Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Proposal of Digital Forensic System Using Security Device and Hysteresis Signature

Abstract: With the development of the Internet society, digital forensics, i.e., the technology and procedures used to prepare digital evidence for litigating against Internet crime, has been used extensively. In particular, digital forensics used in the corporate world, primarily in relation to litigation involving computer-related evidence in civil matters such as breaches of contract or breaches of confidence, has recently gained a great deal of attention. Digital forensics requires the following two functions: (1) All records must be left unaltered if they are handled in a computer, and (2) the record must be tamper-resistant. In order to realize these functions in a standalone environment, we developed a system named "dig-force" (digital forensic system with chaining signature for evidence) that uses a USB device with a smart card function and a hysteresis signature based on digital signature technology. In this paper, we report the proposed system and the evaluation results of the function and performance of the system with this prototype program.

A semantic-enhanced trajectory visual analytics for digital forensic

Abstract: With the increasing application of GPS devices, trajectory data have been frequently adopted in digital forensics because it can encompass spatial and temporal aspects of suspects’ movements. However, a lack of semantic information causes difficulty of linking the trajectories with the activities of suspects. Using the situation of a kidnapping, this paper proposes a semantic-enhanced method in trajectory analysis, which categorizes the daily activities of suspects into different semantic types by connecting trajectory data with transaction data. In the meantime, we present an interactive visualization system with four inner-linked views to provide a collaborative visual analytics of trajectory and transaction data in multiple perspectives. In the case study, the kidnapping investigation is used to demonstrate how the system works on the routine pattern analysis of suspects, the detection of abnormal behaviors, and the association exploration among suspects and their abnormal behaviors.

Trees Cannot Lie: Using Data Structures for Forensics Purposes

Abstract: Today's forensic techniques for databases are primarily focused on logging mechanisms and artifacts accessible in the database management systems (DBMSs). While log files, plan caches, cache clock hands, etc. can reveal past transactions, a malicious administrator's modifications might be much more difficult to detect, because he can cover his tracks by also manipulating the log files and flushing transient artifacts such as caches. The internal structure of the data storage inside databases, however, has not yet received much attention from the digital forensic research community. In this paper, we want to show that the diversity of B+-Trees, a widely used data structure in today's database storage engines, enables a deep insight of the database's history. Hidden manipulations such as predated INSERT operations in a logging database can be revealed by our approach. We introduce novel forensic techniques for B+-Trees that are based on characteristics of the tree structure and show how database management systems would have to be modified to even better support tree forensic techniques.

Data Recovery Function Testing for Digital Forensic Tools

Abstract: Many digital forensic tools used by investigators were not originally designed for forensic applications. Even in the case of tools created with the forensic process in mind, there is the issue of assuring their reliability and dependability. Given the nature of investigations and the fact that the data collected and analyzed by the tools must be presented as evidence, it is important that digital forensic tools be validated and verified before they are deployed. This paper engages a systematic description of the digital forensic discipline that is obtained by mapping its fundamental functions. The function mapping is used to construct a detailed function-oriented validation and verification framework for digital forensic tools. This paper focuses on the data recovery function. The data recovery requirements are specified and a reference set is presented to test forensic tools that implement the data recovery function.

Digital forensics in the Cloud: The state of the art

Abstract: The advent of cloud computing has brought new challenges to digital forensics. To address these challenges, new approaches in conducting digital forensic are required. In this paper, challenges that are faced by digital forensic investigator when faced with cloud based incident scenes are presented. The presented challenges are obtained from survey articles that explore outstanding and future challenges in digital forensics in general. In this paper we zoom in into cloud forensics as it is the main focus of the paper. Based on the challenges brought to light by the considered survey articles, we present requirements that should be met by digital forensic systems that aim to investigate cloud environments. Existing architectures and implementations of digital forensic systems are evaluated based on these requirements. Through this evaluation, gaps that are left out by the evaluated architectures are brought to light.