Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

User Identification and Tracking with online device fingerprints fusion

Abstract: Identification and Tracking of online digital identity has been significant issue around efforts on cyber security. The purpose of this research is to demonstrate how to utilized information being emitted from digital devices carried by suspicious user. In this paper, techniques to identify owner of digital devices connected to the Internet or local network are proposed. Techniques include tracing physical id of network interface, profiling of network traffic pattern of devices, Bluetooth device signals, web browser finger printings, and header information of e-mail messages. Each devices connected to computer network has its own finger print such as physical MAC address, network traffic generated by operating systems and its installed applications thus such information can be applied to identify and track unique digital device. If the device is personal item such as smartphone or personal computer owned by a specific person this information is being able to use to detect and trace location of the person. Each web browser installed on such devices also has its unique characteristics such as version, installed fonts, and difference in its settings, such information can be used to identify a person. E-mail message has significant information in its header, by analyzing messages headers certain amount of information of its sender are extracted. This is also used to detect impersonation of a message sender. By integrating these information obtained through such monitoring activity and related network sensors we are able to identify existence and physical location of a targeted personnel, to monitor their behavior and also we are able to use such data as evidence for law suites. Preservation of privacy is the issued to be considered for such application and this would discuss how to balance between user privacy and traceability of users in certain types of network.

IoT Forensic -- A digital investigation framework for IoT systems

Abstract: Security issues, threats, and attacks in relation with the IoT have been identified as promising and challenging area of research. Eventually, the need for a forensics methodology for investigating IoT-related crime is therefore essential. However, the IoT poses many challenges for forensics investigators. These include the wide range and variety of information, the unclear lines of differentiation between networks, for example private networks increasingly fading into public networks. Further, integration of a large number of objects in IoT forensic interest, along with the relevance of identified and collected devices makes forensic of IoT devices more complicated. The scope of this paper is to present a framework for IoT forensic. We aimed at the study and development of the link to support digital investigations of IoT devices and tackle emerging challenges in digital forensics. We emphasize on various steps for digital forensic with respect to IoT devices.

Potential Forensic Analysis of IoT Data: An Overview of the State-of-the-Art and Future Possibilities

Abstract: Academics and practicing digital forensics experts have previously proposed several models for tackling the end to end procedure of investigating IoT devices. However, these approaches are still very high level or focuses on one specific evidence collection technique. There is not, as yet, a comprehensive enumeration of classes of forensic data collected by IoT devices, nor even a comprehensive list of techniques for extracting specific forensic information from specific IoT devices. This paper addresses these issues by describing the potential forensic information that can be gathered, derived, or inferred from IoT-collected data. We also present an overview of existing IoT data collection methods for the Amazon Echo, Z-wave protocol, and home routers to illustrate the types of forensic data already being collected and the techniques used to obtain it. Finally, we present possible avenues for additional mechanisms for obtaining forensic data from these devices.

A recovery approach for SQLite history recorders from YAFFS2

Abstract: Nowadays, forensic on flash memories has drawn much attention. In this paper, a recovery method for SQLite database history records (I.e. updated and deleted records) form YAFFS2 is proposed. Based on the out-of-place-write strategies in NAND flash memory required by YAFFS2, the SQLite history recorders can be recovered and ordered into timeline by their timestamps. The experiment results show that the proposed method can recover the updated or deleted records correctly. Our method can help investigators to find the significant information about user actions in Android smart phones by these history recorders, although they seem to have been disappeared or deleted.

Digital Forensic Tools

Abstract: Digital Forensics has rapidly evolved over the last decade and continues to gain significance in both the law enforcement and the scientific community. The subject of digital forensics can be quite challenging. Digital forensics is in its infancy and teaching digital forensics includes the techniques as well as the tools that assist in the process. This paper provides an overview of Digital Forensics methodologies, modeling, analysis and applications.