Digital Forensic Analysis of Cybercrimes

This paper reviews the existing methodologies and best practices for digital investigations phases like collecting, evaluating and preserving digital forensic evidence and chain of custody of cybercrimes. Cybercriminals are adopting new strategies to launch cyberattacks within modified and ever changing digital ecosystems, this article proposes that digital investigations must continually readapt to tackle cybercrimes and prosecute cybercriminals, working in international collaboration networks, sharing prevention knowledge and lessons learned. The authors also introduce a compact cyber forensics model for diverse technological ecosystems called Cyber Forensics Model in Digital Ecosystems (CFMDE). Transferring the knowledge, international collaboration, best practices and adopting new digital forensic tools, methodologies and techniques will be hereinafter paramount to obtain digital evidence, enforce organizational cybersecurity policies, mitigate security threats, fight anti-forensics practices and indict cybercriminals. The global Digital Forensics community ought to constantly update current practices to deal with cybercriminality and foreseeing how to prepare to new technological environments where change is always constant.

Download Full-text

Digital Forensic Analysis of Cybercrimes

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2017040103 ◽

2017 ◽

Vol 11 (2) ◽

pp. 25-37 ◽

Cited By ~ 2

Author(s):

Regner Sabillon ◽

Jordi Serra-Ruiz ◽

Victor Cavaller ◽

Jeimy J. Cano

Keyword(s):

Best Practices ◽

International Collaboration ◽

Forensic Analysis ◽

Lessons Learned ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Digital Forensic ◽

Chain Of Custody ◽

Technological Ecosystems ◽

Forensic Tools

Download Full-text

Digital Forensics of Cybercrimes and the Use of Cyber Forensics Tools to Obtain Digital Evidence

Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-7998-4162-3.ch003 ◽

2021 ◽

pp. 45-68

Keyword(s):

International Collaboration ◽

Digital Forensics ◽

Lessons Learned ◽

Digital Evidence ◽

Collaboration Networks ◽

Forensic Evidence ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Chain Of Custody ◽

New Strategies

This chapter evaluates the most relevant methodologies and best practices for conducting digital investigations, preserving digital forensic evidence and following chain of custody (CoC) of cybercrimes. Cybercriminals are assuming new strategies to launch their sophisticated cyberattacks within the ever-changing digital ecosystems. The authors recommend that digital investigations must continually shift to tackle cybercrimes and prosecute cybercriminals to increase international collaboration networks, to share prevention knowledge, and to analyze lessons learned. They also establish a cyber forensics model for miscellaneous ecosystems called cyber forensics model in digital ecosystems (CFMDE). This chapter also reviews the most important categories of tools to conduct digital investigations. Nevertheless, as the cybercrime sophistication keeps improving, it is also necessary to harden technologies, techniques, methodologies, and tools to acquire digital evidence in order to support and make cyber investigation cases stronger.

Download Full-text

Systematic Memory Forensic Analysis of Ransomware using Digital Forensic Tools

International Journal of Natural Computing Research ◽

10.4018/ijncr.2020040105 ◽

2020 ◽

Vol 9 (2) ◽

pp. 61-81

Author(s):

Paul Joseph ◽

Jasmine Norman

Keyword(s):

Forensic Analysis ◽

Vital Role ◽

Financial Loss ◽

Cyber Forensics ◽

Digital Forensic ◽

Memory Forensics ◽

Forensic Tools

Cybercrimes catastrophically caused great financial loss in the year 2018 as powerful obfuscated malware known as ransomware continued to be a continual threat to governments and organizations. Advanced malwares capable of system encryption with sophisticated obscure keys left organizations paying the ransom that hackers demand. Since every individual is vulnerable to this assault, cyber forensics play a vital role either in educating society or combating the attacks. As cyber forensics is classified into many subdomains, memory forensics is the domain that leads in curbing these types of attacks. This article gives insight on importance of memory forensics and provides widespread analysis on working of ransomware, recognizes the workflow, provides the ways to overcome this attack. Furthermore, this article implements user defined rules by integrating into powerful search tools known as YARA to detect and prevent the ransomware attacks.

