Current Challenges of Digital Forensics in Cyber Security

The digital age has undoubtedly revolutionized the life and work of people. However, this sheen of digital technology remains challenged by the spate of cybercrimes that imperil the privacy and data of the end-users. The alarming rise in cybercrimes has become a major concern for cyber specialists. In this grim context, digital forensics has emerged as a boon for cyber specialists because it has proven to be an effective means for investigating cyber-attacks. This chapter reviews the existing tools and approaches in the field of digital forensics in cybersecurity. This chapter also discusses the current challenges and problems that are faced by a forensic investigator. In addition, it enlists the different categories of digital forensics. The study concludes by underlining the importance and the need for extensive research in digital forensic tools.

Download Full-text

A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning Processing

Data ◽

10.3390/data6080087 ◽

2021 ◽

Vol 6 (8) ◽

pp. 87

Author(s):

Sara Ferreira ◽

Mário Antunes ◽

Manuel E. Correia

Keyword(s):

Machine Learning ◽

Digital Forensics ◽

State Of The Art ◽

Forensic Analysis ◽

Third Party ◽

Support Vector ◽

Multimedia Content ◽

Digital Forensic ◽

Video Frames ◽

Forensic Tools

Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40,588 and 12,400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.

Download Full-text

Analisis Media Sosial Facebook Lite dengan tools Forensik menggunakan Metode NIST

Techno (Jurnal Fakultas Teknik Universitas Muhammadiyah Purwokerto) ◽

10.30595/techno.v21i2.8494 ◽

2020 ◽

Vol 21 (2) ◽

pp. 125

Author(s):

Rauhulloh Ayatulloh Bintang ◽

Rusydi Umar ◽

Anton Yudhana

Keyword(s):

Social Media ◽

Digital Forensics ◽

Media Use ◽

Human Life ◽

Social Media Use ◽

Research Results ◽

The Public ◽

Digital Forensic ◽

Forensic Tools

Social Media is becoming very popular among the public today, and the increasing number of social media use has of course a good or bad impact on the course of human life, for example the bad impact is doing cyberbully or chating on social media. Digital forensics is one of the sciences for how to catch criminals in digital which will be needed in evidence in court. Social media criminals need Smartphones to commit digital cybercrime. This research will raise evidence of digital crimes on the Facebook Lite application using forensics. In this study, the forensic tool that will be used is the MOBILEedit Forensic Pro forensic tools with the help of using methods NIST National Institute Of Standars Techlogogy. NIST has a good workflow for extracting digital forensic data. The research results will be obtained in the form of accounts Id, audio, conversations, and images

Download Full-text

PECULIARITIES OF THE FORMATION OF SECURE CYBERSPACE IN THE DIGITAL ECONOMY

INNOVATIVE ECONOMY ◽

10.37332/2309-1533.2021.3-4.23 ◽

2021 ◽

pp. 164-169

Author(s):

Iryna Revak ◽

Roman Gren

Keyword(s):

Law Enforcement ◽

Information And Communication Technologies ◽

Cyber Security ◽

Effective Means ◽

Inductive Logic ◽

Digital Economy ◽

Cyber Attacks ◽

Practical Significance ◽

Law Enforcement Agencies ◽

Cyber Threats

Purpose. The aim of the article is to reveal the peculiarities of the formation of secure cyberspace in the digital economy, to substantiate the activities of law enforcement agencies to prevent cybercrime. Methodology of research. The theoretical basis of the study were the fundamental provisions of modern economic theory, scientific works of scientists, regulations and legislation of Ukraine on cyber security and the development of the digital economy. To achieve this goal, the following general and special methods were used: abstract and logical (to substantiate the key characteristics of the information space in the context of growing digital economy), system (to consider the relationship between different departments and businesses to develop measures to combat transnational crime), inductive logic (in the study of law enforcement activities to prevent real and potential cybercrime), deductive (to determine effective means of security control in the management of cyber threats), system and structural analysis (to identify and analyse patterns, trends and features of the digital economy). Findings. The peculiarities of a secure virtual environment in the conditions of digital economy development are studied, taking into account the specifics of information society formation and digitalization of economic relations, development of economic processes, in particular their entry into the international digital market. Problematic issues of information and cyber security are outlined. Emphasis is placed on the development and implementation of technologies to protect and counter cyber-attacks, cyber risk management and evaluation of the effectiveness of safe cyberspace control. Effective means of counteracting the commission of crimes in the digital economy are analysed, perspective directions of ensuring law and order in cyberspace are substantiated. Originality. The scientific novelty lies in the substantiation of theoretical and methodological provisions and applied recommendations for the formation of secure cyberspace in the digital economy, the formation of the institutional basis for the integration of government and business structures based on information technology. Practical value. The practical significance of the obtained results lies in the development of scientific and applied recommendations for combating cybercrime in the work of law enforcement agencies. Key words: digital economy, digital technologies, digitalization, cyber security, cybercrime, cyber threats, cyberspace, information and communication technologies.

