Holistic Analytics of Digital Artifacts

Investigation of every crime scene with digital evidence is predominantly required in identifying almost all atomic files behind the scenes that have been intentionally scrubbed out. Apart from the data generated across digital devices and the use of diverse technology that slows down the traditional digital forensic investigation strategies. Dynamically scrutinizing the concealed or sparse metadata matches from the less frequent archives of evidence spread across heterogeneous sources and finding their association with other artifacts across the collection is still a horrendous task for the investigators. The effort of this article via unique pockets (UP), unique groups (UG), and unique association (UA) model is to address the exclusive challenges mixed up in identifying incoherent associations that are buried well within the meager metadata field-value pairs. Both the existing similarity models and proposed unique mapping models are verified by the unique metadata association model.

Download Full-text

Advancing Automation in Digital Forensic Investigation

International Journal of Scientific Research in Science Engineering and Technology ◽

10.32628/ijsrset218370 ◽

2021 ◽

pp. 378-382

Author(s):

Sathwara Prerna ◽

Dr. Chandresh Parekh ◽

Priyank Parmar

Keyword(s):

Open Source ◽

Web Applications ◽

Computer Systems ◽

Digital Evidence ◽

Forensic Investigation ◽

Technical Approach ◽

Computing Device ◽

Digital Devices ◽

Digital Forensic ◽

Main Motive

This paper represents the thoroughly technical approach to carry out forensics investigation in web applications or computer systems which combines and provided digital evidence from the particular computing device. The main objective is to recover and investigate the material found in digital devices related to cybercrime and maintain the integrity of the evidence collected. The main motive of the scanner is to investigate the system or application and process a stronger result/report of each vulnerable system or application effectively. This tool is the Open source that is used to perform some forensics investigation tasks which is helpful to the investigator to do their job and generate digital evidence which can be used by a court of law.

Download Full-text

Digital Forensic Investigation of Social Media, Acquisition and Analysis of Digital Evidence

International Journal of Strategic Engineering ◽

10.4018/ijose.2019010105 ◽

2019 ◽

Vol 2 (1) ◽

pp. 52-60 ◽

Cited By ~ 3

Author(s):

Reza Montasari ◽

Richard Hill ◽

Victoria Carpenter ◽

Farshad Montaseri

Keyword(s):

Social Media ◽

Social Interaction ◽

Social Networking ◽

Social Networking Sites ◽

Instant Messaging ◽

Digital Evidence ◽

Forensic Investigation ◽

Digital Forensic ◽

Photo Sharing ◽

Investigation Process

Various social networking sites (SNSs), widely referred to as social media, provide services such as email, blogging, instant messaging and photo sharing for social and commercial interactions. SNSs are facilitating new forms of social interaction, dialogue, exchange and collaboration. They allow millions of users and organisations worldwide to exchange ideas, post updates and comments or participate in activities and events, while sharing their wider interests. At the same time, such a phenomenon has led to an upsurge in significant criminal activities by perpetrators who are becoming increasingly sophisticated in their attempts to deploy technology to circumvent detection. Digital forensic Examiners (DFEs) often face serious challenges in relation to data acquisition. Therefore, this article aims to analyse the significance of SNSs in DFIs and challenges that DFEs often encounter when acquiring evidence from SNSs. Furthermore, this article describes the steps of the digital forensic investigation process that must be taken to acquire digital evidence that is both authentic and forensically sound.

Download Full-text

Analisis Kelayakan Integrated Digital Forensics Investigation Framework Untuk Investigasi Smartphone

Jurnal Buana Informatika ◽

10.24002/jbi.v7i4.767 ◽

2016 ◽

Vol 7 (4) ◽

Cited By ~ 1

Author(s):

Ruuhwan Ruuhwan ◽

Imam Riadi ◽

Yudi Prayudi

Keyword(s):

