Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the comp...Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.展开更多
Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.A...Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.展开更多
Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential role...Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.展开更多
In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts pers...In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.展开更多
Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinat...Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinations regarding IoT frameworks. The existing digital forensic applications have effectively held back efforts to align the IoT with digital forensic strategies. This is because the forensic applications are ill-suited to the highly complex IoT frameworks and would, therefore, struggle to amass, analyze and test the necessary evidence that would be required by a court. As such, there is a need to develop a suitable forensic framework to facilitate forensic investigations in IoT settings. Nor has considerable progress been made in terms of collecting and saving network and server logs from IoT settings to enable examinations. Consequently, this study sets out to develop and test the FB system which is a lightweight forensic framework capable of improving the scope of investigations in IoT environments. The FB system can organize the management of various IoT devices found in a smart apartment, all of which is controlled by the owner’s smart watch. This will help to perform useful functions, automate the decision-making process, and ensure that the system remains secure. A Java app is utilized to simulate the FB system, learning the user’s requirements and security expectations when installed and employing the MySQL server as a means of logging the communications of the various IoT devices.展开更多
The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challe...The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challenges.While considerable effort has focused on preventative cybersecurity measures,a critical deficiency persists in structured methodologies for digital forensic analysis following security incidents,a gap exacerbated by system heterogeneity,distributed digital evidence,and inconsistent logging practices which hinder effective incident reconstruction and attribution.This paper addresses this critical need by proposing a novel,data-driven forensic framework tailored to the EV charging infrastructure,focusing on the systematic identification,classification,and correlation of diverse digital evidence across its physical,network,and application layers.Our methodology integrates open-source intelligence(OSINT)with advanced system modeling based on a three-layer cyber-physical system architecture to comprehensively map potential evidentiary sources.Key contributions include a comprehensive taxonomy of cybersecurity threats pertinent to EV charging ecosystems,detailed mappings between these threats and the resultant digital evidence to guide targeted investigations,the formulation of adaptable forensic investigation workflows for various incident scenarios,and a critical analysis of significant gaps in digital evidence availability within current EV charging systems,highlighting limitations in forensic readiness.The practical application and utility of this method are demonstrated through illustrative case studies involving both empirically-derived and virtual incident scenarios.The proposed datadriven approach is designed to significantly enhance digital forensic capabilities,support more effective incident response,strengthen compliance with emerging cybersecurity regulations,and ultimately contribute to bolstering the overall security,resilience,and trustworthiness of this increasingly vital critical infrastructure.展开更多
The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,...The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.展开更多
As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial s...As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial system must be assured of its accuracy,reliability,and verifiability,which can be assured by accreditation.This paper focuses on a comparison of the evolution of the accreditation of digital forensics internationally and domestically,discusses the existing problems that such accreditation encounters,and proposes the corresponding solutions.Moreover,this paper discusses the future of digital forensic laboratory accreditation and its implementation.展开更多
In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerge...In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerged,such as deepfake,fake news,defamation or blackmailing of celebrities,impersonation of politicians in political warfare,and the spreading of rumours to attract views.As a result,a rich body of visual forensic techniques has been proposed in an attempt to stop this dangerous trend.However,there is no comprehensive,fair,and unified performance evaluation to enlighten the community on best performing methods.The authors present a systematic benchmark beyond traditional surveys that provides in-depth insights into facial forgery and facial forensics,grounding on robustness tests such as contrast,brightness,noise,resolution,missing information,and compression.The authors also provide a practical guideline of the benchmarking results,to determine the characteristics of the methods that serve as a comparative reference in this never-ending war between measures and countermeasures.The authors’source code is open to the public.展开更多
Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network ident...Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.展开更多
Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of se...Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.展开更多
