Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinat...Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinations regarding IoT frameworks. The existing digital forensic applications have effectively held back efforts to align the IoT with digital forensic strategies. This is because the forensic applications are ill-suited to the highly complex IoT frameworks and would, therefore, struggle to amass, analyze and test the necessary evidence that would be required by a court. As such, there is a need to develop a suitable forensic framework to facilitate forensic investigations in IoT settings. Nor has considerable progress been made in terms of collecting and saving network and server logs from IoT settings to enable examinations. Consequently, this study sets out to develop and test the FB system which is a lightweight forensic framework capable of improving the scope of investigations in IoT environments. The FB system can organize the management of various IoT devices found in a smart apartment, all of which is controlled by the owner’s smart watch. This will help to perform useful functions, automate the decision-making process, and ensure that the system remains secure. A Java app is utilized to simulate the FB system, learning the user’s requirements and security expectations when installed and employing the MySQL server as a means of logging the communications of the various IoT devices.展开更多
Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.A...Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.展开更多
In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts pers...In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.展开更多
This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introd...This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.展开更多
Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)h...Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)have shown promise in solving this problem,but their performance highly depends on the choice of hyperparameters.In this paper,we explore the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification.We conduct experiments using a Hyper Tuned CNN model with three popular optimization algorithms:Adaptive Moment Estimation(ADAM),StochasticGradientDescent(SGD),andRoot Mean Squared Propagation(RMSPROP).The model is trained and tested on a dataset of text samples collected from various authors,and the performance is evaluated using accuracy,precision,recall,and F1 score.We compare the performance of the three optimization algorithms and demonstrate the effectiveness of hyperparameter tuning in improving the accuracy of the CNN model.Our results show that the Hyper Tuned CNN model with ADAM Optimizer achieves the highest accuracy of up to 90%.Furthermore,we demonstrate that hyperparameter tuning can help achieve significant performance improvements,even using a relatively simple model architecture like CNNs.Our findings suggest that the choice of the optimization algorithm is a crucial factor in the performance of CNNs for authorship verification and that hyperparameter tuning can be an effective way to optimize this choice.Overall,this paper demonstrates the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification in digital forensic investigations.Our findings have important implications for developing accurate and reliable authorship verification systems,which are crucial for various applications in digital forensics,such as identifying the author of anonymous threatening messages or detecting cases of plagiarism.展开更多
As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial s...As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial system must be assured of its accuracy,reliability,and verifiability,which can be assured by accreditation.This paper focuses on a comparison of the evolution of the accreditation of digital forensics internationally and domestically,discusses the existing problems that such accreditation encounters,and proposes the corresponding solutions.Moreover,this paper discusses the future of digital forensic laboratory accreditation and its implementation.展开更多
Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreov...Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreover,the collected forensic data cannot be analyzed using existing well-known digital tools.This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB)privacy guidelines.To have an efficient investigation process and meet the increased volume of data,the presented framework is designed based on the selective imaging concept and advanced encryption standard(AES).The proposed framework has two main modules,namely Selective Imaging Module(SIM)and Selective Analysis Module(SAM).The SIM and SAM modules are implemented based on advanced forensic format 4(AFF4)and SleuthKit open source forensics frameworks,respectively,and,accordingly,the proposed framework is evaluated in a forensically sound manner.The evaluation result is compared with other relevant works and,as a result,the proposed solution provides a privacy-preserving,efficient forensic imaging and analysis process while having also sufficient methods.Moreover,the AFF4 forensic image,produced by the SIM module,can be analyzed not only by SAM,but also by other well-known analysis tools available on the market.展开更多
