Showing papers on "Digital forensics published in 2020"

A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues

Abstract: Today is the era of the Internet of Things (IoT). The recent advances in hardware and information technology have accelerated the deployment of billions of interconnected, smart and adaptive devices in critical infrastructures like health, transportation, environmental control, and home automation. Transferring data over a network without requiring any kind of human-to-computer or human-to-human interaction, brings reliability and convenience to consumers, but also opens a new world of opportunity for intruders, and introduces a whole set of unique and complicated questions to the field of Digital Forensics. Although IoT data could be a rich source of evidence, forensics professionals cope with diverse problems, starting from the huge variety of IoT devices and non-standard formats, to the multi-tenant cloud infrastructure and the resulting multi-jurisdictional litigations. A further challenge is the end-to-end encryption which represents a trade-off between users’ right to privacy and the success of the forensics investigation. Due to its volatile nature, digital evidence has to be acquired and analyzed using validated tools and techniques that ensure the maintenance of the Chain of Custody. Therefore, the purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges. Furthermore, this work provides an overview of the past and current theoretical models in the digital forensics science. Special attention is paid to frameworks that aim to extract data in a privacy-preserving manner or secure the evidence integrity using decentralized blockchain-based solutions. In addition, the present paper addresses the ongoing Forensics-as-a-Service (FaaS) paradigm, as well as some promising cross-cutting data reduction and forensics intelligence techniques. Finally, several other research trends and open issues are presented, with emphasis on the need for proactive Forensics Readiness strategies and generally agreed-upon standards.

Deep-Learning-Empowered Digital Forensics for Edge Consumer Electronics in 5G HetNets

Abstract: The upcoming 5G heterogeneous networks (HetNets) have attracted much attention worldwide. Large amounts of high velocity data can be transported by using the bandwidth spectrum of HetNets, yielding both great benefits and several concerning issues. In particular, great harm to our community could occur if the main visual information channels, such as images and videos, are maliciously attacked and uploaded to the internet, where they can be spread quickly. Therefore, we propose a novel framework as a digital forensics tool to protect end users. It is built based on deep learning and can realize the detection of attacks via classification. Compared with the conventional methods and justified by our experiments, the data collection efficiency, robustness, and detection performance of the proposed model are all refined. In addition, assisted by 5G HetNets, our proposed framework makes it possible to provide high-quality real-time forensics services on edge consumer devices (ECE) such as cell phones and laptops, which brings colossal practical value. Some discussions are also carried out to outline potential future threats.

NIST Cloud Computing Forensic Science Challenges

Abstract: This document summarizes research performed by the members of the NIST Cloud Computing Forensic Science Working Group and aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenges are presented along with the associated literature that references them. The immediate goal of the document is to begin a dialogue on forensic science concerns in cloud computing ecosystems. The long-term goal of this effort is to gain a deeper understanding of those concerns (challenges) and to identify technologies and standards that can mitigate them.

A Survey on Digital Forensics in Internet of Things

Abstract: Internet of Things (IoT) is increasingly permeating peoples’ lives, gradually revolutionizing our way of life. Due to the tight connection between people and IoT, now civil and criminal investigations or internal probes must take IoT into account. From the forensic perspective, the IoT environment contains a rich set of artifacts that could benefit investigations, while the forensic investigation in IoT paradigm may have to alter to accommodate characteristics of IoT. Therefore, in this article, we analyze the impact of IoT on digital forensics and systematize the research efforts made by previous researchers from 2010 to 2018. We sketch the landscape of IoT forensics and examine the state of IoT forensics under a 3-D framework. The 3-D framework consists of a temporal dimension, a spatial dimension, and a technical dimension. The temporal dimension walks through the standard digital forensic process while the spatial dimension explores where to identify sources of evidence in IoT environment. These two dimensions attempt to provide principles and guidelines for standardizing digital investigations in the context of IoT. The technical dimension guides a way to the exploration of tools and techniques to ensure the enforcement of digital forensics in the ever-evolving IoT environment. Put together, we present a holistic overview of digital forensics in IoT. We also highlight open issues and outline promising suggestions to inspire future study.

