Performance of Cryptographic Hash function used in Digital Forensic tools

This paper reviews the existing methodologies and best practices for digital investigations phases like collecting, evaluating and preserving digital forensic evidence and chain of custody of cybercrimes. Cybercriminals are adopting new strategies to launch cyberattacks within modified and ever changing digital ecosystems, this article proposes that digital investigations must continually readapt to tackle cybercrimes and prosecute cybercriminals, working in international collaboration networks, sharing prevention knowledge and lessons learned. The authors also introduce a compact cyber forensics model for diverse technological ecosystems called Cyber Forensics Model in Digital Ecosystems (CFMDE). Transferring the knowledge, international collaboration, best practices and adopting new digital forensic tools, methodologies and techniques will be hereinafter paramount to obtain digital evidence, enforce organizational cybersecurity policies, mitigate security threats, fight anti-forensics practices and indict cybercriminals. The global Digital Forensics community ought to constantly update current practices to deal with cybercriminality and foreseeing how to prepare to new technological environments where change is always constant.

Download Full-text

Systematic Memory Forensic Analysis of Ransomware using Digital Forensic Tools

International Journal of Natural Computing Research ◽

10.4018/ijncr.2020040105 ◽

2020 ◽

Vol 9 (2) ◽

pp. 61-81

Author(s):

Paul Joseph ◽

Jasmine Norman

Keyword(s):

Forensic Analysis ◽

Vital Role ◽

Financial Loss ◽

Cyber Forensics ◽

Digital Forensic ◽

Memory Forensics ◽

Forensic Tools

Cybercrimes catastrophically caused great financial loss in the year 2018 as powerful obfuscated malware known as ransomware continued to be a continual threat to governments and organizations. Advanced malwares capable of system encryption with sophisticated obscure keys left organizations paying the ransom that hackers demand. Since every individual is vulnerable to this assault, cyber forensics play a vital role either in educating society or combating the attacks. As cyber forensics is classified into many subdomains, memory forensics is the domain that leads in curbing these types of attacks. This article gives insight on importance of memory forensics and provides widespread analysis on working of ransomware, recognizes the workflow, provides the ways to overcome this attack. Furthermore, this article implements user defined rules by integrating into powerful search tools known as YARA to detect and prevent the ransomware attacks.

Download Full-text

Digital Forensic Analysis of Cybercrimes

Digital Multimedia ◽

10.4018/978-1-5225-3822-6.ch029 ◽

2018 ◽

pp. 588-600

Author(s):

Regner Sabillon ◽

Jordi Serra-Ruiz ◽

Victor Cavaller ◽

Jeimy J. Cano

Keyword(s):

Best Practices ◽

International Collaboration ◽

Forensic Analysis ◽

Lessons Learned ◽

Digital Ecosystems ◽

Cyber Forensics ◽

Digital Forensic ◽

Chain Of Custody ◽

Technological Ecosystems ◽

Forensic Tools

This paper reviews the existing methodologies and best practices for digital investigations phases like collecting, evaluating and preserving digital forensic evidence and chain of custody of cybercrimes. Cybercriminals are adopting new strategies to launch cyberattacks within modified and ever changing digital ecosystems, this article proposes that digital investigations must continually readapt to tackle cybercrimes and prosecute cybercriminals, working in international collaboration networks, sharing prevention knowledge and lessons learned. The authors also introduce a compact cyber forensics model for diverse technological ecosystems called Cyber Forensics Model in Digital Ecosystems (CFMDE). Transferring the knowledge, international collaboration, best practices and adopting new digital forensic tools, methodologies and techniques will be hereinafter paramount to obtain digital evidence, enforce organizational cybersecurity policies, mitigate security threats, fight anti-forensics practices and indict cybercriminals. The global Digital Forensics community ought to constantly update current practices to deal with cybercriminality and foreseeing how to prepare to new technological environments where change is always constant.

Download Full-text

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

Circulation in Computer Science ◽

10.22632/ccs-2017-252-67 ◽

2017 ◽

Vol 2 (11) ◽

pp. 8-16

Author(s):

Moses Ashawa ◽

Innocent Ogwuche

Keyword(s):

Mobile Phones ◽

Instant Messaging ◽

Data Extraction ◽

Digital Evidence ◽

Cyber Attack ◽

Forensic Evidence ◽

Digital Forensic ◽

Proportional Increase ◽

Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

Download Full-text

A Dataset of Photos and Videos for Digital Forensics Analysis Using Machine Learning Processing

Data ◽

10.3390/data6080087 ◽

2021 ◽

Vol 6 (8) ◽

pp. 87

Author(s):

Sara Ferreira ◽

Mário Antunes ◽

Manuel E. Correia

Keyword(s):