Author Profiling (AP) is a subsection of digital forensics that focuses on the detection of the author’s personalinformation, such as age, gender, occupation, and education, based on various linguistic features, e.g....Author Profiling (AP) is a subsection of digital forensics that focuses on the detection of the author’s personalinformation, such as age, gender, occupation, and education, based on various linguistic features, e.g., stylistic,semantic, and syntactic. The importance of AP lies in various fields, including forensics, security, medicine, andmarketing. In previous studies, many works have been done using different languages, e.g., English, Arabic, French,etc.However, the research on RomanUrdu is not up to the mark.Hence, this study focuses on detecting the author’sage and gender based on Roman Urdu text messages. The dataset used in this study is Fire’18-MaponSMS. Thisstudy proposed an ensemble model based on AdaBoostM1 and Random Forest (AMBRF) for AP using multiplelinguistic features that are stylistic, character-based, word-based, and sentence-based. The proposed model iscontrasted with several of the well-known models fromthe literature, including J48-Decision Tree (J48),Na飗e Bays(NB), K Nearest Neighbor (KNN), and Composite Hypercube on Random Projection (CHIRP), NB-Updatable,RF, and AdaboostM1. The overall outcome shows the better performance of the proposed AdaboostM1 withRandom Forest (ABMRF) with an accuracy of 54.2857% for age prediction and 71.1429% for gender predictioncalculated on stylistic features. Regarding word-based features, age and gender were considered in 50.5714% and60%, respectively. On the other hand, KNN and CHIRP show the weakest performance using all the linguisticfeatures for age and gender prediction.展开更多
Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possi...Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possible to acquire a physical or logical image of these devices. Acquiring physical and logical images has advantages and disadvantages compared to each other. Creating the logical image is done at the file system level. Analysis can be made on this logical image. Both logical image acquisition and analysis of the image can be done by software tools. In this study, the differences between logical image and physical image acquisition in Android smartphones, their advantages and disadvantages compared to each other, the difficulties that may be encountered in obtaining physical images, which type of image contributes to obtaining more useful and effective data, which one should be preferred for different conditions, and the benefits of having root authority are discussed. The practice of getting the logical image of the Android smartphones and making an analysis on the image is also included. Although root privileges are not required for logical image acquisition, it has been observed that very limited data will be obtained with the logical image created without root privileges. Nevertheless, logical image acquisition has advantages too against physical image acquisition.展开更多
Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them h...Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them have shortcomings in real criminal investigation.To overcome the weakness,this paper designs a web page forensic scheme to snapshot the pages from web servers with the help of web spider.Also,it designs several steps to improve the trustworthiness of these pages.All the pages will be dumped in local database which can be presented as reliable evidence on the court.展开更多
As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it ma...As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.展开更多
The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typica...The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.展开更多
This paper addressed the current state of police officers’ capabilities, skills, and their readiness to deal with the developments of cybercrime. This study discussed definition of cybercrime, cybercrime categories a...This paper addressed the current state of police officers’ capabilities, skills, and their readiness to deal with the developments of cybercrime. This study discussed definition of cybercrime, cybercrime categories as well as comparison between traditional criminal techniques and cybercrime. As the abilities and skills required for detectives to investigate cybercrime have been discussed. Additionally, literature review and related work, was addressed challenges role of the police in combating cybercrime and facing cybercrime policing. We proposed the main tool in the study which is “Checklist of essential skills for a cybercrime investigator”. Thus, to gain the ability to Identify technical and practical requirements in terms of skills, programs, and equipment to achieve effective and professional results in fight cybercrimes.展开更多
Recently,the technology of digital image forgery based on a generative adversarial network(GAN)has considerably improved to the extent that it is difficult to distinguish it from the original image with the naked eye ...Recently,the technology of digital image forgery based on a generative adversarial network(GAN)has considerably improved to the extent that it is difficult to distinguish it from the original image with the naked eye by compositing and editing a person’s face or a specific part with the original image.Thus,much attention has been paid to digital image forgery as a social issue.Further,document forgery through GANs can completely change the meaning and context in a document,and it is difficult to identify whether the document is forged or not,which is dangerous.Nonetheless,few studies have been conducted on document forgery and new forgery-related attacks have emerged daily.Therefore,in this study,we propose a novel convolutional neural network(CNN)forensic discriminator that can detect forged text or numeric images by GANs using CNNs,which have been widely used in image classification for many years.To strengthen the detection performance of the proposed CNN forensic discriminator,CNN was trained after image preprocessing,including salt and pepper as well asGaussian noises.Moreover,we performed CNN optimization to make existing CNN more suitable for forged text or numeric image detection,which have mainly focused on the discrimination of forged faces to date.The test evaluation results using Hangul texts and numbers showed that the accuracy of forgery discrimination of the proposed method was significantly improved by 20%in Hangul texts and 5%in numbers compared with that of existing state-of-the-art methods,which proved the proposed model performance superiority and verified that it could be a useful tool in reducing crime potential.展开更多