Forensics and Analysis of Deepfake Videos

Abstract: The spread of smartphones with high quality digital cameras in combination with easy access to a myriad of software apps for recording, editing and sharing videos and digital images in combination with deep learning AI platforms has spawned a new phenomenon of faking videos known as Deepfake. We design and implement a deep-fake detection model with mouth features (DFT-MF), using deep learning approach to detect Deepfake videos by isolating, analyzing and verifying lip/mouth movement. Experiments conducted against datasets that contain both fake and real videos showed favorable classification performance for DFT-MF model especially when compared with other work in this area.

IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers

Abstract: Internet of Things (IoT) bot malware is relatively new and not yet well understood forensically, despite its potential role in a broad range of malicious cyber activities. For example, it was abused to facilitate the distributed denial of service (DDoS) attack that took down a significant portion of the Internet on October 21, 2016, keeping millions of people from accessing over 1200 websites, including Twitter and NetFlix for nearly an entire day. The widespread adoption of an estimated 50 billion IoT devices, as well as the increasing interconnectivity of those devices to traditional networks, not to mention to one another with the advent of fifth generation (5G) networks, underscore the need for IoT botnet forensics. This study is the first published, comprehensive digital forensic case study on one of the most well known families of IoT bot malware - Mirai. Past research has largely studied the botnet architecture and analyzed the Mirai source code (and that of its variants) through traditional static and dynamic malware analysis means, but has not fully and forensically analyzed infected devices or Mirai network devices. In this paper, we set up a fully functioning Mirai botnet network architecture and conduct a comprehensive forensic analysis on the Mirai botnet server. We discuss forensic artifacts left on the attacker's terminal, command and control (CNC) server, database server, scan receiver and loader, as well as the network packets therefrom. We discuss how a forensic investigator might acquire some of these artifacts remotely, without direct physical access to the botnet server itself. This research provides findings tactically useful to forensic investigators, not only from the perspective of what data can be obtained (e.g., IP addresses of bot members), but also important information about which device they should target for acquisition and investigation to obtain the most investigatively useful information.

Security, cybercrime and digital forensics for IoT

Abstract: The Internet of Things (IoT) connects almost all the environment objects whether physical or virtual over the Internet to produce new digitized services that improve people’s lifestyle. Currently, several IoT applications have a direct impact on our daily life activities including smart agriculture, wearables, connected healthcare, connected vehicles, and others. Despite the countless benefits provided by the IoT system, it introduces several security challenges. Resolving these challenges should be one of the highest priorities for IoT manufacturers to continue the successful deployment of IoT applications. The owners of IoT devices should guarantee that effective security measures are built in their devices. With the developments of the Internet, the number of security attacks and cybercrimes has increased significantly. In addition, with poor security measures implemented in IoT devices, the IoT system creates more opportunities for cybercrimes to attack various application and services of the IoT system resulting in a direct impact on users. One of the approaches that tackle the increasing number of cybercrimes is digital forensics. Cybercrimes with the power of the IoT technology can cross the virtual space to threaten human life, therefore, IoT forensics is required to investigate and mitigate against such attacks. This chapter presents a review of IoT security and forensics. It started with reviewing the IoT system by discussing building blocks of an IoT device, essential characteristic, communication technologies and challenges of the IoT. Then, IoT security by highlighting threats and solutions regarding IoT architecture layers are discussed. Digital forensics is also discussed by presenting the main steps of the investigation process. In the end, IoT forensics is discussed by reviewing related IoT forensics frameworks, discussing the need for adopting real-time approaches and showing various IoT forensics.

