Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Cyber Security for Everyone: An Introductory Course for Non-Technical Majors

Abstract: In this paper, we describe the need for and development of an introductory cyber security course. The course was designed for non-technical majors with the goal of increasing cyber security hygiene for an important segment of the population—college undergraduates. While the need for degree programs that focus on educating and training individuals for occupations in the ever-growing cyber security field is critically important, the need for improved cyber security hygiene from the average everyday person is of equal importance. This paper discusses the approach used, curriculum developed, results from two runs of the course, and frames the overall structure of the course using Bloom’s Taxonomy. Likewise, we discuss the benefits such a course provides to various stakeholders. Challenges and opportunities are discussed.

UAV Forensics: DJI Mini 2 Case Study

Abstract: Rapid technology advancements, especially in the past decade, have allowed off-the-shelf unmanned aerial vehicles (UAVs) that weigh less than 250 g to become available for recreational use by the general population. Many well-known manufacturers (e.g., DJI) are now focusing on this segment of UAVs, and the new DJI Mini 2 drone is one of many that falls under this category, which enables easy access to be purchased and used without any Part 107 certification and Remote ID registration. The versatility of drones and drone models is appealing for customers, but they pose many challenges to forensic tools and digital forensics investigators due to numerous hardware and software variations. In addition, different devices can be associated and used for controlling these drones (e.g., Android and iOS smartphones). Moreover, according to the Federal Aviation Administration (FAA), the adoption of Remote ID is not going to be required for people without the 107 certifications for this segment at least until 2023, which creates finding personally identifiable information a necessity in these types of investigations. In this research, we conducted a comprehensive investigation of DJI Mini 2 and its data stored across multiple devices (e.g., SD cards and mobile devices) that are associated with the drone. The aim of this paper is to (1) create several criminal-like scenarios, (2) acquire and analyze the created scenarios using leading forensics software (e.g., Cellebrite and Magnet Axiom) that are commonly used by law enforcement agencies, (3) and present findings associated with potential criminal activities.

Towards a Process Model for Hash Functions in Digital Forensics

Abstract: Handling forensic investigations gets more and more difficult as the amount of data one has to analyze is increasing continuously A common approach for automated file identification are hash functions The proceeding is quite simple: a tool hashes all files of a seized device and compares them against a database Depending on the database, this allows to discard non-relevant (whitelisting) or detect suspicious files (blacklisting)

Standardization of forming and expressing preliminary evaluative opinions on digital evidence

Abstract: The growing number of cases involving overlooked or misinterpreted digital evidence is raising concerns among factfinders and decision-makers about the reliability of digital forensic conclusions. To reduce the risk of mistakes and misinterpretations of forensic observations, including but not limited to digital evidence, there is a pressing need to standardize how evaluative opinions are formed and expressed. Responding to this need, the international community is drafting ISO-21043 and the UK Forensic Science Regulator is drafting an evaluative interpretation standard that promote a likelihood ratio approach. This approach is suitable for fully evaluative opinions in many forensic disciplines, but until more refined methods for evaluating digital evidence are developed, digital forensic practitioners require an interim solution to address immediate needs. More broadly, digital evidence is used in many non-judicial contexts that do not require fully evaluative opinions expressed as a likelihood ratio. This work proposes a standardized approach to formulating and expressing preliminary evaluative opinions in terms of strength of evidence in a manner that employs scientific reasoning within a logical Bayesian framework and can be understood by non-specialist factfinders. Illustrative case examples are presented that involve digital evidence tampering. In addition, this work presents a proof-of-concept database of cases involving tampering of digital evidence that could support assignment of strength of evidence in similar cases.

MF-Ledger: Blockchain Hyperledger Sawtooth-Enabled Novel and Secure Multimedia Chain of Custody Forensic Investigation Architecture

Abstract: Due to globalization and worldwide connectivity, multimedia data exchange has increased significantly over the Internet in the last decade. The life cycle of multimedia content is also getting more multifaceted as more people are accessing, sharing, modifying and re-using multimedia information. This poses serious challenges for the multimedia industry to provide integrity, reliability and trustworthiness for multimedia investigations against the growing cybersecurity threats. This paper bridges this gap by enabling a secure and transparent digital forensic investigations process using blockchain technology. MF-Ledger a Blockchain Hyperledger sawtooth-enabled novel, secure and efficient digital forensic investigation architecture is proposed where participating stakeholders create a private network to exchange and agree on different investigation activities before being stored on the blockchain ledger. We have created digital contracts (smart contracts) and implemented them using sequence diagrams to handle the stakeholders’ secure interaction in the investigation process. The proposed architectural solution delivers robust information integrity, prevention, and preservation mechanism to permanently and immutably store the evidence (chain of custody) in a private permissioned encrypted blockchain ledger.