensic analysis can be done in static and live modes. Traditional approach pro- vides incomplete evidentiary data, while live analysis tools can provide the investigators a more accurate and consistent picture of the current and pre- viously running processes. Many important system related information present in volatile memory cannot be effectively recovered by using static analysis techniques. In this paper, we present a critical review of static and live analysis approaches and we evaluate the reliability of different tools and tech- niques used in static and live digital forensic analysis.

Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions

Abstract: Digital forensics have become increasingly important as an approach to investigate cyber- and computer-assisted crime. Whilst many tools exist and much research is being undertaken, many questions exist regarding the future of the domain. Indeed, prior literature has widely published the challenges that exist within the domain, from the increasing volume of data (e.g. SANs, hard drive capacities, databases) to the varying technology platforms and systems that exist (e.g. tablets, mobile phones, embedded systems, cloud computing). However, little effort has focused upon understanding the reality of these challenges. The paper presents research that seeks to identify, quantify and prioritise these challenges so that future efforts can be concentrated on the issues that actually affect the domain. The study undertook a survey of researchers and practitioners (both law enforcement and organisational) to examine the real-challenges from the perceived challenges and to understand what effect the future will have upon the digital forensic domain. A total of 42 participants undertook the study with 55% having 3 or more years of of experience. 45% were academic researchers, 16% law enforcement and 31% had a forensic role within an organisation. Overwhelmingly, 93% of participants felt that the number and complexity of investigations would increase in the future. Apart from the plethora of findings elaborated in the paper, the principal future challenge priorities included cloud computing, anti-forensics and encryption. Respondents also identified, improving communication between researchers and practitioners and the need to develop approaches to identify and extract “significant data” through techniques such as criminal profiling as essential. Interestingly, participants did not feel that the growth in privacy enhancing technologies nor legislation was a significant inhibitor to the future of digital forensics.

Investigating the Increase in Mobile Phone Evidence in Criminal Activities

Abstract: The magnification of mobile devices in everyday life prompts the idea that these devices will increasingly have evidential value in criminal cases. While this may have been assumed in digital forensics communities, there has been no empirical evidence to support this idea. This research investigates the extent to which mobile phones are being used in criminal proceedings in the United Kingdom thorough the examination of appeal judgments retrieved from the Westlaw, Lexis Nexis and British and Irish Legal Information Institute (BAILII) legal databases. The research identified 537 relevant appeal cases from a dataset of 12,763 criminal cases referring to mobile phones for a period ranging from 1st of January, 2006 to 31st of July, 2011. The empirical analysis indicates that mobile phone evidence is rising over time with some correlations to particular crimes.

A Log Based Approach to Make Digital Forensics Easier on Cloud Computing

Abstract: Cloud computing is getting more and more attention from the information and communication technologies industry recently. Almost all the leading companies of the information area show their interesting and efforts on cloud computing and release services about cloud computing in succession. But if want to make it go further, we should pay more effort on security issues. Especially, the Internet environment now has become more and more unsecure. With the popularization of computers and intelligent devices, the number of crime on them has increased rapidly in last decades, and will be quicker on the cloud computing environment in future. No wall is wall in the world. We should enhance the cloud computing not only at the aspect of precaution, but also at the aspect of dealing with the security events to defend it from crime activities. In this paper, I propose a approach which using logs model to building a forensic-friendly system. Using this model we can quickly gather information from cloud computing for some kinds of forensic purpose. And this will decrease the complexity of those kinds of forensics.

Digital forensic readiness in the cloud

Abstract: The traditional digital forensic investigation process has always had a post-event driven focus. This process is perhaps too long for the cloud. This paper investigates how digital forensic readiness can be used to quicken and update the traditional digital forensic investigation process to better suit cloud computing environments. John Tans states that centralized logging is the key to efficient forensic strategies. The author proposes a model that considers centralised logging of all activities of all the participants within the cloud in preparation of an investigation. This approach will quicken the acquisition of evidential data when an investigation is required, allowing the investigator to start the analysis and examination almost immediately.

Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions

Abstract: The Internet is an essential tool for everyday tasks. Aside from common use, the option to browse the Internet privately is a desirable attribute. However, this can create a problem when private Internet sessions become hidden from computer forensic investigators in need of evidence. Our primary focus in this research is to discover residual artifacts from private and portable web browsing sessions. In addition, the artifacts must contain more than just file fragments and enough to establish an affirmative link between user and session. Certain aspects of this topic have triggered many questions, but there have never been enough authoritative answers to follow. As a result, we propose a new methodology for analyzing private and portable web browsing artifacts. Our research will serve to be a significant resource for law enforcement, computer forensic investigators, and the digital forensics research community.

Digital Forensic Trends and Future

Abstract: Nowadays, rapid evolution of computers and mobile phones has caused these devices to be used in criminal activities. Providing appropriate and sufficient security measures is a difficult job due to complexity of devices which makes investigating crimes involving these devices even harder. Digital forensic is the procedure of investigating computer crimes in the cyber world. Many researches have been done in this area to help forensic investigation to resolve existing challenges. This paper attempts to look into trends of applications of digital forensics and security at hand in various aspects and provide some estimations about future research trends in this area.