Your search keyword '"DIGITAL forensics"' showing total 7,878 results

1. Approximate matching : definition and terminology

Author

Breitinger, F.

Subjects

Approximate matching, Digital forensics

Abstract

Abstract: Approximate matching is a promising technology for designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find objects that are contained in another object. This can be very useful for filtering data for security monitoring, digital forensics, or other applications.

Published

2014

2. A Generic Approach for Detection of Copy-Move Forgery Detection Scheme from Digital Images

Author

Sudha, R., Akilandeswari, V., Durgalakshmi, B., Palaniammal, K., Singh, Mahesh K., Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Khurana, Meenu, editor, Thakur, Abhishek, editor, Kantha, Praveen, editor, Shieh, Chin-Shiuh, editor, and Shukla, Rajesh K., editor

Published

2025

3. Study of Diverse Levels in Digital Forensics and IoT Forensics

Author

Ammannamma, T., Shalini, Kusuma, Usha, Vadde, Nageswari, Akula, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Kumar, Amit, editor, Gunjan, Vinit Kumar, editor, Senatore, Sabrina, editor, and Hu, Yu-Chen, editor

Published

2025

4. Convergence of Digital Forensics and Intelligent Data in Cyberspace

Author

Singh, Anushka, Raj, Aditi, Das, Swagatam, Series Editor, Bansal, Jagdish Chand, Series Editor, Jaiswal, Ajay, editor, Anand, Sameer, editor, Hassanien, Aboul Ella, editor, and Azar, Ahmad Taher, editor

Published

2025

5. Significance of image brightness levels for PRNU camera identification.

Author

Martin, Abby and Newman, Jennifer

Abstract

A forensic investigator performing source identification on a questioned image from a crime aims to identify the unknown camera that acquired the image. On the camera sensor, minute spatial variations in intensities between pixels, called photo response non‐uniformity (PRNU), provide a unique and persistent artifact appearing in every image acquired by the digital camera. This camera fingerprint is used to produce a score between the questioned image and an unknown camera using a court‐approved camera identification algorithm. The score is compared to a fixed threshold to determine a match or no match. Error rates for the court‐approved camera‐identification PRNU algorithm were established on a very large set of image data, making no distinction between images with different brightness levels. Camera exposure settings and in‐camera processing strive to produce a visually pleasing image, but images that are too dark or too bright are not uncommon. While prior work has shown that exposure settings can impact the accuracy of the court‐approved algorithm, these settings are often unreliable in the image metadata. In this work, we apply the court‐approved PRNU algorithm to a large data set where images are assigned a brightness level as a proxy for exposure settings using a novel classification method and then analyze error rates. We find statistically significant differences between error rates for nominal images and for images labeled dark or bright. Our result suggests that in court, the error rate of the PRNU algorithm for a questioned image may be more accurately characterized when considering the image brightness. [ABSTRACT FROM AUTHOR]

Published

2024

6. GAMEPLANS: A template for robust digital evidence strategy development.

Author

Horsman, Graeme

Subjects

*DIGITAL forensics, *ELECTRONIC evidence, *POLICE, *DIGITAL technology, *FORENSIC sciences

Abstract

Law enforcement officers should now expect to encounter forms of digital evidence at most of their inquiries, and as a result ensure they are prepared to effectively deal with it. This should involve the production of a digital evidence strategy (DES) which describes those actions required of any investigative team to effectively identify, collect, examine, and evaluate any digital devices/data, while also defining the circumstances for when it is appropriate to conduct such tasks. To help officers to produce robust DESs this work provides a DES template which utilizes the “GAMEPLANS” acrostic to identify nine fundamental components that are required of all DESs—“G”–Grounds for investigation; “A”–Authorization; “M”–Method of investigation; “E”–Evaluation of the meaning of any findings; “P”–Proportionality; “L”–Logic; “A”–Agreement; “N”–Necessity; “S”–Scrutiny. Each of these components are described including the sub‐tasks that are contained within each, which any officer constructing a robust and effective DES must address (and provide evidence of having addressed). To support this, a DES template file is also provided, which can be utilized by officers. [ABSTRACT FROM AUTHOR]

Published

2024

7. A digital forensic analysis of an electrocardiogram medical device: A first look.

Author

Grispos, George, Tursi, Frank, and Mahoney, William

Subjects

*DIGITAL forensics, *ELECTROCARDIOGRAPHY, *MEDICAL equipment, *INTERNET security, *DATA acquisition systems

Abstract

The increased frequency and severity of cybersecurity incidents impacting healthcare organizations has prompted the publication of suggested best practices for these organizations, when attempting to respond to incidents in their respective settings. While these best practices provide a wealth of information on how to respond to a cybersecurity incident impacting medical devices, minimal information is provided related to the forensics investigation of the devices themselves. A growing appetite for digital evidence from medical devices, coupled with limited practical guidance from industry best practices prompts an investigation into identifying tools and techniques to assist digital forensic investigators with device disassembly, data acquisition, and preservation of evidence in medical devices. This paper presents the results of a detailed exploratory case study involving the digital forensic investigation of a General Electric MAC 800 electrocardiogram medical device. The contributions of this research are threefold. First, it provides an empirical demonstration of practical techniques for acquiring and examining residual data from the electrocardiogram medical device. Second, the research documents the artifacts that can be recovered from the medical device, which could be used as potential evidence. Third, it provides the foundation for future investigations regarding the tools and processes suitable for examining additional medical devices. This article is categorized under:Digital and Multimedia Science > Cybercrime InvestigationDigital and Multimedia Science > IoT Forensics [ABSTRACT FROM AUTHOR]

Published

2024

8. AI-Driven Prioritization and Filtering of Windows Artifacts for Enhanced Digital Forensics.

Author

Kim, Juhwan, Son, Baehoon, Yu, Jihyeon, and Yun, Joobeom

Abstract

Digital forensics aims to uncover evidence of cybercrimes within compromised systems. These cybercrimes are often perpetrated through the deployment of malware, which inevitably leaves discernible traces within the compromised systems. Forensic analysts are tasked with extracting and subsequently analyzing data, termed as artifacts, from these systems to gather evidence. Therefore, forensic analysts must sift through extensive datasets to isolate pertinent evidence. However, manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive. Previous studies addressed such inefficiencies by integrating artificial intelligence (AI) technologies into digital forensics. Despite the efforts in previous studies, artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations. In this study, we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics. Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection. The key ideas of this method are: (1) prioritize suspicious artifacts and filter remaining artifacts using autoencoder and (2) further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy. Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches. Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies. [ABSTRACT FROM AUTHOR]

Published

2024

9. A Comprehensive Survey on Methods for Image Integrity.

Author

Capasso, Paola, Cattaneo, Giuseppe, and De Marsico, Maria

Abstract

The outbreak of digital devices on the Internet, the exponential diffusion of data (images, video, audio, and text), along with their manipulation/generation also by artificial intelligence models, such as generative adversarial networks, have created a great deal of concern in the field of forensics. A malicious use can affect relevant application domains, which often include counterfeiting biomedical images and deceiving biometric authentication systems, as well as their use in scientific publications, in the political world, and even in school activities. It has been demonstrated that manipulated pictures most likely represent indications of malicious behavior, such as photos of minors to promote child prostitution or false political statements. Following this widespread behavior, various forensic techniques have been proposed in the scientific literature over time both to defeat these spoofing attacks as well as to guarantee the integrity of the information. Focusing on image forensics, which is currently a very hot topic area in multimedia forensics, this article will present the whole scenario in which a target image could be modified. The aim of this comprehensive survey will be (1) to provide an overview of the types of attacks and contrasting techniques and (2) to evaluate to what extent the former can deceive prevention methods and the latter can identify counterfeit images. The results of this study highlight how forgery detection techniques, sometimes limited to a single type of real scenario, are not able to provide exhaustive countermeasures and could/should therefore be combined. Currently, the use of neural networks, such as convolutional neural networks, is already heading, synergistically, in this direction. [ABSTRACT FROM AUTHOR]