Categorization and Organization of Database Forensic Investigation Processes

Abstract: Database forensic investigation (DBFI) is an important area of research within digital forensics. It's importance is growing as digital data becomes more extensive and commonplace. The challenges associated with DBFI are numerous, and one of the challenges is the lack of a harmonized DBFI process for investigators to follow. In this paper, therefore, we conduct a survey of existing literature with the hope of understanding the body of work already accomplished. Furthermore, we build on the existing literature to present a harmonized DBFI process using design science research methodology. This harmonized DBFI process has been developed based on three key categories (i.e. planning, preparation and pre-response, acquisition and preservation, and analysis and reconstruction). Furthermore, the DBFI has been designed to avoid confusion or ambiguity, as well as providing practitioners with a systematic method of performing DBFI with a higher degree of certainty.

Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field

Abstract: For every contact that is made in a database, a digital trace will potentially be left and most of the database breaches are mostly aimed at defeating the major security goals (Confidentiality, Integrity, and Authenticity) of data that reside in the database. In order to prove/refute a fact during litigation, it is important to identify suitable investigation techniques that can be used to link a potential incident/suspect to the digital crime. As a result, this paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field. While developing the IIRM, design science methodology has been adapted and the outcome of this study has shown significant and promising approaches that could be leveraged by digital forensic experts, legal practitioners and law enforcement agencies. This is owing to the fact, that IIRM construction has followed incident investigation principles that are stipulated in ISO guidelines.

A Review of Mobile Forensic Investigation Process Models

Abstract: Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for investigation.

DistLog: A distributed logging scheme for IoT forensics

Abstract: Digital forensics are vital in the Internet of Things (IoT) domain. This is due to the enormous growth of cyber attacks and their widespread use against IoT devices. While IoT forensics do not prevent IoT attacks, they help in reducing their occurrence by tracing their source, tracking their root causes and designing the corresponding countermeasures. However, modern IoT attacks use anti-forensics techniques to destroy or modify any important digital evidence including log files. Anti-forensics techniques complicate the task for forensic investigators in tracking the attack source. Thus, countermeasures are required to defend against anti-forensics techniques. In this paper, we aim at securing the IoT log files to prevent anti-forensics techniques that target the logs’ availability and integrity such as wiping and injecting attacks. In the proposed solution, and at regular intervals of time, the logs generated by IoT devices are aggregated, compressed and encrypted. Afterwards, the encrypted logs are fragmented, authenticated and distributed over n storage nodes, based on the proposed Modified Information Dispersal Algorithm (MIDA) that can ensure log files availability with a degree of ( n − t ). For data dispersal, two cases are considered: the case where the fog nodes are interconnected and the case where they are not. For the former case, the n obtained fragments are transmitted to n neighboring IoT devices (aggregation nodes). However, for the latter one, the output is transmitted to the corresponding fog and then, dispersed over the n neighboring fog nodes. A set of security and performance tests were performed showing the effectiveness and robustness of the proposed solution in thwarting well-known security attacks.

A PUF-Based Data-Device Hash for Tampered Image Detection and Source Camera Identification

Abstract: With the increasing prevalent of digital devices and their abuse for digital content creation, forgeries of digital images and video footage are more rampant than ever. Digital forensics is challenged into seeking advanced technologies for forgery content detection and acquisition device identification. Unfortunately, existing solutions that address image tampering problems fail to identify the device that produces the images or footage while techniques that can identify the camera is incapable of locating the tampered content of its captured images. In this paper, a new perceptual data-device hash is proposed to locate maliciously tampered image regions and identify the source camera of the received image data as a non-repudiable attestation in digital forensics. The presented image may have been either tampered or gone through benign content preserving geometric transforms or image processing operations. The proposed image hash is generated by projecting the invariant image features into a physical unclonable function (PUF)-defined Bernoulli random space. The tamper-resistant random PUF response is unique for each camera and can only be generated upon triggered by a challenge, which is provided by the image acquisition timestamp. The proposed hash is evaluated on the modified CASIA database and CMOS image sensor-based PUF simulated using 180 nm TSMC technology. It achieves a high tamper detection rate of 95.42% with the regions of tampered content successfully located, a good authentication performance of above 98.5% against standard content-preserving manipulations, and 96.25% and 90.42%, respectively, for the more challenging geometric transformations of rotation (0 ~ 360°) and scaling (scale factor in each dimension: 0.5). It is demonstrated to be able to identify the source camera with 100% accuracy and is secure against attacks on PUF.

