AI-Driven Prioritization and Filtering of Windows Artifacts for Enhanced Digital Forensics

Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.

An Adaptive Hate Speech Detection Approach Using Neutrosophic Neural Networks for Social Media Forensics

Detecting hate speech automatically in social media forensics has emerged as a highly challenging task due tothe complex nature of language used in such platforms. Currently, several methods exist for classifying hatespeech, but they still suffer from ambiguity when differentiating between hateful and offensive content and theyalso lack accuracy. The work suggested in this paper uses a combination of the Whale Optimization Algorithm(WOA) and Particle Swarm Optimization (PSO) to adjust the weights of two Multi-Layer Perceptron (MLPs)for neutrosophic sets classification. During the training process of the MLP, the WOA is employed to exploreand determine the optimal set of weights. The PSO algorithm adjusts the weights to optimize the performanceof the MLP as fine-tuning. Additionally, in this approach, two separate MLP models are employed. One MLPis dedicated to predicting degrees of truth membership, while the other MLP focuses on predicting degrees offalse membership. The difference between these memberships quantifies uncertainty, indicating the degree ofindeterminacy in predictions. The experimental results indicate the superior performance of our model comparedto previous work when evaluated on the Davidson dataset.

Research on Metaverse Security and Forensics

As a subversive concept,the metaverse has recently attracted widespread attention around the world and has set off a wave of enthusiasm in academic,industrial,and investment circles.However,while the metaverse brings unprecedented opportunities for transformation to human society,it also contains related risks.Metaverse is a digital living space with information infrastructure,interoperability system,content production system,and value settlement system as the underlying structure in which the inner core is to connect real residents through applications and identities.Through social incentives and governance rules,the metaverse reflects the digital migration of human society.This article will conduct an in-depth analysis of the metaverse from the perspective of electronic data forensics.First,from the perspective of Internet development,the background and development process of the metaverse is discussed.By systematically elaborating on the concept and connotation of the metaverse,this paper summarizes the different views of current practitioners,experts,and scholars on the metaverse.Secondly,from the perspective of metaverse security,the social risk and crime risks of the metaverse are discussed.Then the importance of metaverse forensics is raised.Third,from the perspective of blockchain,smart wearable devices,and virtual reality devices,the objects and characteristics of metaverse forensics have been studied in depth.Taking smart wearable devices as an example,this paper gives the relevant experimental process of smart bracelet forensics.Finally,many challenges faced by metaverse forensics are summarized by us which provide readers with some exploratory guidance.

Enhancing CNN for Forensics Age Estimation Using CGAN and Pseudo-Labelling

Age estimation using forensics odontology is an important process in identifying victims in criminal or mass disaster cases.Traditionally,this process is done manually by human expert.However,the speed and accuracy may vary depending on the expertise level of the human expert and other human factors such as level of fatigue and attentiveness.To improve the recognition speed and consistency,researchers have proposed automated age estimation using deep learning techniques such as Convolutional Neural Network(CNN).CNN requires many training images to obtain high percentage of recognition accuracy.Unfortunately,it is very difficult to get large number of samples of dental images for training the CNN due to the need to comply to privacy acts.A promising solution to this problem is a technique called Generative Adversarial Network(GAN).GAN is a technique that can generate synthetic images that has similar statistics as the training set.A variation of GAN called Conditional GAN(CGAN)enables the generation of the synthetic images to be controlled more precisely such that only the specified type of images will be generated.This paper proposes a CGAN for generating new dental images to increase the number of images available for training a CNN model to perform age estimation.We also propose a pseudolabelling technique to label the generated images with proper age and gender.We used the combination of real and generated images to trainDentalAge and Sex Net(DASNET),which is a CNN model for dental age estimation.Based on the experiment conducted,the accuracy,coefficient of determination(R2)and Absolute Error(AE)of DASNET have improved to 87%,0.85 and 1.18 years respectively as opposed to 74%,0.72 and 3.45 years when DASNET is trained using real,but smaller number of images.

Computer Forensics Framework for Efficient and Lawful Privacy-Preserved Investigation

Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreover,the collected forensic data cannot be analyzed using existing well-known digital tools.This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB)privacy guidelines.To have an efficient investigation process and meet the increased volume of data,the presented framework is designed based on the selective imaging concept and advanced encryption standard(AES).The proposed framework has two main modules,namely Selective Imaging Module(SIM)and Selective Analysis Module(SAM).The SIM and SAM modules are implemented based on advanced forensic format 4(AFF4)and SleuthKit open source forensics frameworks,respectively,and,accordingly,the proposed framework is evaluated in a forensically sound manner.The evaluation result is compared with other relevant works and,as a result,the proposed solution provides a privacy-preserving,efficient forensic imaging and analysis process while having also sufficient methods.Moreover,the AFF4 forensic image,produced by the SIM module,can be analyzed not only by SAM,but also by other well-known analysis tools available on the market.

Instagram Mobile Application Digital Forensics

In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.

