Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Identifying User Behavior from Residual Data in Cloud-based Synchronized Apps

Abstract: As the distinction between personal and organizational device usage continues to blur, the combination of applications that interact increases the need to investigate potential security issues. Although security and forensic researchers have been able to recover a variety of artifacts, empirical research has not examined a suite of application artifacts from the perspective of high-level pattern identification. This research presents a preliminary investigation into the idea that residual artifacts generated by cloud-based synchronized applications can be used to identify broad user behavior patterns. To accomplish this, the researchers conducted a single-case, pretest-posttest, quasi experiment using a smartphone device and a suite of Google mobile applications. The contribution of this paper is two-fold. First, it provides a proof of concept of the extent to which residual data from cloud-based synchronized applications can be used to broadly identify user behavior patterns from device data patterns. Second, it highlights the need for security controls to prevent and manage information flow between BYOD mobile devices and cloud synchronization services. Keywords: Residual Data, Cloud, Apps, Digital Forensics, BYOD

FlowScope: Efficient packet capture and storage in 100 Gbit/s networks

Abstract: Tools to capture and analyze traffic are found in every network operator's toolbox. Traffic dumps are essential to the process of debugging network issues and for network forensics. Capturing traffic is a performance-intensive and challenging task for high-speed networks. Therefore, network operators often rely on sampling a random subset of the traffic instead of capturing the network traffic in its entirety. Sampling is not always suitable, for example, network forensics applications require a full dump of the traffic to determine the source of an attack. We present FlowScope, a tool to continuously capture and store packets in an in-memory ring buffer. A filtered subset of the acquired packets can be dumped to disk if a specified trigger event occurs. We report benchmark results of 120 Gbit/s with 128 byte packets. This is achieved by using a novel ring buffer data structure that is optimized for high packet throughput. FlowScope is available as free software under the MIT license at https://github.com/emmericp/FlowScope.

A Comparative Study of Forensic Science and Computer Forensics

Abstract: As the internet has reached every corner of the world as well as every aspect of our life, illegal activities go with it as well. In dealing with this phenomenon, a new professional and academic field, computer forensics, has emerged since the beginning of this century, The growth and advance of the new field has been steady, mainly because it has been following the path of forensic science due to the similarities between the two fields, as well as professionals’ experience and understanding of the field. As forensic science has been challenged and asked to have a major overhaul by a congressionally mandated report recently, where should computer forensics go? Based on a comparative study in various facets of both forensic science and computer forensics, some suggestions and considerations have been drawn in this paper, which imply that computer forensics may need to reposition itself to better promote the field over the long run.