Because of the widespread of Trojans,organizations and Internet users become more vulnerable to the threat of information leakage.This paper describes an information leakage detection system( ILDS) to detect sensitive...Because of the widespread of Trojans,organizations and Internet users become more vulnerable to the threat of information leakage.This paper describes an information leakage detection system( ILDS) to detect sensitive information leakage caused by Trojan.In particular,the principles of the system are based on the analysis of net-flows in four perspectives: heartbeat behavior analysis,DNS abnormal analysis,uploaddownload ratio and content analysis.Heartbeat behavior analysis and DNS abnormal analysis are used to detect the existence of Trojans while upload-download ratio and content analysis can quickly detect when the information leakage happens.Experiments indicate that the system is reliable and efficient in detecting information leakage.The system can also help to collect and preserve digital evidence when information leakage incident occurs.展开更多
In the image steganalysis,the training samples often determine the performance of the model when the features and classification are in the same condition.However the existing research on steganalysis lacks the in-dep...In the image steganalysis,the training samples often determine the performance of the model when the features and classification are in the same condition.However the existing research on steganalysis lacks the in-depth study of the classifier's training method which may deeply influence the detection performance.This paper provides an optimization of universal steganalysis based on the boundary samples classification concerning about image steganalysis.This paper proposes a strategy of selecting boundary samples in steganalysis and divides the training samples into good samples,poor samples and boundary samples three categories and then chose the optimal threshold to get boundary samples through experiments.The experimental results show the effectiveness of boundary sample,which dramatically improve detection capability especially for the low embedding rate Stego-image.展开更多
Content aware image resizing(CAIR)is an excellent technology used widely for image retarget.It can also be used to tamper with images and bring the trust crisis of image content to the public.Once an image is processe...Content aware image resizing(CAIR)is an excellent technology used widely for image retarget.It can also be used to tamper with images and bring the trust crisis of image content to the public.Once an image is processed by CAIR,the correlation of local neighborhood pixels will be destructive.Although local binary patterns(LBP)can effectively describe the local texture,it however cannot describe the magnitude information of local neighborhood pixels and is also vulnerable to noise.Therefore,to deal with the detection of CAIR,a novel forensic method based on improved local ternary patterns(ILTP)feature and gradient energy feature(GEF)is proposed in this paper.Firstly,the adaptive threshold of the original local ternary patterns(LTP)operator is improved,and the ILTP operator is used to describe the change of correlation among local neighborhood pixels caused by CAIR.Secondly,the histogram features of ILTP and the gradient energy features are extracted from the candidate image for CAIR forgery detection.Then,the ILTP features and the gradient energy features are concatenated into the combined features,and the combined features are used to train classifier.Finally support vector machine(SVM)is exploited as a classifier to be trained and tested by the above features in order to distinguish whether an image is subjected to CAIR or not.The candidate images are extracted from uncompressed color image database(UCID),then the training and testing sets are created.The experimental results with many test images show that the proposed method can detect CAIR tampering effectively,and that its performance is improved compared with other methods.It can achieve a better performance than the state-of-the-art approaches.展开更多
The Enhanced Complexity Model( ECM) developed previously has been further extended to produce a Motivationally Enhanced Complexity Model( MECM) which enables the degree of motivation,capability and opportunity of a hy...The Enhanced Complexity Model( ECM) developed previously has been further extended to produce a Motivationally Enhanced Complexity Model( MECM) which enables the degree of motivation,capability and opportunity of a hypothetical Trojan Horse author to be included in quantifying the relative plausibility of competing explanations for the existence of uncontested digital evidence.This new model has been applied to the case of the Trojan Horse defence( THD) against the possession of child pornography.Our results demonstrate that the THD in this case cannot be plausibly sustained unless it can be shown that an ‘off-theshelf'( OTS) Trojan Horse for this task is available and it is not detectable by the target computer,at the material time.展开更多
With the growth of digital media data manipulation in today’s era due to the availability of readily handy tampering software,the authenticity of records is at high risk,especially in video.There is a dire need to de...With the growth of digital media data manipulation in today’s era due to the availability of readily handy tampering software,the authenticity of records is at high risk,especially in video.There is a dire need to detect such problem and do the necessary actions.In this work,we propose an approach to detect the interframe video forgery utilizing the deep features obtained from the parallel deep neural network model and thorough analytical computations.The proposed approach only uses the deep features extracted from the CNN model and then applies the conventional mathematical approach to these features to find the forgery in the video.This work calculates the correlation coefficient from the deep features of the adjacent frames rather than calculating directly from the frames.We divide the procedure of forgery detection into two phases–video forgery detection and video forgery classification.In video forgery detection,this approach detect input video is original or tampered.If the video is not original,then the video is checked in the next phase,which is video forgery classification.In the video forgery classification,method review the forged video for insertion forgery,deletion forgery,and also again check for originality.The proposed work is generalized and it is tested on two different datasets.The experimental results of our proposed model show that our approach can detect the forgery with the accuracy of 91%on VIFFD dataset,90%in TDTV dataset and classify the type of forgery–insertion and deletion with the accuracy of 82%on VIFFD dataset,86%on TDTV dataset.This work can helps in the analysis of original and tempered video in various domain.展开更多
