Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Computer and Intrusion Forensics

Abstract: From the Publisher: A comprehensive and broad introduction to computer and intrusion forensics, this practical book helps you master the tools, techniques and underlying concepts you need to know, covering the areas of law enforcement, national security and corporate fraud The book presents case studies from around the world, and treats key emerging areas such as stego-forensics, image identification, authorship categorization, link discovery and data mining You also learn the principles and processes for effectively handling evidence from digital sources and law enforcement considerations in dealing with computer-related crimes, as well as how the effectiveness of computer forensics procedures may be influenced by organizational security policy The book opens with a comprehensive introduction to computer and intrusion forensics and relates them to computer security in general and computer network security It details the current practice of computer forensics and its role in combating computer crime, and examines the relationship between intrusion detection and intrusion forensics What's more, the book explores the most important new areas for future research in computer forensics This leading-edge resource is an indispensable reference for working professionals and post-graduate students alike

DeepWriterID: An End-to-End Online Text-Independent Writer Identification System

Abstract: The rapid adoption of touchscreen mobile terminals and pen-based interfaces has increased the demand for handwriting-based writer identification systems, particularly in the areas personal authentication and digital forensics. However, most writer identification systems yield poor performance because of insufficient data and an inability to handle the various conditions inherent in handwriting samples. To address these problems, the authors introduce the end-to-end DeepWriterID system that employs a deep convolutional neural network (CNN) and incorporates a new method called DropSegment to achieve data augmentation and improve the generalized applicability of CNN. Experiments show DeepWriterID achieves accuracy rates of 95.72 percent for Chinese text and 98.51 percent for English text.

A hypothesis-based approach to digital forensic investigations

Abstract: This work formally defines a digital forensic investigation and categories of analysis techniques. The definitions are based on an extended finite state machine (FSM) model that was designed to include support for removable devices and complex states and events. The model is used to define the concept of a computer's history, which contains the primitive and complex states and events that existed and occurred. The goal of a digital investigation into make valid inferences about a computer's history. Unlike the physical world, where an investigator can directly observe objects, the digital world involves many indirect observations. The investigator cannot directly observe the state of a hard disk sector or bytes in memory. He can only directly observe the state of output devices. Therefore, all statements about digital states and events are hypotheses that must be tested to some degree. Using the dynamic FSM model, seven categories and 31 unique classes of digital investigation analysis techniques are defined. The techniques in each category can be used to test and formulate different types of hypotheses and completeness is shown. The classes are defined based on the model design and current practice. Using the categories of analysis techniques and the history model, the process models that investigators use are formally compared. Until now, it was not clear how the phases in the models were different. The model is also used to identify where assumptions are made during an investigation and to show differences between the concepts of digital forensics and the more traditional forensic disciplines.

Systems and Methods For Digital Forensic Triage

Abstract: In one embodiment, a method for forensic triage may include coupling, communicatively, a computer and a mobile device. The computer can be booted with machine readable instructions stored on the one or more mobile memory modules of the mobile device. A search data set can be received with one or more mobile processors of the mobile device. One or more processors of the computer, the one or more mobile processors, or both, can execute, automatically, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set. The triage data can be transmitted via one or more communication modules of the mobile device.