This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introd...This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.展开更多
Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)h...Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)have shown promise in solving this problem,but their performance highly depends on the choice of hyperparameters.In this paper,we explore the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification.We conduct experiments using a Hyper Tuned CNN model with three popular optimization algorithms:Adaptive Moment Estimation(ADAM),StochasticGradientDescent(SGD),andRoot Mean Squared Propagation(RMSPROP).The model is trained and tested on a dataset of text samples collected from various authors,and the performance is evaluated using accuracy,precision,recall,and F1 score.We compare the performance of the three optimization algorithms and demonstrate the effectiveness of hyperparameter tuning in improving the accuracy of the CNN model.Our results show that the Hyper Tuned CNN model with ADAM Optimizer achieves the highest accuracy of up to 90%.Furthermore,we demonstrate that hyperparameter tuning can help achieve significant performance improvements,even using a relatively simple model architecture like CNNs.Our findings suggest that the choice of the optimization algorithm is a crucial factor in the performance of CNNs for authorship verification and that hyperparameter tuning can be an effective way to optimize this choice.Overall,this paper demonstrates the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification in digital forensic investigations.Our findings have important implications for developing accurate and reliable authorship verification systems,which are crucial for various applications in digital forensics,such as identifying the author of anonymous threatening messages or detecting cases of plagiarism.展开更多
Computer system's runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ign...Computer system's runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ignored. We present a novel approach on runtime instruction forensic analysis and have developed a forensic system which collects instruction flow and extracts digital evidence. The system is based on whole-system emulation technique and analysts are allowed to define analysis strategy to improve analysis efficiency and reduce overhead. This forensic approach and system are applicable to binary code analysis, information retrieval and matware forensics.展开更多
Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreov...Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreover,the collected forensic data cannot be analyzed using existing well-known digital tools.This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB)privacy guidelines.To have an efficient investigation process and meet the increased volume of data,the presented framework is designed based on the selective imaging concept and advanced encryption standard(AES).The proposed framework has two main modules,namely Selective Imaging Module(SIM)and Selective Analysis Module(SAM).The SIM and SAM modules are implemented based on advanced forensic format 4(AFF4)and SleuthKit open source forensics frameworks,respectively,and,accordingly,the proposed framework is evaluated in a forensically sound manner.The evaluation result is compared with other relevant works and,as a result,the proposed solution provides a privacy-preserving,efficient forensic imaging and analysis process while having also sufficient methods.Moreover,the AFF4 forensic image,produced by the SIM module,can be analyzed not only by SAM,but also by other well-known analysis tools available on the market.展开更多
Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them h...Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them have shortcomings in real criminal investigation.To overcome the weakness,this paper designs a web page forensic scheme to snapshot the pages from web servers with the help of web spider.Also,it designs several steps to improve the trustworthiness of these pages.All the pages will be dumped in local database which can be presented as reliable evidence on the court.展开更多
As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it ma...As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.展开更多
The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typica...The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.展开更多
Nowadays,the capability of traditional digital forensic tools fails to meet the demand of ever increasing of criminal or civil cases.One of the challenges is that digital devices and applications are multifarious and ...Nowadays,the capability of traditional digital forensic tools fails to meet the demand of ever increasing of criminal or civil cases.One of the challenges is that digital devices and applications are multifarious and changing quickly.Here,we propose a new mode for digital forensic tools utilization via integrating open-source single tools into a platform and setting up into Live DVD/USB.The platform,an Integrated Open Forensic Environment(named IOFE),takes full advantage of these tools and,at the same time,elevates its power and interoperability via standardized input/output data.The IOFE features conducting live and dead investigation and covers three consecutive major phases of digital forensics:acquisition,analysis,and presentation.Our experiments prove that IOFE can carry out manifold acquisition,interpretation,analysis,and presentation task of evidentiary data in an efficient and effective manner.展开更多
