Showing papers on "Digital forensics published in 2022"
TL;DR: Wang et al. as mentioned in this paper proposed a digital forensics tool to protect end users in 5G heterogeneous networks, which is built based on deep learning and can realize the detection of attacks via classification.
Abstract: The upcoming 5G heterogeneous networks (HetNets) have attracted much attention worldwide. Large amounts of high-velocity data can be transported by using the bandwidth spectrum of HetNets, yielding both great benefits and several concerning issues. In particular, great harm to our community could occur if the main visual information channels, such as images and videos, are maliciously attacked and uploaded to the Internet, where they can be spread quickly. Therefore, we propose a novel framework as a digital forensics tool to protect end users. It is built based on deep learning and can realize the detection of attacks via classification. Compared with the conventional methods and justified by our experiments, the data collection efficiency, robustness, and detection performance of the proposed model are all refined. In addition, assisted by 5G HetNets, our proposed framework makes it possible to provide high-quality real-time forensics services on edge consumer devices such as cell phone and laptops, which brings colossal practical value. Some discussions are also carried out to outline potential future threats.
42 citations
TL;DR: In this paper , the current state-of-the-art digital forensics concepts in existing research, sheds light on research gaps, presents a detailed introduction of different computer forensic domains and forensic toolkits used for computer forensics in the current era.
Abstract: With the alarmingly increasing rate of cybercrimes worldwide, there is a dire need to combat cybercrimes timely and effectively. Cyberattacks on computing machines leave certain artifacts on target device storage that can reveal the identity and behavior of cyber-criminals if processed and analyzed intelligently. Forensic agencies and law enforcement departments use several digital forensic toolkits, both commercial and open-source, to examine digital evidence. The proposed research survey focuses on identifying the current state-of-the-art digital forensics concepts in existing research, sheds light on research gaps, presents a detailed introduction of different computer forensic domains and forensic toolkits used for computer forensics in the current era. The proposed survey also presents a comparative analysis based on the tool’s characteristics to facilitate investigators in tool selection during the forensics process. Finally, the proposed survey identifies and derives current challenges and future research directions in computer forensics.
23 citations
TL;DR: A conceptual model for smart digital forensic readiness of organizations with shadow IoT devices is developed, which will serve as a prototype for IoT device identification, IoT device monitoring, as well as digital potential evidence capturing and preservation for forensic readiness.
Abstract: Internet of Things (IoT) is the network of physical objects for communication and data sharing. However, these devices can become shadow IoT devices when they connect to an existing network without the knowledge of the organization’s Information Technology team. More often than not, when shadow devices connect to a network, their inherent vulnerabilities are easily exploited by an adversary and all traces are removed after the attack or criminal activity. Hence, shadow connections pose a challenge for both security and forensic investigations. In this respect, a forensic readiness model for shadow device-inclusive networks is sorely needed for the purposes of forensic evidence gathering and preparedness, should a security or privacy breach occur. However, the hidden nature of shadow IoT devices does not facilitate the effective adoption of the most conventional digital and IoT forensic methods for capturing and preserving potential forensic evidence that might emanate from shadow devices in a network. Therefore, this paper aims to develop a conceptual model for smart digital forensic readiness of organizations with shadow IoT devices. This model will serve as a prototype for IoT device identification, IoT device monitoring, as well as digital potential evidence capturing and preservation for forensic readiness.
15 citations
TL;DR: This work is going to discuss the several types of personal data that could be retrieved from discarded IoT devices, and the protection measures for the safe disposal of IoT devices.
Abstract: Abstract With the advancement in science and technology, the demand for electronic Internet of Things (IoT) devices has increased to store and process digital data. With the advancement in IoT technology, we are more reliant on IoT devices to perform our regular tasks. IoT Forensics deals with the investigation of IoT devices such as smartphones, tablets, smart watches, or any device which is connected to the Internet. The data on these devices can still be retrieved via IoT forensics even if they are destroyed, resold, or misplaced. Before discarding any IoT device, we must consider how to secure the data stored on them. We are then going to discuss the several types of personal data that could be retrieved from discarded IoT devices. Finally, we are going to discuss the protection measures for the safe disposal of IoT devices.
11 citations
TL;DR: A comprehensive overview of the work in the field of source video identification can be found in this paper by examining existing techniques, such as photo response nonuniformity (PRNU) and machine learning approaches.
11 citations
TL;DR: In this article , the authors performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensic topics and identified their main challenges, highlighting the European perspective which is traditionally stricter in terms of privacy.
