Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the comp...Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.展开更多
Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)h...Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)have shown promise in solving this problem,but their performance highly depends on the choice of hyperparameters.In this paper,we explore the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification.We conduct experiments using a Hyper Tuned CNN model with three popular optimization algorithms:Adaptive Moment Estimation(ADAM),StochasticGradientDescent(SGD),andRoot Mean Squared Propagation(RMSPROP).The model is trained and tested on a dataset of text samples collected from various authors,and the performance is evaluated using accuracy,precision,recall,and F1 score.We compare the performance of the three optimization algorithms and demonstrate the effectiveness of hyperparameter tuning in improving the accuracy of the CNN model.Our results show that the Hyper Tuned CNN model with ADAM Optimizer achieves the highest accuracy of up to 90%.Furthermore,we demonstrate that hyperparameter tuning can help achieve significant performance improvements,even using a relatively simple model architecture like CNNs.Our findings suggest that the choice of the optimization algorithm is a crucial factor in the performance of CNNs for authorship verification and that hyperparameter tuning can be an effective way to optimize this choice.Overall,this paper demonstrates the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification in digital forensic investigations.Our findings have important implications for developing accurate and reliable authorship verification systems,which are crucial for various applications in digital forensics,such as identifying the author of anonymous threatening messages or detecting cases of plagiarism.展开更多
Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinat...Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinations regarding IoT frameworks. The existing digital forensic applications have effectively held back efforts to align the IoT with digital forensic strategies. This is because the forensic applications are ill-suited to the highly complex IoT frameworks and would, therefore, struggle to amass, analyze and test the necessary evidence that would be required by a court. As such, there is a need to develop a suitable forensic framework to facilitate forensic investigations in IoT settings. Nor has considerable progress been made in terms of collecting and saving network and server logs from IoT settings to enable examinations. Consequently, this study sets out to develop and test the FB system which is a lightweight forensic framework capable of improving the scope of investigations in IoT environments. The FB system can organize the management of various IoT devices found in a smart apartment, all of which is controlled by the owner’s smart watch. This will help to perform useful functions, automate the decision-making process, and ensure that the system remains secure. A Java app is utilized to simulate the FB system, learning the user’s requirements and security expectations when installed and employing the MySQL server as a means of logging the communications of the various IoT devices.展开更多
Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.A...Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.展开更多
Computer system's runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ign...Computer system's runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ignored. We present a novel approach on runtime instruction forensic analysis and have developed a forensic system which collects instruction flow and extracts digital evidence. The system is based on whole-system emulation technique and analysts are allowed to define analysis strategy to improve analysis efficiency and reduce overhead. This forensic approach and system are applicable to binary code analysis, information retrieval and matware forensics.展开更多
Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential role...Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.展开更多
In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts pers...In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.展开更多
This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introd...This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.展开更多
Unlike conventional forensics,digital forensics does not at present generally quantify the results of its investigations.It is suggested that digital forensics should aim to catch up with other forensic disciplines by...Unlike conventional forensics,digital forensics does not at present generally quantify the results of its investigations.It is suggested that digital forensics should aim to catch up with other forensic disciplines by using Bayesian and other numerical methodologies to quantify its investigations’results.Assessing the plausibility of alternative hypotheses(or propositions,or claims)which explain how recovered digital evidence came to exist on a device could assist both the prosecution and the defence sides in criminal proceedings:helping the prosecution to decide whether to proceed to trial and helping defence lawyers to advise a defendant how to plead.This paper reviews some numerical approaches to the goal of quantifying the relative weights of individual items of digital evidence and the plausibility of hypotheses based on that evidence.The potential advantages enabling the construction of cost-effective digital forensic triage schemas are also outlined.展开更多
As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial s...As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial system must be assured of its accuracy,reliability,and verifiability,which can be assured by accreditation.This paper focuses on a comparison of the evolution of the accreditation of digital forensics internationally and domestically,discusses the existing problems that such accreditation encounters,and proposes the corresponding solutions.Moreover,this paper discusses the future of digital forensic laboratory accreditation and its implementation.展开更多
Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreov...Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreover,the collected forensic data cannot be analyzed using existing well-known digital tools.This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB)privacy guidelines.To have an efficient investigation process and meet the increased volume of data,the presented framework is designed based on the selective imaging concept and advanced encryption standard(AES).The proposed framework has two main modules,namely Selective Imaging Module(SIM)and Selective Analysis Module(SAM).The SIM and SAM modules are implemented based on advanced forensic format 4(AFF4)and SleuthKit open source forensics frameworks,respectively,and,accordingly,the proposed framework is evaluated in a forensically sound manner.The evaluation result is compared with other relevant works and,as a result,the proposed solution provides a privacy-preserving,efficient forensic imaging and analysis process while having also sufficient methods.Moreover,the AFF4 forensic image,produced by the SIM module,can be analyzed not only by SAM,but also by other well-known analysis tools available on the market.展开更多
Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of se...Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.展开更多
Author Profiling (AP) is a subsection of digital forensics that focuses on the detection of the author’s personalinformation, such as age, gender, occupation, and education, based on various linguistic features, e.g....Author Profiling (AP) is a subsection of digital forensics that focuses on the detection of the author’s personalinformation, such as age, gender, occupation, and education, based on various linguistic features, e.g., stylistic,semantic, and syntactic. The importance of AP lies in various fields, including forensics, security, medicine, andmarketing. In previous studies, many works have been done using different languages, e.g., English, Arabic, French,etc.However, the research on RomanUrdu is not up to the mark.Hence, this study focuses on detecting the author’sage and gender based on Roman Urdu text messages. The dataset used in this study is Fire’18-MaponSMS. Thisstudy proposed an ensemble model based on AdaBoostM1 and Random Forest (AMBRF) for AP using multiplelinguistic features that are stylistic, character-based, word-based, and sentence-based. The proposed model iscontrasted with several of the well-known models fromthe literature, including J48-Decision Tree (J48),Na飗e Bays(NB), K Nearest Neighbor (KNN), and Composite Hypercube on Random Projection (CHIRP), NB-Updatable,RF, and AdaboostM1. The overall outcome shows the better performance of the proposed AdaboostM1 withRandom Forest (ABMRF) with an accuracy of 54.2857% for age prediction and 71.1429% for gender predictioncalculated on stylistic features. Regarding word-based features, age and gender were considered in 50.5714% and60%, respectively. On the other hand, KNN and CHIRP show the weakest performance using all the linguisticfeatures for age and gender prediction.展开更多
Advances in technology require upgrades in the law. One such area involves data brokers, which have thus far gone unregulated. Data brokers use artificial intelligence to aggregate information into data profiles about...Advances in technology require upgrades in the law. One such area involves data brokers, which have thus far gone unregulated. Data brokers use artificial intelligence to aggregate information into data profiles about individual Americans derived from consumer use of the internet and connected devices. Data profiles are then sold for profit. Government investigators use a legal loophole to purchase this data instead of obtaining a search warrant, which the Fourth Amendment would otherwise require. Consumers have lacked a reasonable means to fight or correct the information data brokers collect. Americans may not even be aware of the risks of data aggregation, which upends the test of reasonable expectations used in a search warrant analysis. Data aggregation should be controlled and regulated, which is the direction some privacy laws take. Legislatures must step forward to safeguard against shadowy data-profiling practices, whether abroad or at home. In the meantime, courts can modify their search warrant analysis by including data privacy principles.展开更多
Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possi...Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possible to acquire a physical or logical image of these devices. Acquiring physical and logical images has advantages and disadvantages compared to each other. Creating the logical image is done at the file system level. Analysis can be made on this logical image. Both logical image acquisition and analysis of the image can be done by software tools. In this study, the differences between logical image and physical image acquisition in Android smartphones, their advantages and disadvantages compared to each other, the difficulties that may be encountered in obtaining physical images, which type of image contributes to obtaining more useful and effective data, which one should be preferred for different conditions, and the benefits of having root authority are discussed. The practice of getting the logical image of the Android smartphones and making an analysis on the image is also included. Although root privileges are not required for logical image acquisition, it has been observed that very limited data will be obtained with the logical image created without root privileges. Nevertheless, logical image acquisition has advantages too against physical image acquisition.展开更多
Recently,the technology of digital image forgery based on a generative adversarial network(GAN)has considerably improved to the extent that it is difficult to distinguish it from the original image with the naked eye ...Recently,the technology of digital image forgery based on a generative adversarial network(GAN)has considerably improved to the extent that it is difficult to distinguish it from the original image with the naked eye by compositing and editing a person’s face or a specific part with the original image.Thus,much attention has been paid to digital image forgery as a social issue.Further,document forgery through GANs can completely change the meaning and context in a document,and it is difficult to identify whether the document is forged or not,which is dangerous.Nonetheless,few studies have been conducted on document forgery and new forgery-related attacks have emerged daily.Therefore,in this study,we propose a novel convolutional neural network(CNN)forensic discriminator that can detect forged text or numeric images by GANs using CNNs,which have been widely used in image classification for many years.To strengthen the detection performance of the proposed CNN forensic discriminator,CNN was trained after image preprocessing,including salt and pepper as well asGaussian noises.Moreover,we performed CNN optimization to make existing CNN more suitable for forged text or numeric image detection,which have mainly focused on the discrimination of forged faces to date.The test evaluation results using Hangul texts and numbers showed that the accuracy of forgery discrimination of the proposed method was significantly improved by 20%in Hangul texts and 5%in numbers compared with that of existing state-of-the-art methods,which proved the proposed model performance superiority and verified that it could be a useful tool in reducing crime potential.展开更多
Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them h...Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them have shortcomings in real criminal investigation.To overcome the weakness,this paper designs a web page forensic scheme to snapshot the pages from web servers with the help of web spider.Also,it designs several steps to improve the trustworthiness of these pages.All the pages will be dumped in local database which can be presented as reliable evidence on the court.展开更多
In all phases of forensic investigation, digital evidence is exposed to external influences and coming into contact with many factors. Legal admissibility of digital evidence is the ability of that evidence being acce...In all phases of forensic investigation, digital evidence is exposed to external influences and coming into contact with many factors. Legal admissibility of digital evidence is the ability of that evidence being accepted as evidence in a court of law. Life cycle of digital evidence is very complex. In each stage there is more impact that can violate a chain of custody and its integrity. Contact with different variables occurs through a life cycle of digital evidence and can disrupt its integrity. In order for the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly came into contact with evidence in each stage of the investigation. This paper presents a dynamics and life cycle of digital evidence. The Petri nets will be proposed and used for modeling and simulation of this process.展开更多
As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it ma...As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.展开更多
The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typica...The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.展开更多
基金supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2024-RS-2024-00437494)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.
基金Prince Sultan University for funding this publication’s Article Process Charges(APC).
文摘Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)have shown promise in solving this problem,but their performance highly depends on the choice of hyperparameters.In this paper,we explore the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification.We conduct experiments using a Hyper Tuned CNN model with three popular optimization algorithms:Adaptive Moment Estimation(ADAM),StochasticGradientDescent(SGD),andRoot Mean Squared Propagation(RMSPROP).The model is trained and tested on a dataset of text samples collected from various authors,and the performance is evaluated using accuracy,precision,recall,and F1 score.We compare the performance of the three optimization algorithms and demonstrate the effectiveness of hyperparameter tuning in improving the accuracy of the CNN model.Our results show that the Hyper Tuned CNN model with ADAM Optimizer achieves the highest accuracy of up to 90%.Furthermore,we demonstrate that hyperparameter tuning can help achieve significant performance improvements,even using a relatively simple model architecture like CNNs.Our findings suggest that the choice of the optimization algorithm is a crucial factor in the performance of CNNs for authorship verification and that hyperparameter tuning can be an effective way to optimize this choice.Overall,this paper demonstrates the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification in digital forensic investigations.Our findings have important implications for developing accurate and reliable authorship verification systems,which are crucial for various applications in digital forensics,such as identifying the author of anonymous threatening messages or detecting cases of plagiarism.
文摘Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinations regarding IoT frameworks. The existing digital forensic applications have effectively held back efforts to align the IoT with digital forensic strategies. This is because the forensic applications are ill-suited to the highly complex IoT frameworks and would, therefore, struggle to amass, analyze and test the necessary evidence that would be required by a court. As such, there is a need to develop a suitable forensic framework to facilitate forensic investigations in IoT settings. Nor has considerable progress been made in terms of collecting and saving network and server logs from IoT settings to enable examinations. Consequently, this study sets out to develop and test the FB system which is a lightweight forensic framework capable of improving the scope of investigations in IoT environments. The FB system can organize the management of various IoT devices found in a smart apartment, all of which is controlled by the owner’s smart watch. This will help to perform useful functions, automate the decision-making process, and ensure that the system remains secure. A Java app is utilized to simulate the FB system, learning the user’s requirements and security expectations when installed and employing the MySQL server as a means of logging the communications of the various IoT devices.
文摘Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.
文摘Computer system's runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ignored. We present a novel approach on runtime instruction forensic analysis and have developed a forensic system which collects instruction flow and extracts digital evidence. The system is based on whole-system emulation technique and analysts are allowed to define analysis strategy to improve analysis efficiency and reduce overhead. This forensic approach and system are applicable to binary code analysis, information retrieval and matware forensics.
文摘Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.