Digital Forensics ◽

Electronic Media ◽

Digital Data ◽

Digital Evidence ◽

Forensic Investigation ◽

Digital Forensic ◽

Forensic Examination ◽

Different Types ◽

Valid Evidence

Abstract. The handling of digital evidence each and every digital data that can proof a determination that a crime has been committed; it may also give the links between a crime and its victims or crime and the culprit. How to verify a valid evidence is to investigate using the approach known as the Digital Forensic Examination Procedures. Integrated Digital Forensic Investigation Framework (IDFIF) is the latest developed method, so that it is interesting to further scrutinize IDFIF, particularly in the process of investigation of a smartphone. The current smartphone devices have similar functions with computers. Although its functions are almost the same as the computer, but there are some differences in the process of digital forensics handling between computer devices and smartphones. The digital evidence handling process stages need to overcome the circumstances that may be encountered by an investigator involving digital evidence particularly on electronic media and smartphone devices in the field. IDFIF needs to develop in such a way so it has the flexibility in handling different types of digital evidence.Keywords: digital evidence, IDFIF, investigation, smartphoneAbstraks. Penanganan bukti digital mencakup setiap dan semua data digital yang dapat menjadi bukti penetapan bahwa kejahatan telah dilakukan atau dapat memberikan link antara kejahatan dan korbannya atau kejahatan dan pelakunya. Cara pembuktian untuk mendapatkan bukti valid adalah dengan melakukaninvestigasi dengan pendekatan Prosedur Pemeriksaan Digital Forensic. Integrated Digital Forensics Investigation Framework (IDFIF) merupakan metode terbaru sehingga IDFIF ini menarik untuk diteliti lebih lanjut terutama dalam proses investigasi smartphone. Saat ini perangkat smartphone memiliki fungsi yang sama dengan komputer. Meskipun demikian, ada beberapa perbedaan dalam proses penanganan digital forensics diantara perangkat komputer dan smartphone. Tahapan proses penanganan barang bukti digital seharusnya dibuat untuk mengatasi keadaan umum yang mungkin dihadapi oleh investigator yangmelibatkan barang bukti digital terutama pada perangkat smartphone dan media elektronik terkait di lapangan. IDFIF perlu dikembangkan sehingga memiliki fleksibilitas dalam menangani berbagai jenis barang bukti digital.Kata Kunci: bukti digital, IDFIF, investigasi, smartphone

Download Full-text

Comparative Study and Analysis on Integrity of Data Files Using Different Tools and Techniques

Journal of Information Security and Cybercrimes Research ◽

10.26735/symq8715 ◽

2021 ◽

Vol 4 (1) ◽

pp. 43-54

Author(s):

Kumarshankar Raychaudhuri ◽

M. George Christopher ◽

Nayeem Abbas Hamdani

Keyword(s):

Comparative Study ◽

Data File ◽

Digital Evidence ◽

Forensic Investigation ◽

Digital Devices ◽

Sample Data ◽

Chain Of Custody ◽

Data Files ◽

Forensic Tools ◽

Tools And Techniques

Digital forensic investigation is the scientific process of collection, preservation, examination, analysis, documentation and presentation of digital evidence from digital devices, so that the evidence is in compliance with legal terms and acceptable in a court of law. Integrity of the digital evidence is an indispensable part of the investigation process and should be preserved to maintain the chain of custody. This is done through hashing technique using standardized forensic tools. However, while handling the evidences , lack of knowledge might lead to unintentional alteration of computed hash. This violates the chain of custody and makes the evidence inadmissible in a court of law. In this paper, our objective is to determine the different conditions under which the original hash value of a digital evidence changes. For this, we create different scenarios using sample data files and compute their hash values. A comparative study and analysis are done to determine in which scenario the original hash value of the data file changes. The results of the research will prove useful and essential for Criminal Justice Functionaries in gaining knowledge about various conditions leading to the change in hash value of digital evidence and therefore, avoid its accidental alteration during forensic investigation/examination.

Download Full-text

A New Digital Evidence Retrieval Model For Gambling Machine Forensic Investigation

Jurnal Teknologi ◽

10.11113/jt.v54.91 ◽

2012 ◽

Author(s):

Pritheega Magalingam ◽

Azizah Abdul Manaf ◽

Zuraimi Yahya ◽

Rabiah Ahmad

Keyword(s):

Forensic Analysis ◽

Digital Evidence ◽

Retrieval Model ◽

Forensic Investigation ◽

Forensic Evidence ◽

Retrieval Method ◽

Illegal Gambling ◽

Digital Forensic ◽

Evidence Analysis ◽

Gaming Machine

Analisis forensik perkakasan melibatkan proses menganalisa data yang di perolehi secara elektronik untuk menunjukkan bukti sama ada peralatan elektronik adalah digunakan untuk melakukan jenayah, mengandungi bukti jenayah atau ia adalah satu sasaran jenayah. Penyalahgunaan mesin permainan merupakan sumber utama permainan haram dijalankan. Kerja penyelidikan ini memperkenalkan kaedah mendapatkan maklumat dari satu mesin permainan yang telah dirampas oleh PDRM dan menganalisis data yang diterjemahkan untuk membuktikan bahawa mesin permainan tersebut digunakan secara haram. Prosedur mendapatkan bukti digital ini dibina untuk membantu pihak polis atau penyiasat dalam penganalisaan maklumat digital dan ia boleh dijadikan sebagai satu garis panduan untuk mengenalpasti bukti yang relevan untuk menunjukan aktiviti perjudian haram dijalankan. Kata kunci: Forensik digital, analisis forensik, mesin judi, kaedah pengambilan informasi, penterjemahan, pencarian kata Hardware forensic analysis involves the process of analyzing digital evidence derived from digital sources. The analysis is done to facilitate and prove either the device is used to commit crime, whether it contains evidence of a crime or is the target of a crime. Gambling machines serve as the main source by which illegal games are conducted. This paper presents a method for retrieving information from a seized gaming machine, along with an analysis of the interpreted information to prove that the gaming machine was used illegally. The proposed procedures for the gambling machine forensic process will be important for forensic investigators (e.g., the police or private investigators), as they will assist these individuals in the digital forensic evidence analysis necessary to produce evidence relevant to illegal gambling. Key words: digital forensic, forensic analysis, gambling machine, information retrieval method, interpretation, string search

