The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,...The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.展开更多
With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed...With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed.This paper examines the advancements inDeepfake detection and defense technologies,emphasizing the shift from passive detection methods to proactive digital watermarking techniques.Passive detection methods,which involve extracting features from images or videos to identify forgeries,encounter challenges such as poor performance against unknown manipulation techniques and susceptibility to counter-forensic tactics.In contrast,proactive digital watermarking techniques embed specificmarkers into images or videos,facilitating real-time detection and traceability,thereby providing a preemptive defense againstDeepfake content.We offer a comprehensive analysis of digitalwatermarking-based forensic techniques,discussing their advantages over passivemethods and highlighting four key benefits:real-time detection,embedded defense,resistance to tampering,and provision of legal evidence.Additionally,the paper identifies gaps in the literature concerning proactive forensic techniques and suggests future research directions,including cross-domain watermarking and adaptive watermarking strategies.By systematically classifying and comparing existing techniques,this review aims to contribute valuable insights for the development of more effective proactive defense strategies in Deepfake forensics.展开更多
Genetic genealogy provides crucial insights into the complex biological relationships within contemporary and ancient human populations by analyzing shared alleles and chromosomal segments that are identical by descen...Genetic genealogy provides crucial insights into the complex biological relationships within contemporary and ancient human populations by analyzing shared alleles and chromosomal segments that are identical by descent to understand kinship,migration patterns,and population dynamics.Within forensic science,forensic investigative genetic genealogy(FIGG)has gained prominence by leveraging next-generation sequencing technologies and population-specific genomic resources,opening useful investigative avenues.In this review,we synthesize current knowledge,underscore recent advancements,and discuss the growing role of FIGG in forensic genomics.FIGG has been pivotal in revitalizing dormant inquiries and offering genetic leads in numerous cold cases.Its effectiveness relies on the extensive single-nucleotide polymorphism profiles contributed by individuals from diverse populations to specialized genomic databases.Advances in computational genomics and the growth of human genomic databases have spurred a profound shift in the application of genetic genealogy across forensics,anthropology,and ancient DNA studies.As the field progresses,FIGG is evolving from a nascent practice into a more sophisticated and specialized discipline,shaping the future of forensic investigations.展开更多
Electric Vehicle Charging Systems(EVCS)are increasingly vulnerable to cybersecurity threats as they integrate deeply into smart grids and Internet ofThings(IoT)environments,raising significant security challenges.Most...Electric Vehicle Charging Systems(EVCS)are increasingly vulnerable to cybersecurity threats as they integrate deeply into smart grids and Internet ofThings(IoT)environments,raising significant security challenges.Most existing research primarily emphasizes network-level anomaly detection,leaving critical vulnerabilities at the host level underexplored.This study introduces a novel forensic analysis framework leveraging host-level data,including system logs,kernel events,and Hardware Performance Counters(HPC),to detect and analyze sophisticated cyberattacks such as cryptojacking,Denial-of-Service(DoS),and reconnaissance activities targeting EVCS.Using comprehensive forensic analysis and machine learning models,the proposed framework significantly outperforms existing methods,achieving an accuracy of 98.81%.The findings offer insights into distinct behavioral signatures associated with specific cyber threats,enabling improved cybersecurity strategies and actionable recommendations for robust EVCS infrastructure protection.展开更多
In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulat...In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulated images across various domains.One of the pressing challenges stemming from this advancement is the increasing difficulty in discerning between unaltered and manipulated images.This paper offers a comprehensive survey of existing methodologies for detecting image tampering,shedding light on the diverse approaches employed in the field of contemporary image forensics.The methods used to identify image forgery can be broadly classified into two primary categories:classical machine learning techniques,heavily reliant on manually crafted features,and deep learning methods.Additionally,this paper explores recent developments in image forensics,placing particular emphasis on the detection of counterfeit colorization.Image colorization involves predicting colors for grayscale images,thereby enhancing their visual appeal.The advancements in colorization techniques have reached a level where distinguishing between authentic and forged images with the naked eye has become an exceptionally challenging task.This paper serves as an in-depth exploration of the intricacies of image forensics in the modern age,with a specific focus on the detection of colorization forgery,presenting a comprehensive overview of methodologies in this critical field.展开更多
