Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.

Battling the digital forensic backlog through data deduplication

Abstract: In recent years, technology has become truly pervasive in everyday life. Technological advancement can be found in many facets of life, including personal computers, mobile devices, wearables, cloud services, video gaming, web-powered messaging, social media, Internet-connected devices, etc. This technological influence has resulted in these technologies being employed by criminals to conduct a range of crimes — both online and offline. Both the number of cases requiring digital forensic analysis and the sheer volume of information to be processed in each case has increased rapidly in recent years. As a result, the requirement for digital forensic investigation has ballooned, and law enforcement agencies throughout the world are scrambling to address this demand. While more and more members of law enforcement are being trained to perform the required investigations, the supply is not keeping up with the demand. Current digital forensic techniques are arduously time-consuming and require a significant amount of man power to execute. This paper discusses a novel solution to combat the digital forensic backlog. This solution leverages a deduplication-based paradigm to eliminate the reacquisition, redundant storage, and reanalysis of previously processed data.

Digital Forensics Architecture for Evidence Collection and Provenance Preservation in IaaS Cloud Environment Using SDN and Blockchain Technology

Abstract: Cloud forensics is an intelligent evolution of digital forensics that defends against cyber-crimes. However, centralized evidence collection and preservation minimizes the reliability of digital evidence. To resolve this severe problem, this paper proposes a novel digital forensic architecture using fast-growing Software-Defined Networking (SDN) and Blockchain technology for Infrastructure-as-a-Service (IaaS) cloud. In this proposed forensic architecture, the evidence is collected and preserved in the blockchain that is distributed among multiple peers. To protect the system from unauthorized users, Secure Ring Verification based Authentication (SRVA) scheme is proposed. To strengthen the cloud environment, secret keys are generated optimally by using Harmony Search Optimization (HSO) algorithm. All data are encrypted based on the sensitivity level and stored in the cloud server. For encryption, Sensitivity Aware Deep Elliptic Curve Cryptography (SA-DECC) algorithm is presented. For every data stored in the cloud, a block is created in the SDN controller and the history of data is recorded as metadata. In each block, the Merkle hash tree is built by using Secure Hashing Algorithm-3 (SHA-3). Our system allows users to trace their data by deploying Fuzzy based Smart Contracts (FCS). Finally, evidence analysis is enabled by constructing Logical Graph of Evidence (LGoE) collected from the blockchain. Experiments are conducted in an integrated environment of java (for cloud and blockchain) and network simulator-3.26 (for SDN). The extensive analysis shows that proposed forensic architecture shows promising results in Response time, Evidence insertion time, Evidence verification time, Communication overhead, Hash computation time, Key generation time, Encryption time, Decryption time and total change rate.

Multimedia Forensics Is Not Computer Forensics

Abstract: The recent popularity of research on topics of multimedia forensics justifies reflections on the definition of the field. This paper devises an ontology that structures forensic disciplines by their primary domain of evidence. In this sense, both multimedia forensics and computer forensics belong to the class of digital forensics, but they differ notably in the underlying observer model that defines the forensic investigator's view on (parts of) reality, which itself is not fully cognizable. Important consequences on the reliability of probative facts emerge with regard to available counter-forensic techniques: while perfect concealment of traces is possible for computer forensics, this level of certainty cannot be expected for manipulations of sensor data. We cite concrete examples and refer to established techniques to support our arguments.

Mobile Device Analysis

Abstract: —The increased usage and proliferation of small scaledigital devices, like celluar (mobile) phones has led to theemergence of mobile device analysis tools and techniques. Thisfield of digital forensics has grown out of the mainstream practiceof computer forensics. Practitioners are faced with various typesof cellular phone generation technologies, proprietary embeddedfirmware systems, along with a staggering amount of uniquecable connectors for different models of phones within the samemanufacturer brand.This purpose of this paper is to provide foundational conceptsfor the data forensic practitioner. It will outline the commoncell phone technologies, their characteristics, and device han-dling procedures. Further data evidence storage areas are alsoexplained along with data types found in the various storageareas. Specific information is also noted about BlackBerry andiPhone devices.Detailed procedures for data analysis/extraction for mobiledevices and how to use the various toolkits that are availableis beyond the scope of this paper; the staggering numbers of cellphones and the intricacies of the toolkits makes this impossible.However, resources for the reader to further investigate the topicare attached in the appendix.Index Terms—Mobile Device, Cell Phones, BlackBerry, PDA,Smart Phones, Cellular Phone Generation, CDMA, TDMA,GSM, iDen, SIM, IMEI, IMSI, ICCID, ESN, MEID, PIN, PUK,Flash Memory, Memory Cards, Mobile Device Analysis, AnalysisTools, Cell Phone Forensics