Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Digital Forensic Analysis on Prefetch Files

Abstract: Prefetch files, like any other file in a file system, can be viewed from a digital forensic perspective to further a forensic investigation. Using appropriate tools and techniques available to a digital forensic examiner, we explore and investigate the potential of prefetch files and what they have to offer from a digital forensic analysis perspective in an effort to contribute towards the rapidly advancing field of digital forensics. Windows' prefetch files are used to decrease the startup times of applications and are formatted in a manner to instruct application processes to load data and necessary libraries into memory that it needs before it is actually demanded. In other words, prefetch files help avoid a hard fault, thereby minimizing startup times. These files reside in the prefetch folder under the Windows installation directory of a system. This folder contains prefetch files for user and system applications as well as a ReadyBoot folder, a layout.ini file, and several database files. In this paper, we investigate the mechanism behind the creation and manipulation of prefetch files on a Windows machine. Diving deep into the assembly code generated by the disassembler IDA PRO from ntkrnlpa.exe, we are able to find the Windows kernel processes responsible for the creation of these prefetch files and parse these prefetch files to better understand their forensic value.

Automated generation of fuzzy rules from large-scale network traffic analysis in digital forensics investigations

Abstract: This paper describes ongoing study and first results on the application of Neuro-Fuzzy (NF) to support large-scale forensics investigation in the domain of Network Forensics. In particular we focus on patterns of benign and malicious activity that can be find in network traffic dumps. We propose several improvements to the NF algorithm that results in proper handling of large-scale datasets, significantly reduces number of rules and yields a decreased complexity of the classification model. This includes better automated extraction of rules parameters as well as bootstrap aggregation for generalization. Experimental results show that such optimization gives a smaller number of rules, while the accuracy increases in comparison to existing approaches. In particular, it showed an accuracy of 98% when using only 39 rules. In our research we contribute to forensics science by increasing awareness and bringing more comprehensive fuzzy rules. During the last decade many cases related to network forensics resulted in data that can be related to Big Data due to its complexity. Application of Soft Computing methods, such that Neuro-Fuzzy may bring not only sufficient classification accuracy of normal and attack traffic, yet also facilitate in understanding traffic properties and developing a decision-support mechanism.

Multimedia Forensics and Security

Abstract: As information technology is rapidly progressing, an enormous amount of media can be easily exchanged through Internet and other communication networks. Increasing amounts of digital image, video, and music have created numerous information security issues and is now taken as one of the top research and development agendas for researchers, organizations, and governments worldwide. Multimedia Forensics and Security provides an in-depth treatment of advancements in the emerging field of multimedia forensics and security by tackling challenging issues such as digital watermarking for copyright protection, digital fingerprinting for transaction tracking, and digital camera source identification.

Cyber Forensics Tools: A Review on Mechanism and Emerging Challenges

Abstract: With the development of technology, "Data", also interpreted as "Information" has become a major role played in the field of Cyber Forensics. One of the most crucial incidents which needs data to be important is, when it is taken as evidence in cyber-crimes. These crimes can be occurring in the fields of digital media and network in many instances related to crime scenes. Crime and forensic both investigators need the help of digital forensics to investigate in order to identify, whether the victim has committed a crime or not. Therefore, it is a requirement for an investigator to use a suitable, accurate, affordable and a reliable cyber forensic tool for the forensics investigations conducted with respect to crimes. Many researchers have done experiments on different functionalities, a forensic tool should have and have come up with various tools specifically for each branch in cyber forensics. Furthermore, with time, these cyber forensic tools have been identified with drawbacks due to the invasion of crimes, especially related to the sophisticated technology expansion. Therefore, the acquiring process of forensics tools is in lack of advanced features to detect evidence. This paper describes on some timely Digital Forensics tools and discusses emerging challenges in advanced areas of Digital Forensics.