The integration of phytochemistry into forensic science has emerged as a groundbreaking frontier,providing unprecedented insights into nature's secrets through the precise application of phytochemical fingerprinti...The integration of phytochemistry into forensic science has emerged as a groundbreaking frontier,providing unprecedented insights into nature's secrets through the precise application of phytochemical fingerprinting of phytotoxins as a cutting-edge approach.This study explores the dynamic intersection of phytochemistry and forensic science,highlighting how the unique phytochemical profiles of toxic plants and their secondary metabolites,serve as distinctive markers for forensic investigations.By utilizing advanced techniques such as Ultra-High-Performance Liquid Chromatography(UHPLC)and High-Resolution Mass Spectrometry(HRMS),the detection and quantification of plant-derived are made more accurate in forensic contexts.Real-world case studies are presented to demonstrate the critical role of plant toxins in forensic outcomes and legal proceedings.The challenges,potential,and future prospects of integrating phytochemical fingerprinting of plant toxins into forensic science were discussed.This review aims to illuminate phytochemical fingerprinting of plant toxins as a promising tool to enhance the precision and depth of forensic analyses,offering new insights into the complex stories embedded in plant toxins.展开更多
Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video proces...Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video processing technologies have facilitated the widespread availability of powerful editing tools,such as Deepfakes,enabling anyone to easily create manipulated or fake visual content,which poses an enormous threat to social security and public trust.To verify the authenticity and integrity of images and videos,numerous approaches have been proposed,which are primarily based on content analysis and their effectiveness is susceptible to interference from various image or video post-processing operations.Recent research has highlighted the potential of file containers analysis as a promising forensic approach that offers efficient and interpretable results.However,there is still a lack of review articles on this kind of approach.In order to fill this gap,we present a comprehensive review of file containers-based image and video forensics in this paper.Specifically,we categorize the existing methods into two distinct stages,qualitative analysis and quantitative analysis.In addition,an overall framework is proposed to organize the exiting approaches.Then,the advantages and disadvantages of the schemes used across different forensic tasks are provided.Finally,we outline the trends in this research area,aiming to provide valuable insights and technical guidance for future research.展开更多
The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challe...The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challenges.While considerable effort has focused on preventative cybersecurity measures,a critical deficiency persists in structured methodologies for digital forensic analysis following security incidents,a gap exacerbated by system heterogeneity,distributed digital evidence,and inconsistent logging practices which hinder effective incident reconstruction and attribution.This paper addresses this critical need by proposing a novel,data-driven forensic framework tailored to the EV charging infrastructure,focusing on the systematic identification,classification,and correlation of diverse digital evidence across its physical,network,and application layers.Our methodology integrates open-source intelligence(OSINT)with advanced system modeling based on a three-layer cyber-physical system architecture to comprehensively map potential evidentiary sources.Key contributions include a comprehensive taxonomy of cybersecurity threats pertinent to EV charging ecosystems,detailed mappings between these threats and the resultant digital evidence to guide targeted investigations,the formulation of adaptable forensic investigation workflows for various incident scenarios,and a critical analysis of significant gaps in digital evidence availability within current EV charging systems,highlighting limitations in forensic readiness.The practical application and utility of this method are demonstrated through illustrative case studies involving both empirically-derived and virtual incident scenarios.The proposed datadriven approach is designed to significantly enhance digital forensic capabilities,support more effective incident response,strengthen compliance with emerging cybersecurity regulations,and ultimately contribute to bolstering the overall security,resilience,and trustworthiness of this increasingly vital critical infrastructure.展开更多
The power system frequency fluctuations could be captured by digital recordings and extracted to compare with a reference database for forensic timestamp verification.It is known as the Electric Network Frequency(ENF)...The power system frequency fluctuations could be captured by digital recordings and extracted to compare with a reference database for forensic timestamp verification.It is known as the Electric Network Frequency(ENF)criterion,enabled by the properties of random fluctuations and intra-grid consistency.In essence,this is a task of matching a short random sequence within a long reference,whose accuracy is mainly concerned with whether this match could be uniquely correct.In this paper,we comprehensively analyze the factors affecting the reliability of ENF matching,including the length of test recording,length of reference,temporal resolution,and Signal-to-Noise Ratio(SNR).For synthetic analysis,we incorporate the first-order AutoRegressive(AR)ENF model and propose an efficient Time-Frequency Domain noisy ENF synthesis method.Then,the reliability analysis schemes for both synthetic and real-world data are respectively proposed.Through a comprehensive study,we quantitatively reveal that while the SNR is an important external factor to determine whether timestamp verification is viable,the length of test recording is the most important inherent factor,followed by the length of reference.However,the temporal resolution has little impact on performance.Finally,a practical workflow of the ENF-based audio timestamp verification system is proposed,incorporating the discovered results.展开更多
