Windows registry harnesser for incident response and digital forensic analysis

2018 ◽  
Vol 52 (3) ◽  
pp. 337-353 ◽  
Author(s):  
Avinash Singh ◽  
Hein S. Venter ◽  
Adeyemi R. Ikuesan
Keyword(s):  
Forensic Analysis ◽  
Incident Response ◽  
Digital Forensic ◽  
Windows Registry

scholarly journals A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning Processing

Data ◽  
2021 ◽  
Vol 6 (8) ◽  
pp. 87
Author(s):  
Sara Ferreira ◽  
Mário Antunes ◽  
Manuel E. Correia
Keyword(s):  
Machine Learning ◽  
Digital Forensics ◽  
State Of The Art ◽  
Forensic Analysis ◽  
Third Party ◽  
Support Vector ◽  
Multimedia Content ◽  
Digital Forensic ◽  
Video Frames ◽  
Forensic Tools

Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40,588 and 12,400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.

scholarly journals A Comparative UAV Forensic Analysis: Static and Live Digital Evidence Traceability Challenges

Drones ◽  
2021 ◽  
Vol 5 (2) ◽  
pp. 42
Author(s):  
Fahad E. Salamh ◽  
Umit Karabiyik ◽  
Marcus K. Rogers ◽  
Eric T. Matson
Keyword(s):  
High Volume ◽  
Forensic Analysis ◽  
Digital Evidence ◽  
Incident Response ◽  
Scientific Contribution ◽  
Response Plan ◽  
Technical Challenges ◽  
And Control ◽  
The Impact ◽  
Categorization Model

The raising accessibility of Unmanned Aerial Vehicles (UAVs), colloquially known as drones, is rapidly increasing. Recent studies have discussed challenges that may come in tow with the growing use of this technology. These studies note that in-depth examination is required, especially when addressing challenges that carry a high volume of software data between sensors, actuators, and control commands. This work underlines static and live digital evidence traceability challenges to further enhance the UAV incident response plan. To study the live UAV forensic traceability issues, we apply the `purple-teaming’ exercise on small UAVs while conducting UAV forensic examination to determine technical challenges related to data integrity and repeatability. In addition, this research highlights current static technical challenges that could pose more challenges in justifying the discovered digital evidence. Additionally, this study discusses potential drone anti-forensic techniques and their association with the type of use, environment, attack vector, and level of expertise. To this end, we propose the UAV Kill Chain and categorize the impact and complexity of all highlighted challenges based on the conducted examination and the presented scientific contribution in this work. To the best of our knowledge, there has not been any contribution that incorporates `Purple-Teaming’ tactics to evaluate UAV-related research in cybersecurity and digital forensics. This work also proposes a categorization model that classifies the discovered UAV static and live digital evidence challenges based on their complexity and impact levels

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

MAPPING 2D TO 3D FORENSIC FACIAL RECOGNITION VIA BIO- INSPIRED ACTIVE APPEARANCE MODEL

2015 ◽  
Vol 78 (2-2) ◽  
Author(s):  
Siti Zaharah Abd. Rahman ◽  
Siti Norul Huda Sheikh Abdullah ◽  
Lim Eng Hao ◽  
Mohammed Hasan Abdulameer ◽  
Nazri Ahmad Zamani ◽  
...  
Keyword(s):  
Forensic Analysis ◽  
Support Vector ◽  
Appearance Model ◽  
Active Appearance Model ◽  
Video Footage ◽  
Digital Forensic ◽  
Facial Information ◽  
Active Appearance ◽  
2D Model ◽  
2D To 3D

This research done is to solve the problems faced by digital forensic analysts in identifying a suspect captured on their CCTV. Identifying the suspect through the CCTV video footage is a very challenging task for them as it involves tedious rounds of processes to match the facial information in the video footage to a set of suspect’s images. The biggest problem faced by digital forensic analysis is modeling 2D model extracted from CCTV video as the model does not provide enough information to carry out the identification process. Problems occur when a suspect in the video is not facing the camera, the image extracted is the side image of the suspect and it is difficult to make a matching with portrait image in the database. There are also many factors that contribute to the process of extracting facial information from a video to be difficult, such as low-quality video. Through 2D to 3D image model mapping, any partial face information that is incomplete can be matched more efficiently with 3D data by rotating it to matched position. The first methodology in this research is data collection; any data obtained through video recorder. Then, the video will be converted into an image. Images are used to develop the Active Appearance Model (the 2D face model is AAM) 2D and AAM 3D. AAM is used as an input for learning and testing process involving three classifiers, which are Random Forest, Support Vector Machine (SVM), and Neural Networks classifier. The experimental results show that the 3D model is more suitable for use in face recognition as the percentage of the recognition is higher compared with the 2D model.

