Audio Forensics on Smartphone with Digital Forensics Research Workshop (DFRWS) Method

Audio is one of the digital items that can reveal a happened case. However, audio evidence can also be manipulated and changed to hide information. Forensics audio is a technique to identify the sound’s owner from the audio using pitch, formant, and spectrogram parameters. The conducted research examines the similarity of the original sound with the manipulated voice to determine the owner of the sound. It analyzes the level of similarity or identical sound using spectrogram analysis with the Digital Forensics Research Workshop (DFRWS) Method. The research objects are original and manipulated files. Both files are in mp3 format, which is encoded to WAV format. Then, the live forensics method is used by picking up the data on a smartphone. Several applications are also used. The results show that the research successfully gets digital evidence on a smartphone with the Oxygen Forensic application. It extracts digital evidence in the form of two audio files and two video files. Then, by the hashing process, the four obtained files are proven to be authentic. Around 90% of the data are identical to the original voice recording. Only 10% of the data are not identical.

Download Full-text

Application of Static Forensics Method for Extracting Steganographic Files on Digital Evidence Using the DFRWS Framework

Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) ◽

10.29207/resti.v4i3.1906 ◽

2020 ◽

Vol 4 (3) ◽

pp. 576-583

Author(s):

Sunardi ◽

Imam Riadi ◽

Muh. Hajar Akbar

Keyword(s):

Digital Forensics ◽

Digital Evidence ◽

Hide Information ◽

Research Workshop ◽

Digital Crime ◽

The Right ◽

Original Information

Steganography is one of the anti-forensic techniques that allow criminals to hide information in other messages so that during the investigation, the investigator will experience problems and difficulty in getting evidence of original information on the crime. Therefore an investigator is required to have the ability to be able to find and extract (decoding) using the right tools when opening messages that have been inserted by steganography techniques. The purpose of this study is to analyze digital evidence using the static forensics method by applying the six stages to the Digital Forensics Research Workshop (DFRWS) framework and extracting steganography on files that have been compromised based on case scenarios involving digital crime. The tools used are FTK Imager, Autopsy, WinHex, Hiderman, and StegSpy. The results of extraction of 9 out of 10 files that were scanned by steganography files had 90% success and 10% of steganography files were not found, so it can be concluded that the extraction files in steganographic messages can be used as legal digital proofs according to law.

Download Full-text

Cyber Forensics Evolution and Its Goals

Advances in Digital Crime, Forensics, and Cyber Terrorism - Critical Concepts, Standards, and Techniques in Cyber Forensics ◽

10.4018/978-1-7998-1558-7.ch002 ◽

2020 ◽

pp. 16-30

Author(s):

Mohammad Zunnun Khan ◽

Anshul Mishra ◽

Mahmoodul Hasan Khan

Keyword(s):

Life Cycle ◽

Personal Computer ◽

Police Officers ◽

Digital Forensics ◽

Computer Forensics ◽

Digital Evidence ◽

Cyber Forensics ◽

Forensic Research ◽

Research Workshop

This chapter includes the evolution of cyber forensics from the 1980s to the current era. It was the era when computer forensics came into existence after a personal computer became a viable option for consumers. The formation of digital forensics is also discussed here. This chapter also includes the formation of cyber forensic investigation agencies. Cyber forensic life cycle and related phases are discussed in detail. Role of international organizations on computer evidence is discussed with the emphasize on Digital Forensic Research Workshop (DFRWS), Scientific Working Group on Digital Evidence (SWDGE), chief police officers' involvement. Authenticity-, accuracy-, and completeness-related pieces of evidence are also discussed. The most important thing that is discussed here is the cyber forensics data.

Download Full-text

Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems

Kinetik Game Technology Information System Computer Network Computing Electronics and Control ◽

10.22219/kinetik.v5i2.1037 ◽

2020 ◽

pp. 155-160

Author(s):

Danar Cahyo Prakoso ◽

Imam Riadi ◽

Yudi Prayudi

Keyword(s):