In all phases of forensic investigation, digital evidence is exposed to external influences and coming into contact with many factors. Legal admissibility of digital evidence is the ability of that evidence being acce...In all phases of forensic investigation, digital evidence is exposed to external influences and coming into contact with many factors. Legal admissibility of digital evidence is the ability of that evidence being accepted as evidence in a court of law. Life cycle of digital evidence is very complex. In each stage there is more impact that can violate a chain of custody and its integrity. Contact with different variables occurs through a life cycle of digital evidence and can disrupt its integrity. In order for the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly came into contact with evidence in each stage of the investigation. This paper presents a dynamics and life cycle of digital evidence. The Petri nets will be proposed and used for modeling and simulation of this process.展开更多
基金supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2024-RS-2024-00437494)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘Digital forensics aims to uncover evidence of cybercrimes within compromised systems.These cybercrimes are often perpetrated through the deployment of malware,which inevitably leaves discernible traces within the compromised systems.Forensic analysts are tasked with extracting and subsequently analyzing data,termed as artifacts,from these systems to gather evidence.Therefore,forensic analysts must sift through extensive datasets to isolate pertinent evidence.However,manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive.Previous studies addressed such inefficiencies by integrating artificial intelligence(AI)technologies into digital forensics.Despite the efforts in previous studies,artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations.In this study,we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics.Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection.The key ideas of this method are:(1)prioritize suspicious artifacts and filter remaining artifacts using autoencoder and(2)further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy.Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches.Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.
文摘Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.
文摘Research in virtualization technology has gained significant developments in recent years, which brings not only opportunities to the forensic community, but challenges as well. This paper discusses the potential roles of virtualization in digital forensics, examines the recent progresses which use the virtualization techniques to support modem computer forensics. The influences on digital forensics caused by virtualization technology are identified. Tools and methods in common digital forensic practices are analyzed, and experiences of our practice and reflections in this field are shared.
基金This research was supported by the Korea Institute for Advancement of Technology(KIAT)Grant Funded by the Korea Government(MOTIE)(P0012724,The Competency Development Program for Industry Specialist)and the Soonchunhyang University Research Fund.
文摘In this research,we developed a plugin for our automated digital forensics framework to extract and preserve the evidence from the Android and the IOS-based mobile phone application,Instagram.This plugin extracts personal details from Instagram users,e.g.,name,user name,mobile number,ID,direct text or audio,video,and picture messages exchanged between different Instagram users.While developing the plugin,we identified resources available in both Android and IOS-based devices holding key forensics artifacts.We highlighted the poor privacy scheme employed by Instagram.This work,has shown how the sensitive data posted in the Instagram mobile application can easily be reconstructed,and how the traces,as well as the URL links of visual messages,can be used to access the privacy of any Instagram user without any critical credential verification.We also employed the anti-forensics method on the Instagram Android’s application and were able to restore the application from the altered or corrupted database file,which any criminal mind can use to set up or trap someone else.The outcome of this research is a plugin for our digital forensics ready framework software which could be used by law enforcement and regulatory agencies to reconstruct the digital evidence available in the Instagram mobile application directories on both Android and IOS-based mobile phones.
文摘Despite the extensive empirical literature relating to the Internet of Things (IoT), surprisingly few attempts have sought to establish the ways in which digital forensics can be applied to undertake detailed examinations regarding IoT frameworks. The existing digital forensic applications have effectively held back efforts to align the IoT with digital forensic strategies. This is because the forensic applications are ill-suited to the highly complex IoT frameworks and would, therefore, struggle to amass, analyze and test the necessary evidence that would be required by a court. As such, there is a need to develop a suitable forensic framework to facilitate forensic investigations in IoT settings. Nor has considerable progress been made in terms of collecting and saving network and server logs from IoT settings to enable examinations. Consequently, this study sets out to develop and test the FB system which is a lightweight forensic framework capable of improving the scope of investigations in IoT environments. The FB system can organize the management of various IoT devices found in a smart apartment, all of which is controlled by the owner’s smart watch. This will help to perform useful functions, automate the decision-making process, and ensure that the system remains secure. A Java app is utilized to simulate the FB system, learning the user’s requirements and security expectations when installed and employing the MySQL server as a means of logging the communications of the various IoT devices.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(RS-2023-00242528,50%)supported by a grant from the Korea Electric Power Corporation(R24XO01-4,50%)for basic research and development projects starting in 2024.