This themed issue of‘Episodes’is dedicated entirely to forensic geology.This provides an overview of how geologists assist the police and law enforcement to help investigate crimes.The documented application of geol...This themed issue of‘Episodes’is dedicated entirely to forensic geology.This provides an overview of how geologists assist the police and law enforcement to help investigate crimes.The documented application of geology to police and law enforcement dates back to the middle part of the 19th Century,and possibly to Roman times.Until the establishment of the International Union of Geological Sciences(IUGS),Initiative on Forensic Geology(IFG),in 2011,there was no international organization aimed at developing forensic geology on a global scale.Previously,forensic geologists worked in relative isolation from other fellow geologists.There were few incentives or opportunities for the advancement of forensic geology.IUGS-IFG has provided opportunities,incentives and the drive for the global development of forensic geology,as exemplified in this issue of Episodes.展开更多
Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the comp...Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.展开更多
Detecting hate speech automatically in social media forensics has emerged as a highly challenging task due tothe complex nature of language used in such platforms. Currently, several methods exist for classifying hate...Detecting hate speech automatically in social media forensics has emerged as a highly challenging task due tothe complex nature of language used in such platforms. Currently, several methods exist for classifying hatespeech, but they still suffer from ambiguity when differentiating between hateful and offensive content and theyalso lack accuracy. The work suggested in this paper uses a combination of the Whale Optimization Algorithm(WOA) and Particle Swarm Optimization (PSO) to adjust the weights of two Multi-Layer Perceptron (MLPs)for neutrosophic sets classification. During the training process of the MLP, the WOA is employed to exploreand determine the optimal set of weights. The PSO algorithm adjusts the weights to optimize the performanceof the MLP as fine-tuning. Additionally, in this approach, two separate MLP models are employed. One MLPis dedicated to predicting degrees of truth membership, while the other MLP focuses on predicting degrees offalse membership. The difference between these memberships quantifies uncertainty, indicating the degree ofindeterminacy in predictions. The experimental results indicate the superior performance of our model comparedto previous work when evaluated on the Davidson dataset.展开更多
The AGCU X Plus STR system is a newly developed multiplex PCR kit that detects 32 X-chromosomal STR loci simultaneously.These are DXS6807,DXS9895,linkage group 1(DXS10148,DXS10135,DXS8378),DXS9902,DXS6795,DXS6810,DXS1...The AGCU X Plus STR system is a newly developed multiplex PCR kit that detects 32 X-chromosomal STR loci simultaneously.These are DXS6807,DXS9895,linkage group 1(DXS10148,DXS10135,DXS8378),DXS9902,DXS6795,DXS6810,DXS10159,DXS10162,DXS10164,DXS7132,linkage group 2(DXS10079,DXS10074,DXS10075),DXS981,DXS6800,DXS6803,DXS6809,DXS6789,DXS7424,DXS101,DXS7133,GATA172D05,GATA165B12,linkage group 3(DXS10103,HPRTB,DXS10101),GATA31E08 and linkage group 4(DXS8377,DXS10134,DXS7423).A major advantage of this kit is that it takes into account linkage between loci,in addition to detecting more X-STR loci.In order to evaluate the forensic application of 32 X-STR fl uorescence amplifi cation system,PCR settings,sensitivity,species specifi city,stability,DNA mixtures,concordance,stutter,sizing precision,and population genetics investigation were evaluated according to the Scientific Working Group on DNA Analysis Methods(SWGDAM)developmental validation guidelines.The study showed that the genotyping results of each locus were signifi cantly accurate when the DNA template was at least 62.5 pg.Complete profi les were obtained for the 1∶1 and 1∶3 combinations.A total of 209 unrelated individuals from Southern Chinese Han community,consisting of 84 females and 125 males,were selected for population studies,and 285 allele profi les were detected from 32 X-STR loci.The polymorphism information content(PIC)ranged from 0.2721 in DXS6800,to 0.9105 in DXS10135,with an average of 0.6798.DXS10135(PIC=0.9105)was the most polymorphic locus,with discrimination power(DP)of 0.9164 and 0.9871 for the male and female.The cumulative PD_(F),PD_(M),MEC_(trio) and MEC_(duo) valu es were all greater than 0.999999999.There were 78 different DXS10103-HPRTB-DXS10101 haplotypes among the 125 males,and the haplotype diversity was 0.9810.There was no signifi cant difference in the cumulative PD_(F),PD_(M),MEC_(trio) and MEC_(duo) values whether considering linkage or not.In summary,the new X-STR multiplex typing system is effective and reliable,which can be useful in human genetic analysis and kinship testing as a potent complement to autosomal STR typing.展开更多
An Ad Hoc Review Committee(ARC)was convened to consider the IUGS Initiative on Forensic Geology(FG).The meeting held on 4^(th) April 2016 at Piccadilly Place,Manchester,UK under the Chairmanship of Prof.Jose P.Calvo(J...An Ad Hoc Review Committee(ARC)was convened to consider the IUGS Initiative on Forensic Geology(FG).The meeting held on 4^(th) April 2016 at Piccadilly Place,Manchester,UK under the Chairmanship of Prof.Jose P.Calvo(JC),Secretary General,IUGS.The other attendees of the meeting were Prof.Marko Komac(MK),Vice-President of the IUGS,Dr.Laurence Donnelly(LD),Chair of the IUGS Initiative on Forensic Geology(IFG)and a Forensic Geologist and Police Search Adviser,Dr.Alastair Ruffel(AL),Forensic Geologist at Queens University,Belfast,who has significant experience in forensic geology and in working with law enforcement agencies,and Inspector Colin Hope(CH),National Search Advisor at the UK National Crime Agency.展开更多
