Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of se...Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.展开更多
In this age when most organizations make use of cloud computing,it is important to not only protect cloud computing resources from cyber⁃attacks but also investigate these attacks.During forensic investigations in a c...In this age when most organizations make use of cloud computing,it is important to not only protect cloud computing resources from cyber⁃attacks but also investigate these attacks.During forensic investigations in a cloud environment,the investigators fall on service providers for pieces of evidence like log files.The challenge,however,is the integrity of these logs provided by the service providers.To this end,we propose a blockchain⁃based log verification system called BlogVerifier that uses a decentralized approach to solve forensics issues in the cloud.BlogVerifier extracts logs produced in cloud environments,hashes these logs and stores the hashed values as transactional values on the blockchain.The transactions are then merged into blocks and shared on the blockchain.The proposed system also ensures the continuation of an investigation even when the primary source of a log is compromised by using encryption and smart contracts.The proposed system also makes it possible for any stakeholder involved in the forensic process to verify the authenticity of log files.The performance results show that BlogVerifier can be integrated into the cloud environment without any significant impact on system resources and increase in computational cost.展开更多
The proliferation of cloud computing and internet of things has led to the connectivity of states and nations(developed and developing countries)worldwide in which global network provide platform for the connection.Di...The proliferation of cloud computing and internet of things has led to the connectivity of states and nations(developed and developing countries)worldwide in which global network provide platform for the connection.Digital forensics is a field of computer security that uses software applications and standard guidelines which support the extraction of evidences from any computer appliances which is perfectly enough for the court of law to use and make a judgment based on the comprehensiveness,authenticity and objectivity of the information obtained.Cybersecurity is of major concerned to the internet users worldwide due to the recent form of attacks,threat,viruses,intrusion among others going on every day among internet of things.However,it is noted that cybersecurity is based on confidentiality,integrity and validity of data.The aim of this work is make a systematic review on the application of machine learning algorithms to cybersecurity and cyber forensics and pave away for further research directions on the application of deep learning,computational intelligence,soft computing to cybersecurity and cyber forensics.展开更多
With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed...With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed.This paper examines the advancements inDeepfake detection and defense technologies,emphasizing the shift from passive detection methods to proactive digital watermarking techniques.Passive detection methods,which involve extracting features from images or videos to identify forgeries,encounter challenges such as poor performance against unknown manipulation techniques and susceptibility to counter-forensic tactics.In contrast,proactive digital watermarking techniques embed specificmarkers into images or videos,facilitating real-time detection and traceability,thereby providing a preemptive defense againstDeepfake content.We offer a comprehensive analysis of digitalwatermarking-based forensic techniques,discussing their advantages over passivemethods and highlighting four key benefits:real-time detection,embedded defense,resistance to tampering,and provision of legal evidence.Additionally,the paper identifies gaps in the literature concerning proactive forensic techniques and suggests future research directions,including cross-domain watermarking and adaptive watermarking strategies.By systematically classifying and comparing existing techniques,this review aims to contribute valuable insights for the development of more effective proactive defense strategies in Deepfake forensics.展开更多
The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,...The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.展开更多
Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video proces...Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video processing technologies have facilitated the widespread availability of powerful editing tools,such as Deepfakes,enabling anyone to easily create manipulated or fake visual content,which poses an enormous threat to social security and public trust.To verify the authenticity and integrity of images and videos,numerous approaches have been proposed,which are primarily based on content analysis and their effectiveness is susceptible to interference from various image or video post-processing operations.Recent research has highlighted the potential of file containers analysis as a promising forensic approach that offers efficient and interpretable results.However,there is still a lack of review articles on this kind of approach.In order to fill this gap,we present a comprehensive review of file containers-based image and video forensics in this paper.Specifically,we categorize the existing methods into two distinct stages,qualitative analysis and quantitative analysis.In addition,an overall framework is proposed to organize the exiting approaches.Then,the advantages and disadvantages of the schemes used across different forensic tasks are provided.Finally,we outline the trends in this research area,aiming to provide valuable insights and technical guidance for future research.展开更多
Electric Vehicle Charging Systems(EVCS)are increasingly vulnerable to cybersecurity threats as they integrate deeply into smart grids and Internet ofThings(IoT)environments,raising significant security challenges.Most...Electric Vehicle Charging Systems(EVCS)are increasingly vulnerable to cybersecurity threats as they integrate deeply into smart grids and Internet ofThings(IoT)environments,raising significant security challenges.Most existing research primarily emphasizes network-level anomaly detection,leaving critical vulnerabilities at the host level underexplored.This study introduces a novel forensic analysis framework leveraging host-level data,including system logs,kernel events,and Hardware Performance Counters(HPC),to detect and analyze sophisticated cyberattacks such as cryptojacking,Denial-of-Service(DoS),and reconnaissance activities targeting EVCS.Using comprehensive forensic analysis and machine learning models,the proposed framework significantly outperforms existing methods,achieving an accuracy of 98.81%.The findings offer insights into distinct behavioral signatures associated with specific cyber threats,enabling improved cybersecurity strategies and actionable recommendations for robust EVCS infrastructure protection.展开更多