Published

2024

10. PP-PRNU: PRNU-based source camera attribution with privacy-preserving applications.

Author

Jena, Riyanka, Singh, Priyanka, Mohanty, Manoranjan, and Das, Manik Lal

Subjects

*DIGITAL forensics, *DATA privacy, *LAW enforcement agencies, *PEARSON correlation (Statistics), *CRIMINAL investigation

Abstract

Tracing the origin of digital images is a crucial concern in digital image forensics, where accurately identifying the source of an image is essential that leads important clues to investing and law enforcement agencies. Photo Response Non-Uniformity (PRNU) based camera attribution is an effective forensic tool for identifying the source camera of a crime scene image. The PRNU pattern approach helps investigators determine whether a specific camera captured a crime scene image using the Pearson correlation coefficient between the unique camera fingerprint and the PRNU noise. However, this approach raises privacy concerns as the camera fingerprint or the PRNU noise can be linked to non-crime images taken by the camera, potentially disclosing the photographer's identity. To address this issue, we propose a novel PRNU-based source camera attribution scheme that enables forensic investigators to conduct criminal investigations while preserving privacy. In the proposed scheme, a camera fingerprint extracted from a set of known images and PRNU noise extracted from the anonymous image are divided into multiple shares using Shamir's Secret Sharing (SSS). These shares are distributed to various cloud servers where correlation is computed on a share basis between the camera fingerprint and the PRNU noise. The partial correlation values are combined to obtain the final correlation value, determining whether the camera took the image. The security analysis and the experimental results demonstrate that the proposed scheme not only preserves privacy and ensures data confidentiality and integrity, but also is computationally efficient compared to existing methods. Specifically, the results showed that our scheme achieves similar accuracy in source camera attribution with a negligible decrease in performance compared to non-privacy-preserving methods and is computationally less expensive than state-of-the-art schemes. Our work advances research in image forensics by addressing the need for accurate source identification and privacy protection. The privacy-preserving approach is beneficial for scenarios where protecting the identity of the photographer is crucial, such as in whistleblower cases. [ABSTRACT FROM AUTHOR]

Published

2024

11. Detection of IoT Malware using Network Forensics and Modeling.

Author

Bhatt, Arpita Jadhav and Sardana, Neetu

Subjects

SMART devices, DIGITAL forensics, BEHAVIORAL assessment, INTERNET of things, MACHINE learning, BOTNETS

Abstract

The Internet of Things (IoT) is transforming across the globe with its emerging applications in diverse aspects of life, namely healthcare, automated remote monitoring, smart wearables, sensing, etc. The IoT environment enriches the experience of its users by providing a platform to connect a large number of smart devices, such as smartphones, tablets, watches, etc., as well as share information worldwide. The increased popularity of IoT and smart devices has resulted in a menace as most users' data is stored on these devices, making them a potential target for network attacks. Thus, it becomes extremely imperative to address malware threats in IoT devices. To combat this problem, the paper presents a detailed investigation to analyze the behavior of IoT malware using network forensics of six IoT botnets. We performed modeling on 55 IoT botnet samples from Twitter Honeypot. We performed botnet analysis in two dimensions: Activities and Networks. We examined botnet activities in terms of vulnerable ports, popular geolocations, protocols, and attack vectors. In terms of its topological features, severity, and packet length. To detect the botnet category, we applied six machine learning classifiers. Neural networks attained the best precision. [ABSTRACT FROM AUTHOR]

Published

2024

12. 基于保密特征的数字音频双水印算法.

Author

何俊杰 and 李洁

Abstract

Copyright of Journal of Xinyang Normal University Natural Science Edition is the property of Journal of Xinyang Normal University Editorial Office and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

13. Advancing Forensic Science in Kazakhstan: The Emergence and Impact of Digital Forensics in Cybercrime Investigation.

Author

Saniyazova, Yerkemay, Mediyev, Renat, Saitova, Elmira, Utegenova, Gulzat, and Kzylkhojayeva, Aisaulem

Subjects

DIGITAL forensics, LAW enforcement agencies, ELECTRONIC evidence, SCIENTIFIC method, JUSTICE administration, FORENSIC sciences

Abstract

[Purpose] The purpose of the article was to study digital forensics, its role in the Kazakh legal system and the process of investigating cybercrime. [Methodology] Analysis, synthesis, comparison, deduction, generalization, abstraction, formal legal methods of scientific research were used. [Findings] A result, it was proved that forensics is an indispensable component of the future development of forensic science in Kazakhstan. It has been established that digital forensics enables speeding up the process of solving cybercrimes, as well as determining their sources and prerequisites. Thus, on the basis of forensics, it is possible not only to identify the problem, but also to form a mechanism for overcoming it in the future. This determines the priority of professional training of forensic experts for future work with digital evidence, traces and their use in the trial. In addition, the areas of activity of law enforcement agencies has been established, in which forensics plays an important role and is mandatory for use. [ABSTRACT FROM AUTHOR]

Published

2024

14. Digital Forensics and Incident Response (DFIR): A Teaching Exercise.

Author

Breese, Jennifer L., Roshanaei, Maryam, Andrew Landmesser, J., and Gardner, Brian

Subjects

DIGITAL forensics, ELECTRONIC systems, INFORMATION storage & retrieval systems, LEARNING modules, INTERNET security

Abstract

Cybersecurity requires practical knowledge related to protecting electronic information systems and, more importantly, hands-on skill sets for students. To prepare cybersecurity students for effective workforce contributions, experiential practice in a modern, secure environment is essential. An ideal and cost-effective way to provide this environment for both institutions with funding limitations and students with starved resources is to establish a live virtual isolated lab environment that acts as a sandbox for performing cybersecurity-related exercises, including ethical hacking, penetration testing, offensive and defensive security, information risk assessment and management, and malware analysis. This teaching exercise provides suggestions and resources, including free training by reputable cybersecurity companies offering services to the broader industry community, as excellent options to include in student coursework. Additionally, this teaching exercise offers three lessons and a full learning module to include in a variety of introductory cyberforensics, information systems, and other related disciplines to both provide hands-on learning and engage students pursuing a major in cyber studies. [ABSTRACT FROM AUTHOR]

Published

2024

15. Evidence Preservation in Digital Forensics: An Approach Using Blockchain and LSTM-Based Steganography.

Author

AlKhanafseh, Mohammad and Surakhi, Ola

Subjects

DIGITAL forensics, ELECTRONIC evidence, BINARY sequences, DIGITAL preservation, FORENSIC sciences

Abstract

As digital crime continues to rise, the preservation of digital evidence has become a critical phase in digital forensic investigations. This phase focuses on securing and maintaining the integrity of evidence for legal proceedings. Existing solutions for evidence preservation, such as centralized storage systems and cloud frameworks, present challenges related to security and collaboration. In this paper, we propose a novel framework that addresses these challenges in the preservation phase of forensics. Our framework employs a combination of advanced technologies, including the following: (1) Segmenting evidence into smaller components for improved security and manageability, (2) Utilizing steganography for covert evidence preservation, and (3) Implementing blockchain to ensure the integrity and immutability of evidence. Additionally, we incorporate Long Short-Term Memory (LSTM) networks to enhance steganography in the evidence preservation process. This approach aims to provide a secure, scalable, and reliable solution for preserving digital evidence, contributing to the effectiveness of digital forensic investigations. An experiment using linguistic steganography showed that the LSTM autoencoder effectively generates coherent text from bit streams, with low perplexity and high accuracy. Our solution outperforms existing methods across multiple datasets, providing a secure and scalable approach for digital evidence preservation. [ABSTRACT FROM AUTHOR]

