Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Byte-Level Object Identification for Forensic Investigation of Digital Images

Abstract: Lately, digital data has increased a key role in providing and sharing information. Pictures and video recordings are utilized to pass on convincing messages to be utilized under a few unique situations, from propaganda to coercing. The majority of the effort in the present digital crime investigation network lies in the acquisition, retrieval, and investigation of existing data from digital machines. It is a time consuming and a humanly difficult task to collect, process and analyze each media content manually. In this paper, we provide a novel approach that solves a real-time problem for an investigator while investigating the suspect machine. Our approach acquires all image data at byte level from the suspect machine, perform fast and accurate object detection resorting to the deep learning-based algorithm and present high-level illustration of images containing suspicious object and unique objects that can be presented as evidence. Our approach aims to flag photos where suspicious objects are detected. Performance and time consumption wise, this study confirms the importance of automated object detection in digital forensics.

Knowledge Sharing and Reuse in Digital Forensics

Abstract: Digital investigation involves examining large volumes of data from heterogeneous sources. We offer a framework forfacilitating examination and synthesis of this mountain of data using ontology matching and machine learning technology.

Guidelines for procedures of a harmonised digital forensic process in network forensics

Abstract: Cloud computing is a new computing paradigm that presents fresh research issues in the field of digital forensics. Cloud computing builds upon virtualisation technologies and is distributed in nature. Depending on its implementation, the cloud can span across numerous countries. Its distributed nature and virtualisation introduces digital forensic research issues that include among others difficulty in identifying and collecting forensically sound evidence. Even if the evidence may be identified and essential tools for collecting the evidence are acquired, it may be illegal to access computer data residing beyond the jurisdiction of a forensic investigator. The investigator needs to acquire a search warrant that can be executed in a specific foreign country - which may not be a single country due to the distributed nature of the cloud. Obtaining warrants for numerous countries at once may be costly and time consuming. Some countries may also fail to comply with the demands of cloud forensics. Since the field of digital forensics is itself still in its infancy, it lacks standardised forensic processes and procedures. Thus, digital forensic investigators are able to collect evidence, but often fail in following a valid investigation process that is acceptable in a court of law. In addressing digital forensic issues such as the above, the authors are writing a series of papers that are aimed at providing guidelines for digital forensic procedures in a cloud environment. Live forensics and network forensics constitute an integral part of cloud forensics. A paper that deals with guidelines for digital forensic procedures in live forensics was submitted elsewhere. The current paper is therefore the second in a series where the authors propose and present guidelines for digital forensic procedures in network forensics. The authors eventually aim to have guidelines for digital forensic procedures in a cloud environment as the last paper in the series.

Anti-forensics techniques: An analytical review

Abstract: The rapid growth and development in technology has made computer as a weapon which can cause great loss if used with wrong intentions. Computer forensics aims at collecting, and analyzing evidences from the seized devices in such ways so that they are admissible in court of law. Anti-forensics, on the other hand, is collection of tricks and techniques that are used and applied with clear aim of forestalling the forensic investigation. Crime and crime prevention go hand in hand. Once a crime surfaces, then a defense is developed, then a new crime counters the new defense. Hence along with continuous developments in forensics, a thorough study and knowledge of developments in anti-forensics is equally important. This paper focuses on understanding different techniques that can be used for anti-forensic purposes with help of open source tools.

Cloud-Centric Framework for isolating Big data as forensic evidence from IoT infrastructures

Abstract: Cloud computing paradigm continues to revolutionize the way business processes are being conducted through the provision of massive resources, reliability across networks and ability to offer parallel processing. However, miniaturization, proliferation and nanotechnology within devices has enabled digitization of almost every object which eventually has seen the rise of a new technological marvel dubbed Internet of Things (IoT). IoT enables self-configurable/smart devices to connect intelligently through Radio Frequency Identification (RFID), WI-FI, LAN, GPRS and other methods by further enabling timeously processing of information. Based on these developments, the integration of the cloud and IoT infrastructures has led to an explosion of the amount of data being exchanged between devices which have in turn enabled malicious actors to use this as a platform to launch various cybercrime activities. Consequently, digital forensics provides a significant approach that can be used to provide an effective post-event response mechanism to these malicious attacks in cloud-based IoT infrastructures. Therefore, the problem being addressed is that, at the time of writing this paper, there still exist no accepted standards or frameworks for conducting digital forensic investigation on cloud-based IoT infrastructures. As a result, the authors have proposed a cloud-centric framework that is able to isolate Big data as forensic evidence from IoT (CFIBD-IoT) infrastructures for proper analysis and examination. It is the authors' opinion that if the CFIBD-IoT framework is implemented fully it will support cloud-based IoT tool creation as well as support future investigative techniques in the cloud with a degree of certainty.