Signature verification involves vague situations in which a signature could resemble many reference samples ormight differ because of handwriting variances. By presenting the features and similarity score of signature...Signature verification involves vague situations in which a signature could resemble many reference samples ormight differ because of handwriting variances. By presenting the features and similarity score of signatures from thematching algorithm as fuzzy sets and capturing the degrees of membership, non-membership, and indeterminacy,a neutrosophic engine can significantly contribute to signature verification by addressing the inherent uncertaintiesand ambiguities present in signatures. But type-1 neutrosophic logic gives these membership functions fixed values,which could not adequately capture the various degrees of uncertainty in the characteristics of signatures. Type-1neutrosophic representation is also unable to adjust to various degrees of uncertainty. The proposed work exploresthe type-2 neutrosophic logic to enable additional flexibility and granularity in handling ambiguity, indeterminacy,and uncertainty, hence improving the accuracy of signature verification systems. Because type-2 neutrosophiclogic allows the assessment of many sources of ambiguity and conflicting information, decision-making is moreflexible. These experimental results show the possible benefits of using a type-2 neutrosophic engine for signatureverification by demonstrating its superior handling of uncertainty and variability over type-1, which eventuallyresults in more accurate False Rejection Rate (FRR) and False Acceptance Rate (FAR) verification results. In acomparison analysis using a benchmark dataset of handwritten signatures, the type-2 neutrosophic similaritymeasure yields a better accuracy rate of 98% than the type-1 95%.展开更多
In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts pers...In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.展开更多
The development of high technology,for public life to provide a justification at the same time,also encouraged the spirit of cybercrime,to become more and more rampant.In network crime,electronic data is usually used ...The development of high technology,for public life to provide a justification at the same time,also encouraged the spirit of cybercrime,to become more and more rampant.In network crime,electronic data is usually used as the main evidence to determine the facts of the crime and plays an important role in the smooth trial of the case.But because electronic data on dependent,concealment,easy destructive strong science and technology,the forensics work is now in trouble.The mature use of blockchain technology can avoid existing problems to a certain extent,which is helpful to the smooth progress of electronic forensics.This paper on electronic evidence how to more effectively,combined with research blockchain technology,improve the efficiency of electronic evidence collection work.展开更多
In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerge...In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerged,such as deepfake,fake news,defamation or blackmailing of celebrities,impersonation of politicians in political warfare,and the spreading of rumours to attract views.As a result,a rich body of visual forensic techniques has been proposed in an attempt to stop this dangerous trend.However,there is no comprehensive,fair,and unified performance evaluation to enlighten the community on best performing methods.The authors present a systematic benchmark beyond traditional surveys that provides in-depth insights into facial forgery and facial forensics,grounding on robustness tests such as contrast,brightness,noise,resolution,missing information,and compression.The authors also provide a practical guideline of the benchmarking results,to determine the characteristics of the methods that serve as a comparative reference in this never-ending war between measures and countermeasures.The authors’source code is open to the public.展开更多
Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network ident...Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.展开更多
The large scale and distribution of cloud computing storage have become the major challenges in cloud forensics for file extraction. Current disk forensic methods do not adapt to cloud computing well and the forensic ...The large scale and distribution of cloud computing storage have become the major challenges in cloud forensics for file extraction. Current disk forensic methods do not adapt to cloud computing well and the forensic research on distributed file system is inadequate. To address the forensic problems, this paper uses the Hadoop distributed file system (HDFS) as a case study and proposes a forensic method for efficient file extraction based on three-level (3L) mapping. First, HDFS is analyzed from overall architecture to local file system. Second, the 3L mapping of an HDFS file from HDFS namespace to data blocks on local file system is established and a recovery method for deleted files based on 3L mapping is presented. Third, a multi-node Hadoop framework via Xen virtualization platform is set up to test the performance of the method. The results indicate that the proposed method could succeed in efficient location of large files stored across data nodes, make selective image of disk data and get high recovery rate of deleted files.展开更多
文摘The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.