Published

2024

16. SIFT: Sifting file types—application of explainable artificial intelligence in cyber forensics.

Author

Alam, Shahid and Demir, Alper Kamil

Subjects

DIGITAL forensics, FORENSIC sciences, ARTIFICIAL intelligence, CYBER intelligence (Computer security), DEEP learning

Abstract

Artificial Intelligence (AI) is being applied to improve the efficiency of software systems used in various domains, especially in the health and forensic sciences. Explainable AI (XAI) is one of the fields of AI that interprets and explains the methods used in AI. One of the techniques used in XAI to provide such interpretations is by computing the relevance of the input features to the output of an AI model. File fragment classification is one of the vital issues of file carving in Cyber Forensics (CF) and becomes challenging when the filesystem metadata is missing. Other major challenges it faces are: proliferation of file formats, file embeddings, automation, We leverage and utilize interpretations provided by XAI to optimize the classification of file fragments and propose a novel sifting approach, named SIFT (Sifting File Types). SIFT employs TF-IDF to assign weight to a byte (feature), which is used to select features from a file fragment. Threshold-based LIME and SHAP (the two XAI techniques) feature relevance values are computed for the selected features to optimize file fragment classification. To improve multinomial classification, a Multilayer Perceptron model is developed and optimized with five hidden layers, each layer with i × n neurons, where i = the layer number and n = the total number of classes in the dataset. When tested with 47,482 samples of 20 file types (classes), SIFT achieves a detection rate of 82.1% and outperforms the other state-of-the-art techniques by at least 10%. To the best of our knowledge, this is the first effort of applying XAI in CF for optimizing file fragment classification. [ABSTRACT FROM AUTHOR]

Published

2024

17. Open Source Tools for Digital Forensic Investigation: Capability, Reliability, Transparency and Legal Requirements.

Author

Ismail, Isa and Zainol Ariffin, Khairul Akram

Subjects

DIGITAL forensics, ELECTRONIC evidence, FORENSIC sciences, LAW enforcement, DIGITAL technology

Abstract

Over the past decade, law enforcement organizations have been dealing with the development of cybercrime. To address this growing problem, law enforcement organizations apply various digital forensic (DF) tools and techniques to investigate crimes involving digital devices. This ensures that evidence is admissible in legal proceedings. Consequently, DF analysts may need to invest more in proprietary DF hardware and software to maintain the viability of the DF lab, which will burden budget-constrained organizations. As an alternative, the open source DF tool is considered a cost-saving option. However, the admissibility of digital evidence obtained from these tools has yet to be tested in courts, especially in Malaysia. Therefore, this study aimed to explore the admissibility of digital evidence obtained through open source DF tools. By reviewing the existing literature, the factors that affect the admissibility of the evidence produced by these tools in courts were identified. Further, based on the findings, a conceptual framework was developed to ensure the admissibility of the evidence so that it will be accepted in the court of law. This conceptual framework was formed to outline the factors affecting the admissibility of digital evidence from open source DF tools, which include; 1) The Availability and Capability of open source DF tools, 2) the Reliability and Integrity of the digital evidence obtained from open source DF tools, 3) the Transparency of the open source DF tools, and 4) the Lack of Reference and Standard of open source DF tools. This study provides valuable insights into the digital forensic field, and the conceptual framework can be used to integrate open source DF tools into digital forensic investigations. [ABSTRACT FROM AUTHOR]

Published

2024

18. Video and Audio Deepfake Datasets and Open Issues in Deepfake Technology: Being Ahead of the Curve.

Author

Akhtar, Zahid, Pendyala, Thanvi Lahari, and Athmakuri, Virinchi Sai

Subjects

MACHINE learning, ARTIFICIAL intelligence, INTERNET security, ROBOTICS, DEEPFAKES

Abstract

The revolutionary breakthroughs in Machine Learning (ML) and Artificial Intelligence (AI) are extensively being harnessed across a diverse range of domains, e.g., forensic science, healthcare, virtual assistants, cybersecurity, and robotics. On the flip side, they can also be exploited for negative purposes, like producing authentic-looking fake news that propagates misinformation and diminishes public trust. Deepfakes pertain to audio or visual multimedia contents that have been artificially synthesized or digitally modified through the application of deep neural networks. Deepfakes can be employed for benign purposes (e.g., refinement of face pictures for optimal magazine cover quality) or malicious intentions (e.g., superimposing faces onto explicit image/video to harm individuals producing fake audio recordings of public figures making inflammatory statements to damage their reputation). With mobile devices and user-friendly audio and visual editing tools at hand, even non-experts can effortlessly craft intricate deepfakes and digitally altered audio and facial features. This presents challenges to contemporary computer forensic tools and human examiners, including common individuals and digital forensic investigators. There is a perpetual battle between attackers armed with deepfake generators and defenders utilizing deepfake detectors. This paper first comprehensively reviews existing image, video, and audio deepfake databases with the aim of propelling next-generation deepfake detectors for enhanced accuracy, generalization, robustness, and explainability. Then, the paper delves deeply into open challenges and potential avenues for research in the audio and video deepfake generation and mitigation field. The aspiration for this article is to complement prior studies and assist newcomers, researchers, engineers, and practitioners in gaining a deeper understanding and in the development of innovative deepfake technologies. [ABSTRACT FROM AUTHOR]

Published

2024

19. Blockchain Forensics: A Systematic Literature Review of Techniques, Applications, Challenges, and Future Directions.

Author

Atlam, Hany F., Ekuri, Ndifon, Azad, Muhammad Ajmal, and Lallie, Harjinder Singh

Subjects

DIGITAL forensics, FORENSIC sciences, SUPPLY chain management, RESEARCH personnel, AUTHORSHIP, BLOCKCHAINS

Abstract

Blockchain technology has gained significant attention in recent years for its potential to revolutionize various sectors, including finance, supply chain management, and digital forensics. While blockchain's decentralization enhances security, it complicates the identification and tracking of illegal activities, making it challenging to link blockchain addresses to real-world identities. Also, although immutability protects against tampering, it introduces challenges for forensic investigations as it prevents the modification or deletion of evidence, even if it is fraudulent. Hence, this paper provides a systematic literature review and examination of state-of-the-art studies in blockchain forensics to offer a comprehensive understanding of the topic. This paper provides a comprehensive investigation of the fundamental principles of blockchain forensics, exploring various techniques and applications for conducting digital forensic investigations in blockchain. Based on the selected search strategy, 46 articles (out of 672) were chosen for closer examination. The contributions of these articles were discussed and summarized, highlighting their strengths and limitations. This paper examines the selected papers to identify diverse digital forensic frameworks and methodologies used in blockchain forensics, as well as how blockchain-based forensic solutions have enhanced forensic investigations. In addition, this paper discusses the common applications of blockchain-based forensic frameworks and examines the associated legal and regulatory challenges encountered in conducting a forensic investigation within blockchain systems. Open issues and future research directions of blockchain forensics were also discussed. This paper provides significant value for researchers, digital forensic practitioners, and investigators by providing a comprehensive and up-to-date review of existing research and identifying key challenges and opportunities related to blockchain forensics. [ABSTRACT FROM AUTHOR]

Published

2024

20. The Digital Footprints on the Run: A Forensic Examination of Android Running Workout Applications.

Author

Nunes, Fabian, Domingues, Patrício, and Frade, Miguel

Subjects

GLOBAL Positioning System, DIGITAL forensics, FORENSIC sciences, PHYSICAL fitness centers, DIGITAL footprint

Abstract

This study applies a forensic examination to six distinct Android fitness applications centered around monitoring running activities. The applications are Adidas Running, MapMyWalk, Nike Run Club, Pumatrac, Runkeeper and Strava. Specifically, we perform a post mortem analysis of each application to find and document artifacts such as timelines and Global Positioning System (GPS) coordinates of running workouts that could prove helpful in digital forensic investigations. First, we focused on the Nike Run Club application and used the gained knowledge to analyze the other applications, taking advantage of their similarity. We began by creating a test environment and using each application during a fixed period. This procedure allowed us to gather testing data, and, to ensure access to all data generated by the apps, we used a rooted Android smartphone. For the forensic analysis, we examined the data stored by the smartphone application and documented the forensic artifacts found. To ease forensic data processing, we created several Python modules for the well-known Android Logs Events And Protobuf Parser (ALEAPP) digital forensic framework. These modules process the data sources, creating reports with the primary digital artifacts, which include the workout activities and related GPS data. [ABSTRACT FROM AUTHOR]

Published

2024

21. Experiences of Burnout, Post-Traumatic Growth, and Organisational Support in Police Officers Working in Specialised Units: An Interpretative Phenomenological Analysis.

