“Scaffolding” responses to digital forensic inquiries

2021 ◽  
Author(s):  
Graeme Horsman
Keyword(s):  
Digital Forensic

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

scholarly journals Holistic digital forensic readiness framework for IoT-enabled organizations

2020 ◽  
Vol 2 ◽  
pp. 100117
Author(s):  
Victor R. Kebande ◽  
Phathutshedzo P. Mudau ◽  
Richard A. Ikuesan ◽  
H.S. Venter ◽  
Kim-Kwang Raymond Choo
Keyword(s):  
Digital Forensic

scholarly journals A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning Processing

Data ◽  
2021 ◽  
Vol 6 (8) ◽  
pp. 87
Author(s):  
Sara Ferreira ◽  
Mário Antunes ◽  
Manuel E. Correia
Keyword(s):  
Machine Learning ◽  
Digital Forensics ◽  
State Of The Art ◽  
Forensic Analysis ◽  
Third Party ◽  
Support Vector ◽  
Multimedia Content ◽  
Digital Forensic ◽  
Video Frames ◽  
Forensic Tools

Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40,588 and 12,400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.

NLP-based digital forensic investigation platform for online communications

2021 ◽  
Vol 104 ◽  
pp. 102210
Author(s):  
Dongming Sun ◽  
Xiaolu Zhang ◽  
Kim-Kwang Raymond Choo ◽  
Liang Hu ◽  
Feng Wang
Keyword(s):  
Forensic Investigation ◽  
Digital Forensic ◽  
Online Communications

scholarly journals Digital forensic readiness in operational cloud leveraging ISO / IEC 27043 guidelines on security monitoring

2021 ◽  
Author(s):  
Sheunesu Makura ◽  
H. S. Venter ◽  
Victor R. Kebande ◽  
Nickson M. Karie ◽  
Richard A. Ikuesan ◽  
...  
Keyword(s):  
Security Monitoring ◽  
Digital Forensic

scholarly journals The Optimization Analysis for the Original and Manipulation Identification of Illegally Filmed Images

2021 ◽  
Vol 11 (11) ◽  
pp. 5220
Author(s):  
Soohyeon Choi ◽  
Dohoon Kim
Keyword(s):  
Social Media ◽  
Mobile Device ◽  
Detection Rate ◽  
Precise Measurement ◽  
Detection Method ◽  
Optimization Analysis ◽  
Storage Devices ◽  
Digital Forensic ◽  
Attribute Information ◽  
Measurement Approach

Illegally filmed images, the sharing of non-consensually filmed images over social media, and the secret recording and distribution of celebrity images are increasing. To catch distributors of illegally filmed images, many investigation techniques based on an analysis of the file attribute information of the original images have been introduced. As forensic science advances, various types of anti-forensic technologies are being produced, requiring investigators to open and analyze all videos from the suspect’s storage devices, raising the question of the invasion of privacy during the investigation. The suspect can even file a lawsuit, which makes issuing a warrant and conducting an investigation difficult. Thus, it is necessary to detect the original and manipulated images without needing to directly go through multiple videos. We propose an optimization analysis and detection method for extracting original and manipulated images from seized devices of suspects. In addition, to increase the detection rate of both original and manipulated images, we suggest a precise measurement approach for comparative thresholds. Thus, the proposed method is a new digital forensic methodology for comparing and identifying original and manipulated images accurately without the need for opening videos individually in a suspect’s mobile device.

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Sign in / Sign up

Export Citation Format

Share Document