Increasingly advanced image processing technology has made digital image editing easier and easier.With image processing software at one’s fingertips,one can easily alter the content of an image,and the altered image...Increasingly advanced image processing technology has made digital image editing easier and easier.With image processing software at one’s fingertips,one can easily alter the content of an image,and the altered image is so realistic that it is illegible to the naked eye.These tampered images have posed a serious threat to personal privacy,social order,and national security.Therefore,detecting and locating tampered areas in images has important practical significance,and has become an important research topic in the field of multimedia information security.In recent years,deep learning technology has been widely used in image tampering localization,and the achieved performance has significantly surpassed traditional tampering forensics methods.This paper mainly sorts out the relevant knowledge and latest methods in the field of image tampering detection based on deep learning.According to the two types of tampering detection based on deep learning,the detection tasks of the method are detailed separately,and the problems and future prospects in this field are discussed.It is quite different from the existing work:(1)This paper mainly focuses on the problem of image tampering detection,so it does not elaborate on various forensic methods.(2)This paper focuses on the detectionmethod of image tampering based on deep learning.(3)This paper is driven by the needs of tampering targets,so it pays more attention to sorting out methods for different tampering detection tasks.展开更多
文摘Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinations regarding IoT frameworks. The existing digital forensic applications have effectively held back efforts to align the IoT with digital forensic strategies. This is because the forensic applications are ill-suited to the highly complex IoT frameworks and would, therefore, struggle to amass, analyze and test the necessary evidence that would be required by a court. As such, there is a need to develop a suitable forensic framework to facilitate forensic investigations in IoT settings. Nor has considerable progress been made in terms of collecting and saving network and server logs from IoT settings to enable examinations. Consequently, this study sets out to develop and test the FB system which is a lightweight forensic framework capable of improving the scope of investigations in IoT environments. The FB system can organize the management of various IoT devices found in a smart apartment, all of which is controlled by the owner’s smart watch. This will help to perform useful functions, automate the decision-making process, and ensure that the system remains secure. A Java app is utilized to simulate the FB system, learning the user’s requirements and security expectations when installed and employing the MySQL server as a means of logging the communications of the various IoT devices.
文摘Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.
基金This research was supported by the Korea Institute for Advancement of Technology(KIAT)Grant Funded by the Korea Government(MOTIE)(P0012724,The Competency Development Program for Industry Specialist)and the Soonchunhyang University Research Fund.
文摘In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.
文摘This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.
基金Prince Sultan University for funding this publication’s Article Process Charges(APC).
文摘Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)have shown promise in solving this problem,but their performance highly depends on the choice of hyperparameters.In this paper,we explore the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification.We conduct experiments using a Hyper Tuned CNN model with three popular optimization algorithms:Adaptive Moment Estimation(ADAM),StochasticGradientDescent(SGD),andRoot Mean Squared Propagation(RMSPROP).The model is trained and tested on a dataset of text samples collected from various authors,and the performance is evaluated using accuracy,precision,recall,and F1 score.We compare the performance of the three optimization algorithms and demonstrate the effectiveness of hyperparameter tuning in improving the accuracy of the CNN model.Our results show that the Hyper Tuned CNN model with ADAM Optimizer achieves the highest accuracy of up to 90%.Furthermore,we demonstrate that hyperparameter tuning can help achieve significant performance improvements,even using a relatively simple model architecture like CNNs.Our findings suggest that the choice of the optimization algorithm is a crucial factor in the performance of CNNs for authorship verification and that hyperparameter tuning can be an effective way to optimize this choice.Overall,this paper demonstrates the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification in digital forensic investigations.Our findings have important implications for developing accurate and reliable authorship verification systems,which are crucial for various applications in digital forensics,such as identifying the author of anonymous threatening messages or detecting cases of plagiarism.
