scholarly journals AutoProfile: Towards Automated Profile Generation for Memory Analysis

2022 ◽  
Vol 25 (1) ◽  
pp. 1-26
Author(s):  
Fabio Pagani ◽  
Davide Balzarotti
Keyword(s):  
Computer Security ◽  
Digital Forensics ◽  
Public Information ◽  
Forensic Analysis ◽  
Binary Analysis ◽  
Analysis Techniques ◽  
Memory Forensics ◽  
Novel Approach ◽  
Viable Solution ◽  
Memory Dump

Despite a considerable number of approaches that have been proposed to protect computer systems, cyber-criminal activities are on the rise and forensic analysis of compromised machines and seized devices is becoming essential in computer security. This article focuses on memory forensics, a branch of digital forensics that extract artifacts from the volatile memory. In particular, this article looks at a key ingredient required by memory forensics frameworks: a precise model of the OS kernel under analysis, also known as profile . By using the information stored in the profile, memory forensics tools are able to bridge the semantic gap and interpret raw bytes to extract evidences from a memory dump. A big problem with profile-based solutions is that custom profiles must be created for each and every system under analysis. This is especially problematic for Linux systems, because profiles are not generic : they are strictly tied to a specific kernel version and to the configuration used to build the kernel. Failing to create a valid profile means that an analyst cannot unleash the true power of memory forensics and is limited to primitive carving strategies. For this reason, in this article we present a novel approach that combines source code and binary analysis techniques to automatically generate a profile from a memory dump, without relying on any non-public information. Our experiments show that this is a viable solution and that profiles reconstructed by our framework can be used to run many plugins, which are essential for a successful forensics investigation.

scholarly journals A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning Processing

Data ◽  
2021 ◽  
Vol 6 (8) ◽  
pp. 87
Author(s):  
Sara Ferreira ◽  
Mário Antunes ◽  
Manuel E. Correia
Keyword(s):  
Machine Learning ◽  
Digital Forensics ◽  
State Of The Art ◽  
Forensic Analysis ◽  
Third Party ◽  
Support Vector ◽  
Multimedia Content ◽  
Digital Forensic ◽  
Video Frames ◽  
Forensic Tools

Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40,588 and 12,400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.

scholarly journals Locked Out

2017 ◽  
Vol 26 (4) ◽  
pp. 555-576 ◽  
Author(s):  
VERONICA JOHANSSON ◽  
SURJO R. SOEKADAR ◽  
JENS CLAUSEN
Keyword(s):  
Quality Of Life ◽  
Moral Responsibility ◽  
Medical Condition ◽  
Persons With Disabilities ◽  
Social Barriers ◽  
Computer Interfaces ◽  
Novel Approach ◽  
Viable Solution ◽  
Key Issues

Abstract:Brain–computer interfaces (BCIs) can enable communication for persons in severe paralysis including locked-in syndrome (LIS); that is, being unable to move or speak while aware. In cases of complete loss of muscle control, termed “complete locked-in syndrome,” a BCI may be the only viable solution to restore communication. However, a widespread ignorance regarding quality of life in LIS, current BCIs, and their potential as an assistive technology for persons in LIS, needlessly causes a harmful situation for this cohort. In addition to their medical condition, these persons also face social barriers often perceived as more impairing than their physical condition. Through social exclusion, stigmatization, and frequently being underestimated in their abilities, these persons are being locked out in addition to being locked-in. In this article, we (1) show how persons in LIS are being locked out, including how key issues addressed in the existing literature on ethics, LIS, and BCIs for communication, such as autonomy, quality of life, and advance directives, may reinforce these confinements; (2) show how these practices violate the United Nations Convention on the Rights of Persons with Disabilities, and suggest that we have a moral responsibility to prevent and stop this exclusion; and (3) discuss the role of BCIs for communication as one means to this end and suggest that a novel approach to BCI research is necessary to acknowledge the moral responsibility toward the end users and avoid violating the human rights of persons in LIS.

scholarly journals An Advanced Educational Tool for Digital Forensic Engineering

2016 ◽  
Vol 11 (03) ◽  
pp. 15 ◽  
Author(s):  
Primož Cigoj ◽  
Borka Jerman Blažič
Keyword(s):  
Digital Forensics ◽  
Real Life ◽  
University Education ◽  
Educational Tool ◽  
Digital Tool ◽  
College And University ◽  
Novel Approach ◽  
Wide Range ◽  
E Learning ◽  
Forensic Engineering

