Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Towards a Forensic-Based Service Oriented Architecture Framework for Auditing of Cloud Logs

Abstract: Cloud computing log digital investigations relate to the investigation of a potential crime using the digital forensic evidence from a virtual machine (VM) host operating system using the hypervisor event logs. In cloud digital log forensics, work on the forensic reconstruction of evidence on VM hosts system is required, but with the heterogeneous complexity involved with an enterprise's private cloud not to mention public cloud distributed environments, a possible Web Services-centric approach may be required for such log supported investigations. A data cloud log forensics service oriented architecture (SOA) audit framework for this type of forensic examination needs to allow for the reconstruction of transactions spanning multiple VM hosts, platforms and applications. This paper explores the requirements of a cloud log forensics SOA framework for performing effective digital investigation examinations in these abstract web services environments. This framework will be necessary in order to develop investigative and forensic auditing tools and techniques for use in cloud based log-centric SOAs.

Subject-based semantic document clustering for digital forensic investigations

Abstract: Computers are increasingly used as tools to commit crimes such as unauthorized access (hacking), drug trafficking, and child pornography. The proliferation of crimes involving computers has created a demand for special forensic tools that allow investigators to look for evidence on a suspect's computer by analyzing communications and data on the computer's storage devices. Motivated by the forensic process at Surete du Quebec (SQ), the Quebec provincial police, we propose a new subject-based semantic document clustering model that allows an investigator to cluster documents stored on a suspect's computer by grouping them into a set of overlapping clusters, each corresponding to a subject of interest initially defined by the investigator.

A Fuzzy Expert System for Network Forensics

Abstract: The field of digital forensic science emerged as a response to the growth of a computer crime. Digital forensics is the art of discovering and retrieving information about a crime in such a way to make digital evidence admissible in court. Especially, network forensics is digital forensic science in networked environments. The more network traffic, the harder network analyzing. Therefore, we need an effective and automated analyzing system for network forensics. In this paper, we develop a fuzzy logic based expert system for network forensics that can analyze computer crimes in networked environments and make digital evidences automatically. This system can provide an analyzed information for forensic experts and reduce the time and cost of forensic analysis.

Advanced Framework for Digital Forensic Technologies and Procedures

Abstract: Recent trends in global networks are leading toward service-oriented architectures and sensor networks. On one hand of the spectrum, this means deployment of services from numerous providers to form new service composites, and on the other hand this means emergence of Internet of things. Both these kinds belong to a plethora of realms and can be deployed in many ways, which will pose serious problems in cases of abuse. Consequently, both trends increase the need for new approaches to digital forensics that would furnish admissible evidence for litigation. Because technology alone is clearly not sufficient, it has to be adequately supported by appropriate investigative procedures, which have yet become a subject of an international consensus. This paper therefore provides appropriate a holistic framework to foster an internationally agreed upon approach in digital forensics along with necessary improvements. It is based on a top-down approach, starting with legal, continuing with organizational, and ending with technical issues. More precisely, the paper presents a new architectural technological solution that addresses the core forensic principles at its roots. It deploys so-called leveled message authentication codes and digital signatures to provide data integrity in a way that significantly eases forensic investigations into attacked systems in their operational state. Further, using a top-down approach a conceptual framework for forensics readiness is given, which provides levels of abstraction and procedural guides embellished with a process model that allow investigators perform routine investigations, without becoming overwhelmed by low-level details. As low-level details should not be left out, the framework is further evaluated to include these details to allow organizations to configure their systems for proactive collection and preservation of potential digital evidence in a structured manner. The main reason behind this approach is to stimulate efforts on an internationally agreed "template legislation," similarly to model law in the area of electronic commerce, which would enable harmonized national implementations in the area of digital forensics.

Skype Forensics in Android Devices

Abstract: The discipline of smartphone forensics has recently got more attention because of the tremendous growth in the smartphones market. Smartphones, to some extent, have similar capabilities to that of PCs. They can store large amount of data and divergent categories of information. Among other mobile platforms, Android-based devices are getting more popularity. Variety of mobile Applications (Apps) are increasingly developed to mainly extend the functionally of the phones. The usage of Voice over IP (VoIP) Apps has explosively increased for their wide availability and cheap prices. As Skype is one of the most popular VoIP Apps, in this paper we investigate the artifacts of Skype calls and chats in the Android devices. We inspect both the RAM and NAND flash memories in different scenarios and time durations. Even though Skype provides secure communications over the Internet, this paper shows that Skype call and chat evidences can be truly found in the devices. To the best of our knowledge, we are the first to investigate Skype in the Android devices. General Terms Digital Forensics, Cyber Security