Download Full-text

A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning Processing

Data ◽

10.3390/data6080087 ◽

2021 ◽

Vol 6 (8) ◽

pp. 87

Author(s):

Sara Ferreira ◽

Mário Antunes ◽

Manuel E. Correia

Keyword(s):

Machine Learning ◽

Digital Forensics ◽

State Of The Art ◽

Forensic Analysis ◽

Third Party ◽

Support Vector ◽

Multimedia Content ◽

Digital Forensic ◽

Video Frames ◽

Forensic Tools

Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40,588 and 12,400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.

Download Full-text

Performance of Cryptographic Hash function used in Digital Forensic tools

International Journal For Innovative Engineering and Management Research ◽

10.48047/ijiemr/v10/i11/21 ◽

2021 ◽

Keyword(s):

Hash Functions ◽

Hash Tables ◽

Cyber Forensics ◽

Hard Drives ◽

Storage Devices ◽

Digital Forensic ◽

Length Data ◽

Forensic Tools ◽

Evaluation Of Evidence ◽

Image Archives

Cryptographic hash functions are which transform any long message to fixed-length data. It seeks to ensure the confidentiality of the data through the cryptographic hash. The digital forensic tool is a method for extracting information from various storage devices, such as hard drives, memory. SHA-1 and SHA-2 methods are both widely used in forensic image archives. The hash method is usually used during evidence processing, the checking of forensic images (duplicate evidence), then at the completion of the analysis again to ensure data integrity and forensic evaluation of evidence. There was a vulnerability called a collision in the hashing algorithm in which two independent messages had the same hash values. While SHA-3 is secure than its former counterparts, the processors for general purposes are being slow and are not yet so popular. This task proposes a basic yet successful framework to meet the needs of cyber forensics, combining hash functions with other cryptographic concepts, for instance, SALT, such as modified secured hash algorithm (MSHA). A salt applies to the hashing mechanism to make it exclusive, expand its complexity and reduce user attacks like hash tables without increasing user requirements.

Download Full-text

Adapting Tactical Military Structures to the Current and Future Operational Environments

International conference KNOWLEDGE-BASED ORGANIZATION ◽

10.2478/kbo-2020-0024 ◽

2020 ◽

Vol 26 (1) ◽

pp. 157-162

Author(s):

Paul Tudorache ◽

Lucian Ispas

Keyword(s):

Best Practices ◽

Lessons Learned ◽

Organizational Adaptation ◽

Common Denominator ◽

Military Operations ◽

The Future ◽

Military Units

AbstractUsing the lessons learned from recent military operations such as Operation Inherent Resolve (OIR) from Syria and Iraq, we proposed to investigate the need for tactical military units to adapt operationally to grapple with the most common requirements specific to current operational environments, but also for those that can be foreseen in the future. In this regard, by identifying the best practices in the field that can be met at the level of some important armies, such as USA and UK, we will try to determine a common denominator of most important principles whose application may facilitate both operational and organizational adaptation necessary for tactical military units to perform missions and tasks in the most unknown future operational environments.

Download Full-text

Lessons Learned and Best Practices from Managing CCS/CCUS Projects

SSRN Electronic Journal ◽

10.2139/ssrn.3366199 ◽

2019 ◽

Author(s):

Jared Walker

Keyword(s):

Best Practices ◽

Lessons Learned

Download Full-text

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

Circulation in Computer Science ◽

10.22632/ccs-2017-252-67 ◽

2017 ◽

Vol 2 (11) ◽

pp. 8-16

Author(s):

Moses Ashawa ◽

Innocent Ogwuche

Keyword(s):

Mobile Phones ◽

Instant Messaging ◽

Data Extraction ◽

Digital Evidence ◽

Cyber Attack ◽

Forensic Evidence ◽

Digital Forensic ◽

Proportional Increase ◽

Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Download Full-text

Sustainability Certification and Green Public Procurement: Ideals and Outcomes in a New Jersey School District