基金supported by the National Fund Cultivation Project from China People’s Police University(Grant Number:JJPY202402)National Natural Science Foundation of China(Grant Number:62172165).
文摘With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed.This paper examines the advancements inDeepfake detection and defense technologies,emphasizing the shift from passive detection methods to proactive digital watermarking techniques.Passive detection methods,which involve extracting features from images or videos to identify forgeries,encounter challenges such as poor performance against unknown manipulation techniques and susceptibility to counter-forensic tactics.In contrast,proactive digital watermarking techniques embed specificmarkers into images or videos,facilitating real-time detection and traceability,thereby providing a preemptive defense againstDeepfake content.We offer a comprehensive analysis of digitalwatermarking-based forensic techniques,discussing their advantages over passivemethods and highlighting four key benefits:real-time detection,embedded defense,resistance to tampering,and provision of legal evidence.Additionally,the paper identifies gaps in the literature concerning proactive forensic techniques and suggests future research directions,including cross-domain watermarking and adaptive watermarking strategies.By systematically classifying and comparing existing techniques,this review aims to contribute valuable insights for the development of more effective proactive defense strategies in Deepfake forensics.
基金supported by the National Natural Science Foundation of China(82202078)the Major Project of the National Social Science Foundation of China(23&ZD203)+3 种基金the Open Project of the Key Laboratory of Forensic Genetics of the Ministry of Public Security(2022FGKFKT05)the Center for Archaeological Science of Sichuan University(23SASA01)the 1‧3‧5 Project for Disciplines of Excellence,West China Hospital,Sichuan University(ZYJC20002)the Sichuan Science and Technology Program(2024NSFSC1518).
文摘Genetic genealogy provides crucial insights into the complex biological relationships within contemporary and ancient human populations by analyzing shared alleles and chromosomal segments that are identical by descent to understand kinship,migration patterns,and population dynamics.Within forensic science,forensic investigative genetic genealogy(FIGG)has gained prominence by leveraging next-generation sequencing technologies and population-specific genomic resources,opening useful investigative avenues.In this review,we synthesize current knowledge,underscore recent advancements,and discuss the growing role of FIGG in forensic genomics.FIGG has been pivotal in revitalizing dormant inquiries and offering genetic leads in numerous cold cases.Its effectiveness relies on the extensive single-nucleotide polymorphism profiles contributed by individuals from diverse populations to specialized genomic databases.Advances in computational genomics and the growth of human genomic databases have spurred a profound shift in the application of genetic genealogy across forensics,anthropology,and ancient DNA studies.As the field progresses,FIGG is evolving from a nascent practice into a more sophisticated and specialized discipline,shaping the future of forensic investigations.
文摘Electric Vehicle Charging Systems(EVCS)are increasingly vulnerable to cybersecurity threats as they integrate deeply into smart grids and Internet ofThings(IoT)environments,raising significant security challenges.Most existing research primarily emphasizes network-level anomaly detection,leaving critical vulnerabilities at the host level underexplored.This study introduces a novel forensic analysis framework leveraging host-level data,including system logs,kernel events,and Hardware Performance Counters(HPC),to detect and analyze sophisticated cyberattacks such as cryptojacking,Denial-of-Service(DoS),and reconnaissance activities targeting EVCS.Using comprehensive forensic analysis and machine learning models,the proposed framework significantly outperforms existing methods,achieving an accuracy of 98.81%.The findings offer insights into distinct behavioral signatures associated with specific cyber threats,enabling improved cybersecurity strategies and actionable recommendations for robust EVCS infrastructure protection.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2021R1I1A3049788).
文摘In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulated images across various domains.One of the pressing challenges stemming from this advancement is the increasing difficulty in discerning between unaltered and manipulated images.This paper offers a comprehensive survey of existing methodologies for detecting image tampering,shedding light on the diverse approaches employed in the field of contemporary image forensics.The methods used to identify image forgery can be broadly classified into two primary categories:classical machine learning techniques,heavily reliant on manually crafted features,and deep learning methods.Additionally,this paper explores recent developments in image forensics,placing particular emphasis on the detection of counterfeit colorization.Image colorization involves predicting colors for grayscale images,thereby enhancing their visual appeal.The advancements in colorization techniques have reached a level where distinguishing between authentic and forged images with the naked eye has become an exceptionally challenging task.This paper serves as an in-depth exploration of the intricacies of image forensics in the modern age,with a specific focus on the detection of colorization forgery,presenting a comprehensive overview of methodologies in this critical field.
