With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed...With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed.This paper examines the advancements inDeepfake detection and defense technologies,emphasizing the shift from passive detection methods to proactive digital watermarking techniques.Passive detection methods,which involve extracting features from images or videos to identify forgeries,encounter challenges such as poor performance against unknown manipulation techniques and susceptibility to counter-forensic tactics.In contrast,proactive digital watermarking techniques embed specificmarkers into images or videos,facilitating real-time detection and traceability,thereby providing a preemptive defense againstDeepfake content.We offer a comprehensive analysis of digitalwatermarking-based forensic techniques,discussing their advantages over passivemethods and highlighting four key benefits:real-time detection,embedded defense,resistance to tampering,and provision of legal evidence.Additionally,the paper identifies gaps in the literature concerning proactive forensic techniques and suggests future research directions,including cross-domain watermarking and adaptive watermarking strategies.By systematically classifying and comparing existing techniques,this review aims to contribute valuable insights for the development of more effective proactive defense strategies in Deepfake forensics.展开更多
Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video proces...Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video processing technologies have facilitated the widespread availability of powerful editing tools,such as Deepfakes,enabling anyone to easily create manipulated or fake visual content,which poses an enormous threat to social security and public trust.To verify the authenticity and integrity of images and videos,numerous approaches have been proposed,which are primarily based on content analysis and their effectiveness is susceptible to interference from various image or video post-processing operations.Recent research has highlighted the potential of file containers analysis as a promising forensic approach that offers efficient and interpretable results.However,there is still a lack of review articles on this kind of approach.In order to fill this gap,we present a comprehensive review of file containers-based image and video forensics in this paper.Specifically,we categorize the existing methods into two distinct stages,qualitative analysis and quantitative analysis.In addition,an overall framework is proposed to organize the exiting approaches.Then,the advantages and disadvantages of the schemes used across different forensic tasks are provided.Finally,we outline the trends in this research area,aiming to provide valuable insights and technical guidance for future research.展开更多
The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,...The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.展开更多
In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulat...In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulated images across various domains.One of the pressing challenges stemming from this advancement is the increasing difficulty in discerning between unaltered and manipulated images.This paper offers a comprehensive survey of existing methodologies for detecting image tampering,shedding light on the diverse approaches employed in the field of contemporary image forensics.The methods used to identify image forgery can be broadly classified into two primary categories:classical machine learning techniques,heavily reliant on manually crafted features,and deep learning methods.Additionally,this paper explores recent developments in image forensics,placing particular emphasis on the detection of counterfeit colorization.Image colorization involves predicting colors for grayscale images,thereby enhancing their visual appeal.The advancements in colorization techniques have reached a level where distinguishing between authentic and forged images with the naked eye has become an exceptionally challenging task.This paper serves as an in-depth exploration of the intricacies of image forensics in the modern age,with a specific focus on the detection of colorization forgery,presenting a comprehensive overview of methodologies in this critical field.展开更多
Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the comp...Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.展开更多
Detecting hate speech automatically in social media forensics has emerged as a highly challenging task due tothe complex nature of language used in such platforms. Currently, several methods exist for classifying hate...Detecting hate speech automatically in social media forensics has emerged as a highly challenging task due tothe complex nature of language used in such platforms. Currently, several methods exist for classifying hatespeech, but they still suffer from ambiguity when differentiating between hateful and offensive content and theyalso lack accuracy. The work suggested in this paper uses a combination of the Whale Optimization Algorithm(WOA) and Particle Swarm Optimization (PSO) to adjust the weights of two Multi-Layer Perceptron (MLPs)for neutrosophic sets classification. During the training process of the MLP, the WOA is employed to exploreand determine the optimal set of weights. The PSO algorithm adjusts the weights to optimize the performanceof the MLP as fine-tuning. Additionally, in this approach, two separate MLP models are employed. One MLPis dedicated to predicting degrees of truth membership, while the other MLP focuses on predicting degrees offalse membership. The difference between these memberships quantifies uncertainty, indicating the degree ofindeterminacy in predictions. The experimental results indicate the superior performance of our model comparedto previous work when evaluated on the Davidson dataset.展开更多
In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts pers...In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.展开更多