基金supported by grants from the National Key Research and Development Program of China[grant number 2016YFC0800705]the Shanghai Forensic Service Platform[grant number 16DZ2290900]the Shanghai Key Laboratory of Forensic Medicine[grant number 17DZ2273200].
文摘As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial system must be assured of its accuracy,reliability,and verifiability,which can be assured by accreditation.This paper focuses on a comparison of the evolution of the accreditation of digital forensics internationally and domestically,discusses the existing problems that such accreditation encounters,and proposes the corresponding solutions.Moreover,this paper discusses the future of digital forensic laboratory accreditation and its implementation.
基金The authors extend their appreciation to the Deanship of Scientific Research at King Saud University for funding this work through research group no(RG-1441-531).
文摘Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreover,the collected forensic data cannot be analyzed using existing well-known digital tools.This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB)privacy guidelines.To have an efficient investigation process and meet the increased volume of data,the presented framework is designed based on the selective imaging concept and advanced encryption standard(AES).The proposed framework has two main modules,namely Selective Imaging Module(SIM)and Selective Analysis Module(SAM).The SIM and SAM modules are implemented based on advanced forensic format 4(AFF4)and SleuthKit open source forensics frameworks,respectively,and,accordingly,the proposed framework is evaluated in a forensically sound manner.The evaluation result is compared with other relevant works and,as a result,the proposed solution provides a privacy-preserving,efficient forensic imaging and analysis process while having also sufficient methods.Moreover,the AFF4 forensic image,produced by the SIM module,can be analyzed not only by SAM,but also by other well-known analysis tools available on the market.
基金the support of Prince Sultan University for the Article Processing Charges(APC)of this publication。
文摘Author Profiling (AP) is a subsection of digital forensics that focuses on the detection of the author’s personalinformation, such as age, gender, occupation, and education, based on various linguistic features, e.g., stylistic,semantic, and syntactic. The importance of AP lies in various fields, including forensics, security, medicine, andmarketing. In previous studies, many works have been done using different languages, e.g., English, Arabic, French,etc.However, the research on RomanUrdu is not up to the mark.Hence, this study focuses on detecting the author’sage and gender based on Roman Urdu text messages. The dataset used in this study is Fire’18-MaponSMS. Thisstudy proposed an ensemble model based on AdaBoostM1 and Random Forest (AMBRF) for AP using multiplelinguistic features that are stylistic, character-based, word-based, and sentence-based. The proposed model iscontrasted with several of the well-known models fromthe literature, including J48-Decision Tree (J48),Na飗e Bays(NB), K Nearest Neighbor (KNN), and Composite Hypercube on Random Projection (CHIRP), NB-Updatable,RF, and AdaboostM1. The overall outcome shows the better performance of the proposed AdaboostM1 withRandom Forest (ABMRF) with an accuracy of 54.2857% for age prediction and 71.1429% for gender predictioncalculated on stylistic features. Regarding word-based features, age and gender were considered in 50.5714% and60%, respectively. On the other hand, KNN and CHIRP show the weakest performance using all the linguisticfeatures for age and gender prediction.
文摘Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possible to acquire a physical or logical image of these devices. Acquiring physical and logical images has advantages and disadvantages compared to each other. Creating the logical image is done at the file system level. Analysis can be made on this logical image. Both logical image acquisition and analysis of the image can be done by software tools. In this study, the differences between logical image and physical image acquisition in Android smartphones, their advantages and disadvantages compared to each other, the difficulties that may be encountered in obtaining physical images, which type of image contributes to obtaining more useful and effective data, which one should be preferred for different conditions, and the benefits of having root authority are discussed. The practice of getting the logical image of the Android smartphones and making an analysis on the image is also included. Although root privileges are not required for logical image acquisition, it has been observed that very limited data will be obtained with the logical image created without root privileges. Nevertheless, logical image acquisition has advantages too against physical image acquisition.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61272540)the National Basic Research Program of China(973 Program)(Grant No.2013CB329604)+3 种基金the National High Technology Research and Development Program of China(Grant No.2012AA011005)the Natural Science Foundation of Anhui Province,China(Grant No.11040606M138 and No.1208085MF101)the Specialized Research Fund for the Doctoral Program of Higher Education of China(Grant No.2011JYXJ1498)the Fundamental Research Funds for the Central Universities(Grant No.2011HGQC1012)
文摘Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them have shortcomings in real criminal investigation.To overcome the weakness,this paper designs a web page forensic scheme to snapshot the pages from web servers with the help of web spider.Also,it designs several steps to improve the trustworthiness of these pages.All the pages will be dumped in local database which can be presented as reliable evidence on the court.
