scholarly journals A Survey on Digital Forensic Investigation Practitioners Approach and Challenges

2021 ◽  
Vol 9 (VI) ◽  
pp. 2733-2736
Author(s):  
Prof. Sachin Babulal Jadhav
Keyword(s):  
Data Collection ◽  
Digital Forensics ◽  
Electronic Devices ◽  
Digital Evidence ◽  
Cyber Crime ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Digital Crime ◽  
Entire World ◽  
Investigation Process

Digital crimes are taking place over the entire world. For any digital crime which commit at any part of world, computer or any electronic devices are used. The devices which are used to commit the crime are useful evidences which must be identified and protected for further use. The crimes involving electronic devices are called as cyber-crime. To investigate such crimes, a scientific procedures needs to be followed. The data collection, analysis, preservation and presentation of digital evidence is must in order investigate the cybercrime. This paper highlights the practices that are used worldwide in the investigation process of cyber-crime. Keywords: Digital Forensics, Analysis, Investigation, models of investigation.

Digital Forensic Investigation of Social Media, Acquisition and Analysis of Digital Evidence

2019 ◽  
Vol 2 (1) ◽  
pp. 52-60 ◽  
Author(s):  
Reza Montasari ◽  
Richard Hill ◽  
Victoria Carpenter ◽  
Farshad Montaseri
Keyword(s):  
Social Media ◽  
Social Interaction ◽  
Social Networking ◽  
Social Networking Sites ◽  
Instant Messaging ◽  
Digital Evidence ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Photo Sharing ◽  
Investigation Process

Various social networking sites (SNSs), widely referred to as social media, provide services such as email, blogging, instant messaging and photo sharing for social and commercial interactions. SNSs are facilitating new forms of social interaction, dialogue, exchange and collaboration. They allow millions of users and organisations worldwide to exchange ideas, post updates and comments or participate in activities and events, while sharing their wider interests. At the same time, such a phenomenon has led to an upsurge in significant criminal activities by perpetrators who are becoming increasingly sophisticated in their attempts to deploy technology to circumvent detection. Digital forensic Examiners (DFEs) often face serious challenges in relation to data acquisition. Therefore, this article aims to analyse the significance of SNSs in DFIs and challenges that DFEs often encounter when acquiring evidence from SNSs. Furthermore, this article describes the steps of the digital forensic investigation process that must be taken to acquire digital evidence that is both authentic and forensically sound.

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

2010 ◽  
pp. 647-660 ◽  
Author(s):  
Dennis K. Nilsson ◽  
Ulf E. Larson
Keyword(s):  
Data Collection ◽  
Cyber Attacks ◽  
Entry Point ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Event Reconstruction ◽  
Vehicle Networks ◽  
Digital Investigation ◽  
Investigation Process ◽  
Vehicle Network

The introduction of a wireless gateway as an entry point to the automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network which currently lacks proper means for detecting and investigating security-related events. In this article, we discuss how to perform a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use the Integrated Digital Investigation Process proposed by Carrier and Spafford (2004) as a template to illustrate how our derived requirements affect an investigation. For each phase of the process, we show the benefits of meeting the requirements and the implications of not complying with them.

scholarly journals Post-Genesis Digital Forensics Investigation

2017 ◽  
Author(s):  
Andysah Putera Utama Siahaan ◽  
Robbi Rahim
Keyword(s):  
Digital Forensics ◽  
Computer Forensics ◽  
Digital Evidence ◽  
Cyber Crime ◽  
Legal Process ◽  
Operational Procedure ◽  
Digital Footprint ◽  
Digital Forensic

Digital Forensics is a technique used to search for evidence of events that have occurred. This quest aims to reveal the hidden truth. The existence of digital forensic activities due to the occurrence of crimes both in the field of computers or other. Legal treatment in digital forensic field makes this area of science a compulsory device to dismantle crimes involving the computer world. In general, the cyber crime leaves a digital footprint, so it is necessary for a computer forensics expert to secure digital evidence. Computer forensics necessarily requires a standard operational procedure in taking digital evidence so as not to be contaminated or modified when the data is analyzed. The application of digital forensic is beneficial to the legal process going well and correctly.