The development of high technology,for public life to provide a justification at the same time,also encouraged the spirit of cybercrime,to become more and more rampant.In network crime,electronic data is usually used ...The development of high technology,for public life to provide a justification at the same time,also encouraged the spirit of cybercrime,to become more and more rampant.In network crime,electronic data is usually used as the main evidence to determine the facts of the crime and plays an important role in the smooth trial of the case.But because electronic data on dependent,concealment,easy destructive strong science and technology,the forensics work is now in trouble.The mature use of blockchain technology can avoid existing problems to a certain extent,which is helpful to the smooth progress of electronic forensics.This paper on electronic evidence how to more effectively,combined with research blockchain technology,improve the efficiency of electronic evidence collection work.展开更多
In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerge...In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerged,such as deepfake,fake news,defamation or blackmailing of celebrities,impersonation of politicians in political warfare,and the spreading of rumours to attract views.As a result,a rich body of visual forensic techniques has been proposed in an attempt to stop this dangerous trend.However,there is no comprehensive,fair,and unified performance evaluation to enlighten the community on best performing methods.The authors present a systematic benchmark beyond traditional surveys that provides in-depth insights into facial forgery and facial forensics,grounding on robustness tests such as contrast,brightness,noise,resolution,missing information,and compression.The authors also provide a practical guideline of the benchmarking results,to determine the characteristics of the methods that serve as a comparative reference in this never-ending war between measures and countermeasures.The authors’source code is open to the public.展开更多
Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network ident...Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.展开更多
As a common medium in our daily life,images are important for most people to gather information.There are also people who edit or even tamper images to deliberately deliver false information under different purposes.T...As a common medium in our daily life,images are important for most people to gather information.There are also people who edit or even tamper images to deliberately deliver false information under different purposes.Thus,in digital forensics,it is necessary to understand the manipulating history of images.That requires to verify all possible manipulations applied to images.Among all the image editing manipulations,recoloring is widely used to adjust or repaint the colors in images.The color information is an important visual information that image can deliver.Thus,it is necessary to guarantee the correctness of color in digital forensics.On the other hand,many image retouching or editing applications or software are equipped with recoloring function.This enables ordinary people without expertise of image processing to apply recoloring for images.Hence,in order to secure the color information of images,in this paper,a recoloring detection method is proposed.The method is based on convolutional neural network which is quite popular in recent years.Unlike the traditional linear classifier,the proposed method can be employed for binary classification as well as multiple labels classification.The classification performance of different structure for the proposed architecture is also investigated in this paper.展开更多
In the paper,a convolutional neural network based on quaternion transformation is proposed to detect median filtering for color images.Compared with conventional convolutional neural network,color images can be proces...In the paper,a convolutional neural network based on quaternion transformation is proposed to detect median filtering for color images.Compared with conventional convolutional neural network,color images can be processed in a holistic manner in the proposed scheme,which makes full use of the correlation between RGB channels.And due to the use of convolutional neural network,it can effectively avoid the one-sidedness of artificial features.Experimental results have shown the scheme’s improvement over the state-of-the-art scheme on the accuracy of color image median filtering detection.展开更多
Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.A...Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.展开更多
The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typica...The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.展开更多
The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However,this kind of method is ...The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However,this kind of method is not effective in practice. In fact,memory images are usually acquired by using forensics tools instead of using snapshots. Therefore,the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper,we study the problem in a novel viewpoint. Firstly,several definitions about memory acquisition measure error are introduced to describe the trusty. Then,we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision,which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated,that is,it accounts for the whole error from 30% to 50%.展开更多
Blind forensics of JPEG image tampering as a kind of digital image blind forensics technology is gradually becoming a new research hotspot in the field of image security. Firstly, the main achievements of domestic and...Blind forensics of JPEG image tampering as a kind of digital image blind forensics technology is gradually becoming a new research hotspot in the field of image security. Firstly, the main achievements of domestic and foreign scholars in the blind forensic technology of JPEG image tampering were briefly described. Then, according to the different methods of tampering and detection, the current detection was divided into two types: double JPEG compression detection and block effect inconsistency detection. This paper summarized the existing methods of JPEG image blind forensics detection, and analyzed the two methods. Finally, the existing problems and future research trends were analyzed and prospected to provide further theoretical support for the research of JPEG image blind forensics technology.展开更多
Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of se...Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.展开更多
Advances in technological developments in Geographic Information Systems(GIS)has enabled the application of GIS in landscape mapping,environmental management,natural hazard risk and disaster management.As geographical...Advances in technological developments in Geographic Information Systems(GIS)has enabled the application of GIS in landscape mapping,environmental management,natural hazard risk and disaster management.As geographical information becomes more widely available through satellite and aerial imagery,the cost of software decreases and GIS expertise expands,it is most likely that the use of GIS will increase.The methodology has practical applications for police,crime scene investigators and forensic geoscientists.The aim is to develop GIS use in forensic search beyond mapping to offer a set of decision support tools that utilise the spatial analytical capabilities of GIS.This enables better management and understanding of the complicated and interrelated nature of a ground search.展开更多
A relatively new branch of science-nuclear forensics,aiming at providing the nature,origin,history and possible trafficking route of seized nuclear materials/devices,has been established and rapidly developed over dec...A relatively new branch of science-nuclear forensics,aiming at providing the nature,origin,history and possible trafficking route of seized nuclear materials/devices,has been established and rapidly developed over decades to screen illicit nuclear activities.This highly interdisciplinary science is built upon a foundation of analytical chemistry,radiochemistry,nuclear physics,material sciences,geology,and other scientific disciplines,within which radiochemical methodologies and radioanalytical techniques play a key role.The present review provides a brief overview about the crucial aspects of nuclear forensics,including basic content,procedure,concerned elements,common separation,analytical method,and so on.The state of the art and recent progresses of nuclear forensics by research communities in China are reviewed,while selected examples and practical applications are emphasized.The challenges associated with this new area and on-going developments are highlighted and discussed.展开更多
Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential role...Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.展开更多
基金supported by the National Fund Cultivation Project from China People’s Police University(Grant Number:JJPY202402)National Natural Science Foundation of China(Grant Number:62172165).
文摘With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed.This paper examines the advancements inDeepfake detection and defense technologies,emphasizing the shift from passive detection methods to proactive digital watermarking techniques.Passive detection methods,which involve extracting features from images or videos to identify forgeries,encounter challenges such as poor performance against unknown manipulation techniques and susceptibility to counter-forensic tactics.In contrast,proactive digital watermarking techniques embed specificmarkers into images or videos,facilitating real-time detection and traceability,thereby providing a preemptive defense againstDeepfake content.We offer a comprehensive analysis of digitalwatermarking-based forensic techniques,discussing their advantages over passivemethods and highlighting four key benefits:real-time detection,embedded defense,resistance to tampering,and provision of legal evidence.Additionally,the paper identifies gaps in the literature concerning proactive forensic techniques and suggests future research directions,including cross-domain watermarking and adaptive watermarking strategies.By systematically classifying and comparing existing techniques,this review aims to contribute valuable insights for the development of more effective proactive defense strategies in Deepfake forensics.
基金supported in part by Natural Science Foundation of Hubei Province of China under Grant 2023AFB016the 2022 Opening Fund for Hubei Key Laboratory of Intelligent Vision Based Monitoring for Hydroelectric Engineering under Grant 2022SDSJ02the Construction Fund for Hubei Key Laboratory of Intelligent Vision Based Monitoring for Hydroelectric Engineering under Grant 2019ZYYD007.
文摘Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video processing technologies have facilitated the widespread availability of powerful editing tools,such as Deepfakes,enabling anyone to easily create manipulated or fake visual content,which poses an enormous threat to social security and public trust.To verify the authenticity and integrity of images and videos,numerous approaches have been proposed,which are primarily based on content analysis and their effectiveness is susceptible to interference from various image or video post-processing operations.Recent research has highlighted the potential of file containers analysis as a promising forensic approach that offers efficient and interpretable results.However,there is still a lack of review articles on this kind of approach.In order to fill this gap,we present a comprehensive review of file containers-based image and video forensics in this paper.Specifically,we categorize the existing methods into two distinct stages,qualitative analysis and quantitative analysis.In addition,an overall framework is proposed to organize the exiting approaches.Then,the advantages and disadvantages of the schemes used across different forensic tasks are provided.Finally,we outline the trends in this research area,aiming to provide valuable insights and technical guidance for future research.
文摘The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2021R1I1A3049788).