文摘The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challenges.While considerable effort has focused on preventative cybersecurity measures,a critical deficiency persists in structured methodologies for digital forensic analysis following security incidents,a gap exacerbated by system heterogeneity,distributed digital evidence,and inconsistent logging practices which hinder effective incident reconstruction and attribution.This paper addresses this critical need by proposing a novel,data-driven forensic framework tailored to the EV charging infrastructure,focusing on the systematic identification,classification,and correlation of diverse digital evidence across its physical,network,and application layers.Our methodology integrates open-source intelligence(OSINT)with advanced system modeling based on a three-layer cyber-physical system architecture to comprehensively map potential evidentiary sources.Key contributions include a comprehensive taxonomy of cybersecurity threats pertinent to EV charging ecosystems,detailed mappings between these threats and the resultant digital evidence to guide targeted investigations,the formulation of adaptable forensic investigation workflows for various incident scenarios,and a critical analysis of significant gaps in digital evidence availability within current EV charging systems,highlighting limitations in forensic readiness.The practical application and utility of this method are demonstrated through illustrative case studies involving both empirically-derived and virtual incident scenarios.The proposed datadriven approach is designed to significantly enhance digital forensic capabilities,support more effective incident response,strengthen compliance with emerging cybersecurity regulations,and ultimately contribute to bolstering the overall security,resilience,and trustworthiness of this increasingly vital critical infrastructure.
文摘The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.
基金supported by grants from the National Key Research and Development Program of China[grant number 2016YFC0800705]the Shanghai Forensic Service Platform[grant number 16DZ2290900]the Shanghai Key Laboratory of Forensic Medicine[grant number 17DZ2273200].
文摘As a result of the many developments in information technology,digital evidence plays an increasingly important role in criminal and civil litigation.Because digital evidence is necessary for litigation,the judicial system must be assured of its accuracy,reliability,and verifiability,which can be assured by accreditation.This paper focuses on a comparison of the evolution of the accreditation of digital forensics internationally and domestically,discusses the existing problems that such accreditation encounters,and proposes the corresponding solutions.Moreover,this paper discusses the future of digital forensic laboratory accreditation and its implementation.
基金QuỹĐổi mới sáng tạo Vingroup,Grant/Award Number:VINIF.2020.ThS.BK.10。
文摘In recent years,visual facial forgery has reached a level of sophistication that humans cannot identify fraud,which poses a significant threat to information security.A wide range of malicious applications have emerged,such as deepfake,fake news,defamation or blackmailing of celebrities,impersonation of politicians in political warfare,and the spreading of rumours to attract views.As a result,a rich body of visual forensic techniques has been proposed in an attempt to stop this dangerous trend.However,there is no comprehensive,fair,and unified performance evaluation to enlighten the community on best performing methods.The authors present a systematic benchmark beyond traditional surveys that provides in-depth insights into facial forgery and facial forensics,grounding on robustness tests such as contrast,brightness,noise,resolution,missing information,and compression.The authors also provide a practical guideline of the benchmarking results,to determine the characteristics of the methods that serve as a comparative reference in this never-ending war between measures and countermeasures.The authors’source code is open to the public.
基金the National Key R&D Program of China(No.2017YFA60700602)。
文摘Vehicle data is one of the important sources of traffic accident digital forensics.We propose a novel method using long short-term memory-deep belief network by binary encoding(LSTM-BiDBN)controller area network identifier(CAN ID)to extract the event sequence of CAN IDs and the semantic of CAN IDs themselves.Instead of detecting attacks only aimed at a specific CAN ID,the proposed method fully considers the potential interaction between electronic control units.By this means,we can detect whether the vehicle has been invaded by the outside,to online determine the responsible party of the accident.We use our LSTM-BiDBN to distinguish attack-free and abnormal situations on CAN-intrusion-dataset.Experimental results show that our proposed method is more effective in identifying anomalies caused by denial of service attack,fuzzy attack and impersonation attack with an accuracy value of 97.02%,a false-positive rate of 6.09%,and a false-negative rate of 1.94%compared with traditional methods.