Machine Learning ◽

Digital Forensics ◽

State Of The Art ◽

Forensic Analysis ◽

Third Party ◽

Support Vector ◽

Multimedia Content ◽

Digital Forensic ◽

Video Frames ◽

Forensic Tools

Deepfake and manipulated digital photos and videos are being increasingly used in a myriad of cybercrimes. Ransomware, the dissemination of fake news, and digital kidnapping-related crimes are the most recurrent, in which tampered multimedia content has been the primordial disseminating vehicle. Digital forensic analysis tools are being widely used by criminal investigations to automate the identification of digital evidence in seized electronic equipment. The number of files to be processed and the complexity of the crimes under analysis have highlighted the need to employ efficient digital forensics techniques grounded on state-of-the-art technologies. Machine Learning (ML) researchers have been challenged to apply techniques and methods to improve the automatic detection of manipulated multimedia content. However, the implementation of such methods have not yet been massively incorporated into digital forensic tools, mostly due to the lack of realistic and well-structured datasets of photos and videos. The diversity and richness of the datasets are crucial to benchmark the ML models and to evaluate their appropriateness to be applied in real-world digital forensics applications. An example is the development of third-party modules for the widely used Autopsy digital forensic application. This paper presents a dataset obtained by extracting a set of simple features from genuine and manipulated photos and videos, which are part of state-of-the-art existing datasets. The resulting dataset is balanced, and each entry comprises a label and a vector of numeric values corresponding to the features extracted through a Discrete Fourier Transform (DFT). The dataset is available in a GitHub repository, and the total amount of photos and video frames is 40,588 and 12,400, respectively. The dataset was validated and benchmarked with deep learning Convolutional Neural Networks (CNN) and Support Vector Machines (SVM) methods; however, a plethora of other existing ones can be applied. Generically, the results show a better F1-score for CNN when comparing with SVM, both for photos and videos processing. CNN achieved an F1-score of 0.9968 and 0.8415 for photos and videos, respectively. Regarding SVM, the results obtained with 5-fold cross-validation are 0.9953 and 0.7955, respectively, for photos and videos processing. A set of methods written in Python is available for the researchers, namely to preprocess and extract the features from the original photos and videos files and to build the training and testing sets. Additional methods are also available to convert the original PKL files into CSV and TXT, which gives more flexibility for the ML researchers to use the dataset on existing ML frameworks and tools.

Download Full-text

The Optimization Analysis for the Original and Manipulation Identification of Illegally Filmed Images

Applied Sciences ◽

10.3390/app11115220 ◽

2021 ◽

Vol 11 (11) ◽

pp. 5220

Author(s):

Soohyeon Choi ◽

Dohoon Kim

Keyword(s):

Social Media ◽

Mobile Device ◽

Detection Rate ◽

Precise Measurement ◽

Detection Method ◽

Optimization Analysis ◽

Storage Devices ◽

Digital Forensic ◽

Attribute Information ◽

Measurement Approach

Illegally filmed images, the sharing of non-consensually filmed images over social media, and the secret recording and distribution of celebrity images are increasing. To catch distributors of illegally filmed images, many investigation techniques based on an analysis of the file attribute information of the original images have been introduced. As forensic science advances, various types of anti-forensic technologies are being produced, requiring investigators to open and analyze all videos from the suspect’s storage devices, raising the question of the invasion of privacy during the investigation. The suspect can even file a lawsuit, which makes issuing a warrant and conducting an investigation difficult. Thus, it is necessary to detect the original and manipulated images without needing to directly go through multiple videos. We propose an optimization analysis and detection method for extracting original and manipulated images from seized devices of suspects. In addition, to increase the detection rate of both original and manipulated images, we suggest a precise measurement approach for comparative thresholds. Thus, the proposed method is a new digital forensic methodology for comparing and identifying original and manipulated images accurately without the need for opening videos individually in a suspect’s mobile device.

Download Full-text

Performance of Movable Head Disk Storage Devices with Various Disk Scheduling Algorithms

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.b1125.1292s19 ◽

2019 ◽

Vol 9 (2S) ◽

pp. 486-490

Keyword(s):

Scheduling Algorithms ◽

Access Time ◽

Processing Unit ◽

Disk Scheduling ◽

Efficient Manner ◽

Hard Drives ◽

Storage Devices ◽

Disk Storage ◽

Central Processing ◽

The One

Hard drives are the one which needs to be accessed in an efficient manner so that it is feasible to get better recital of the central processing unit. Now a day’s magnetic disks are capable of providing more input output bandwidth yet a huge amount of this bandwidth is lost due to the access time of the hard disk. This paper discusses an analysis of performance of various disk scheduling algorithms with their merits and demerits

Download Full-text

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) ◽

10.29207/resti.v5i1.2626 ◽

2021 ◽

Vol 5 (1) ◽

pp. 45-54

Author(s):

Imam Riadi ◽

Rusydi Umar ◽

Muhammad Irwan Syahib

Keyword(s):

Extraction Process ◽

Text Messages ◽

Digital Evidence ◽

Digital Forensic ◽

Digital Crime ◽

The World ◽

Instant Messenger ◽

Negative Impacts ◽

Forensic Tools ◽

Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

Download Full-text