Interpol review of digital evidence 2016 - 2019.

Abstract: This review paper covers the forensic-relevant literature in digital evidence from 2016 to 2019 as a part of the 19th Interpol International Forensic Science Managers Symposium. The review papers are also available at the Interpol website at: https://www.interpol.int/content/download/14458/file/Interpol Review Papers 2019.pdf

Quality standards for digital forensics: Learning from experience in England & Wales

Abstract: The Forensic Science Regulator has the role of setting quality standards for forensic science in the Criminal Justice System (CJS) in England and Wales. The current requirement is for organisations carrying out digital forensics to gain accreditation to the international standard ISO/IEC 17025 and the Forensic Science Regulator's Codes of Practice and Conduct. The aim of this requirement is to embed a systematic approach to quality, including understanding methods, validating software and systems, understanding risks, ensuring that all involved in the crime scene to court process have the skills and competence they need and the appropriate equipment and environment for the work, and providing ongoing assurance of quality through audit and proficiency tests. However, the challenge of implementing the standards in digital forensics should not be underestimated, particularly in an environment where there is insufficient capacity to meet a growing demand for services in an area of increasing complexity and fragmented delivery. It is therefore timely to review available data to determine the extent to which accreditation to ISO/IEC 17025 is addressing quality issues in digital forensics and consider what changes and resources could be made available to assist with implementation of quality systems.

SoK: Exploring the State of the Art and the Future Potential of Artificial Intelligence in Digital Forensic Investigation

Abstract: Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper summarises existing artificial intelligence based tools and approaches in digital forensics. Automated evidence processing leveraging artificial intelligence based techniques shows great promise in expediting the digital forensic analysis process while increasing case processing capacities. For each application of artificial intelligence highlighted, a number of current challenges and future potential impact is discussed.

Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments

Abstract: Machine learning has been shown as a promising approach to mine larger datasets, such as those that comprise data from a broad range of Internet of Things devices, across complex environment(s) to solve different problems. This paper surveys existing literature on the potential of using supervised classical machine learning techniques, such as K-Nearest Neigbour, Support Vector Machines, Naive Bayes and Random Forest algorithms, in performing live digital forensics for different IoT configurations. There are also a number of challenges associated with the use of machine learning techniques, as discussed in this paper.

D4I - Digital forensics framework for reviewing and investigating cyber attacks

Abstract: Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention approaches. Nowadays, the investigation of cyber-attacks has evolved more than ever leveraging combinations of intelligent tools and digital forensics processes. Intelligent tools (e.g., YARA rules and Indicators of Compromise) are effective only when there is prior knowledge about software and mechanisms used in the cyber-attack, i.e., they are not attack-agnostic. Therefore, the effectiveness of these intelligent tools is inversely proportional to the number of the never-seen-before software and mechanisms utilized. Digital forensic processes, while not suffering from such issue, lack the ability to provide in-depth support to a cyber-attack investigation mainly due to insufficient detailed instructions in the examination and analysis phases. This paper proposes a digital forensics framework for reviewing and investigating cyber-attacks, called D4I, which focuses on enhancing the examination and analysis phases. First, the framework proposes a digital artifacts categorization and mapping to the Cyber-Kill-Chain steps of attacks. Second, it provides detailed instructing steps for the examination and analysis phases. The applicability of D4I is demonstrated with an application example that concerns a typical case of a spear phishing attack.

Fintech forensics: Criminal investigation and digital evidence in financial technologies

Abstract: This paper describes an emerging sub-discipline of digital forensics covering financial technologies, or Fintech. The digital transformation of society is introducing new Fintech for payments, funds transfer, and other financial transactions. Criminals are using and abusing financial technologies for fraud, extortion, money laundering, and financing activity in the criminal underground. The investigation of Fintech and digital payment activity needs to be recognized as a new technical sub-discipline of the digital forensics landscape. The digital forensics community is well positioned to provide research for practitioners to enhance investigations involving Fintech and technical financial activity.