基金supported by the National Natural Science Foundation of China under Grant No.60903166 the National High Technology Research and Development Program of China(863 Program) under Grants No.2012AA012506,No.2012AA012901,No.2012AA012903+9 种基金 Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032 the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065 the Opening Project of Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security) under Grant No.C13613 the China Postdoctoral Science Foundation General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012 the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24 the Beijing Municipal Natural Science Foundation Sponsored by Hunan Postdoctoral Scientific Program Open Research Fund of Beijing Key Laboratory of Trusted Computing Funds for the Central Universities, Contract No.2012JBM030
文摘Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.
文摘This summary paper will discuss the concept of forensic evidence and evidence collection methods. Emphasis will be placed on the techniques used to collect forensically sound digital evidence for the purpose of introduction to digital forensics. This discussion will thereafter result in identifying and categorizing the different types of digital forensics evidence and a clear procedure for how to collect forensically sound digital evidence. This paper will further discuss the creation of awareness and promote the idea that competent practice of computer forensics collection is important for admissibility in court.
基金Prince Sultan University for funding this publication’s Article Process Charges(APC).
文摘Authorship verification is a crucial task in digital forensic investigations,where it is often necessary to determine whether a specific individual wrote a particular piece of text.Convolutional Neural Networks(CNNs)have shown promise in solving this problem,but their performance highly depends on the choice of hyperparameters.In this paper,we explore the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification.We conduct experiments using a Hyper Tuned CNN model with three popular optimization algorithms:Adaptive Moment Estimation(ADAM),StochasticGradientDescent(SGD),andRoot Mean Squared Propagation(RMSPROP).The model is trained and tested on a dataset of text samples collected from various authors,and the performance is evaluated using accuracy,precision,recall,and F1 score.We compare the performance of the three optimization algorithms and demonstrate the effectiveness of hyperparameter tuning in improving the accuracy of the CNN model.Our results show that the Hyper Tuned CNN model with ADAM Optimizer achieves the highest accuracy of up to 90%.Furthermore,we demonstrate that hyperparameter tuning can help achieve significant performance improvements,even using a relatively simple model architecture like CNNs.Our findings suggest that the choice of the optimization algorithm is a crucial factor in the performance of CNNs for authorship verification and that hyperparameter tuning can be an effective way to optimize this choice.Overall,this paper demonstrates the effectiveness of hyperparameter tuning in improving the performance of CNNs for authorship verification in digital forensic investigations.Our findings have important implications for developing accurate and reliable authorship verification systems,which are crucial for various applications in digital forensics,such as identifying the author of anonymous threatening messages or detecting cases of plagiarism.
文摘Computer system's runtime information is an essential part of the digital evidence. Current digital forensic approaches mainly focus on memory and I/O data, while the runtime instructions from processes are often ignored. We present a novel approach on runtime instruction forensic analysis and have developed a forensic system which collects instruction flow and extracts digital evidence. The system is based on whole-system emulation technique and analysts are allowed to define analysis strategy to improve analysis efficiency and reduce overhead. This forensic approach and system are applicable to binary code analysis, information retrieval and matware forensics.
基金The authors extend their appreciation to the Deanship of Scientific Research at King Saud University for funding this work through research group no(RG-1441-531).