Abstract: Due to its critical role in cybersecurity, digital forensics has received significant attention from researchers and practitioners alike. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of several technologies. To date, researchers have presented many surveys and reviews on the field. However, such articles focused on the advances of each particular domain of digital forensics individually. Therefore, while each of these surveys facilitates researchers and practitioners to keep up with the latest advances in a particular domain of digital forensics, the global perspective is missing. Aiming to fill this gap, we performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensics topics and identified their main challenges. Despite the diversity of topics and methods, there are several common problems that are faced by almost all of them, with most of them residing in evidence acquisition and pre-processing due to counter analysis methods and difficulties of collecting data from devices, the cloud etc. Beyond pure technical issues, our study highlights procedural issues in terms of readiness, reporting and presentation, as well as ethics, highlighting the European perspective which is traditionally stricter in terms of privacy. Our extensive analysis paves the way for closer collaboration among researcher and practitioners among different topics of digital forensics.
11 citations
10 citations
TL;DR: ForTrace as mentioned in this paper is a data synthesis framework based on hystck for the simultaneous generation of persistent, volatile and network traces, which can be used to generate forensic relevant traces of different sources.
9 citations
8 citations
TL;DR: A novel forensic readiness framework called Drone Forensics Readiness Framework (DRFRF) is proposed using the design science method and the results showed the novelty and efficiency of DRFRF and its applicability to the situations before and after drone incidents.
Abstract: The Drone Forensics (DRFs) field is a branch of digital forensics, which involves the identification, capture, preservation, reconstruction, analysis, and documentation of drone incidents. Several models have been proposed in the literature for the DRF field, which generally discusses DRF from a reactive forensic perspective; however, the proactive forensic perspective is missing. Therefore, this paper proposes a novel forensic readiness framework called Drone Forensics Readiness Framework (DRFRF) using the design science method. It consists of two stages: (i) proactive forensic stage and (ii) reactive forensic stage. It considers centralized logging of all events of all the applicants within the drone device in preparation for an examination. It will speed up gathering data when an investigation is needed, permitting the forensic investigators to handle the examination and analysis directly. Additionally, digital forensics analysts can increase the possible use of digital evidence while decreasing the charge of performing forensic readiness. Thus, both the time and cost required to perform forensic readiness could be saved. The completeness, logicalness, and usefulness of DRFRF were compared to those of other models already existing in the DRF domain. The results showed the novelty and efficiency of DRFRF and its applicability to the situations before and after drone incidents.
8 citations
TL;DR: In this paper , a new approach to digital forensics is considered based on the concept of zero trust, an increasingly popular design in network security, which is defined as a strategy adopted by investigators whereby each aspect of an investigation is assumed to be unreliable until verified.
TL;DR: In this article , a collection of research has been carried out to identify and collect artifacts of web browsers having secrecy features for examination, validation, and find out potential ways to use the collected information during active investigations.
Abstract: Web browsers are ubiquitous applications to access public and private applications over the Internet, Intranet, and Extranet. The increased demand for cybersecurity, including data privacy, secrecy, and anonymity, becomes the reason for enhanced privacy and anonymity in common web browsers and specialized web browsers to achieve such purposes. These features are great challenges and obstacles for forensic investigators. In this paper, a collection of research will be analyzed, that have been carried out to identify and collect artifacts of web browsers having secrecy features for examination, validation, and find out potential ways to use the collected information during active investigations. As a result, live forensics can become more relevant and dependable for collecting reasonable artifacts from private browsers. From common browsers using private browsing facilities, even removing web browsers after committing criminal activities can also be identified by analyzing the registry, supporting factual evidence gathering in any Digital Forensic investigation.
TL;DR: In this paper , a review of the current state-of-the-art in the field of digital forensics for drones is presented, highlighting that there are fundamental issues in terms of their forensics analysis from various perspectives, ranging from operational and procedural ones, and escalate to manufacturers.
TL;DR: In this article , the authors examine the issues with closed-box models; the goals; and methods of explainability/interpretability, and make recommendations for interpretable AI-based digital forensics (DF) investigation.
TL;DR: A conceptual evidence management framework is proposed in this article examining the future of accident investigation forensics in the era of connected vehicles, where evidence generated from vehicles involved in incident along with supporting evidence from nearby vehicles CCTVs and road users can be collected and managed over blockchain using smart contracts in a vehicle to everything connected environment.
TL;DR: The Digital Forensic Workflow Model (DFWM) as mentioned in this paper is an approach to the structuring and definition of the procedures and tasks involved in the digital forensic investigation process starting from the initial 'Review of Client Requirements & Planning' stage, right through to the 'Evaluation of Deployed Workflow' stage.
TL;DR: In this paper , the authors propose a set of ten Privacy-Preserving Data Processing Principles (PPDPP) for consideration by those conducting the digital forensic extraction and examination of data from a digital device.