Recent Advances in Digital Multimedia Tampering Detection for Forensics Analysis

Abstract: In the digital multimedia era, digital forensics is becoming an emerging area of research thanks to the large amount of image and video files generated. Ensuring the integrity of such media is of great importance in many situations. This task has become more complex, especially with the progress of symmetrical and asymmetrical network structures which make their authenticity difficult. Consequently, it is absolutely imperative to discover all possible modes of manipulation through the development of new forensics detector tools. Although many solutions have been developed, tamper-detection performance is far from reliable and it leaves this problem widely open for further investigation. In particular, many types of multimedia fraud are difficult to detect because some evidences are not exploited. For example, the symmetry and asymmetry inconsistencies related to visual feature properties are potential when applied at multiple scales and locations. We explore here this topic and propose an understandable soft taxonomy and a deep overview of the latest research concerning multimedia forgery detection. Then, an in-depth discussion and future directions for further investigation are provided. This work offers an opportunity for researchers to understand the current active field and to help them develop and evaluate their own image/video forensics approaches.

METEOR: Measurable Energy Map Toward the Estimation of Resampling Rate via a Convolutional Neural Network

Abstract: In recent years, with the improvements in machine learning, image forensics has made considerable progress in detecting editing manipulations. This progress also raises more questions in image forensics research, such as can the parameters applied in a manipulation be estimated. Many parameter estimation works have already been performed. However, most of these works are based on mathematical analyses. In this paper, we attempt to solve a particular parameter estimation problem from a different aspect. Specifically, a new convolutional neural network (CNN) model is proposed to estimate the resampling rate for resampled images regardless of whether the image is upscaled or downscaled. This model features an original layer to generate a measurable energy map toward the estimation of resampling rate (METEOR). The METEOR layer is demonstrated to be an outstanding method that can assist in enhancing the estimation performance of the CNN. Furthermore, the METEOR layer can also increase the robustness of the CNN against JPEG compression, which makes it extremely important in realistic application scenarios. Our work has verified that machine learning, particularly CNNs, with proper optimization can also be refined to adapt to parameter estimation in digital forensics with excellent performance and robustness.

A survey on digital camera identification methods

Abstract: Digital forensics is a topic that has attracted many attention. One of the most common tasks in digital forensics is imaging sensor identification. It may be understood as recognizing devices origin based on subject that this device produced. Therefore, areas that match digital forensics include among others: digital camera, flatbed scanner or printer identification. In this paper we survey methods and algorithms for digital camera identification. The goal of digital camera identification algorithm is to identify and distinct camera's sensor based on produced images. This topic is especially popular in forensics' community since last years. The paper discusses two concepts for camera identification: individual source camera identification (ISCI) and source camera model identification (SCMI). The ISCI aims to distinguish a certain camera among cameras of both the same and the different camera models, while the SCMI distinguishes a certain camera model among others but cannot distinguish a certain camera among the same camera models. We investigate methods dealing with these concepts that include: camera's photo response non uniformity (PRNU) identification, statistical methods, analysis of camera's optical defects, machine learning and deep models which include convolutional neural networks. We also provide a description of popular image datasets that can be used for camera identification algorithms evaluation.

Forensic analysis for IoT fitness trackers and its application

Abstract: A fitness tracker monitors our daily activity by measuring distance walked (or run), calorie consumption, heartbeat and quality of sleep. Although originally designed to check the user’s health, its data is important in verifying the veracity of interrogation responses of the suspect, or the activities of the victim near the time of the incident. Xiaomi Mi Band 2 and Fitbit Alta HR are representative fitness trackers which allow users to view measured data on connected mobile devices. We compare the functionality of the two wearable devices, select the data that must be acquired (based on the Android device used), and provide the analysis methods for each file from the perspective of digital forensics.

