scispace - formally typeset
Search or ask a question
Topic

Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.


Papers
More filters
Journal ArticleDOI
TL;DR: This paper explores issues in the context of the Ext2 file system and proposes one solution to tackle such issues for the scenario where systems have preinstalled plug-ins in the form of Loadable Kernel Modules, which provide the capability to preserve ADTS.

19 citations

Proceedings ArticleDOI
25 Aug 2020
TL;DR: In this article, the authors summarized existing artificial intelligence-based tools and approaches in digital forensics and highlighted the current challenges and future potential impact of artificial intelligence in digital forensic analysis.
Abstract: Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper summarises existing artificial intelligence based tools and approaches in digital forensics. Automated evidence processing leveraging artificial intelligence based techniques shows great promise in expediting the digital forensic analysis process while increasing case processing capacities. For each application of artificial intelligence highlighted, a number of current challenges and future potential impact is discussed.

19 citations

Book ChapterDOI
13 Feb 2005
TL;DR: This paper presents a new approach that significantly automates the examination process by relying on image analysis techniques and can be used to automatically search for case-specific images, contraband or otherwise, and to provide online monitoring of shared storage for early detection of specific images.
Abstract: Digital forensic investigators are often faced with the task of manually examining a large number of (photographic) images to identify potential evidence. The task can be daunting and time-consuming if the target of the investigation is very broad, such as a web hosting service. Current forensic tools are woefully inadequate: they are largely confined to generating pages of thumbnail images and identifying known files through cryptographic hashes. This paper presents a new approach that significantly automates the examination process by relying on image analysis techniques. The strategy is to use previously-identified content (e.g., contraband images) and to perform feature extraction, which captures mathematically the essential properties of the images. Based on this analysis, a feature set database is constructed to facilitate automatic scanning of a target machine for images similar to the ones in the database. An important property of the approach is that it is not possible to recover the original image from the feature set. Therefore, it is possible to build a (potentially very large) database targeting known contraband images that investigators may be barred from collecting directly. The approach can be used to automatically search for case-specific images, contraband or otherwise, and to provide online monitoring of shared storage for early detection of specific images.

19 citations

Journal ArticleDOI
TL;DR: A TrustZone-based memory acquisition mechanism called TrustDump is developed that is capable of reliably and securely obtaining the RAM memory and CPU registers of the mobile OS even if the OS has crashed or been compromised.
Abstract: With the wide usage of smartphones in our daily life, new malware is emerging to compromise the mobile OS and then steal or manipulate sensitive data from mobile applications Forensic analysis tools demand a reliable and trustworthy memory acquisition of the operating systems running on the smartphones for further digital forensic analysis However, a compromised OS may launch denial of service attacks to prevent a valid memory acquisition by forensic examiners In this paper, we develop a TrustZone-based memory acquisition mechanism called TrustDump that is capable of reliably and securely obtaining the RAM memory and CPU registers of the mobile OS even if the OS has crashed or been compromised TrustDump is isolated from the mobile OS by TrustZone Instead of using a hypervisor to ensure the isolation between the OS and the memory acquisition tool, we rely on ARM TrustZone to achieve a hardware-assisted isolation with a small trusted computing base TrustDump can include basic online analysis modules to catch malware in an early stage Moreover, the acquired memory and register data can be sent to a remote server through a fast Micro-USB port for real-time forensics analysis when the OS runs or a slow serial port for further forensic analysis when the OS has crashed A trusted graphical user interface is integrated in the TrustZone to authenticate the user and prevent the misuse of our memory acquisition tool We build a TrustDump prototype on Freescale iMX53 QSB

19 citations

Journal ArticleDOI
TL;DR: This paper is the result of a systematic literature review which answer three main questions in data carving filed and shows the need of realistic data sets for tools testing, and points to a new direction for using semantic validation to reduce false positive rates.

19 citations


Network Information
Related Topics (5)
Authentication
74.7K papers, 867.1K citations
84% related
Encryption
98.3K papers, 1.4M citations
81% related
Cryptography
37.3K papers, 854.5K citations
81% related
Server
79.5K papers, 1.4M citations
77% related
Mobile computing
51.3K papers, 1M citations
76% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20243
2023205
2022552
2021267
2020339
2019343