Forensic Analysis of Telegram Desktop-based Applications using the National Institute of Justice (NIJ) Method

2020 ◽  
Vol 8 (4) ◽  
pp. 381
Author(s):  
I Gusti Ngurah Guna Wicaksana ◽  
I Ketut Gede Suhartana
Keyword(s):  
Instant Messaging ◽  
Personal Information ◽  
Forensic Analysis ◽  
Criminal Cases ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
National Institute Of Justice ◽  
Evidence Analysis ◽  
The Media ◽  
Log File

Abstract The development of telecommunications has increased very rapidly since the internet-based instant messaging service has spread rapidly to Indonesia. Telegram application is one of the growing and well-known application services in Indonesia, Desktop or smartphone-based Telegram applications, it is very possible to use digital crimes by using services, user personal information, or by hacking the Telegram application. This study explains the stages of investigation of cybercrime cases that occurred in desktop-based telegram. The method used for this research refers to the stage of investigation that was carried out in previous studies, namely using the National Institute of Justice (NIJ) method with the stages of the preparation stage, the collection stage, the examination stage, the analysis stage, and the reporting stage. The media used in this study is a desktop-based Telegram application that is synchronized with an Android-based Telegram. In this process, the location of the log file, cache, and digital proof image file was obtained in the conversation of a desktop-based Telegram application. Digital forensic evidence obtained is expected to strengthen evidence of criminal cases in court in the form of digital evidence analysis results. Keywords: Telecommunications, Digital Forensic, Telegram, Investigation, Cybercrime

Digital Forensic Analysis of Cybercrimes

2017 ◽  
Vol 11 (2) ◽  
pp. 25-37 ◽  
Author(s):  
Regner Sabillon ◽  
Jordi Serra-Ruiz ◽  
Victor Cavaller ◽  
Jeimy J. Cano
Keyword(s):  
Best Practices ◽  
International Collaboration ◽  
Forensic Analysis ◽  
Lessons Learned ◽  
Digital Ecosystems ◽  
Cyber Forensics ◽  
Digital Forensic ◽  
Chain Of Custody ◽  
Technological Ecosystems ◽  
Forensic Tools

This paper reviews the existing methodologies and best practices for digital investigations phases like collecting, evaluating and preserving digital forensic evidence and chain of custody of cybercrimes. Cybercriminals are adopting new strategies to launch cyberattacks within modified and ever changing digital ecosystems, this article proposes that digital investigations must continually readapt to tackle cybercrimes and prosecute cybercriminals, working in international collaboration networks, sharing prevention knowledge and lessons learned. The authors also introduce a compact cyber forensics model for diverse technological ecosystems called Cyber Forensics Model in Digital Ecosystems (CFMDE). Transferring the knowledge, international collaboration, best practices and adopting new digital forensic tools, methodologies and techniques will be hereinafter paramount to obtain digital evidence, enforce organizational cybersecurity policies, mitigate security threats, fight anti-forensics practices and indict cybercriminals. The global Digital Forensics community ought to constantly update current practices to deal with cybercriminality and foreseeing how to prepare to new technological environments where change is always constant.

Systematic Memory Forensic Analysis of Ransomware using Digital Forensic Tools

2020 ◽  
Vol 9 (2) ◽  
pp. 61-81
Author(s):  
Paul Joseph ◽  
Jasmine Norman
Keyword(s):  
Forensic Analysis ◽  
Vital Role ◽  
Financial Loss ◽  
Cyber Forensics ◽  
Digital Forensic ◽  
Memory Forensics ◽  
Forensic Tools

Cybercrimes catastrophically caused great financial loss in the year 2018 as powerful obfuscated malware known as ransomware continued to be a continual threat to governments and organizations. Advanced malwares capable of system encryption with sophisticated obscure keys left organizations paying the ransom that hackers demand. Since every individual is vulnerable to this assault, cyber forensics play a vital role either in educating society or combating the attacks. As cyber forensics is classified into many subdomains, memory forensics is the domain that leads in curbing these types of attacks. This article gives insight on importance of memory forensics and provides widespread analysis on working of ransomware, recognizes the workflow, provides the ways to overcome this attack. Furthermore, this article implements user defined rules by integrating into powerful search tools known as YARA to detect and prevent the ransomware attacks.

scholarly journals Data Mining Technique to Data Collection and Analysis for Cyber Forensic

2020 ◽  
Vol 8 (5) ◽  
pp. 2786-2789
Keyword(s):  
Law Enforcement ◽  
Data Collection ◽  
Crime Scene ◽  
Forensic Analysis ◽  
Digital Data ◽  
Data Mining Technique ◽  
Faulty Node ◽  
Digital Forensic ◽  
Data Collection And Analysis ◽  
Data Investigation

In the world of Digital forensic the uncovered digital may contain vital information for digital data investigation for investigator. Digital data collected from the crime scene leads to find out the clue after performing analysis by the examiner. This process of data examination data collection and analysis plays important role in cyber world for the forensic investigator. The cybercrime is a part of computer forensics where the digital evidences are analyze by the investigator and to perform analysis special measurements and techniques are required in order to use this details that has to be accepted in court of law for law enforcement. The data collection of evidence is a key aspect for the investigator, such kind of digital data has to be collected from different sources at the crime scene and this process involves to collect each and every evidence of digital crime scene and later this gather data will be analyze by the experts to reach to the conclusion. In this paper the proposed method collected the data from the crime scene efficiently which includes log data, transactional data, physical drive data, and network data; later this collected data analyzed to find out the theft node in the network. In this paper FTK 4.0 digital forensic tool used to reduce plenty of time for data processing and later report will be produce that will be accepted tin the court of law. This paper also focuses the data collection method with in the network and reach to the faulty node and later this faulty node analyzed with all collected data for forensic analysis. For this standard algorithm used to analyze the performance of distinct features used for network attacks. Kmeans clustering methodology is used to create cluster of victim node and represent victim data in systematic manner for the ease of law enforcement.

Sign in / Sign up

Export Citation Format

Share Document