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

2011 ◽  
pp. 115-128
Author(s):  
Dennis K. Nilsson ◽  
Ulf E. Larson
Keyword(s):  
Data Collection ◽  
Cyber Attacks ◽  
Entry Point ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Event Reconstruction ◽  
Vehicle Networks ◽  
Digital Investigation ◽  
Investigation Process ◽  
Vehicle Network

The introduction of a wireless gateway as an entry point to the automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network which currently lacks proper means for detecting and investigating security-related events. In this article, we discuss how to perform a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use the Integrated Digital Investigation Process proposed by Carrier and Spafford (2004) as a template to illustrate how our derived requirements affect an investigation. For each phase of the process, we show the benefits of meeting the requirements and the implications of not complying with them.

Analisis Kelayakan Integrated Digital Forensics Investigation Framework Untuk Investigasi Smartphone

2016 ◽  
Vol 7 (4) ◽  
Author(s):  
Ruuhwan Ruuhwan ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Digital Forensics ◽  
Electronic Media ◽  
Digital Data ◽  
Digital Evidence ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Forensic Examination ◽  
Different Types ◽  
Valid Evidence

Abstract. The handling of digital evidence each and every digital data that can proof a determination that a crime has been committed; it may also give the links between a crime and its victims or crime and the culprit. How to verify a valid evidence is to investigate using the approach known as the Digital Forensic Examination Procedures. Integrated Digital Forensic Investigation Framework (IDFIF) is the latest developed method, so that it is interesting to further scrutinize IDFIF, particularly in the process of investigation of a smartphone. The current smartphone devices have similar functions with computers. Although its functions are almost the same as the computer, but there are some differences in the process of digital forensics handling between computer devices and smartphones. The digital evidence handling process stages need to overcome the circumstances that may be encountered by an investigator involving digital evidence particularly on electronic media and smartphone devices in the field. IDFIF needs to develop in such a way so it has the flexibility in handling different types of digital evidence.Keywords: digital evidence, IDFIF, investigation, smartphoneAbstraks. Penanganan bukti digital mencakup setiap dan semua data digital yang dapat menjadi bukti penetapan bahwa kejahatan telah dilakukan atau dapat memberikan link antara kejahatan dan korbannya atau kejahatan dan pelakunya. Cara pembuktian untuk mendapatkan bukti valid adalah dengan melakukaninvestigasi dengan pendekatan Prosedur Pemeriksaan Digital Forensic. Integrated Digital Forensics Investigation Framework (IDFIF) merupakan metode terbaru sehingga IDFIF ini menarik untuk diteliti lebih lanjut terutama dalam proses investigasi smartphone. Saat ini perangkat smartphone memiliki fungsi yang sama dengan komputer. Meskipun demikian, ada beberapa perbedaan dalam proses penanganan digital forensics diantara perangkat komputer dan smartphone. Tahapan proses penanganan barang bukti digital seharusnya dibuat untuk mengatasi keadaan umum yang mungkin dihadapi oleh investigator yangmelibatkan barang bukti digital terutama pada perangkat smartphone dan media elektronik terkait di lapangan. IDFIF perlu dikembangkan sehingga memiliki fleksibilitas dalam menangani berbagai jenis barang bukti digital.Kata Kunci: bukti digital, IDFIF, investigasi, smartphone

scholarly journals A Combined Approach for a Privacy-Aware Digital Forensic Investigation in Enterprises

2021 ◽  
Author(s):  
Ludwig Englbrecht ◽  
Günther Pernul
Keyword(s):  
Private Information ◽  
Digital Forensics ◽  
Privacy Preserving ◽  
Identification Algorithm ◽  
Sensitive Information ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Subject Areas ◽  
Investigation Process ◽  
Examination Process

Stricter policies, laws and regulations for companies on the handling of private information arise challenges in the handling of data for Digital Forensics investigations. This paper describes an approach that can meet necessary requirements to conduct a privacy-aware Digital Forensics investigation in an enterprise. The core of our approach is an entropy-based identification algorithm to detect specific patterns within files that can indicate non-private information. Therefore we combine various approaches with the goal to detect and exclude files containing sensitive information systematically. This privacy-preserving method can be integrated into a Digital Forensics examination process to prepare an image which is free from private as well as critical information for the investigation. We implemented and evaluated our approach with a prototype. The approach demonstrates that investigations in enterprises can be supported and improved by adapting existing algorithms and processes from related subject areas to implement privacy-preserving measures into an investigation process.

scholarly journals Identifying Digital Forensic Frameworks Based on Processes Models