Operating System ◽

Information Technology ◽

Operating Systems ◽

Digital Forensics ◽

Digital Evidence ◽

Analysis Tool ◽

Digital Forensic ◽

Digital Era ◽

Rule Out ◽

Live Forensics

Information technology has become an essential thing in the digital era as it is today. With the support of computer networks, information technology is used as a medium for exchanging data and information. Much information is confidential. Therefore, security is also essential. Metasploit is one of the frameworks commonly used by penetration testers to audit or test the security of a computer system legally, but it does not rule out the possibility that Metasploit can also be used for crime. For this reason, it is necessary to carry out a digital forensic process to uncover these crimes. In this study, a simulation of attacks on Windows 10 will be carried out with Metasploit. Then the digital forensics process uses live forensics techniques on computer RAM, where the computer RAM contains information about the processes running on the computer. The live forensic technique is important because information on RAM will be lost if the computer is off. This research will use FTK Imager, Dumpit, and Magnet RAM Capture as the RAM acquisition tool and Volatility as the analysis tool. The results of the research have successfully shown that the live forensics technique in RAM is able to obtain digital evidence in the form of an attacker's IP, evidence of exploits/Trojans, processes running on RAM, operating system profiles used and the location of the exploits/Trojan when executed by the victim.

Download Full-text

Investigating Cyberbullying on WhatsApp Using Digital Forensics Research Workshop

Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) ◽

10.29207/resti.v4i4.2161 ◽

2020 ◽

Vol 4 (4) ◽

pp. 730-735

Author(s):

Imam Riadi ◽

Sunardi ◽

Panggah Widiandana

Keyword(s):

Social Media ◽

Digital Forensics ◽

Instant Messaging ◽

Cosine Similarity ◽

Digital Evidence ◽

Forensic Research ◽

Digital Forensic ◽

Research Workshop ◽

Similarity Method ◽

Different Levels

Cyberbullying in group conversations in one of the instant messaging applications is one of the conflicts that occur due to social media, specifically WhatsApp. This study conducted digital forensics to find evidence of cyberbullying by obtaining work in the Digital Forensic Research Workshop (DFRWS). The evidence was investigated using the MOBILedit Forensic Express tool as an application for evidence submission and the Cosine Similarity method to approve the purchase of cyberbullying cases. This research has been able to conduct procurement to reveal digital evidence on the agreement in the Group's features using text using MOBILedit. Identification using the Cosine method. Similarities have supported actions that lead to cyberbullying with different levels Improved Sqrt-Cosine (ISC) value, the largest 0.05 and the lowest 0.02 based on conversations against requests.

Download Full-text

A Mobile-Oriented System for Integrity Preserving in Audio Forensics

Applied Sciences ◽

10.3390/app9153097 ◽

2019 ◽

Vol 9 (15) ◽

pp. 3097 ◽

Cited By ~ 2

Author(s):

Diego Renza ◽

Jaime Andres Arango ◽

Dora Maria Ballesteros

Keyword(s):

Computational Cost ◽

Digital Evidence ◽

Audio Signals ◽

Audio Forensics ◽

Audio Recordings ◽

Hash Code ◽

Chain Of Custody ◽

Code Changes ◽

Hash Codes

This paper addresses a problem in the field of audio forensics. With the aim of providing a solution that helps Chain of Custody (CoC) processes, we propose an integrity verification system that includes capture (mobile based), hash code calculation and cloud storage. When the audio is recorded, a hash code is generated in situ by the capture module (an application), and it is sent immediately to the cloud. Later, the integrity of the audio recording given as evidence can be verified according to the information stored in the cloud. To validate the properties of the proposed scheme, we conducted several tests to evaluate if two different inputs could generate the same hash code (collision resistance), and to evaluate how much the hash code changes when small changes occur in the input (sensitivity analysis). According to the results, all selected audio signals provide different hash codes, and these values are very sensitive to small changes over the recorded audio. On the other hand, in terms of computational cost, less than 2 s per minute of recording are required to calculate the hash code. With the above results, our system is useful to verify the integrity of audio recordings that may be relied on as digital evidence.

Download Full-text

Integrity and Fidelity Evaluation of Digital Evidence in Live Forensics

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.571-572.90 ◽

2014 ◽

Vol 571-572 ◽

pp. 90-99

Author(s):

Lian Hai Wang ◽

Qiu Liang Xu

Keyword(s):

Experimental Error ◽

Good Accuracy ◽

Digital Evidence ◽

System Error ◽

Accuracy And Precision ◽

Novel Method ◽

Memory Acquisition ◽

Measure Error ◽

Live Forensics

The integrity and fidelity of digital evidence are very important in live forensics. Previous research has studied the uncertainty of live forensics based on different memory snapshots. However, this kind of method is not effective in practice. In fact, memory images are usually acquired by using forensics tools instead of using snapshots. Therefore, the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper, we give a new viewpoint that memory acquisition can be regarded as a measurement of memory data. From this viewpoint, we evaluate the integrity and fidelity of live evidence in the process of physical memory acquisition. Firstly, several definitions about memory acquisition measure error are introduced to describe the trusty. Then, we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision, which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated, that is, it accounts for the whole error from 30% to 50%. Last, a method is proposed to calculate changes or error of system process.

