Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Android digital forensics: data, extraction and analysis

Abstract: Smartphones are exceedingly popular, with the Android platform being no exception. Also, the surge of applications available for such devices has revolutionized our lives, many of which process a significant amount of personal information. Instant Messaging applications are an excellent example of this. In addition to processing this information, there is a high likelihood that they store traces of it in local storage.Increasingly, smartphones are involved in law enforcement investigations. They may be found as evidence at the scene of a crime, and require forensic analysis. It has translated into strong demand for Android digital forensics. A critical stage in such an investigation is data acquisition. An investigator must extract the data (in a forensically sound way) before it can be analyzed. This paper provides a survey and analysis of many acquisition methods. In addition, we conduct our own experiment that showcases an excellent acquisition method in practice, and also shows our data analysis methodology as we analyze the private storage of two popular instant messaging applications.

Part 1: The need for peer review in digital forensics

Abstract: The importance of peer review in the field of digital forensics cannot be underestimated as it often forms the primary, and sometimes only form of quality assurance process an organisation will apply to their practitioners' casework. Whilst there is clear value in the peer review process, it remains an area which is arguably undervalued and under-researched, where little academic and industrial commentary can be found describing best practice approaches. This work forms the first of a two part series discussing why the digital forensics discipline and its organisations should conduct peer review in their laboratories, what it should review as part of this process, and how this should be undertaken. Here in part one, a critical review of the need to peer review is offered along with a discussion of the limitations of existing peer review mechanisms. Finally, the ‘Peer Review Hierarchy’ is offered, outlining the seven levels of peer review available for reviewing practitioner findings.

UAV Forensic Analysis and Software Tools Assessment: DJI Phantom 4 and Matrice 210 as Case Studies

Abstract: Unmanned Aerial Vehicles (UAVs) also known as drones have created many challenges to the digital forensic field. These challenges are introduced in all processes of the digital forensic investigation (i.e., identification, preservation, examination, documentation, and reporting). From identification of evidence to reporting, there are several challenges caused by the data type, source of evidence, and multiple components that operate UAVs. In this paper, we comprehensively reviewed the current UAV forensic investigative techniques from several perspectives. Moreover, the contributions of this paper are as follows: (1) discovery of personal identifiable information, (2) test and evaluation of currently available forensic software tools, (3) discussion on data storage mechanism and evidence structure in two DJI UAV models (e.g., Phantom 4 and Matrice 210), and (4) exploration of flight trajectories recovered from UAVs using a three-dimensional (3D) visualization software. The aforementioned contributions aim to aid digital investigators to encounter challenges posed by UAVs. In addition, we apply our testing, evaluation, and analysis on the two selected models including DJI Matrice 210, which have not been presented in previous works.

Integrating digital forensic practices in cloud incident handling: A conceptual Cloud Incident Handling Model

Abstract: Due to the increase in adoption of cloud storage services by organizations, ensuring the security and privacy of data stored in the cloud is of critical importance to these organizations. It is also important for organizations to have an effective cloud security incident handling strategy to minimize the impact of a security breach. In this chapter, we present a feasibility study of our proposed Cloud Incident Handling Model, which draws upon principles and practices from both incident handling and digital forensics. We demonstrated the utility of the proposed model using an ownCloud case study simulation. We also explained how the Situational Crime Prevention Theory can be used in our model to design mitigation strategies. Future work includes deploying the model in a real-world organization.

Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier

Abstract: Big data is changing the landscape of security tools for network monitoring, security information and event management, and forensics; however, in the eternal arms race of attack and defense, security researchers must keep exploring novel ways to mitigate and contain sophisticated attackers.