2021 ◽  
pp. 249-258
Author(s):  
Talib M. Jawad Abbas ◽  
Ahmed Salem Abdulmajeed
Keyword(s):  
Forensic Science ◽  
Digital Forensics ◽  
Digital Evidence ◽  
Digital Devices ◽  
Digital Forensic ◽  
Reliable Evidence ◽  
Basic Concepts ◽  
Investigation Process

Digital forensic is part of forensic science that implicitly covers crime related to computer and other digital devices. It‟s being for a while that academic studies are interested in digital forensics. The researchers aim to find out a discipline based on scientific structures that defines a model reflecting their observations. This paper suggests a model to improve the whole investigation process and obtaining an accurate and complete evidence and adopts securing the digital evidence by cryptography algorithms presenting a reliable evidence in a court of law. This paper presents the main and basic concepts of the frameworks and models used in digital forensics investigation.

Adoption of Chain of Custody Improves Digital Forensic Investigation Process

2018 ◽  
Vol 1 (2) ◽  
pp. 13-23
Author(s):  
Talib Mohammed Jawad
Keyword(s):  
Practical Method ◽  
Digital Evidence ◽  
Successful Implementation ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Experimental Environment ◽  
Wide Range ◽  
Chain Of Custody ◽  
Acceptable Method ◽  
Investigation Process

Chain of custody plays an important role in determine integrity of digital evidence, because the chain of custody works on a proof that evidence has not been altered or changed through all phases, and must include documentation on how evidence is gathered, transported, analyzed and presented. The aims of this work is first to find out how the chain of custody has been applied to a wide range of models of the digital forensic investigation process for more than ten years. Second, a review of the methods on digitally signing an evidence that achieves the successful implementation of chain of custody through answering a few questions "who, when, where, why, what and how", and thus providing digital evidence to be accepted by the court. Based on the defined aims an experimental environment is being setup to outline practically an acceptable method in chain of custody procedure. Therefore, we have adopted SHA512 for hashing and regarding encryption RSA and GnuGP is applied where according to the defined requirement a combination of this algorithms could be adopted as a practical method.

scholarly journals PENERAPAN FRAMEWORK HARMONISED DIGITAL FORENSIC INVESTIGATION PROCESS (HDFIP) UNTUK MENDAPATKAN ARTIFAK BUKTI DIGITAL PADA SMARTPHONE TIZEN

2019 ◽  
Vol 1 (2) ◽  
pp. 67-74
Author(s):  
Widodo Widodo ◽  
Bambang Sugiantoro
Keyword(s):  
Forensic Investigation ◽  
Digital Forensic ◽  
Investigation Process ◽  
Live Forensics

Menurut Tizen Team (2016) smartphone dengan sistem operasi tizen termasuk smartphone yang baru dan memiliki jenis aplikasi Web, Hybrid, Native/asli dengan extensi file berupa file.tpk yang berbeda dengan jenis smartphone lainnya. Dari  beberapa review penelitian sebelumnya, dapat diketahui bahwa belum ada penelitian tentang  proses penanganan smartphone tizen beserta platform whatsapp yang berada didalamnya. Sebagian besar hasil penelitian hanya meliputi tentang bagaimana ekplorasi bukti digital pada smarphone android dan membahas tizen  dari segi keamanan. Berdasarkan review dari penelitian tersebut, terdapat beberapa masalah diantaranya belum adanya metode dan penerapan framework yang cocok untuk proses penanganan smartphone tizen dan platform whatsapp yang berada didalamnya tersebut. Untuk itu, metode live forensics dan model HDFIP dapat dijadikan acuan framework yang cocok untuk mengidentifikasi karakteristik tizen dan platform whatsapp. Dimana metode live forensics akan digunakan untuk melakukan tahapan analisa secara terperinci dan teliti terhadap peangkat barang bukti digital dan dilakukan dalam sebuah perangkat elektronik dalam keadaan power on. Sehingga penelitian ini menghasilkan perbedaan mendasar artifak android dan tizen, mendapatkan karakteristik bukti digital pada  Smartphone Tizen, yaitu berbentuk logical dan berupa file dengan ektensi .CSV dan file.db, dimana hasil penelitian ini terfokus pada sistem aplikasi WhatsApp dan SMS.

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

2021 ◽  
Vol 5 (1) ◽  
pp. 45-54
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Irwan Syahib
Keyword(s):  
Extraction Process ◽  
Text Messages ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Digital Crime ◽  
The World ◽  
Instant Messenger ◽  
Negative Impacts ◽  
Forensic Tools ◽  
Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

Sign in / Sign up

Export Citation Format

Share Document