scispace - formally typeset
Search or ask a question
Topic

Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.


Papers
More filters
Journal ArticleDOI
TL;DR: A block-enabled forensics framework for IoT, namely, IoT forensic chain (IoTFC), which can offer forensic investigation with good authenticity, immutability, traceability, resilience, and distributed trust between evidential entitles as well as examiners is presented.
Abstract: The decentralized nature of blockchain technologies can well match the needs of integrity and provenances of evidences collecting in digital forensics (DF) across jurisdictional borders. In this paper, a novel blockchain-based DF investigation framework in the Internet of Things (IoT) and social systems environment is proposed, which can provide proof of existence and privacy preservation for evidence items examination. To implement such features, we present a block-enabled forensics framework for IoT, namely, IoT forensic chain (IoTFC), which can offer forensic investigation with good authenticity, immutability, traceability, resilience, and distributed trust between evidential entitles as well as examiners. The IoTFC can deliver a guarantee of traceability and track provenance of evidence items. Details of evidence identification, preservation, analysis, and presentation will be recorded in chains of block. The IoTFC can increase trust of both evidence items and examiners by providing transparency of the audit train. The use case demonstrated the effectiveness of the proposed method.

53 citations

Journal ArticleDOI
TL;DR: This paper describes several common questions that arise in forensic examinations of Android WeChat and provides corresponding technical methods that are useful to address these questions.

53 citations

Proceedings ArticleDOI
23 Jul 2014
TL;DR: Establishment needed foundations are established and detailed definition of "privacy-respecting digital investigation" as a new cross-disciplinary field of research is provided, and detailed discussion of potential privacy issues in different phases of digital forensics life cycle based on EU, US, and APEC privacy regulations are discussed.
Abstract: The forensics investigation requirements are in direct conflict with the privacy rights of those whose actions are being investigated. At the same time, once the private data is exposed it is impossible to `undo' its exposure effects should the suspect is found innocent! Moreover, it is not uncommon that during a suspect investigation, private information of other innocent parties becomes apparent to the forensics investigator. These all raise the concern for development of platforms for enforcing privacy boundaries even to authorized forensics investigators. To the best of authors' knowledge, there is no practical model for privacy-respecting digital investigation which is capable of considering different jurisdictions requirements and protecting subjects' data privacy in line with investigation warrant permissions and data-origin privacy requirements. Privacy-respecting digital forensics as an emerging cross-disciplinary research area is moving toward addressing above issues. In this paper, we first establish needed foundations and describe details of "privacy-respecting digital investigation" as a cross-disciplinary field of research. Afterwards, we review main research efforts in different research disciplines relevant to the field and elaborate existing research problems. We finalize the paper by looking at potential privacy issues during digital investigation in the light of EU, US, and APEC privacy regulations. The main contributions of this paper are first establishing essential foundations and providing detailed definition of "privacy-respecting digital investigation" as a new cross-disciplinary field of research, second a review of current state of art in different disciplines relevant to this field, third elaborating existing issues and discussing most promising solutions relevant to these disciplines, and forth is detailed discussion of potential privacy issues in different phases of digital forensics life cycle based on EU,US, and APEC privacy regulations. We hope this paper opens up a new and fruitful avenue in the study, design, and development of privacy respecting forensics investigation as an interdisciplinary field of research.

53 citations

Book ChapterDOI
16 Jun 2014
TL;DR: This paper addresses the issues of the cloud forensics challenges identified from review conducted in the respective area and moves to a new model assigning the aforementioned challenges to stages.
Abstract: One of the most important areas in the developing field of cloud computing is the way that investigators conduct researches in order to reveal the ways that a digital crime took place over the cloud. This area is known as cloud forensics. While great research on digital forensics has been carried out, the current digital forensic models and frameworks used to conduct a digital investigation don’t meet the requirements and standards demanded in cloud forensics due to the nature and characteristics of cloud computing. In parallel, issues and challenges faced in traditional forensics are different to the ones of cloud forensics. This paper addresses the issues of the cloud forensics challenges identified from review conducted in the respective area and moves to a new model assigning the aforementioned challenges to stages.

53 citations

Proceedings ArticleDOI
04 Dec 2009
TL;DR: Tests with sample system confirm viability of proposed combination of static and live analysis, and investigator can have interactive session with virtual machine without violating evidence integrity.
Abstract: Traditional digital forensics is performed through static analysis of data preserved on permanent storage media. Not all data needed to understand the state of examined system exists in nonvolatile memory. Live analysis uses running system to obtain volatile data for deeper understanding of events going on. Sampling running system might irreversibly change its state making collected evidence invalid. This paper proposes combination of static and live analysis. Virtualization is used to bring static data to life. Volatile memory dump is used to enable offline analysis of live data. Using data from memory dump, virtual machine created from static data can be adjusted to provide better picture of the live system at the time when the dump was made. Investigator can have interactive session with virtual machine without violating evidence integrity. Tests with sample system confirm viability of proposed approach.

53 citations


Network Information
Related Topics (5)
Authentication
74.7K papers, 867.1K citations
84% related
Encryption
98.3K papers, 1.4M citations
81% related
Cryptography
37.3K papers, 854.5K citations
81% related
Server
79.5K papers, 1.4M citations
77% related
Mobile computing
51.3K papers, 1M citations
76% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20243
2023205
2022552
2021267
2020339
2019343