Download Full-text

Peningkatan Keamanan Router Mikrotik Terhadap Serangan Denial of Service (DoS)

Jurnal Sistim Informasi dan Teknologi ◽

10.37034/jsisfotek.v2i4.32 ◽

2020 ◽

pp. 115-123

Author(s):

Budi Jaya ◽

Y Yuhandri ◽

S Sumijan

Keyword(s):

Denial Of Service ◽

Digital Evidence ◽

Dos Attack ◽

Dos Attacks ◽

Research Results ◽

Security Enhancement ◽

Software And Hardware ◽

Operational Activities ◽

Network Router ◽

Live Forensics

Denial of Service (DoS) attacks are one of the most common attacks on website, networks, routers and servers, including on router mikrotik. A DoS attack aims to render a network router unable to service requests from authorized users. The result will disrupt the operational activities of the organization and cause material and non-material losses. In this study, a simulation and analysis of DoS attacks using the Live Forensics method were carried out and the router security enhancement from rectangular software and hardware. From the research results obtained digital evidence of DoS attacks in the form of IP addresses and attacker activity logs. In addition, the increase in router security in terms of software by using Firewall Filter and Firewall Raw has proven effective in preventing attacks. While improving router security in terms of hardware by setting a reset button on the router and firewall devices is also very necessary so that the router can avoid physical attacks by irresponsible persons

Download Full-text

Digital Forensic and Machine Learning

Digital Forensics and Forensic Investigations ◽

10.4018/978-1-7998-3025-2.ch029 ◽

2020 ◽

pp. 427-444

Author(s):

Poonkodi Mariappan ◽

Padhmavathi B. ◽

Talluri Srinivasa Teja

Keyword(s):

Human Mind ◽

Digital Evidence ◽

Contemporary World ◽

Forensic Research ◽

Digital Forensic ◽

Research Workshop ◽

Complexity Problem ◽

Three Stages ◽

The Hard Problem ◽

Proven Method

Digital Forensic as it sounds coerce human mind primarily with exploration of crime. However in the contemporary world, digital forensic has evolved as an essential source of tools from data acquisition to legal action. Basically three stages are involved in digital forensic namely acquisition, analysis and reporting. Digital Forensic Research Workshop (DFRW) defined digital forensic as “Use of Scientifically derived and proven method towards the identification, collection, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of event to be criminal”. The hard problem in digital forensic is such that the acquired data need to be cleaned and is required to be intelligible for reading by human. As a solution to this complexity problem a number of tools are present which may be repeated until relevant data is obtained.

Download Full-text

Lessons learned writing digital forensics tools and managing a 30TB digital evidence corpus

Digital Investigation ◽

10.1016/j.diin.2012.05.002 ◽

2012 ◽

Vol 9 ◽

pp. S80-S89 ◽

Cited By ~ 20

Author(s):

Simson Garfinkel

Keyword(s):

Digital Forensics ◽

Lessons Learned ◽

Digital Evidence

Download Full-text

The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa

Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad ◽

10.17159/1727-3781/2019/v22i0a4886 ◽

2019 ◽

Vol 22 ◽

pp. 1-42 ◽

Cited By ~ 1

Author(s):

Jacobus Gerhardus Nortje ◽

Daniel Christoffel Myburgh

Keyword(s):

Information Technology ◽

Police Officers ◽

Digital Forensics ◽

Legal Framework ◽

Legal Aspects ◽

Search And Seizure ◽

Digital Evidence ◽

Digital Forensic ◽

Chain Of Custody ◽

Principles And Standards

The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic. Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition. The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur. To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure. Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics. It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows: Data should not be changed or altered. Original evidence should not be directly examined. Forensically sound duplicates should be created. Digital forensic analyses should be performed by competent persons. Digital forensic analyses should adhere to relevant local legal requirements. Audit trails should exist consisting of all required documents and actions. The chain of custody should be protected. Processes and procedures should be proper, while recognised and accepted by the industry. If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.

Download Full-text