文摘As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.
基金supported by NSFC(No.61702429)Sichuan Science and Technology Program(No.19yyjc1656).
文摘The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.
文摘This paper addressed the current state of police officers’ capabilities, skills, and their readiness to deal with the developments of cybercrime. This study discussed definition of cybercrime, cybercrime categories as well as comparison between traditional criminal techniques and cybercrime. As the abilities and skills required for detectives to investigate cybercrime have been discussed. Additionally, literature review and related work, was addressed challenges role of the police in combating cybercrime and facing cybercrime policing. We proposed the main tool in the study which is “Checklist of essential skills for a cybercrime investigator”. Thus, to gain the ability to Identify technical and practical requirements in terms of skills, programs, and equipment to achieve effective and professional results in fight cybercrimes.
基金This research was funded by a National Research Foundation of Korea(NRF)grant funded by the Korean government(MOE)(No.2021R1I1A3055973)the Soonchunhyang University Research Fund。
文摘Recently,the technology of digital image forgery based on a generative adversarial network(GAN)has considerably improved to the extent that it is difficult to distinguish it from the original image with the naked eye by compositing and editing a person’s face or a specific part with the original image.Thus,much attention has been paid to digital image forgery as a social issue.Further,document forgery through GANs can completely change the meaning and context in a document,and it is difficult to identify whether the document is forged or not,which is dangerous.Nonetheless,few studies have been conducted on document forgery and new forgery-related attacks have emerged daily.Therefore,in this study,we propose a novel convolutional neural network(CNN)forensic discriminator that can detect forged text or numeric images by GANs using CNNs,which have been widely used in image classification for many years.To strengthen the detection performance of the proposed CNN forensic discriminator,CNN was trained after image preprocessing,including salt and pepper as well asGaussian noises.Moreover,we performed CNN optimization to make existing CNN more suitable for forged text or numeric image detection,which have mainly focused on the discrimination of forged faces to date.The test evaluation results using Hangul texts and numbers showed that the accuracy of forgery discrimination of the proposed method was significantly improved by 20%in Hangul texts and 5%in numbers compared with that of existing state-of-the-art methods,which proved the proposed model performance superiority and verified that it could be a useful tool in reducing crime potential.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61272500)the National High Technology Research and Development Program of China(Grant No.2011AA010701)
文摘Because of the widespread of Trojans,organizations and Internet users become more vulnerable to the threat of information leakage.This paper describes an information leakage detection system( ILDS) to detect sensitive information leakage caused by Trojan.In particular,the principles of the system are based on the analysis of net-flows in four perspectives: heartbeat behavior analysis,DNS abnormal analysis,uploaddownload ratio and content analysis.Heartbeat behavior analysis and DNS abnormal analysis are used to detect the existence of Trojans while upload-download ratio and content analysis can quickly detect when the information leakage happens.Experiments indicate that the system is reliable and efficient in detecting information leakage.The system can also help to collect and preserve digital evidence when information leakage incident occurs.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61373169 and 61272453)Doctoral Fund of Ministry of Education of China(Grant No.0110141130006)
文摘In the image steganalysis,the training samples often determine the performance of the model when the features and classification are in the same condition.However the existing research on steganalysis lacks the in-depth study of the classifier's training method which may deeply influence the detection performance.This paper provides an optimization of universal steganalysis based on the boundary samples classification concerning about image steganalysis.This paper proposes a strategy of selecting boundary samples in steganalysis and divides the training samples into good samples,poor samples and boundary samples three categories and then chose the optimal threshold to get boundary samples through experiments.The experimental results show the effectiveness of boundary sample,which dramatically improve detection capability especially for the low embedding rate Stego-image.