文摘Privacy preservation(PP)in Digital forensics(DF)is a conflicted and non-trivial issue.Existing solutions use the searchable encryption concept and,as a result,are not efficient and support only a keyword search.Moreover,the collected forensic data cannot be analyzed using existing well-known digital tools.This research paper first investigates the lawful requirements for PP in DF based on the organization for economic co-operation and development OECB)privacy guidelines.To have an efficient investigation process and meet the increased volume of data,the presented framework is designed based on the selective imaging concept and advanced encryption standard(AES).The proposed framework has two main modules,namely Selective Imaging Module(SIM)and Selective Analysis Module(SAM).The SIM and SAM modules are implemented based on advanced forensic format 4(AFF4)and SleuthKit open source forensics frameworks,respectively,and,accordingly,the proposed framework is evaluated in a forensically sound manner.The evaluation result is compared with other relevant works and,as a result,the proposed solution provides a privacy-preserving,efficient forensic imaging and analysis process while having also sufficient methods.Moreover,the AFF4 forensic image,produced by the SIM module,can be analyzed not only by SAM,but also by other well-known analysis tools available on the market.
基金Sponsored by the National Natural Science Foundation of China(Grant No.61272540)the National Basic Research Program of China(973 Program)(Grant No.2013CB329604)+3 种基金the National High Technology Research and Development Program of China(Grant No.2012AA011005)the Natural Science Foundation of Anhui Province,China(Grant No.11040606M138 and No.1208085MF101)the Specialized Research Fund for the Doctoral Program of Higher Education of China(Grant No.2011JYXJ1498)the Fundamental Research Funds for the Central Universities(Grant No.2011HGQC1012)
文摘Cyber-crimes are growing rapidly,so it is important to obtain the digital evidence on the web page.Usually,people can examine the browser history on the client side and data files on the server side,but both of them have shortcomings in real criminal investigation.To overcome the weakness,this paper designs a web page forensic scheme to snapshot the pages from web servers with the help of web spider.Also,it designs several steps to improve the trustworthiness of these pages.All the pages will be dumped in local database which can be presented as reliable evidence on the court.
文摘As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.
基金supported by NSFC(No.61702429)Sichuan Science and Technology Program(No.19yyjc1656).
文摘The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.
基金Supported by the National Natural Science Foundation of China (61103219, 60970114)Program of State Key Laboratory of Software Engineering (SKLSE 2010-08-24)+3 种基金Fund of Key Laboratory of Information Security Technology (KJ-11-06-2)the Policing Theory & Soft Science Research Project of Public Security Ministry of China (2008LLYJHBST031)Theory Research Project of Central Tasks 2011 of Hubei Provincial Department of Public Security,Applied Innovation Project of Hubei Provincial Department of Public Security (2009hbstsjkyyycx007)Science & Technology Research Project of Hubei Provincial Department of Education (B20128201)
文摘Nowadays,the capability of traditional digital forensic tools fails to meet the demand of ever increasing of criminal or civil cases.One of the challenges is that digital devices and applications are multifarious and changing quickly.Here,we propose a new mode for digital forensic tools utilization via integrating open-source single tools into a platform and setting up into Live DVD/USB.The platform,an Integrated Open Forensic Environment(named IOFE),takes full advantage of these tools and,at the same time,elevates its power and interoperability via standardized input/output data.The IOFE features conducting live and dead investigation and covers three consecutive major phases of digital forensics:acquisition,analysis,and presentation.Our experiments prove that IOFE can carry out manifold acquisition,interpretation,analysis,and presentation task of evidentiary data in an efficient and effective manner.
文摘In all phases of forensic investigation, digital evidence is exposed to external influences and coming into contact with many factors. Legal admissibility of digital evidence is the ability of that evidence being accepted as evidence in a court of law. Life cycle of digital evidence is very complex. In each stage there is more impact that can violate a chain of custody and its integrity. Contact with different variables occurs through a life cycle of digital evidence and can disrupt its integrity. In order for the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly came into contact with evidence in each stage of the investigation. This paper presents a dynamics and life cycle of digital evidence. The Petri nets will be proposed and used for modeling and simulation of this process.