01 Jan 2022
TL;DR: In this paper, the authors explored the key open problems and challenges experienced while conducting digital forensic processes in blockchain technologies and leveraged design science research (DSR) to achieve the objectives of this study.
Abstract: Blockchain technology has in many ways shown a promising technology where trust can be created between parties. With blockchain, trusted parties can easily transact or exchange information over a cryptographically secured distributed environment. However, based on the blockchain architecture, conducting digital forensic processes faces several problems and challenges. This chapter, therefore, explores the key open problems and challenges experienced while conducting digital forensic processes in blockchain technologies. The authors have leveraged design science research (DSR) to achieve the objectives of this study. Furthermore, the authors have also proposed high-level solutions to the identified problems and challenges.
TL;DR: In this paper , a forensic analysis of small to medium sized commercial drone devices and their controllers has been proposed to give investigators a plan of action to perform forensic analysis on these devices.
TL;DR: In this article , the authors define what digital forensics and incident response entail when dealing with medical devices, and present a case study to demonstrate the need to evolve and determine what digital forensic and incident detection entail.
Abstract: Traditionally, medical devices were built with a focus on clinical care, not security. As health care moves to Industry 4.0, practitioners need to evolve and determine what digital forensics and incident response entail when dealing with medical devices.
TL;DR: It can be proven that this method is the right method in analyzing a video, so that it can be used as evidence and as data forensics.
Abstract: The background of this research is how to make a video that can be analyzed as forensic data to prove the truth of the video, therefore with forensics it can be used as evidence if the video contains incorrect data or contains data capable of crime so that it can be used as data forensics. The method used in this study is to use the literature review method which uses the basis of many previous studies. From journals and books based on similar research, so that it can help develop existing problems to the latest problems so that they can find novelty in this research. The problem raised in this research is how to make a video from a CCTV that can be proven, by certain methods in order to make the video as forensic data, that can be proven so that it can be developed into data containing crimes that can be used as evidence. The purpose of this study is how to find the right method in order to analyze a CCTV video, so that it can be used as evidence on forensic data with the NIST method, it can be proven that this method is the right method in analyzing a video, so that it can be used as evidence and as data forensics.
TL;DR: In this article , a smartphone video database named Qatar University Forensic Video Database (QUFVD) is introduced, which includes 6000 videos from 20 modern smartphone representing five brands, each brand has two models, and each model has two identical smartphone devices.
Abstract: In recent years, the field of digital imaging has made significant progress, so that today every smartphone has a built-in video camera that allows you to record high-quality video for free and without restrictions. On the other hand, rapidly growing internet technology has contributed significantly to the widespread use of digital video via web-based multimedia systems and mobile smartphone applications such as YouTube, Facebook, Twitter, WhatsApp, etc. However, as the recording and distribution of digital videos have become affordable nowadays, security issues have become threatening and spread worldwide. One of the security issues is identifying source cameras on videos. There are some new challenges that should be addressed in this area. One of the new challenges is individual source camera identification (ISCI), which focuses on identifying each device regardless of its model. The first step towards solving the problems is a popular video database recorded by modern smartphone devices, which can also be used for deep learning methods that are growing rapidly in the field of source camera identification. In this paper, a smartphone video database named Qatar University Forensic Video Database (QUFVD) is introduced. The QUFVD includes 6000 videos from 20 modern smartphone representing five brands, each brand has two models, and each model has two identical smartphone devices. This database is suitable for evaluating different techniques such as deep learning methods for video source smartphone identification and verification. To evaluate the QUFVD, a series of experiments to identify source cameras using a deep learning technique are conducted. The results show that improvements are essential for the ISCI scenario on video.
TL;DR: In this paper , the authors investigated the structure required to implement and manage digital forensics readiness (DFR) within an enterprise using feedback from practicing forensic experts in the industry and academia.
TL;DR: In this article , a case study presented a qualitative assessment of the reliability of digital forensic investigation in criminal cases in Norway, and a reliability validation methodology based on international digital forensic standards was designed to assess to what extent those standards are implemented and followed by law enforcement in their casework.
01 Jan 2022
TL;DR: In this paper , the authors analyzed the results obtained from forensics tools on HDD and SSD to determine the difference between the two drives from a digital forensic perspective, and they concluded that SSDs are still relatively new products, with new products come new challenges and new difficulties.