Author

Tsirimokou, Alexandra, Kloess, Juliane A., Dhinse, Sonia K., and Larkin, Michael

Subjects

DIGITAL forensics, MATURATION (Psychology), FORENSIC sciences, POLICE, WORK environment, POSTTRAUMATIC growth

Abstract

Repeated exposure to traumatogenic material is a part of every working day for police officers in specialist units, such as forensic scene investigation and digital forensic analysis, with recent years marking an increase in its volume and intensity (Office for National Statistics (2018). While this may be considered a price paid for choosing to pursue careers in these areas, it is likely to have a significant impact on a professional and personal level, with psychological and physical effects extending beyond the individual's working hours (Burns et al. in Traumatology 14:20–31, 2008). On the other hand, this important work may contribute to elements of growth and self-development, recognised in existing literature as post-traumatic growth (Tedschi and Calhoun in SAGE Publications, Inc, 1995). The present study adopted a qualitative approach to understanding the lived experiences of seven digital forensic analysts and two forensic scene investigators. Semi-structured interviews explored the impact of their work, as well as their coping strategies and perceived organisational support. Using interpretative phenomenological analysis (IPA), the study yielded rich personal accounts and identified three superordinate themes: "The effects are inevitable", "Creating a safe environment", and "Sense of responsibility and personal growth". Participants described the inevitable effects of their work, along with their coping strategies developed in response to these. Furthermore, participants considered the safety of their work environment and relationships with their colleagues, while also reflecting on their experience of personal growth through their exposure to adversity. Findings are discussed in relation to theoretical and practical implications, as well as directions for future research. [ABSTRACT FROM AUTHOR]

Published

2024

22. Analysis of ransomware as a service using endpoint detection, response technology and mitigation techniques.

Author

Purnomo, Yunianto and Eliando, Eliando

Subjects

*TELECOMMUTING, *DATA encryption, *DIGITAL forensics, *DEEP learning, *RANSOMWARE, *INTRUSION detection systems (Computer security)

Abstract

Cybersecurity is one of the most important things during a pandemic like today, considering that currently many people work from home so that when doing work, they are not monitored by company security devices, and one thing that needs to be watched out for is ransomware attacks that steal data and perform encryption of the data contained in our endpoint. The Endpoint Detection and Response (EDR) solution is the right solution in overcoming this problem, but EDR technology is just a technology that can be careless in dealing with ransomware attacks that have started to lead to ransomware as a service (Raas), where we all know the concept of ransomware as a service is the ability of ransomware to mutate and adapt to the existing endpoint environment, so that the ransomware can run on top of other ransomware that acts like services on our endpoints. Human capability to mitigate is also quite important apart from the EDR technology that is owned, knowledge of this can prevent all forms of this Raas attack, for that this research will show how EDR working using Deep Learning and to do the right mitigation against Raas attacks, by looking at how it works Raas to digital forensic actions starting from recording the timeline into dataset, which will create a story line, to preventive measures such as performing backups of every data owned by our endpoints which aims to prevent Raas attacks that cause considerable losses at this time, from this research we become aware of the dangers of race and can make appropriate mitigation steps to overcome it with EDR. [ABSTRACT FROM AUTHOR]

Published

2024

23. Comparative study on applications of cybersecurity tools for Kali Linux operating system.

Author

Hameed Alazawi, Sundos A., Abdulhameed, Abbas A., Hassan, Ghassan Muslim, and Hassooni, Mohammed

Subjects

*LINUX operating systems, *NETWORK operating system, *DIGITAL forensics, *COMPUTER network security, *CLIENT/SERVER computing equipment

Abstract

Operating systems are a set of software tools designed to interpret user commands, so that they can be translated into terms that the host computer can understand. Many operating systems were designed for specific goals and purposes. They contain some tools and features specific to the design purpose, but they can be used for other things. An example of these systems is Kali Linux, Kali Linux is an operating system itself. It is a specialized operating system designed for network security, digital forensics, ethical hacking and penetration tests and challenges, and cybersecurity. In this article, the various features of Kali Linux and its tool are presented and analyzed, and how security professionals can use these features to help prevent attacks and keep cyberspace safe. We also analyzed and evaluated ethical penetration tests and security attacks, and compared the effectiveness of the cybersecurity tools available in Kali Linux with other operating systems by adopting the most common Kali tools. The evaluation also included vulnerability testing, as Kali Linux demonstrated the ability of its tools to perform penetration tests and discover vulnerabilities, especially with laptops and desktops. Through studying cases of using Kali Linux tools in information and cyber security, it was found that the system, compared to other operating systems, reaches the highest use in companies whose transactions need to connect to the network over time, such as banks. [ABSTRACT FROM AUTHOR]

Published

2024

24. Design thinking review for evidence handling in digital forensics process.

Author

Singh, Gurvinder, Markan, Rohit, Verma, Vikas, Harsh, Purnima, and Aggarwal, Shaloo

Subjects

*DIGITAL forensics, *ELECTRONIC evidence, *DESIGN thinking, *LEGAL evidence, *AUTHENTICATION (Law), *FORENSIC sciences

Abstract

Digital forensics is an important process to identify the authenticity of evidence due to increasing the internet access and resources of editing tools. But with this significance, its handling is also a most essential task for social protection. The collection of evidence, its storage, supervision and manage are considered as way of digital evidence handling which affects its correctness in sight of court. In this paper, a review of design thinking for handling the evidence has been discussed. The digital forensics process is also discussed here for identifying the integrity of evidence. [ABSTRACT FROM AUTHOR]

Published

2024

25. ENTERING THE MATRIX.

Author

Nyabola, Nanjala

Subjects

*DIGITAL forensics, *RURAL health, *COMMUNITY health workers, *DIGITAL technology, *HAITIANS, *FREEDOM of speech, *HUMAN rights violations

Abstract

Misinformation and disinformation have become more potent and complex in the digital age. This can have real-world consequences, as seen in examples such as false rumors about Haitian migrants in Ohio leading to bomb threats and fear for their lives. The concept of an information ecosystem is important to understand, as it considers how information is generated, disseminated, and received within a society. Digital platforms have changed the information ecosystem by making news more entertainment-focused, shifting audience trust, and allowing misinformation to spread quickly. Addressing misinformation requires a systemic response that considers the dynamics of different audiences and their contexts. [Extracted from the article]

Published

2024

26. How engaged are you? A forensic analysis of the Oura Ring Gen 3 application across iOS, Android, and Cloud platforms.