Download Full-text

Analysis of Digital Forensic Tools

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.8916 ◽

2020 ◽

Vol 17 (6) ◽

pp. 2459-2467

Author(s):

Shaweta Sachdeva ◽

B. L. Raina ◽

Avinash Sharma

Keyword(s):

Pattern Recognition ◽

Data Analysis ◽

Law Enforcement ◽

Mobile Devices ◽

Digital Forensics ◽

Recognition System ◽

Pattern Recognition System ◽

Digital Forensic ◽

Analysis Phase ◽

Forensic Tools

This paper aims to analyze different tools for Forensic Data Analysis comes under the branch of Digital Forensics. Forensic data analysis is done with digital techniques. Digital forensics becomes more important in law enforcement, due to the large use of computers and mobile devices. The pattern recognition system most appropriately fits into the Analysis Phase of the Digital Forensics. Pattern Recognition involves two processes. One Process is an analysis and the second process is recognition. The result of the analysis is taken out of the attributes from the patterns to be recognized i.e., a pattern of different faces and fingerprints. These attributes are then utilized for the further process in the analysis phase which provides attention on various techniques of pattern recognition that are applied to digital forensic examinations and is proposed to develop different forensic tools to collect evidence that would be helpful to solve specific types of crimes. This evidence further helps the examiner in the analysis phase of the digital forensic process by identifying the applicable data.

Download Full-text

An Ontology Based on the Timeline of Log2timeline and Psort Using Abstraction Approach in Digital Forensics

Symmetry ◽

10.3390/sym12040642 ◽

2020 ◽

Vol 12 (4) ◽

pp. 642 ◽

Cited By ~ 1

Author(s):

Sandeepak Bhandari ◽

Vacius Jusas

Keyword(s):

Digital Forensics ◽

The Novel ◽

Digital Forensic ◽

Ontological Approach ◽

Rapid Changes ◽

Digital Investigation ◽

Forensic Tools ◽

The Web

Digital forensics practitioners encounter numerous new terminologies during time-intensive digital investigation processes because of the explosive growth of the web, an immense amount of data, and rapid changes in technology. In such a scenario, the time needed to find and interpret the cause of the potential digital incident can be affected by the complexity involved in understanding the meaning of newly encountered terminologies. Although various approaches have been designed to assist digital practitioners in understanding the newly encountered terminologies during the investigation of the accident, none of them is capable of supporting investigators to interpret new terminologies. Our work focuses on reconstructing and analyzing the timeline of events and artifacts backed by the abstraction concept to help practitioners in reasoning about the perceived meaning of different digital forensics terminologies that are encountered during the investigation. This paper introduces an ontological approach based on the abstraction concept to reconstruct the timeline provided by command-based digital forensic tools, i.e., Log2timeline and Psort in the L2TCSV format, and assist in resolving the meaning of new encountered concepts. The performed experiments show that the novel methodology is capable of enhancing the timeline and assisting practitioners in determining the significance of encountered terminologies or concepts.

Download Full-text

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

Circulation in Computer Science ◽

10.22632/ccs-2017-252-67 ◽

2017 ◽

Vol 2 (11) ◽

pp. 8-16

Author(s):

Moses Ashawa ◽

Innocent Ogwuche

Keyword(s):

Mobile Phones ◽

Instant Messaging ◽

Data Extraction ◽

Digital Evidence ◽

Cyber Attack ◽

Forensic Evidence ◽

Digital Forensic ◽

Proportional Increase ◽

Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Download Full-text

Design of a dynamic and self-adapting system, supported with artificial intelligence, machine learning and real-time intelligence for predictive cyber risk analytics in extreme environments – cyber risk in the colonisation of Mars

Safety in Extreme Environments ◽

10.1007/s42797-021-00025-1 ◽

2021 ◽

Author(s):

Petar Radanliev ◽

David De Roure ◽

Kevin Page ◽

Max Van Kleek ◽

Omar Santos ◽

...