This paper presents a novel approach to education in the area of digital forensics based on a multi-platform cloud-computer infrastructure and an innovative computer based tool. The tool is installed and available through the cloud-based infrastructure of the Dynamic Forensic Education Alliance. Cloud computing provides an efficient mechanism for a wide range of services that offer real-life environments for teaching and training cybersecurity and digital forensics. The cloud-based infrastructure, the virtualized environment and the developed educational tool enable the construction of a dynamic e-learning environment making the training very close to reality and to real-life situations. The paper presents the Dynamic Forensic Digital tool named EduFors and describes the different levels of college and university education where the tool is introduced and used in the training of future investigators of cybercrime events.

scholarly journals ANTI-FORENSICS: COUNTERING SENSOR NOISE CAMERA IDENTIFICATION

2020 ◽  
pp. 45-51
Author(s):  
Nikhith Suvarna
Keyword(s):  
Data Hiding ◽  
Forensic Analysis ◽  
Sensor Noise ◽  
Analysis Techniques ◽  
Camera Identification ◽  
Source Data ◽  
Highly Effective ◽  
Evidence Source ◽  
Noise Signature ◽  
Tools And Techniques

In simple terms, Anti-Forensics can be told as the techniques used to counter forensic analysis done by forensic investigators. This paper mainly focuses on some of the most used anti-forensics techniques along with the challenges the forensics investigator faces. There are many tools and techniques available that when used properly can be highly effective against the forensic analysis techniques. Various tools assist you against various anti-forensics techniques like Elimination of evidence source, Data hiding, and Trail obfuscation. These techniques are used mainly to make the investigation consume more time and money. Sensor Noise Camera Identification is a way to link a photo with the camera the photo was taken from using a noise signature that is unique for every camera. KEYWORDS: Anti-Forensics (AF), Forensic Analysis, Anti-Forensic Techniques, Sensor Noise Camera Identification

scholarly journals A Framework for the Forensic Investigation of Unstructured Email Relationship Data

2011 ◽  
Vol 3 (3) ◽  
pp. 1-18 ◽  
Author(s):  
John Haggerty ◽  
Alexander J. Karran ◽  
David J. Lamb ◽  
Mark Taylor
Keyword(s):  
Forensic Analysis ◽  
Structured Data ◽  
Unstructured Data ◽  
Forensic Investigation ◽  
Qualitative Information ◽  
Data Set ◽  
Analysis Techniques ◽  
Potential Sources ◽  
Network Identification ◽  
Digital Investigation

The continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation.

A Survey of Cloud Computing Challenges from a Digital Forensics Perspective

2012 ◽  
pp. 1221-1236
Author(s):  
Gregory H. Carlton ◽  
Hill Zhou
Keyword(s):  
Cloud Computing ◽  
Digital Forensics ◽  
Service Providers ◽  
Communication Technologies ◽  
Forensic Analysis ◽  
Remote Locations ◽  
System Components ◽  
Computing Environments ◽  
Computer Forensic ◽  
Associated Data

Computing and communication technologies have merged to produce an environment where many applications and their associated data reside in remote locations, often unknown to the users. The adoption of cloud computing promises many benefits to users and service providers, as it shifts users’ concerns away from the physical location of system components and toward the accessibility of the system’s services. While this adoption of cloud computing may be beneficial to users and service providers, it increases areas of concern for computer forensic examiners that need to obtain data from cloud computing environments for evidence in legal matters. The authors present an overview of cloud computing, discuss the challenges it raises from a digital forensics perspective, describe suitable tools for forensic analysis of cloud computing environments, and consider the future of cloud computing.

Systematic Memory Forensic Analysis of Ransomware using Digital Forensic Tools

2020 ◽  
Vol 9 (2) ◽  
pp. 61-81
Author(s):  
Paul Joseph ◽  
Jasmine Norman
Keyword(s):  
Forensic Analysis ◽  
Vital Role ◽  
Financial Loss ◽  
Cyber Forensics ◽  
Digital Forensic ◽  
Memory Forensics ◽  
Forensic Tools

Cybercrimes catastrophically caused great financial loss in the year 2018 as powerful obfuscated malware known as ransomware continued to be a continual threat to governments and organizations. Advanced malwares capable of system encryption with sophisticated obscure keys left organizations paying the ransom that hackers demand. Since every individual is vulnerable to this assault, cyber forensics play a vital role either in educating society or combating the attacks. As cyber forensics is classified into many subdomains, memory forensics is the domain that leads in curbing these types of attacks. This article gives insight on importance of memory forensics and provides widespread analysis on working of ransomware, recognizes the workflow, provides the ways to overcome this attack. Furthermore, this article implements user defined rules by integrating into powerful search tools known as YARA to detect and prevent the ransomware attacks.

Sign in / Sign up

Export Citation Format

Share Document