Journal of Education for Sustainable Development ◽

10.1177/09734082211012555 ◽

2021 ◽

pp. 097340822110125

Author(s):

Cluny Mendez ◽

Christopher L. Atkinson

Keyword(s):

New Jersey ◽

School District ◽

School Districts ◽

Best Practices ◽

Public Procurement ◽

Lessons Learned ◽

Future Research ◽

Review Of The Literature ◽

Green Public Procurement ◽

The Subject

The implementation of sustainability and green public procurement (GPP) initiatives in school districts has been the subject of some debate; questions over definitions and programme goals have led to inconsistency and concerns about programme achievements. The legitimacy of programmes rests not only with the announcement of policy by officials, but with adherence to policy and staff buy-in. This study examines barriers districts face, and makes recommendations based upon district experience on ways to successfully implement sustainability and GPP initiatives. A review of the literature on GPP and legitimacy in the execution of public functions within the education domain begins the study. Major components relative to best practices for GPP programmes are studied through the review of GPP-related documents from a school district in New Jersey considered as an exemplar of such programmes. Analysis of an interview with the district’s representatives suggests that, despite the normative approval such programmes receive, and widespread understanding of the rationale for pursuing such initiatives, there remain critical failings in implementation of these programmes, stemming from education, resourcing of initiatives and prioritization of green procurement in relation to other district priorities. The study concludes with lessons learned from this case, which is important given its positioning within New Jersey as an exemplar and recommendations for future research where work in this area is needed.

Download Full-text

Encouraging millennials to collaborate and learn on the job

Strategic HR Review ◽

10.1108/shr-06-2015-0042 ◽

2015 ◽

Vol 14 (4) ◽

pp. 118-123 ◽

Cited By ~ 10

Author(s):

Lauren Trees

Keyword(s):

Knowledge Management ◽

Best Practices ◽

Social Networking ◽

Age Groups ◽

Lessons Learned ◽

Retention Rates ◽

Direct Access ◽

Content Type ◽

Business Outcomes ◽

Wide Range

Purpose – The purpose of this paper is to present enterprise social networking and gamification as two potential tools to help organizations engage Millennial employees in collaboration and learning. Design/methodology/approach – The research provides general descriptions of enterprise social networking and gamification approaches, shares data on adoption of these approaches from APQC’s “2015 Knowledge Management Priorities Data Report” (based on a January 2015 survey of 524 knowledge management professionals) and includes four company examples adapted from APQC’s Connecting People to Content and Transferring and Applying Critical Knowledge best practices studies. The methodology for APQC’s best practices studies involves screening 50 or more organizations with potential best practices in a given research scope area and identifying five or six with proven best practices. APQC then conducts detailed site visits with the selected organizations and publishes case studies based on those site visits. Findings – Enterprise social networking platforms are in place at 50 per cent of organizations, with another 25 per cent planning to implement them by the end of 2015. By providing near-immediate access to information and answers, enterprise social networking helps Millennials learn the ropes at their new workplaces, gives them direct access to more knowledgeable colleagues who can assist and mentor them, and helps them improve their business outcomes by reusing knowledge and lessons learned across projects. Younger workers can also harness the power of social networking to create a sense of belonging and build their reputations in large, dispersed firms, where it is particularly difficult for them to gain visibility. A recent APQC survey indicates that 54 per cent of organizations either currently employ gamification to encourage collaboration or expect to implement it within the next three years. The rush to gamify the enterprise is, at least in part, a reflection of employers’ desire to satisfy Millennials and make them feel connected to a community of co-workers. Although games appeal to a wide range of age groups, Millennials grew up with digital interaction and tend to prefer environments that emphasize teamwork, social learning and frequent feedback – all of which can be delivered through gamification. Originality/value – The value of this paper is to introduce the value of and relationship between enterprise social networking and gamification platforms to human resource (HR) professionals looking to increase engagement and retention rates for Millennial employees.

Download Full-text