Author

Stanković, Miloš, Hu, Xiao, Ozer, Akif Ahsen, and Karabiyik, Umit

Abstract

Wearable devices are becoming increasingly popular, diverse, and accessible. To put it in perspective, in 2022 alone, more than 490 million wearable devices were sold. The diversity of wearables is beneficial to users but poses challenges for mobile forensic investigators. These devices track, utilize, and collect a wide range of user information, generating a wealth of data that can potentially be used or presented in court as evidence. To keep up with these innovations, mobile forensic investigators must continuously monitor and update their knowledge. In particular, smart rings are gaining popularity, with the Oura Ring Gen 3 being one of the most anticipated within the community. This study provides an initial look at the Oura Ring Generation 3 application, known as Oura, from a mobile forensic perspective. The artifacts presented in this article are derived from three different platforms: Android, iOS, and Cloud. The study reveals the exact paths of the data points and their locations. The data uncovered in this study could be significant for digital forensics investigators in various scenarios and inform users about the personal information that is stored. Information such as heart rate, various activities performed, user ID, and other user details could prove valuable in multiple instances. [ABSTRACT FROM AUTHOR]

Published

2025

27. ЦИФРОВА КРИМІНАЛІСТИКА В ЗАБЕЗПЕЧЕННІ ДІЯЛЬНОСТІ З ПРОТИДІЇ ЗЛОЧИННОСТІ

Author

І. В., Гора, В. А., Колесник, and І. І., Попович

Abstract

The article is devoted to the consideration of issues of digitalization of social and other processes of existence and development of the state, society, its economic, industrial, communication, and information spheres, as well as the impact of digital technologies on crime and the activities of law enforcement agencies fighting against it. It was noted that the use of digital technologies brought a lot of positive things to social and industrial practice, facilitated the performance of many tasks in the production of products, in the field of management of state and industrial and social processes, expanded opportunities for high-quality and fast communication between people using computer systems and networks, the worldwide Internet. The use of advanced scientific developments and modem technologies for illegal purposes created difficulties for timely identification of signs of preparation of crimes, collection of evidence and implementation of evidence during pre-trial investigation. Certain difficulties in proving the guilt of criminals are due to the emergence of new and little-studied evidence - electronic and their sources, with the study of evidentiary information in digital form and its use in evidence. The science of criminology and its new direction - digital criminology - should help in the fulfillment of tasks to combat crime. These questions are widely discussed today by Ukrainian and foreign scientists and practitioners. Some of them consider digital forensics as a separate science that deals with the fight against cybercrimes and crimes that are committed using a computer. However, the authors of the article, relying on the opinions of domestic and foreign scientists, prove that digital forensics is not a separate science, but a direction of the traditional science of forensics, the provisions of which cover issues of forensic techniques, tactics and methods of crime investigation. Its developments are aimed at the search, research and use in proving electronic evidence and digital traces. The author's understanding of the main tasks of digital forensics is formulated, the solution of which is necessary for the optimal integration of electronic evidence into the system of traditional evidence and ensuring their recognition by judicial practice. [ABSTRACT FROM AUTHOR]

Published

2024

28. Unmasking the digital deception - a comprehensive survey on image forgery and detection techniques.

Author

Bharathiraja, S., Rajesh Kanna, B., Geetha, S., and Anusooya, G.

Subjects

*DIGITAL forensics, *DIGITAL images, *EDITING software, *DEEP learning, *SOFTWARE development tools

Abstract

In today's digital landscape, digital images are widely used for communication across various platforms, but they are also vulnerable to tampering and deception. The proliferation of image editing tools and software has made it easier for individuals to manipulate images, but extensive tampering can compromise the accuracy of conveyed information. The human eye is difficult to distinguish between original and tampered images, leading to potential misinformation. Therefore, robust mechanisms using powerful algorithms are crucial to examining image authenticity and detecting forgery. This is especially important in fields like forensics, where evidence manipulation can have significant implications. This work conducts a survey providing a structured overview of research on image forgery techniques and detection approaches. The survey discusses various approaches, including source camera identification, type-dependent and type-independent methods, and recent deep-learning approaches. The survey also presents benchmark datasets for training and validation. The survey aims to improve understanding of research paths in this field and demonstrate how techniques initially developed for a domain can be applied to other areas. It aims to assist other researchers in enhancing their expertise in digital forensics and forgery detection techniques. [ABSTRACT FROM AUTHOR]

Published

2024

29. Online Vehicle Forensics Method of Responsible Party for Accidents Based on LSTM-BiDBN External Intrusion Detection.

Author

Liu, Wen, Xu, Jianxin, Yang, Genke, and Chen, Yuanfang

Abstract

Copyright of Journal of Shanghai Jiaotong University (Science) is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

30. Factors affecting forensic electric network frequency matching – A comprehensive study

Author

Guang Hua, Qingyi Wang, Dengpan Ye, Haijian Zhang, Guoyin Wang, and Shuyin Xia

Subjects

Digital forensics, Audio forensics, Data authentication, Timestamp verification, Electric network frequency criterion, Information technology, T58.5-58.64

Abstract

The power system frequency fluctuations could be captured by digital recordings and extracted to compare with a reference database for forensic timestamp verification. It is known as the Electric Network Frequency (ENF) criterion, enabled by the properties of random fluctuations and intra-grid consistency. In essence, this is a task of matching a short random sequence within a long reference, whose accuracy is mainly concerned with whether this match could be uniquely correct. In this paper, we comprehensively analyze the factors affecting the reliability of ENF matching, including the length of test recording, length of reference, temporal resolution, and Signal-to-Noise Ratio (SNR). For synthetic analysis, we incorporate the first-order AutoRegressive (AR) ENF model and propose an efficient Time-Frequency Domain noisy ENF synthesis method. Then, the reliability analysis schemes for both synthetic and real-world data are respectively proposed. Through a comprehensive study, we quantitatively reveal that while the SNR is an important external factor to determine whether timestamp verification is viable, the length of test recording is the most important inherent factor, followed by the length of reference. However, the temporal resolution has little impact on performance. Finally, a practical workflow of the ENF-based audio timestamp verification system is proposed, incorporating the discovered results.

Published

2024

31. Video and Audio Deepfake Datasets and Open Issues in Deepfake Technology: Being Ahead of the Curve

Author

Zahid Akhtar, Thanvi Lahari Pendyala, and Virinchi Sai Athmakuri

Subjects

deepfakes, digital face manipulations, computer forensics, digital forensics, deepfake generation, deepfake detection, Social pathology. Social and public welfare. Criminology, HV1-9960, Analytical chemistry, QD71-142

Abstract

The revolutionary breakthroughs in Machine Learning (ML) and Artificial Intelligence (AI) are extensively being harnessed across a diverse range of domains, e.g., forensic science, healthcare, virtual assistants, cybersecurity, and robotics. On the flip side, they can also be exploited for negative purposes, like producing authentic-looking fake news that propagates misinformation and diminishes public trust. Deepfakes pertain to audio or visual multimedia contents that have been artificially synthesized or digitally modified through the application of deep neural networks. Deepfakes can be employed for benign purposes (e.g., refinement of face pictures for optimal magazine cover quality) or malicious intentions (e.g., superimposing faces onto explicit image/video to harm individuals producing fake audio recordings of public figures making inflammatory statements to damage their reputation). With mobile devices and user-friendly audio and visual editing tools at hand, even non-experts can effortlessly craft intricate deepfakes and digitally altered audio and facial features. This presents challenges to contemporary computer forensic tools and human examiners, including common individuals and digital forensic investigators. There is a perpetual battle between attackers armed with deepfake generators and defenders utilizing deepfake detectors. This paper first comprehensively reviews existing image, video, and audio deepfake databases with the aim of propelling next-generation deepfake detectors for enhanced accuracy, generalization, robustness, and explainability. Then, the paper delves deeply into open challenges and potential avenues for research in the audio and video deepfake generation and mitigation field. The aspiration for this article is to complement prior studies and assist newcomers, researchers, engineers, and practitioners in gaining a deeper understanding and in the development of innovative deepfake technologies.