Download Full-text

A Survey on Digital Forensic Investigation Practitioners Approach and Challenges

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.35544 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 2733-2736

Author(s):

Prof. Sachin Babulal Jadhav

Keyword(s):

Data Collection ◽

Digital Forensics ◽

Electronic Devices ◽

Digital Evidence ◽

Cyber Crime ◽

Forensic Investigation ◽

Digital Forensic ◽

Digital Crime ◽

Entire World ◽

Investigation Process

Digital crimes are taking place over the entire world. For any digital crime which commit at any part of world, computer or any electronic devices are used. The devices which are used to commit the crime are useful evidences which must be identified and protected for further use. The crimes involving electronic devices are called as cyber-crime. To investigate such crimes, a scientific procedures needs to be followed. The data collection, analysis, preservation and presentation of digital evidence is must in order investigate the cybercrime. This paper highlights the practices that are used worldwide in the investigation process of cyber-crime. Keywords: Digital Forensics, Analysis, Investigation, models of investigation.

Download Full-text

Identifying Digital Forensic Frameworks Based on Processes Models

Iraqi Journal of Science ◽

10.24996/ijs.2021.si.1.35 ◽

2021 ◽

pp. 249-258

Author(s):

Talib M. Jawad Abbas ◽

Ahmed Salem Abdulmajeed

Keyword(s):

Forensic Science ◽

Digital Forensics ◽

Digital Evidence ◽

Digital Devices ◽

Digital Forensic ◽

Reliable Evidence ◽

Basic Concepts ◽

Investigation Process

Digital forensic is part of forensic science that implicitly covers crime related to computer and other digital devices. It‟s being for a while that academic studies are interested in digital forensics. The researchers aim to find out a discipline based on scientific structures that defines a model reflecting their observations. This paper suggests a model to improve the whole investigation process and obtaining an accurate and complete evidence and adopts securing the digital evidence by cryptography algorithms presenting a reliable evidence in a court of law. This paper presents the main and basic concepts of the frameworks and models used in digital forensics investigation.

Download Full-text

Digital investigations: relevance and confidence in disclosure

ERA Forum ◽

10.1007/s12027-021-00687-1 ◽

2021 ◽

Author(s):

Philip Anderson ◽

Dave Sampson ◽

Seanpaul Gilroy

Keyword(s):

Mobile Phone ◽

Digital Forensics ◽

Digital Evidence ◽

Digital Devices ◽

Digital Forensic ◽

Different Types ◽

New Challenges ◽

Stored Information

AbstractThe field of digital forensics has grown exponentially to include a variety of digital devices on which digitally stored information can be processed and used for different types of crimes. As a result, as this growth continues, new challenges for those conducting digital forensic examinations emerge. Digital forensics has become mainstream and grown in importance in situations where digital devices used in the commission of a crime need examining. This article reviews existing literature and highlights the challenges while exploring the lifecycle of a mobile phone examination and how the disclosure and admissibility of digital evidence develops.

Download Full-text

Adoption of Chain of Custody Improves Digital Forensic Investigation Process

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.1.2.14 ◽

2018 ◽

Vol 1 (2) ◽

pp. 13-23

Author(s):

Talib Mohammed Jawad

Keyword(s):

Practical Method ◽

Digital Evidence ◽

Successful Implementation ◽

Forensic Investigation ◽

Digital Forensic ◽

Experimental Environment ◽

Wide Range ◽

Chain Of Custody ◽

Acceptable Method ◽

Investigation Process

Chain of custody plays an important role in determine integrity of digital evidence, because the chain of custody works on a proof that evidence has not been altered or changed through all phases, and must include documentation on how evidence is gathered, transported, analyzed and presented. The aims of this work is first to find out how the chain of custody has been applied to a wide range of models of the digital forensic investigation process for more than ten years. Second, a review of the methods on digitally signing an evidence that achieves the successful implementation of chain of custody through answering a few questions "who, when, where, why, what and how", and thus providing digital evidence to be accepted by the court. Based on the defined aims an experimental environment is being setup to outline practically an acceptable method in chain of custody procedure. Therefore, we have adopted SHA512 for hashing and regarding encryption RSA and GnuGP is applied where according to the defined requirement a combination of this algorithms could be adopted as a practical method.

Download Full-text

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

Circulation in Computer Science ◽

10.22632/ccs-2017-252-67 ◽

2017 ◽

Vol 2 (11) ◽

pp. 8-16

Author(s):

Moses Ashawa ◽

Innocent Ogwuche

Keyword(s):

Mobile Phones ◽

Instant Messaging ◽

Data Extraction ◽

Digital Evidence ◽

Cyber Attack ◽

Forensic Evidence ◽

Digital Forensic ◽

Proportional Increase ◽

Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Download Full-text