Proactive Forensics: Keystroke Logging from the Cloud as Potential Digital Evidence for Forensic Readiness Purposes

Abstract: The relationship between negative and positive connotations with regard to malware in the cloud is rarely investigated according to the prevailing literature. However, there is a significant relationship between the use of positive and negative connotations. A clear distinction between the two emanates when we use the originally considered malicious code, for positive connotation like in the case of capturing keystrokes in a proactive forensic purpose. This is done during the collection of digital evidence for Digital Forensic Readiness (DFR) purposes, in preparation of a Digital Forensic Investigation (DFI) process. The paper explores the problem of having to use the keystrokes for positive reasons as a piece of potential evidence through extraction and digitally preserving it as highlighted in ISO/IEC 27037: 2012 (security approaches) and ISO/IEC 27043: 2015 (legal connotations). In this paper, therefore, the authors present a technique of how DFR can be achieved through the collection of digital information from the originally considered malicious code. This is achieved without modifying the cloud operations or the infrastructure thereof, while preserving the integrity of digital information and possibly maintain the chain of custody at the same time. The paper proposes that the threshold of malicious code intrusion in the cloud can be transformed to an efficacious process of DFR through logical acquisition and digitally preserving keystrokes. The experiment-tested keystrokes have shown a significant approach that could achieve proactive forensics.

Smart Home Forensics—Data Analysis of IoT Devices

Abstract: A smart home is a residence that provides a variety of automation services based on Internet of Things (IoT) devices equipped with sensors, cameras, and lights. These devices can be remotely controlled through controllers such as smartphones and smart speakers. In a smart home, IoT devices collect and process data related to motion, temperature, lighting control, and other factors and store more diverse and complex user data. This data can be useful in forensic investigations but it is a challenge to extract meaningful data from various smart home devices because they have different data storage methods. Therefore, data collection from different smart home devices and identification and analysis of data that can be used in digital forensics is crucial. This study focuses on how to acquire, classify, and analyze smart home data from Google Nest Hub, Samsung SmartThings, and Kasa cam for forensic purposes. We thus analyzed the smart home data collected using companion apps, Web interfaces, and APIs to identify meaningful data available for the investigation. Moreover, the paper discusses various types of smart home data and their usage as core evidence in some forensic scenarios.

SoK: exploring the state of the art and the future potential of artificial intelligence in digital forensic investigation

Abstract: Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper summarises existing artificial intelligence based tools and approaches in digital forensics. Automated evidence processing leveraging artificial intelligence based techniques shows great promise in expediting the digital forensic analysis process while increasing case processing capacities. For each application of artificial intelligence highlighted, a number of current challenges and future potential impact is discussed.

Standardization of forming and expressing preliminary evaluative opinions on digital evidence

Abstract: The growing number of cases involving overlooked or misinterpreted digital evidence is raising concerns among factfinders and decision-makers about the reliability of digital forensic conclusions. To reduce the risk of mistakes and misinterpretations of forensic observations, including but not limited to digital evidence, there is a pressing need to standardize how evaluative opinions are formed and expressed. Responding to this need, the international community is drafting ISO-21043 and the UK Forensic Science Regulator is drafting an evaluative interpretation standard that promote a likelihood ratio approach. This approach is suitable for fully evaluative opinions in many forensic disciplines, but until more refined methods for evaluating digital evidence are developed, digital forensic practitioners require an interim solution to address immediate needs. More broadly, digital evidence is used in many non-judicial contexts that do not require fully evaluative opinions expressed as a likelihood ratio. This work proposes a standardized approach to formulating and expressing preliminary evaluative opinions in terms of strength of evidence in a manner that employs scientific reasoning within a logical Bayesian framework and can be understood by non-specialist factfinders. Illustrative case examples are presented that involve digital evidence tampering. In addition, this work presents a proof-of-concept database of cases involving tampering of digital evidence that could support assignment of strength of evidence in similar cases.