Published

2024

32. Cybersecurity and Forensic Analysis of IP-Cameras Used in Saudi Arabia

Author

Istabraq M. Alshenaif, Lujain A. Alharbi, Sandaresan Ramachandran, and Kyounggon Kim

Subjects

cybersecurity, digital forensics, iot devices, ip cameras, smart city, saudi arabia, Criminal law and procedure, K5000-5582, Cybernetics, Q300-390

Abstract

In smart city infrastructure, IP cameras play a pivotal role in crime prevention and detection. However, not much research has been conducted on IP cameras from a cybersecurity and forensics perspective. In this study, we investigate vulnerability assessment and forensic artifacts for Hanwha and Mobotix IP cameras, which are widely used in Saudi Arabia. Saudi Arabia is using IP cameras which are essential for its smart cities. In this paper, we examine IP cameras in two directions. The first is to assess the vulnerability of IP cameras through various attack scenarios such as denial of service (DoS), brute force, and unauthorized access, and we suggest countermeasures. The second shows how analysis for IP cameras can be used to investigate logs for cyberattacks. Through this study, we expect to contribute to research on cyber-attack and forensic perspectives on IP cameras to be used in smart cities.

Published

2024

33. Mobile Device Forensics Framework: A Toolbox to Support and Enhance This Process

Author

Bruno M. V. Bernardo, Henrique S. Mamede, João M. P. Barroso, and Vítor M. P. D. dos Santos

Subjects

digital archaeology, digital evidence, digital forensics, mobile device forensics, data governance., Technology (General), T1-995, Social sciences (General), H1-99

Abstract

Cybercrime is growing rapidly, and it is increasingly important to use advanced tools to combat it and support investigations. One of the battlefronts is the forensic investigation of mobile devices to analyze their misuse and recover information. Mobile devices present numerous challenges, including a rapidly changing environment, increasing diversity, and integration with the cloud/IoT. Therefore, it is essential to have a secure and reliable toolbox that allows an investigator to thwart, discover, and solve all problems related to mobile forensics while deciphering investigations, whether criminal, civil, corporate, or other. In this work, we propose an original and innovative instantiation of a structure in a forensic toolbox for mobile devices, corresponding to a set of different applications, methods, and best practice information aimed at improving and perfecting the investigative process of a digital investigator. To ensure scientific support for the construction of the toolbox, the Design Science Research (DSR) methodology was applied, which seeks to create new and unique artifacts, drawing on the strength and knowledge of science and context. The toolbox will help the forensic investigator overcome some of the challenges related to mobile devices, namely the lack of guidance, documentation, knowledge, and the ability to keep up with the fast-paced environment that characterizes the mobile industry and market. Doi: 10.28991/ESJ-2024-08-03-011 Full Text: PDF

Published

2024

34. Copy–move forgery detection in digital image forensics: A survey.

Author

Farhan, Mahmoud H., Shaker, Khalid, and Al-Janabi, Sufyan

Subjects

DIGITAL forensics, FEATURE extraction, FORGERY, RESEARCH personnel

Abstract

The detection of copy-move forgeries has been of utmost relevance in the field of digital image forensics because of the explosive growth of image altering tools. The paper provides a thorough overview of current developments in copy-move forgery detection methods. Block-based, keypoints-based, and deep learning-based methods represent the three distinct categories into which the methodologies in the survey are divided. The papers in each category are thoroughly analysed, taking into consideration important factors including pre-processing techniques, feature extraction strategies, feature matching methods, and performance evaluation using various metrics and datasets. This survey study provides a thorough overview of the state of the field by methodically synthesizing and assessing the surveyed papers, and it also offers helpful insights for researchers and practitioners working to improve the accuracy and robustness of copy–move forgery detection methods in digital image forensics. [ABSTRACT FROM AUTHOR]

Published

2024

35. IoT Forensics: Current Perspectives and Future Directions.

Author

Ahmed, Abdulghani Ali, Farhan, Khalid, Jabbar, Waheb A., Al-Othmani, Abdulaleem, and Abdulrahman, Abdullahi Gara

Subjects

*DIGITAL forensics, *COMPUTER performance, *ELECTRONIC evidence, *FORENSIC sciences, *INTERNET of things

Abstract

The Internet of Things forensics is a specialised field within digital forensics that focuses on the identification of security incidents, as well as the collection and analysis of evidence with the aim of preventing future attacks on IoT networks. IoT forensics differs from other digital forensic fields due to the unique characteristics of IoT devices, such as limited processing power and connectivity. Although numerous studies are available on IoT forensics, the field is rapidly evolving, and comprehensive surveys are needed to keep up with new developments, emerging threats, and evolving best practices. In this respect, this paper aims to review the state of the art in IoT forensics and discuss the challenges in current investigation techniques. A qualitative analysis of related reviews in the field of IoT forensics has been conducted, identifying key issues and assessing primary obstacles. Despite the variety of topics and approaches, common issues emerge. The majority of these issues are related to the collection and pre-processing of evidence because of the counter-analysis techniques and challenges associated with gathering data from devices and the cloud. Our analysis extends beyond technological problems; it further identifies the procedural problems with preparedness, reporting, and presentation as well as ethical issues. In particular, it provides insights into emerging threats and challenges in IoT forensics, increases awareness and understanding of the importance of IoT forensics in preventing cybercrimes, and ensures the security and privacy of IoT devices and networks. Our findings make a substantial contribution to the field of IoT forensics, as they not only involve a critical analysis of the challenges presented in existing works but also identify numerous problems. These insights will greatly assist researchers in identifying appropriate directions for their future research. [ABSTRACT FROM AUTHOR]

Published

2024

36. A survey on digital image forensic methods based on blind forgery detection.

Author

Shukla, Deependra Kumar, Bansal, Abhishek, and Singh, Pawan

Subjects

DIGITAL forensics, DIGITAL communications, SOCIAL media, FORGERY, FORENSIC sciences, CRIMINAL investigation

Abstract

In the current digital era, images have become one of the key channels for communication and information. There are multiple platforms where digital images are used as an essential identity, like social media platforms, chat applications, electronic and print media, medical science, forensics and criminal investigation, the court of law, and many more. Alternation of digital images becomes easy because multiple image editing software applications are accessible freely on the internet. These modified images can create severe problems in the field where the correctness of the image is essential. In such situations, the authenticity of the digital images from the bare eye is almost impossible. To prove the validity of the digital images, we have only one option: Digital Image Forensics (DIF). This study reviewed various image forgery and image forgery detection methods based on blind forgery detection techniques mainly. We describe the essential components of these approaches, as well as the datasets used to train and verify them. Performance analysis of these methods on various metrics is also discussed here. [ABSTRACT FROM AUTHOR]

Published

2024

37. Recurrent neural network and long short-term memory models for audio copy-move forgery detection: a comprehensive study.

Author

Akdeniz, Fulya and Becerikli, Yaşar

Subjects

*LONG short-term memory, *FORGERY, *DIGITAL forensics, *DEEP learning

Abstract

One of the most pressing challenges in audio forgery detection—a major topic of signal analysis and digital forensics research—is detecting copy-move forgery in audio data. Because audio data are used in numerous sectors, including security, but increasingly tampered with and manipulated, studies dedicated to detecting forgery and verifying voice data have intensified in recent years. In our study, 2189 fake audio files were produced from 2189 audio recordings on the TIMIT corpus, for a total of 4378 audio files. After the 4378 files were preprocessed to detect silent and unsilent regions in the signals, a Mel-frequency-based hybrid feature data set was obtained from the 4378 files. Next, RNN and LSTM deep learning models were applied to detect audio forgery in the data set in four experimental setups—two with RNN and two with LSTM—using the AdaGrad and AdaDelta optimizer algorithms to identify the optimum solution in the unlinear systems and minimize the loss rate. When the experimental results were compared, the accuracy rate of detecting forgery in the hybrid feature data was 76.03%, and the hybrid model, in which the features are used together, demonstrated high accuracy even with small batch sizes. This article thus reports the first-ever use of RNN and LSTM deep learning models to detect audio copy-move forgery. Moreover, because the proposed method does not require adjusting threshold values, the resulting system is more robust than other systems described in the literature. [ABSTRACT FROM AUTHOR]

Published

2024

38. Exploring Cybercrime Capabilities: Variations Among Cybercrime Investigative Units.

Author

Steinmetz, Kevin F., Schaefer, Brian P., McCarthy, Adrienne L., Brewer, Christopher G., and Kurtz, Don L.