文摘The integration of phytochemistry into forensic science has emerged as a groundbreaking frontier,providing unprecedented insights into nature's secrets through the precise application of phytochemical fingerprinting of phytotoxins as a cutting-edge approach.This study explores the dynamic intersection of phytochemistry and forensic science,highlighting how the unique phytochemical profiles of toxic plants and their secondary metabolites,serve as distinctive markers for forensic investigations.By utilizing advanced techniques such as Ultra-High-Performance Liquid Chromatography(UHPLC)and High-Resolution Mass Spectrometry(HRMS),the detection and quantification of plant-derived are made more accurate in forensic contexts.Real-world case studies are presented to demonstrate the critical role of plant toxins in forensic outcomes and legal proceedings.The challenges,potential,and future prospects of integrating phytochemical fingerprinting of plant toxins into forensic science were discussed.This review aims to illuminate phytochemical fingerprinting of plant toxins as a promising tool to enhance the precision and depth of forensic analyses,offering new insights into the complex stories embedded in plant toxins.
基金supported in part by Natural Science Foundation of Hubei Province of China under Grant 2023AFB016the 2022 Opening Fund for Hubei Key Laboratory of Intelligent Vision Based Monitoring for Hydroelectric Engineering under Grant 2022SDSJ02the Construction Fund for Hubei Key Laboratory of Intelligent Vision Based Monitoring for Hydroelectric Engineering under Grant 2019ZYYD007.
文摘Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video processing technologies have facilitated the widespread availability of powerful editing tools,such as Deepfakes,enabling anyone to easily create manipulated or fake visual content,which poses an enormous threat to social security and public trust.To verify the authenticity and integrity of images and videos,numerous approaches have been proposed,which are primarily based on content analysis and their effectiveness is susceptible to interference from various image or video post-processing operations.Recent research has highlighted the potential of file containers analysis as a promising forensic approach that offers efficient and interpretable results.However,there is still a lack of review articles on this kind of approach.In order to fill this gap,we present a comprehensive review of file containers-based image and video forensics in this paper.Specifically,we categorize the existing methods into two distinct stages,qualitative analysis and quantitative analysis.In addition,an overall framework is proposed to organize the exiting approaches.Then,the advantages and disadvantages of the schemes used across different forensic tasks are provided.Finally,we outline the trends in this research area,aiming to provide valuable insights and technical guidance for future research.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(RS-2023-00242528,50%)supported by a grant from the Korea Electric Power Corporation(R24XO01-4,50%)for basic research and development projects starting in 2024.
文摘The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challenges.While considerable effort has focused on preventative cybersecurity measures,a critical deficiency persists in structured methodologies for digital forensic analysis following security incidents,a gap exacerbated by system heterogeneity,distributed digital evidence,and inconsistent logging practices which hinder effective incident reconstruction and attribution.This paper addresses this critical need by proposing a novel,data-driven forensic framework tailored to the EV charging infrastructure,focusing on the systematic identification,classification,and correlation of diverse digital evidence across its physical,network,and application layers.Our methodology integrates open-source intelligence(OSINT)with advanced system modeling based on a three-layer cyber-physical system architecture to comprehensively map potential evidentiary sources.Key contributions include a comprehensive taxonomy of cybersecurity threats pertinent to EV charging ecosystems,detailed mappings between these threats and the resultant digital evidence to guide targeted investigations,the formulation of adaptable forensic investigation workflows for various incident scenarios,and a critical analysis of significant gaps in digital evidence availability within current EV charging systems,highlighting limitations in forensic readiness.The practical application and utility of this method are demonstrated through illustrative case studies involving both empirically-derived and virtual incident scenarios.The proposed datadriven approach is designed to significantly enhance digital forensic capabilities,support more effective incident response,strengthen compliance with emerging cybersecurity regulations,and ultimately contribute to bolstering the overall security,resilience,and trustworthiness of this increasingly vital critical infrastructure.
基金funded by National Natural Science Foundation of China(No.62272347,62072343,and 61802284)National Key Research Development Program of China(No.2019QY(Y)0206).
文摘The power system frequency fluctuations could be captured by digital recordings and extracted to compare with a reference database for forensic timestamp verification.It is known as the Electric Network Frequency(ENF)criterion,enabled by the properties of random fluctuations and intra-grid consistency.In essence,this is a task of matching a short random sequence within a long reference,whose accuracy is mainly concerned with whether this match could be uniquely correct.In this paper,we comprehensively analyze the factors affecting the reliability of ENF matching,including the length of test recording,length of reference,temporal resolution,and Signal-to-Noise Ratio(SNR).For synthetic analysis,we incorporate the first-order AutoRegressive(AR)ENF model and propose an efficient Time-Frequency Domain noisy ENF synthesis method.Then,the reliability analysis schemes for both synthetic and real-world data are respectively proposed.Through a comprehensive study,we quantitatively reveal that while the SNR is an important external factor to determine whether timestamp verification is viable,the length of test recording is the most important inherent factor,followed by the length of reference.However,the temporal resolution has little impact on performance.Finally,a practical workflow of the ENF-based audio timestamp verification system is proposed,incorporating the discovered results.