基金This research was supported by the Korea Institute for Advancement of Technology(KIAT)Grant Funded by the Korea Government(MOTIE)(P0012724,The Competency Development Program for Industry Specialist)and the Soonchunhyang University Research Fund.
文摘In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.
文摘This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.
文摘Unlike conventional forensics,digital forensics does not at present generally quantify the results of its investigations.It is suggested that digital forensics should aim to catch up with other forensic disciplines by using Bayesian and other numerical methodologies to quantify its investigations’results.Assessing the plausibility of alternative hypotheses(or propositions,or claims)which explain how recovered digital evidence came to exist on a device could assist both the prosecution and the defence sides in criminal proceedings:helping the prosecution to decide whether to proceed to trial and helping defence lawyers to advise a defendant how to plead.This paper reviews some numerical approaches to the goal of quantifying the relative weights of individual items of digital evidence and the plausibility of hypotheses based on that evidence.The potential advantages enabling the construction of cost-effective digital forensic triage schemas are also outlined.
基金supported by grants from the National Key Research and Development Program of China[grant number 2016YFC0800705]the Shanghai Forensic Service Platform[grant number 16DZ2290900]the Shanghai Key Laboratory of Forensic Medicine[grant number 17DZ2273200].
文摘As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial system must be assured of its accuracy,reliability,and verifiability,which can be assured by accreditation.This paper focuses on a comparison of the evolution of the accreditation of digital forensics internationally and domestically,discusses the existing problems that such accreditation encounters,and proposes the corresponding solutions.Moreover,this paper discusses the future of digital forensic laboratory accreditation and its implementation.
基金The authors extend their appreciation to the Deanship of Scientific Research at King Saud University for funding this work through research group no(RG-1441-531).
文摘Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreover,the collected forensic data cannot be analyzed using existing well-known digital tools.This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB)privacy guidelines.To have an efficient investigation process and meet the increased volume of data,the presented framework is designed based on the selective imaging concept and advanced encryption standard(AES).The proposed framework has two main modules,namely Selective Imaging Module(SIM)and Selective Analysis Module(SAM).The SIM and SAM modules are implemented based on advanced forensic format 4(AFF4)and SleuthKit open source forensics frameworks,respectively,and,accordingly,the proposed framework is evaluated in a forensically sound manner.The evaluation result is compared with other relevant works and,as a result,the proposed solution provides a privacy-preserving,efficient forensic imaging and analysis process while having also sufficient methods.Moreover,the AFF4 forensic image,produced by the SIM module,can be analyzed not only by SAM,but also by other well-known analysis tools available on the market.
基金supported by the National Natural Science Foundation of China under Grant No.60903166 the National High Technology Research and Development Program of China(863 Program) under Grants No.2012AA012506,No.2012AA012901,No.2012AA012903+9 种基金 Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032 the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065 the Opening Project of Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security) under Grant No.C13613 the China Postdoctoral Science Foundation General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012 the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24 the Beijing Municipal Natural Science Foundation Sponsored by Hunan Postdoctoral Scientific Program Open Research Fund of Beijing Key Laboratory of Trusted Computing Funds for the Central Universities, Contract No.2012JBM030
文摘Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.
基金the support of Prince Sultan University for the Article Processing Charges(APC)of this publication。
文摘Author Profiling (AP) is a subsection of digital forensics that focuses on the detection of the author’s personalinformation, such as age, gender, occupation, and education, based on various linguistic features, e.g., stylistic,semantic, and syntactic. The importance of AP lies in various fields, including forensics, security, medicine, andmarketing. In previous studies, many works have been done using different languages, e.g., English, Arabic, French,etc.However, the research on RomanUrdu is not up to the mark.Hence, this study focuses on detecting the author’sage and gender based on Roman Urdu text messages. The dataset used in this study is Fire’18-MaponSMS. Thisstudy proposed an ensemble model based on AdaBoostM1 and Random Forest (AMBRF) for AP using multiplelinguistic features that are stylistic, character-based, word-based, and sentence-based. The proposed model iscontrasted with several of the well-known models fromthe literature, including J48-Decision Tree (J48),Na飗e Bays(NB), K Nearest Neighbor (KNN), and Composite Hypercube on Random Projection (CHIRP), NB-Updatable,RF, and AdaboostM1. The overall outcome shows the better performance of the proposed AdaboostM1 withRandom Forest (ABMRF) with an accuracy of 54.2857% for age prediction and 71.1429% for gender predictioncalculated on stylistic features. Regarding word-based features, age and gender were considered in 50.5714% and60%, respectively. On the other hand, KNN and CHIRP show the weakest performance using all the linguisticfeatures for age and gender prediction.