文摘Content aware image resizing(CAIR)is an excellent technology used widely for image retarget.It can also be used to tamper with images and bring the trust crisis of image content to the public.Once an image is processed by CAIR,the correlation of local neighborhood pixels will be destructive.Although local binary patterns(LBP)can effectively describe the local texture,it however cannot describe the magnitude information of local neighborhood pixels and is also vulnerable to noise.Therefore,to deal with the detection of CAIR,a novel forensic method based on improved local ternary patterns(ILTP)feature and gradient energy feature(GEF)is proposed in this paper.Firstly,the adaptive threshold of the original local ternary patterns(LTP)operator is improved,and the ILTP operator is used to describe the change of correlation among local neighborhood pixels caused by CAIR.Secondly,the histogram features of ILTP and the gradient energy features are extracted from the candidate image for CAIR forgery detection.Then,the ILTP features and the gradient energy features are concatenated into the combined features,and the combined features are used to train classifier.Finally support vector machine(SVM)is exploited as a classifier to be trained and tested by the above features in order to distinguish whether an image is subjected to CAIR or not.The candidate images are extracted from uncompressed color image database(UCID),then the training and testing sets are created.The experimental results with many test images show that the proposed method can detect CAIR tampering effectively,and that its performance is improved compared with other methods.It can achieve a better performance than the state-of-the-art approaches.
文摘The Enhanced Complexity Model( ECM) developed previously has been further extended to produce a Motivationally Enhanced Complexity Model( MECM) which enables the degree of motivation,capability and opportunity of a hypothetical Trojan Horse author to be included in quantifying the relative plausibility of competing explanations for the existence of uncontested digital evidence.This new model has been applied to the case of the Trojan Horse defence( THD) against the possession of child pornography.Our results demonstrate that the THD in this case cannot be plausibly sustained unless it can be shown that an ‘off-theshelf'( OTS) Trojan Horse for this task is available and it is not detectable by the target computer,at the material time.
文摘With the growth of digital media data manipulation in today’s era due to the availability of readily handy tampering software,the authenticity of records is at high risk,especially in video.There is a dire need to detect such problem and do the necessary actions.In this work,we propose an approach to detect the interframe video forgery utilizing the deep features obtained from the parallel deep neural network model and thorough analytical computations.The proposed approach only uses the deep features extracted from the CNN model and then applies the conventional mathematical approach to these features to find the forgery in the video.This work calculates the correlation coefficient from the deep features of the adjacent frames rather than calculating directly from the frames.We divide the procedure of forgery detection into two phases–video forgery detection and video forgery classification.In video forgery detection,this approach detect input video is original or tampered.If the video is not original,then the video is checked in the next phase,which is video forgery classification.In the video forgery classification,method review the forged video for insertion forgery,deletion forgery,and also again check for originality.The proposed work is generalized and it is tested on two different datasets.The experimental results of our proposed model show that our approach can detect the forgery with the accuracy of 91%on VIFFD dataset,90%in TDTV dataset and classify the type of forgery–insertion and deletion with the accuracy of 82%on VIFFD dataset,86%on TDTV dataset.This work can helps in the analysis of original and tempered video in various domain.
基金supported by Key Projects of Innovation and Entrepreneurship Training Program for College Students in Jiangsu Province of China(202210300028Z).
文摘Increasingly advanced image processing technology has made digital image editing easier and easier.With image processing software at one’s fingertips,one can easily alter the content of an image,and the altered image is so realistic that it is illegible to the naked eye.These tampered images have posed a serious threat to personal privacy,social order,and national security.Therefore,detecting and locating tampered areas in images has important practical significance,and has become an important research topic in the field of multimedia information security.In recent years,deep learning technology has been widely used in image tampering localization,and the achieved performance has significantly surpassed traditional tampering forensics methods.This paper mainly sorts out the relevant knowledge and latest methods in the field of image tampering detection based on deep learning.According to the two types of tampering detection based on deep learning,the detection tasks of the method are detailed separately,and the problems and future prospects in this field are discussed.It is quite different from the existing work:(1)This paper mainly focuses on the problem of image tampering detection,so it does not elaborate on various forensic methods.(2)This paper focuses on the detectionmethod of image tampering based on deep learning.(3)This paper is driven by the needs of tampering targets,so it pays more attention to sorting out methods for different tampering detection tasks.