文摘This themed issue of‘Episodes’is dedicated entirely to forensic geology.This provides an overview of how geologists assist the police and law enforcement to help investigate crimes.The documented application of geology to police and law enforcement dates back to the middle part of the 19th Century,and possibly to Roman times.Until the establishment of the International Union of Geological Sciences(IUGS),Initiative on Forensic Geology(IFG),in 2011,there was no international organization aimed at developing forensic geology on a global scale.Previously,forensic geologists worked in relative isolation from other fellow geologists.There were few incentives or opportunities for the advancement of forensic geology.IUGS-IFG has provided opportunities,incentives and the drive for the global development of forensic geology,as exemplified in this issue of Episodes.
基金supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2024-RS-2024-00437494)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.
文摘Detecting hate speech automatically in social media forensics has emerged as a highly challenging task due tothe complex nature of language used in such platforms. Currently, several methods exist for classifying hatespeech, but they still suffer from ambiguity when differentiating between hateful and offensive content and theyalso lack accuracy. The work suggested in this paper uses a combination of the Whale Optimization Algorithm(WOA) and Particle Swarm Optimization (PSO) to adjust the weights of two Multi-Layer Perceptron (MLPs)for neutrosophic sets classification. During the training process of the MLP, the WOA is employed to exploreand determine the optimal set of weights. The PSO algorithm adjusts the weights to optimize the performanceof the MLP as fine-tuning. Additionally, in this approach, two separate MLP models are employed. One MLPis dedicated to predicting degrees of truth membership, while the other MLP focuses on predicting degrees offalse membership. The difference between these memberships quantifies uncertainty, indicating the degree ofindeterminacy in predictions. The experimental results indicate the superior performance of our model comparedto previous work when evaluated on the Davidson dataset.
文摘The AGCU X Plus STR system is a newly developed multiplex PCR kit that detects 32 X-chromosomal STR loci simultaneously.These are DXS6807,DXS9895,linkage group 1(DXS10148,DXS10135,DXS8378),DXS9902,DXS6795,DXS6810,DXS10159,DXS10162,DXS10164,DXS7132,linkage group 2(DXS10079,DXS10074,DXS10075),DXS981,DXS6800,DXS6803,DXS6809,DXS6789,DXS7424,DXS101,DXS7133,GATA172D05,GATA165B12,linkage group 3(DXS10103,HPRTB,DXS10101),GATA31E08 and linkage group 4(DXS8377,DXS10134,DXS7423).A major advantage of this kit is that it takes into account linkage between loci,in addition to detecting more X-STR loci.In order to evaluate the forensic application of 32 X-STR fl uorescence amplifi cation system,PCR settings,sensitivity,species specifi city,stability,DNA mixtures,concordance,stutter,sizing precision,and population genetics investigation were evaluated according to the Scientific Working Group on DNA Analysis Methods(SWGDAM)developmental validation guidelines.The study showed that the genotyping results of each locus were signifi cantly accurate when the DNA template was at least 62.5 pg.Complete profi les were obtained for the 1∶1 and 1∶3 combinations.A total of 209 unrelated individuals from Southern Chinese Han community,consisting of 84 females and 125 males,were selected for population studies,and 285 allele profi les were detected from 32 X-STR loci.The polymorphism information content(PIC)ranged from 0.2721 in DXS6800,to 0.9105 in DXS10135,with an average of 0.6798.DXS10135(PIC=0.9105)was the most polymorphic locus,with discrimination power(DP)of 0.9164 and 0.9871 for the male and female.The cumulative PD_(F),PD_(M),MEC_(trio) and MEC_(duo) valu es were all greater than 0.999999999.There were 78 different DXS10103-HPRTB-DXS10101 haplotypes among the 125 males,and the haplotype diversity was 0.9810.There was no signifi cant difference in the cumulative PD_(F),PD_(M),MEC_(trio) and MEC_(duo) values whether considering linkage or not.In summary,the new X-STR multiplex typing system is effective and reliable,which can be useful in human genetic analysis and kinship testing as a potent complement to autosomal STR typing.