Subjects

*DIGITAL forensics, *SEMI-structured interviews, *DETECTIVES, *POLICE, *SUCCESS

Abstract

The current analysis utilizes semi-structured qualitative interviews with sworn cybercrime detectives, civilian digital forensics analysts, and unit administrators to consider variations between cybercrime units which bear significant implications for cybercrime investigative policy and practice. The first variation observed in this study concerns differences in the structure of digital forensics assignments. Such duties may be assigned to sworn officers, civilians, sworn officers and civilian, outsourced to other departments, or a dedicated forensic lab. Second, variations between units were noted in resource availability (tools, training, and finances). These variations among cybercrime units may have implications for personnel recruitment and retention, the sophistication of cases considered by investigators, and case success. [ABSTRACT FROM AUTHOR]

Published

2024

39. A secure image evidence management framework using multi-bits watermark and blockchain in IoT environments.

Author

Yao, Qing, Xu, Kaiwen, Li, Taotao, Zhou, Yichao, and Wang, Mingsheng

Subjects

*DIGITAL image watermarking, *DIGITAL watermarking, *DIGITAL forensics, *LEGAL evidence, *AUTODIDACTICISM

Abstract

Criminal forensics in an Internet-of-Things (IoT) environment often requires complex investigations because IoT devices usually generate a large amount of electronic data, especially image data, which brings great difficulties to traditional digital forensic methods. Therefore, designing a secure management solution for image data and making it to be image evidence available in court is a new challenge. In this paper, we present a new secure image evidence management framework based on multi-bits digital watermarking and blockchain. In this framework, we first propose a flexible and robust self-learning based watermark embedding algorithm, which can embed both image marks and binary messages into the latent space of the input images and also improve the resistance of a broad range of attacks (geometric transform, JPEG, noise, etc.) to the watermarked images. And then, we design a smart contract resided in blockchain, which can achieve safe storage and automatically authentication of embedded watermarks. The experimental results on both watermarking algorithm and smart contracts have demonstrated the feasibility and efficacy of the proposed framework. [ABSTRACT FROM AUTHOR]

Published

2024

40. Analyzing Tor Browser Artifacts for Enhanced Web Forensics, Anonymity, Cybersecurity, and Privacy in Windows-Based Systems.

Author

Javed, Muhammad Shanawar, Sajjad, Syed Muhammad, Mehmood, Danish, Mansoor, Khawaja, Iqbal, Zafar, Kazim, Muhammad, and Muhammad, Zia

Subjects

*NETWORK operating system, *DIGITAL forensics, *ARCHAEOLOGY methodology, *ANONYMITY, *SMUGGLING

Abstract

The Tor browser is widely used for anonymity, providing layered encryption for enhanced privacy. Besides its positive uses, it is also popular among cybercriminals for illegal activities such as trafficking, smuggling, betting, and illicit trade. There is a need for Tor Browser forensics to identify its use in unlawful activities and explore its consequences. This research analyzes artifacts generated by Tor on Windows-based systems. The methodology integrates forensic techniques into incident responses per NIST SP (800-86), exploring areas such as registry, storage, network, and memory using tools like bulk-extractor, autopsy, and regshot. We propose an automated PowerShell script that detects Tor usage and retrieves artifacts with minimal user interaction. Finally, this research performs timeline analysis and artifact correlation for a contextual understanding of event sequences in memory and network domains, ultimately contributing to improved incident response and accountability. [ABSTRACT FROM AUTHOR]

Published

2024

41. Plug and Play Device for In-Depth RAM Data Repository.

Author

Varshney, Sudeep, Fatima, Hoor, Dubey, Preeti, Upadhyay, Amit Kumar, and Tyagi, Sarthak

Subjects

MACHINE learning, RANDOM access memory, DIGITAL forensics, DATA libraries, LAW enforcement agencies

Abstract

The ever-changing and temporary nature of Random Access Memory (RAM) presents distinct challenges and possibilities for digital forensic investigations. This research paper offers a comprehensive analysis of RAM data retrieval techniques within the realm of forensic studies. Starting with a comprehensive explanation of the importance of RAM in forensic investigations, this paper explores the different techniques used to extract volatile data from RAM. These methods involve conducting live system analysis, memory imaging, and memory dumping techniques, each with their own set of advantages and limitations. In addition, the paper delves into the complexities of data acquisition, preservation, and analysis, taking into account factors such as system state volatility, encryption, and anti-forensic measures. In addition, this paper explores the practicality and effectiveness of RAM data retrieval methods on various operating systems and hardware setups. It assesses the strengths and weaknesses of commonly used forensic tools and frameworks for RAM analysis, showcasing their performance in practical situations. In addition, the research explores the latest developments and trends in RAM forensics. This includes the use of machine learning algorithms to automate memory analysis and the creation of specialized forensic techniques for cloud environments. Finally, this paper brings together the findings to provide valuable insights into the best practices for RAM data retrieval in forensic investigations. It highlights the significance of meticulous documentation, maintaining a clear chain of custody, and adhering to legal standards. Through the synthesis of established knowledge and the exploration of emerging trends, this research makes a significant contribution to the field of RAM forensics. It offers valuable guidance for digital forensic practitioners, law enforcement agencies, and researchers, aiding in their understanding and advancement of the subject. [ABSTRACT FROM AUTHOR]

Published

2024

42. 基于网易云信IM框架的APK加解密取证方法.

Author

漏燕娣, 郑青庚, 计超豪, and 宋瑞坤

Subjects

FRAUD, TELECOMMUNICATION systems, INVESTMENT management, FINANCIAL management, AGRICULTURE

Abstract

Copyright of Forensic Science & Technology is the property of Institute of Forensic Science, Ministry of Public Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

43. Network Forensics Analysis of Cyber Attacks Carried Out Over Wireless Networks Using Machine Learning Methods.

Author

Kaçan, İmran, Gül, Batuhan, and Ertam, Fatih

Subjects

BOOSTING algorithms, COMPUTER network traffic, DIGITAL forensics, CYBERTERRORISM, CLASSIFICATION algorithms

Abstract

As technology advances, the frequency of attacks targeting technological devices has surged. This rise in cyber threats poses a constant risk to the devices we rely on. Any device connected to a network becomes vulnerable to exploitation by attackers. Given the extensive interconnectedness of devices in network environments, this research endeavors to address this pressing issue. The aim of this study is to analyze and classify network traffic generated during potential cyber attacks using various classification algorithms. By subjecting a simulated environment to different cyber attack scenarios, we extract the distinctive features of network packets generated during these attacks. Subsequently, we employ widely used classification algorithms to train and analyze the obtained data. For the comparison of models, more than 7000 attack data instances were employed. At the conclusion of the comparison, the Gradient Boosting algorithm achieved the highest accuracy value, reaching 91%, whereas the Naive Bayes algorithm obtained the lowest accuracy, reaching 74%. [ABSTRACT FROM AUTHOR]

Published

2024

44. Forensic Investigation, Challenges, and Issues of Cloud Data: A Systematic Literature Review.

Author

Alshabibi, Munirah Maher, Bu dookhi, Alanood Khaled, and Hafizur Rahman, M. M.

