Performance of Cryptographic Hash function used in Digital Forensic tools

Cryptographic hash functions are which transform any long message to fixed-length data. It seeks to ensure the confidentiality of the data through the cryptographic hash. The digital forensic tool is a method for extracting information from various storage devices, such as hard drives, memory. SHA-1 and SHA-2 methods are both widely used in forensic image archives. The hash method is usually used during evidence processing, the checking of forensic images (duplicate evidence), then at the completion of the analysis again to ensure data integrity and forensic evaluation of evidence. There was a vulnerability called a collision in the hashing algorithm in which two independent messages had the same hash values. While SHA-3 is secure than its former counterparts, the processors for general purposes are being slow and are not yet so popular. This task proposes a basic yet successful framework to meet the needs of cyber forensics, combining hash functions with other cryptographic concepts, for instance, SALT, such as modified secured hash algorithm (MSHA). A salt applies to the hashing mechanism to make it exclusive, expand its complexity and reduce user attacks like hash tables without increasing user requirements.

Review Paper on Introduction to Cyber Forensics

Cyber Forensics is termed as scientific methods or applications in association with the judiciary or court of laws. The aim behind these methods is to unveil the digital evidence to be utilized in court for solving crime cases. This sort of technology wasn’t practiced before therefore most criminals tend to urge away with their criminal acts without valid proof to incriminate or prosecute them. During that time the oaths, confessions, testimonies from witnesses were the sole determining factors of evidence Crimes committed within electronic or digital domains, particularly within cyberspace, have become common. Criminals are using technology to commit their offenses and make new challenges for law enforcement agents, attorneys, judges, military, and security professionals. Digital forensics has become a vital instrument in identifying and solving computer-based and computerassisted crime. This paper provides a quick introduction to cyber forensics. During this paper we present a typical model for both Incident Response and Computer Forensics processes which mixes their advantages in an exceedingly flexible way: It allows for a management oriented approach in digital investigations while retaining the chance of a rigorous forensics investigation. Keywords: cyber forensics, digital forensic science, computer forensics, evidence, judicial system.

Game-Theoretic Decision Support for Cyber Forensic Investigations

The use of anti-forensic techniques is a very common practice that stealthy adversaries may deploy to minimise their traces and make the investigation of an incident harder by evading detection and attribution. In this paper, we study the interaction between a cyber forensic Investigator and a strategic Attacker using a game-theoretic framework. This is based on a Bayesian game of incomplete information played on a multi-host cyber forensics investigation graph of actions traversed by both players. The edges of the graph represent players’ actions across different hosts in a network. In alignment with the concept of Bayesian games, we define two Attacker types to represent their ability of deploying anti-forensic techniques to conceal their activities. In this way, our model allows the Investigator to identify the optimal investigating policy taking into consideration the cost and impact of the available actions, while coping with the uncertainty of the Attacker’s type and strategic decisions. To evaluate our model, we construct a realistic case study based on threat reports and data extracted from the MITRE ATT&CK STIX repository, Common Vulnerability Scoring System (CVSS), and interviews with cyber-security practitioners. We use the case study to compare the performance of the proposed method against two other investigative methods and three different types of Attackers.