文摘An Ad Hoc Review Committee(ARC)was convened to consider the IUGS Initiative on Forensic Geology(FG).The meeting held on 4^(th) April 2016 at Piccadilly Place,Manchester,UK under the Chairmanship of Prof.Jose P.Calvo(JC),Secretary General,IUGS.The other attendees of the meeting were Prof.Marko Komac(MK),Vice-President of the IUGS,Dr.Laurence Donnelly(LD),Chair of the IUGS Initiative on Forensic Geology(IFG)and a Forensic Geologist and Police Search Adviser,Dr.Alastair Ruffel(AL),Forensic Geologist at Queens University,Belfast,who has significant experience in forensic geology and in working with law enforcement agencies,and Inspector Colin Hope(CH),National Search Advisor at the UK National Crime Agency.
文摘Signature verification involves vague situations in which a signature could resemble many reference samples ormight differ because of handwriting variances. By presenting the features and similarity score of signatures from thematching algorithm as fuzzy sets and capturing the degrees of membership, non-membership, and indeterminacy,a neutrosophic engine can significantly contribute to signature verification by addressing the inherent uncertaintiesand ambiguities present in signatures. But type-1 neutrosophic logic gives these membership functions fixed values,which could not adequately capture the various degrees of uncertainty in the characteristics of signatures. Type-1neutrosophic representation is also unable to adjust to various degrees of uncertainty. The proposed work exploresthe type-2 neutrosophic logic to enable additional flexibility and granularity in handling ambiguity, indeterminacy,and uncertainty, hence improving the accuracy of signature verification systems. Because type-2 neutrosophiclogic allows the assessment of many sources of ambiguity and conflicting information, decision-making is moreflexible. These experimental results show the possible benefits of using a type-2 neutrosophic engine for signatureverification by demonstrating its superior handling of uncertainty and variability over type-1, which eventuallyresults in more accurate False Rejection Rate (FRR) and False Acceptance Rate (FAR) verification results. In acomparison analysis using a benchmark dataset of handwritten signatures, the type-2 neutrosophic similaritymeasure yields a better accuracy rate of 98% than the type-1 95%.
基金This research was supported by the Korea Institute for Advancement of Technology(KIAT)Grant Funded by the Korea Government(MOTIE)(P0012724,The Competency Development Program for Industry Specialist)and the Soonchunhyang University Research Fund.
文摘In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.
基金President’s Fund Natural Science Project Plan of Tarim University,“Research on Blockchain-based Electronic Evidence Fixation Method”(Project No.:TDZKSS202439)。
文摘The development of high technology,for public life to provide a justification at the same time,also encouraged the spirit of cybercrime,to become more and more rampant.In network crime,electronic data is usually used as the main evidence to determine the facts of the crime and plays an important role in the smooth trial of the case.But because electronic data on dependent,concealment,easy destructive strong science and technology,the forensics work is now in trouble.The mature use of blockchain technology can avoid existing problems to a certain extent,which is helpful to the smooth progress of electronic forensics.This paper on electronic evidence how to more effectively,combined with research blockchain technology,improve the efficiency of electronic evidence collection work.
基金QuỹĐổi mới sáng tạo Vingroup,Grant/Award Number:VINIF.2020.ThS.BK.10。
文摘In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerged,such as deepfake,fake news,defamation or blackmailing of celebrities,impersonation of politicians in political warfare,and the spreading of rumours to attract views.As a result,a rich body of visual forensic techniques has been proposed in an attempt to stop this dangerous trend.However,there is no comprehensive,fair,and unified performance evaluation to enlighten the community on best performing methods.The authors present a systematic benchmark beyond traditional surveys that provides in-depth insights into facial forgery and facial forensics,grounding on robustness tests such as contrast,brightness,noise,resolution,missing information,and compression.The authors also provide a practical guideline of the benchmarking results,to determine the characteristics of the methods that serve as a comparative reference in this never-ending war between measures and countermeasures.The authors’source code is open to the public.
基金the National Key R&D Program of China(No.2017YFA60700602)。
文摘Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.
基金Supported by the National High Technology Research and Development Program of China(863 Program)(2015AA016006)the National Natural Science Foundation of China(60903220)
文摘The large scale and distribution of cloud computing storage have become the major challenges in cloud forensics for file extraction. Current disk forensic methods do not adapt to cloud computing well and the forensic research on distributed file system is inadequate. To address the forensic problems, this paper uses the Hadoop distributed file system (HDFS) as a case study and proposes a forensic method for efficient file extraction based on three-level (3L) mapping. First, HDFS is analyzed from overall architecture to local file system. Second, the 3L mapping of an HDFS file from HDFS namespace to data blocks on local file system is established and a recovery method for deleted files based on 3L mapping is presented. Third, a multi-node Hadoop framework via Xen virtualization platform is set up to test the performance of the method. The results indicate that the proposed method could succeed in efficient location of large files stored across data nodes, make selective image of disk data and get high recovery rate of deleted files.