Internet of Things for Digital Forensics Application in Saudi Arabia

Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinations regarding IoT frameworks. The existing digital forensic applications have effectively held back efforts to align the IoT with digital forensic strategies. This is because the forensic applications are ill-suited to the highly complex IoT frameworks and would, therefore, struggle to amass, analyze and test the necessary evidence that would be required by a court. As such, there is a need to develop a suitable forensic framework to facilitate forensic investigations in IoT settings. Nor has considerable progress been made in terms of collecting and saving network and server logs from IoT settings to enable examinations. Consequently, this study sets out to develop and test the FB system which is a lightweight forensic framework capable of improving the scope of investigations in IoT environments. The FB system can organize the management of various IoT devices found in a smart apartment, all of which is controlled by the owner’s smart watch. This will help to perform useful functions, automate the decision-making process, and ensure that the system remains secure. A Java app is utilized to simulate the FB system, learning the user’s requirements and security expectations when installed and employing the MySQL server as a means of logging the communications of the various IoT devices.

Forensics: Collection of Sound Digital Evidence

This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.

Digital Forensics for Recoloring via Convolutional Neural Network

As a common medium in our daily life,images are important for most people to gather information.There are also people who edit or even tamper images to deliberately deliver false information under different purposes.Thus,in digital forensics,it is necessary to understand the manipulating history of images.That requires to verify all possible manipulations applied to images.Among all the image editing manipulations,recoloring is widely used to adjust or repaint the colors in images.The color information is an important visual information that image can deliver.Thus,it is necessary to guarantee the correctness of color in digital forensics.On the other hand,many image retouching or editing applications or software are equipped with recoloring function.This enables ordinary people without expertise of image processing to apply recoloring for images.Hence,in order to secure the color information of images,in this paper,a recoloring detection method is proposed.The method is based on convolutional neural network which is quite popular in recent years.Unlike the traditional linear classifier,the proposed method can be employed for binary classification as well as multiple labels classification.The classification performance of different structure for the proposed architecture is also investigated in this paper.

Median Filtering Forensics Scheme for Color Images Based on Quaternion Magnitude-Phase CNN

In the paper,a convolutional neural network based on quaternion transformation is proposed to detect median filtering for color images.Compared with conventional convolutional neural network,color images can be processed in a holistic manner in the proposed scheme,which makes full use of the correlation between RGB channels.And due to the use of convolutional neural network,it can effectively avoid the one-sidedness of artificial features.Experimental results have shown the scheme’s improvement over the state-of-the-art scheme on the accuracy of color image median filtering detection.

Multi-Purpose Forensics of Image Manipulations Using Residual-Based Feature

The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.

Primary Exploration of Reliability Evaluation of Computer Live Forensics Model on Physical Memory Analysis

The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However,this kind of method is not effective in practice. In fact,memory images are usually acquired by using forensics tools instead of using snapshots. Therefore,the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper,we study the problem in a novel viewpoint. Firstly,several definitions about memory acquisition measure error are introduced to describe the trusty. Then,we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision,which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated,that is,it accounts for the whole error from 30% to 50%.

A Survey of Blind Forensics Techniques for JPEG Image Tampering

Blind forensics of JPEG image tampering as a kind of digital image blind forensics technology is gradually becoming a new research hotspot in the field of image security. Firstly, the main achievements of domestic and foreign scholars in the blind forensic technology of JPEG image tampering were briefly described. Then, according to the different methods of tampering and detection, the current detection was divided into two types: double JPEG compression detection and block effect inconsistency detection. This paper summarized the existing methods of JPEG image blind forensics detection, and analyzed the two methods. Finally, the existing problems and future research trends were analyzed and prospected to provide further theoretical support for the research of JPEG image blind forensics technology.

Cloud Foren:A Novel Framework for Digital Forensics in Cloud Computing

Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.

A Digital Evidence Fusion Method in Network Forensics Systems with Dempster-Shafer Theory

Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.

Investigating the Implications of Virtualization for Digital Forensics

Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.

Ensuring the Authenticity and Non-Misuse of Data Evidence in Digital Forensics

In forensic investigations,it is vital that the authenticity of digital evidence should be ensured. In addition,technical means should be provided to ensure that digital evidence collected cannot be misused for the purpose of perjury. In this paper,we present a method to ensure both authenticity and non-misuse of data extracted from wireless mobile devices. In the method,the device ID and a timestamp become a part of the original data and the Hash function is used to bind the data together. Encryption is applied to the data,which includes the digital evidence,the device ID and the timestamp. Both symmetric and asymmetric encryption systems are employed in the proposed method where a random session key is used to encrypt the data while the public key of the forensic server is used to encrypt the session key to ensure security and efficiency. With the several security mechanisms that we show are supported or can be implemented in wireless mobile devices such as the Android,we can ensure the authenticity and non-misuse of data evidence in digital forensics.

Research and Review on Computer Forensics

With the development of Internet and information technology, the digital crimes are also on the rise. Computer forensics is an emerging research area that applies computer investigation and analysis techniques to help detection of these crimes and gathering of digital evidence suitable for presentation in courts. This paper provides foundational concept of computer forensics, outlines various principles of computer forensics, discusses the model of computer forensics and presents a proposed model.

Extraction and Supervision of Data of Chain of Custody in Computer Forensics

In case handling, electronic evidence becomes more and more popular. In order to reduce the burden of judges＇ task to determine the integrity of chain of custody, even no technique experts on the spot, this paper suggests a solution to solve this kind of problem.

Computer Forensics Under Cloud Computing Environment

Cloud computing is becoming the developing trend in the information field.It causes many transforms in the related fields.In order to adapt such changes,computer forensics is bound to improve and integrate into the new environment.This paper stands on this point,suggests a computer forensic service framework which is based on security architecture of cloud computing and requirements needed by cloud computing environment.The framework introduces honey farm technique,and pays more attention on active forensics,which can improve case handling efficiency and reduce the cost.