Subjects

FORENSIC sciences, DIGITAL forensics, COMPUTER systems, LAW enforcement, LEGAL evidence

Abstract

Cloud computing technology delivers services, resources, and computer systems over the internet, enabling the easy modification of resources. Each field has its challenges, and the challenges of data transfer in the cloud pose unique obstacles for forensic analysts, making it necessary for them to investigate and adjust the evolving landscape of cloud computing. This is where cloud forensics emerges as a critical component. Cloud forensics, a specialized field within digital forensics, focuses on uncovering evidence of exploitation, conducting thorough investigations, and presenting findings to law enforcement for legal action against perpetrators. This paper examines the primary challenges encountered in cloud forensics, reviews the relevant literature, and analyzes the strategies implemented to address these obstacles. [ABSTRACT FROM AUTHOR]

Published

2024

45. A Comprehensive Literature Review on Volatile Memory Forensics.

Author

Hamid, Ishrag and Rahman, M. M. Hafizur

Subjects

LITERATURE reviews, DIGITAL forensics, TECHNOLOGICAL innovations, FORENSIC sciences, CYBERTERRORISM

Abstract

Through a systematic literature review, which is considered the most comprehensive way to analyze the field of memory forensics, this paper investigates its development through past and current methodologies, as well as future trends. This paper systematically starts with an introduction to the key issues and a notable agenda of the research questions. Appropriate inclusion and exclusion criteria were then developed, and a deliberate search strategy was adopted to identify primary research studies aligned with the research question. The paper goes into specific details of six different memory categories, notably volatile memory, interpreting their advantages and the tactics used to retrieve the data. A detailed comparison with existing reviews and other relevant papers is made, forming a broader and wider picture of the research. The discussion summarizes the main findings, particularly the rise of more complex and advanced cyber threats and the necessity of more effective forensic methods for their investigation. This review pinpoints the possibilities for future study with the purpose of staying ahead in the evolving technological landscape. This overview is undoubtedly an essential resource for professionals and researchers working in digital forensics. It allows them to stay competent and provides enough insight into the current trends while marking the future direction in digital forensics methodology. [ABSTRACT FROM AUTHOR]

Published

2024

46. Digital Forensic Based Object Recognition for Enhanced Crime Scene Interpretation.

Author

Singh, Vikash Kumar, Sivashankar, Durga, Sriram, Siddharth, Nagpal, Manish, Patel, Warish, and Loonkar, Shweta

Subjects

CRIME scenes, DIGITAL forensics, FEATURE extraction, DIGITAL technology, DATABASES

Abstract

This research introduces a novel and comprehensive framework for digital forensics-based crime scene interpretation. The proposed framework comprises five algorithms, each serving a distinct purpose in enhancing image quality, extracting features, matching, and constructing a database, recognizing, and reconstructing objects in 3D, and conducting context-aware analysis. An ablation study validates the necessity of each algorithmic step. The framework consistently outperforms existing methods in terms of accuracy, precision, recall, and processing time. A detailed comparative analysis of parameters further highlights its cost-effectiveness, moderate complexity, superior data integration, and scalability. Visualizations underscore its dominance across multiple metrics and parameters, positioning it as an advanced solution for digital forensic-based object recognition in crime scene interpretation [ABSTRACT FROM AUTHOR]

Published

2024

47. Source Camera Identification Algorithm Based on Multi-Scale Feature Fusion.

Author

Lu, Jianfeng, Li, Caijin, Huang, Xiangye, Cui, Chen, and Emam, Mahmoud

Subjects

CONVOLUTIONAL neural networks, IMAGE processing, DIGITAL forensics, TRANSFORMER models, CAMERAS

Abstract

The widespread availability of digital multimedia data has led to a new challenge in digital forensics. Traditional source camera identification algorithms usually rely on various traces in the capturing process. However, these traces have become increasingly difficult to extract due to wide availability of various image processing algorithms. Convolutional Neural Networks (CNN)-based algorithms have demonstrated good discriminative capabilities for different brands and even different models of camera devices. However, their performances is not ideal in case of distinguishing between individual devices of the same model, because cameras of the same model typically use the same optical lens, image sensor, and image processing algorithms, that result in minimal overall differences. In this paper, we propose a camera forensics algorithm based on multi-scale feature fusion to address these issues. The proposed algorithm extracts different local features from feature maps of different scales and then fuses them to obtain a comprehensive feature representation. This representation is then fed into a subsequent camera fingerprint classification network. Building upon the Swin-T network, we utilize Transformer Blocks and Graph Convolutional Network (GCN) modules to fuse multi-scale features from different stages of the backbone network. Furthermore, we conduct experiments on established datasets to demonstrate the feasibility and effectiveness of the proposed approach. [ABSTRACT FROM AUTHOR]

Published

2024

48. 多维关联度分析驱动的数字证据链构造方法.

Author

刘延华, 欧振贵, 刘西蒙, 陈惠文, 林钟馨, and 张明辉

Abstract

Copyright of Journal of Fuzhou University is the property of Journal of Fuzhou University, Editorial Department and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

49. Digital Forensics in Google Drive: Techniques for Extracting and Analyzing Digital Artifacts.

Author

Ramadhani, Erika and Isnaindar, Syafiq Irfan

Subjects

DIGITAL forensics, CLOUD computing, REPORT writing, LEGAL evidence, METADATA

Abstract

The problem of cloud forensics is the difficulty in identifying and accessing evidence log. It also used to store illegal and prohibited content. This research proposes to address this problem by developing a comprehensive activity for investigating Google Drive with digital forensics. We will explore the techniques and methodologies required to uncover digital artifacts within Google Drive by using National Institute of Standards and Technology (NIST) method, covering aspects such as user activity logs, file metadata, document revisions, and access permissions. The NIST method consists of collection, interpretation, and reporting activities. Collection activities include protect, acquire and ensure. Interpretation activities include recover, navigate, identify, and analyze. And reporting activities consist of reporting results and writing reports. The result of this paper is by using the DB Browser tool, the artifact such as activity log, file metadata, document revision, and access permission is not present. Meanwhile when using Magnet Axiom, the evidence is found but not related to the scenario. Our aim is to provide a structured approach that digital forensics experts can employ to navigate Google Drive and extract relevant evidence effectively. [ABSTRACT FROM AUTHOR]

Published

2024

50. SentinelFusion based machine learning comprehensive approach for enhanced computer forensics.

Author

Islam, Umar, Alsadhan, Abeer Abdullah, Alwageed, Hathal Salamah, Al-Atawi, Abdullah A., Mehmood, Gulzar, Ayadi, Manel, and Alsenan, Shrooq

Subjects

MACHINE learning, COMPUTER security, DIGITAL forensics, DATA security failures, ARTIFICIAL intelligence, BLOCKCHAINS

Abstract

In the rapidly evolving landscape of modern technology, the convergence of blockchain innovation and machine learning advancements presents unparalleled opportunities to enhance computer forensics. This study introduces SentinelFusion, an ensemble-based machine learning framework designed to bolster secrecy, privacy, and data integrity within blockchain systems. By integrating cutting-edge blockchain security properties with the predictive capabilities of machine learning, SentinelFusion aims to improve the detection and prevention of security breaches and data tampering. Utilizing a comprehensive blockchain-based dataset of various criminal activities, the framework leverages multiple machine learning models, including support vector machines, K-nearest neighbors, naive Bayes, logistic regression, and decision trees, alongside the novel SentinelFusion ensemble model. Extensive evaluation metrics such as accuracy, precision, recall, and F1 score are used to assess model performance. The results demonstrate that SentinelFusion outperforms individual models, achieving an accuracy, precision, recall, and F1 score of 0.99. This study's findings underscore the potential of combining blockchain technology and machine learning to advance computer forensics, providing valuable insights for practitioners and researchers in the field. [ABSTRACT FROM AUTHOR]

Published

2024