Abstract: Storage media has become more complex in structure. This matter has been observed during the past years and this was the result of the big expansion in the integrated circuits and electronics industry. Hard disk drives (HDDs) were traditionally used to store data. Solid-state drives (SSDs) are being used for the same purpose, but they can be represented as the new replacement of HDD. Even though the industry of storage media started with hard disk drives, every tool has its age, and for the current age, hard disk drives proved that they cannot afford the desired speed for users and for the whole industry in general. Since SSDs are still relatively new products, with new products come new challenges and new difficulties. Therefore, this paper deeply analyzes the results obtained from forensics tools on HDD and SSD to determine the difference between the two drives from a digital forensic perspective.
TL;DR: Digital forensic investigation is based on natural language processing (NLP) techniques and the blockchain framework proposed in this process and the system’s potential is demonstrated by using a real-world dataset.
Abstract: Social media evidence is the new topic in digital forensics. If social media information is correctly explored, there will be significant support for investigating various offenses. Exploring social media information to give the government potential proof of a crime is not an easy task. Digital forensic investigation is based on natural language processing (NLP) techniques and the blockchain framework proposed in this process. The main reason for using NLP in this process is for data collection analysis, representations of every phase, vectorization phase, feature selection, and classifier evaluation. Applying a blockchain technique in this system secures the data information to avoid hacking and any network attack. The system’s potential is demonstrated by using a real-world dataset.
TL;DR: In this paper , the authors present a survey of recent data provenance problems in cloud computing, provenance taxonomy, and security issues, and discuss how volatile data can be captured before being overwritten and then helps identify current provenance limitations and future directions for further study.
TL;DR: In this paper , the authors comprehensively analyze image forgery detection methods using conventional and advanced deep learning approaches, including active, passive and other new deep learning technology like GANs, which have made photo-realistic images difficult to distinguish from real images.
Abstract: The digital image proves critical evidence in the fields like forensic investigation, criminal investigation, intelligence systems, medical imaging, insurance claims, and journalism to name a few. Images are an authentic source of information on the internet and social media. But, using easily available software or editing tools such as Photoshop, Corel Paint Shop, PhotoScape, PhotoPlus, GIMP, Pixelmator, etc. images can be altered or utilized maliciously for personal benefits. Various active, passive and other new deep learning technology like GAN approaches have made photo-realistic images difficult to distinguish from real images. Digital image tamper detection now focuses on determining the authenticity and consistency of digital photos. The major research problems use generic solutions and strategies, such as standardized data sets, benchmarks, evaluation criteria and generalized approaches.This paper overviews the evaluation of various image tamper detection methods. A brief discussion of image datasets and a comparative study of image criminological (forensic) methods are included in this paper. Furthermore, recently developed deep learning techniques along with their limitations have also been addressed. This study aims to comprehensively analyze image forgery detection methods using conventional and advanced deep learning approaches.
TL;DR: In this paper , detailed case studies and best practices need to be shared to allow companies to adapt their strategies to be better prepared to combat ransomware, and the authors argue that detailed case-study and best-practice sharing is needed.
Abstract: To combat ransomware, organizations, literature, and research efforts focus on technical measures and neglect procedural countermeasures. We argue that detailed case studies and best practices need to be shared to allow companies to adapt their strategies to be better prepared.
01 Jan 2022
TL;DR: This research is among the first to propose an interpretable federated transformer log learning model for threat detection supporting explainable cyber forensics and demonstrates the log agnostic capability and applicability of the approach on real- world operational settings such as edge computing systems.
Abstract: —Threat detection and forensics have become an imperative objective for any digital forensic triage. Supervised approaches have been proposed for inferring system and net- work anomalies; including anomaly detection contributions using syslogs. Nevertheless, most works downplay the importance of the interpretability of a model’s decision-making process. In this research, we are among the first to propose an interpretable federated transformer log learning model for threat detection supporting explainable cyber forensics. The proposed model is generated by training a local transformer-based threat detection model at each client in an organizational unit. Local models learn the system’s normal behavior from the syslogs which keep records of execution flows. Subsequently, a federated learning server aggregates the learned model parameters from local models to generate a global federated learning model. Log time-series capturing normal behavior are expected to differ from those possessing cyber threat activity. We demonstrate this difference through a goodness of fit test based on Karl-Pearson’s Chi-square statistic. To provide insights on actions triggering this difference, we integrate an attention-based interpretability module. We implement and evaluate our proposed model using HDFS, a publicly available log dataset, and an in-house collected and publicly-released dataset named CTDD, which consists of more than 8 million syslogs representing cloud collaboration services and systems compromised by different classes of cyber threats. Moreover, through different experiments, we demonstrate the log agnostic capability and applicability of our approach on real- world operational settings such as edge computing systems. Our interpretability module manifests significant attention difference between normal and abnormal logs which provide insightful interpretability of the model’s decision-making process. Finally, we deem the obtained results as a validation for the appropriate adoption of our approach in achieving threat forensics in the real world.