Keyword(s):

Artificial Intelligence ◽

Machine Learning ◽

Real Time ◽

Cyber Security ◽

Extreme Environments ◽

Learning Technologies ◽

Cyber Attacks ◽

Edge Computing ◽

Mathematical Formulas ◽

Cyber Risk

AbstractMultiple governmental agencies and private organisations have made commitments for the colonisation of Mars. Such colonisation requires complex systems and infrastructure that could be very costly to repair or replace in cases of cyber-attacks. This paper surveys deep learning algorithms, IoT cyber security and risk models, and established mathematical formulas to identify the best approach for developing a dynamic and self-adapting system for predictive cyber risk analytics supported with Artificial Intelligence and Machine Learning and real-time intelligence in edge computing. The paper presents a new mathematical approach for integrating concepts for cognition engine design, edge computing and Artificial Intelligence and Machine Learning to automate anomaly detection. This engine instigates a step change by applying Artificial Intelligence and Machine Learning embedded at the edge of IoT networks, to deliver safe and functional real-time intelligence for predictive cyber risk analytics. This will enhance capacities for risk analytics and assists in the creation of a comprehensive and systematic understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when Artificial Intelligence and Machine Learning technologies are migrated to the periphery of the internet and into local IoT networks.

Download Full-text

Cybersecurity Teamwork: A Review of Current Practices and Suggested Improvements

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1071181320641101 ◽

2020 ◽

Vol 64 (1) ◽

pp. 451-455

Author(s):

Richard J. Simonson ◽

Joseph R. Keebler ◽

Mathew Lessmiller ◽

Tyson Richards ◽

John C. Lee

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Team Science ◽

The Past ◽

Insight Into ◽

Current Practices

As cyber-attacks and their subsequent responses have become more frequent and complex over the past decade, research into the performance and effectiveness of cybersecurity teams has gained an immense amount of traction. However, investigation of teamwork in this domain is lacking due to the exclusion of known team competencies and a lack of reliance on team science. This paper serves to provide insight into the benefit that can be gained from utilizing the extant teamwork literature to improve teams’ research and applications in the domain of cyber-security.

Download Full-text

Improving Forensic Triage Efficiency through Cyber Threat Intelligence

Future Internet ◽

10.3390/fi11070162 ◽

2019 ◽

Vol 11 (7) ◽

pp. 162 ◽

Cited By ~ 2

Author(s):

Nikolaos Serketzis ◽

Vasilios Katos ◽

Christos Ilioudis ◽

Dimitrios Baltatzis ◽

Georgios Pangalos

Keyword(s):

Information Security ◽

Digital Forensics ◽

Incident Response ◽

Security Controls ◽

Digital Forensic ◽

Threat Intelligence ◽

Cyber Threat ◽

Series Of Experiments ◽

Cyber Threat Intelligence ◽

Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Download Full-text

An investigation into the effect of cybersecurity on attack prevention strategies

10.54216/jcim.030203 ◽

2020 ◽

pp. 53-60

Author(s):

Mohammed I. Alghamdi ◽

Keyword(s):

Information Technology ◽

Computer Networks ◽

Cyber Security ◽

Information Technologies ◽

Vital Role ◽

Cyber Attacks ◽

Security Threats ◽

Prevention Strategies ◽

Sufficient Knowledge ◽

Simplified Solution

Our economy, infrastructure and societies rely to a large extent on information technology and computer networks solutions. Increasing dependency on information technologies has also multiplied the potential hazards of cyber-attacks. The prime goal of this study is to critically examine how the sufficient knowledge of cyber security threats plays a vital role in detection of any intrusion in simple networks and preventing the attacks. The study has evaluated various literatures and peer reviewed articles to examine the findings obtained by consolidating the outcomes of different studies and present the final findings into a simplified solution.

Download Full-text