文摘Advances in technology require upgrades in the law. One such area involves data brokers, which have thus far gone unregulated. Data brokers use artificial intelligence to aggregate information into data profiles about individual Americans derived from consumer use of the internet and connected devices. Data profiles are then sold for profit. Government investigators use a legal loophole to purchase this data instead of obtaining a search warrant, which the Fourth Amendment would otherwise require. Consumers have lacked a reasonable means to fight or correct the information data brokers collect. Americans may not even be aware of the risks of data aggregation, which upends the test of reasonable expectations used in a search warrant analysis. Data aggregation should be controlled and regulated, which is the direction some privacy laws take. Legislatures must step forward to safeguard against shadowy data-profiling practices, whether abroad or at home. In the meantime, courts can modify their search warrant analysis by including data privacy principles.
文摘Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possible to acquire a physical or logical image of these devices. Acquiring physical and logical images has advantages and disadvantages compared to each other. Creating the logical image is done at the file system level. Analysis can be made on this logical image. Both logical image acquisition and analysis of the image can be done by software tools. In this study, the differences between logical image and physical image acquisition in Android smartphones, their advantages and disadvantages compared to each other, the difficulties that may be encountered in obtaining physical images, which type of image contributes to obtaining more useful and effective data, which one should be preferred for different conditions, and the benefits of having root authority are discussed. The practice of getting the logical image of the Android smartphones and making an analysis on the image is also included. Although root privileges are not required for logical image acquisition, it has been observed that very limited data will be obtained with the logical image created without root privileges. Nevertheless, logical image acquisition has advantages too against physical image acquisition.
基金This research was funded by a National Research Foundation of Korea(NRF)grant funded by the Korean government(MOE)(No.2021R1I1A3055973)the Soonchunhyang University Research Fund。
文摘Recently,the technology of digital image forgery based on a generative adversarial network(GAN)has considerably improved to the extent that it is difficult to distinguish it from the original image with the naked eye by compositing and editing a person’s face or a specific part with the original image.Thus,much attention has been paid to digital image forgery as a social issue.Further,document forgery through GANs can completely change the meaning and context in a document,and it is difficult to identify whether the document is forged or not,which is dangerous.Nonetheless,few studies have been conducted on document forgery and new forgery-related attacks have emerged daily.Therefore,in this study,we propose a novel convolutional neural network(CNN)forensic discriminator that can detect forged text or numeric images by GANs using CNNs,which have been widely used in image classification for many years.To strengthen the detection performance of the proposed CNN forensic discriminator,CNN was trained after image preprocessing,including salt and pepper as well asGaussian noises.Moreover,we performed CNN optimization to make existing CNN more suitable for forged text or numeric image detection,which have mainly focused on the discrimination of forged faces to date.The test evaluation results using Hangul texts and numbers showed that the accuracy of forgery discrimination of the proposed method was significantly improved by 20%in Hangul texts and 5%in numbers compared with that of existing state-of-the-art methods,which proved the proposed model performance superiority and verified that it could be a useful tool in reducing crime potential.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61272540)the National Basic Research Program of China(973 Program)(Grant No.2013CB329604)+3 种基金the National High Technology Research and Development Program of China(Grant No.2012AA011005)the Natural Science Foundation of Anhui Province,China(Grant No.11040606M138 and No.1208085MF101)the Specialized Research Fund for the Doctoral Program of Higher Education of China(Grant No.2011JYXJ1498)the Fundamental Research Funds for the Central Universities(Grant No.2011HGQC1012)
文摘Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them have shortcomings in real criminal investigation.To overcome the weakness,this paper designs a web page forensic scheme to snapshot the pages from web servers with the help of web spider.Also,it designs several steps to improve the trustworthiness of these pages.All the pages will be dumped in local database which can be presented as reliable evidence on the court.
文摘In all phases of forensic investigation, digital evidence is exposed to external influences and coming into contact with many factors. Legal admissibility of digital evidence is the ability of that evidence being accepted as evidence in a court of law. Life cycle of digital evidence is very complex. In each stage there is more impact that can violate a chain of custody and its integrity. Contact with different variables occurs through a life cycle of digital evidence and can disrupt its integrity. In order for the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly came into contact with evidence in each stage of the investigation. This paper presents a dynamics and life cycle of digital evidence. The Petri nets will be proposed and used for modeling and simulation of this process.
文摘As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.
基金supported by NSFC(No.61702429)Sichuan Science and Technology Program(No.19yyjc1656).
文摘The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.