文摘In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulated images across various domains.One of the pressing challenges stemming from this advancement is the increasing difficulty in discerning between unaltered and manipulated images.This paper offers a comprehensive survey of existing methodologies for detecting image tampering,shedding light on the diverse approaches employed in the field of contemporary image forensics.The methods used to identify image forgery can be broadly classified into two primary categories:classical machine learning techniques,heavily reliant on manually crafted features,and deep learning methods.Additionally,this paper explores recent developments in image forensics,placing particular emphasis on the detection of counterfeit colorization.Image colorization involves predicting colors for grayscale images,thereby enhancing their visual appeal.The advancements in colorization techniques have reached a level where distinguishing between authentic and forged images with the naked eye has become an exceptionally challenging task.This paper serves as an in-depth exploration of the intricacies of image forensics in the modern age,with a specific focus on the detection of colorization forgery,presenting a comprehensive overview of methodologies in this critical field.
基金supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2024-RS-2024-00437494)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.
文摘Detecting hate speech automatically in social media forensics has emerged as a highly challenging task due tothe complex nature of language used in such platforms. Currently, several methods exist for classifying hatespeech, but they still suffer from ambiguity when differentiating between hateful and offensive content and theyalso lack accuracy. The work suggested in this paper uses a combination of the Whale Optimization Algorithm(WOA) and Particle Swarm Optimization (PSO) to adjust the weights of two Multi-Layer Perceptron (MLPs)for neutrosophic sets classification. During the training process of the MLP, the WOA is employed to exploreand determine the optimal set of weights. The PSO algorithm adjusts the weights to optimize the performanceof the MLP as fine-tuning. Additionally, in this approach, two separate MLP models are employed. One MLPis dedicated to predicting degrees of truth membership, while the other MLP focuses on predicting degrees offalse membership. The difference between these memberships quantifies uncertainty, indicating the degree ofindeterminacy in predictions. The experimental results indicate the superior performance of our model comparedto previous work when evaluated on the Davidson dataset.
基金This research was supported by the Korea Institute for Advancement of Technology(KIAT)Grant Funded by the Korea Government(MOTIE)(P0012724,The Competency Development Program for Industry Specialist)and the Soonchunhyang University Research Fund.
文摘In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.
基金President’s Fund Natural Science Project Plan of Tarim University,“Research on Blockchain-based Electronic Evidence Fixation Method”(Project No.:TDZKSS202439)。
文摘The development of high technology,for public life to provide a justification at the same time,also encouraged the spirit of cybercrime,to become more and more rampant.In network crime,electronic data is usually used as the main evidence to determine the facts of the crime and plays an important role in the smooth trial of the case.But because electronic data on dependent,concealment,easy destructive strong science and technology,the forensics work is now in trouble.The mature use of blockchain technology can avoid existing problems to a certain extent,which is helpful to the smooth progress of electronic forensics.This paper on electronic evidence how to more effectively,combined with research blockchain technology,improve the efficiency of electronic evidence collection work.
基金QuỹĐổi mới sáng tạo Vingroup,Grant/Award Number:VINIF.2020.ThS.BK.10。
文摘In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerged,such as deepfake,fake news,defamation or blackmailing of celebrities,impersonation of politicians in political warfare,and the spreading of rumours to attract views.As a result,a rich body of visual forensic techniques has been proposed in an attempt to stop this dangerous trend.However,there is no comprehensive,fair,and unified performance evaluation to enlighten the community on best performing methods.The authors present a systematic benchmark beyond traditional surveys that provides in-depth insights into facial forgery and facial forensics,grounding on robustness tests such as contrast,brightness,noise,resolution,missing information,and compression.The authors also provide a practical guideline of the benchmarking results,to determine the characteristics of the methods that serve as a comparative reference in this never-ending war between measures and countermeasures.The authors’source code is open to the public.
基金the National Key R&D Program of China(No.2017YFA60700602)。
文摘Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.
文摘As a common medium in our daily life,images are important for most people to gather information.There are also people who edit or even tamper images to deliberately deliver false information under different purposes.Thus,in digital forensics,it is necessary to understand the manipulating history of images.That requires to verify all possible manipulations applied to images.Among all the image editing manipulations,recoloring is widely used to adjust or repaint the colors in images.The color information is an important visual information that image can deliver.Thus,it is necessary to guarantee the correctness of color in digital forensics.On the other hand,many image retouching or editing applications or software are equipped with recoloring function.This enables ordinary people without expertise of image processing to apply recoloring for images.Hence,in order to secure the color information of images,in this paper,a recoloring detection method is proposed.The method is based on convolutional neural network which is quite popular in recent years.Unlike the traditional linear classifier,the proposed method can be employed for binary classification as well as multiple labels classification.The classification performance of different structure for the proposed architecture is also investigated in this paper.
基金The work was supported in part by the Natural Science Foundation of China under Grants(Nos.61772281,61502241,61272421,61232016,61402235 and 61572258)in part by the Natural Science Foundation of Jiangsu Province,China under Grant BK20141006+1 种基金in part by the Natural Science Foundation of the Universities in Jiangsu Province under Grant 14KJB520024the PAPD fund and the CICAEET fund.
文摘In the paper,a convolutional neural network based on quaternion transformation is proposed to detect median filtering for color images.Compared with conventional convolutional neural network,color images can be processed in a holistic manner in the proposed scheme,which makes full use of the correlation between RGB channels.And due to the use of convolutional neural network,it can effectively avoid the one-sidedness of artificial features.Experimental results have shown the scheme’s improvement over the state-of-the-art scheme on the accuracy of color image median filtering detection.
文摘Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.
基金supported by NSFC(No.61702429)Sichuan Science and Technology Program(No.19yyjc1656).
文摘The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.
基金Sponsored by the National Natural Science Foundation of China (Grant No.61303199)Natural Science Foundation of Shandong Province (Grant No.ZR2013FQ001 and ZR2011FQ030)+1 种基金Outstanding Research Award Fund for Young Scientists of Shandong Province,China (Grant No.BS2013DX010)Academy of Sciences Youth Fund Project of Shandong Province (Grant No.2013QN007)
文摘The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However,this kind of method is not effective in practice. In fact,memory images are usually acquired by using forensics tools instead of using snapshots. Therefore,the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper,we study the problem in a novel viewpoint. Firstly,several definitions about memory acquisition measure error are introduced to describe the trusty. Then,we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision,which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated,that is,it accounts for the whole error from 30% to 50%.
文摘Blind forensics of JPEG image tampering as a kind of digital image blind forensics technology is gradually becoming a new research hotspot in the field of image security. Firstly, the main achievements of domestic and foreign scholars in the blind forensic technology of JPEG image tampering were briefly described. Then, according to the different methods of tampering and detection, the current detection was divided into two types: double JPEG compression detection and block effect inconsistency detection. This paper summarized the existing methods of JPEG image blind forensics detection, and analyzed the two methods. Finally, the existing problems and future research trends were analyzed and prospected to provide further theoretical support for the research of JPEG image blind forensics technology.
基金supported by the National Natural Science Foundation of China under Grant No.60903166 the National High Technology Research and Development Program of China(863 Program) under Grants No.2012AA012506,No.2012AA012901,No.2012AA012903+9 种基金 Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032 the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065 the Opening Project of Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security) under Grant No.C13613 the China Postdoctoral Science Foundation General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012 the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24 the Beijing Municipal Natural Science Foundation Sponsored by Hunan Postdoctoral Scientific Program Open Research Fund of Beijing Key Laboratory of Trusted Computing Funds for the Central Universities, Contract No.2012JBM030
文摘Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.
文摘Advances in technological developments in Geographic Information Systems(GIS)has enabled the application of GIS in landscape mapping,environmental management,natural hazard risk and disaster management.As geographical information becomes more widely available through satellite and aerial imagery,the cost of software decreases and GIS expertise expands,it is most likely that the use of GIS will increase.The methodology has practical applications for police,crime scene investigators and forensic geoscientists.The aim is to develop GIS use in forensic search beyond mapping to offer a set of decision support tools that utilise the spatial analytical capabilities of GIS.This enables better management and understanding of the complicated and interrelated nature of a ground search.
基金the financial support from the Science Challenge Project(No.TZ2016004)National Natural Science Foundation of China(No.21906153)the Presidential Foundation of CAEP(No.YZJJLX2020002)。
文摘A relatively new branch of science-nuclear forensics,aiming at providing the nature,origin,history and possible trafficking route of seized nuclear materials/devices,has been established and rapidly developed over decades to screen illicit nuclear activities.This highly interdisciplinary science is built upon a foundation of analytical chemistry,radiochemistry,nuclear physics,material sciences,geology,and other scientific disciplines,within which radiochemical methodologies and radioanalytical techniques play a key role.The present review provides a brief overview about the crucial aspects of nuclear forensics,including basic content,procedure,concerned elements,common separation,analytical method,and so on.The state of the art and recent progresses of nuclear forensics by research communities in China are reviewed,while selected examples and practical applications are emphasized.The challenges associated with this new area and on-going developments are highlighted and discussed.
文摘Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.