Objective Current autosomal short tandem repeat(STR)assays can analyze the zygotic composition by comparing the allelic genes at each locus of complete hydatidiform moles(CHM),with a maternal genotype serving as an es...Objective Current autosomal short tandem repeat(STR)assays can analyze the zygotic composition by comparing the allelic genes at each locus of complete hydatidiform moles(CHM),with a maternal genotype serving as an essential reference for comparative analysis.However,their application in pathology represents a challenge because of deficiency or contamination of maternal-origin tissues.This study aimed to develop a novel STR genotyping method for identifying CHM genotypes without a maternal component.Methods Samples with the pathologic description of molar pregnancy were collected.Routine hematoxylin–eosin(HE)staining and p57 immunohistochemistry staining were conducted in accordance with standard guidelines.A novel 26-plex system was explored to classify CHM and diploid pregnancies.The system combined 22 STRs on chromosomes 21/18/13/X,3 sex loci,and 1 quality control marker(TAF9L),enabling molecular diagnosis in the absence of maternal tissue.At last,traditional DNA typing based on villi and decidua(maternal component)of each case was used for result consistency analysis.Results CHM and nonmolar abortus could not be distinguished by the basic HE staining with no fetal evidence or other prominent features.DNA typing was successfully processed for all cases according to the novel 26-plex and traditional system.CHM(46XX)diagnosis required single A-STR/X-STR peaks and absent Y-chromosome markers,excluding chromosomal abnormalities via TAF9L analysis.When the villous tissue analysis revealed single peaks at X-STR/SRY loci,a 1:1 amelogenin ratio,and a 2:1 TAF9L peak ratio,these results overlapped with those of 46XY hydropic abortus or CHM.Notably,p57 immunohistochemical staining resolved the ambiguity.Consistency with traditional DNA genotyping confirmed system accuracy.This multiplex assay enhanced reliability in mole diagnosis,supporting clinical differentiation and genetic counseling.Conclusion This study presents a rapid and cost-effective assay for the genotypic identification of CHM without the need for a maternal component.The method combined the characteristics of STR loci distributed across different chromosomes and developed the clinic application of forensic biomarkers.展开更多
In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulat...In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulated images across various domains.One of the pressing challenges stemming from this advancement is the increasing difficulty in discerning between unaltered and manipulated images.This paper offers a comprehensive survey of existing methodologies for detecting image tampering,shedding light on the diverse approaches employed in the field of contemporary image forensics.The methods used to identify image forgery can be broadly classified into two primary categories:classical machine learning techniques,heavily reliant on manually crafted features,and deep learning methods.Additionally,this paper explores recent developments in image forensics,placing particular emphasis on the detection of counterfeit colorization.Image colorization involves predicting colors for grayscale images,thereby enhancing their visual appeal.The advancements in colorization techniques have reached a level where distinguishing between authentic and forged images with the naked eye has become an exceptionally challenging task.This paper serves as an in-depth exploration of the intricacies of image forensics in the modern age,with a specific focus on the detection of colorization forgery,presenting a comprehensive overview of methodologies in this critical field.展开更多
Recently, the digital image blind forensics technology has received an increasing attention in academic community. This paper aims at developing a new identification approach based on the statistical noise and exchang...Recently, the digital image blind forensics technology has received an increasing attention in academic community. This paper aims at developing a new identification approach based on the statistical noise and exchangeable image file format (EXIF) information of image for images authen- tication. In particular, the authors can identify whether the current image has been modified or not by utilizing the relevance between noise and EXIF parameters and comparing the real values with the estimated values of the EXIF parameters. Experimental results validate the proposed method. That is, the detecting system can identify the doctored image effectively.展开更多
As a common medium in our daily life,images are important for most people to gather information.There are also people who edit or even tamper images to deliberately deliver false information under different purposes.T...As a common medium in our daily life,images are important for most people to gather information.There are also people who edit or even tamper images to deliberately deliver false information under different purposes.Thus,in digital forensics,it is necessary to understand the manipulating history of images.That requires to verify all possible manipulations applied to images.Among all the image editing manipulations,recoloring is widely used to adjust or repaint the colors in images.The color information is an important visual information that image can deliver.Thus,it is necessary to guarantee the correctness of color in digital forensics.On the other hand,many image retouching or editing applications or software are equipped with recoloring function.This enables ordinary people without expertise of image processing to apply recoloring for images.Hence,in order to secure the color information of images,in this paper,a recoloring detection method is proposed.The method is based on convolutional neural network which is quite popular in recent years.Unlike the traditional linear classifier,the proposed method can be employed for binary classification as well as multiple labels classification.The classification performance of different structure for the proposed architecture is also investigated in this paper.展开更多
In the paper,a convolutional neural network based on quaternion transformation is proposed to detect median filtering for color images.Compared with conventional convolutional neural network,color images can be proces...In the paper,a convolutional neural network based on quaternion transformation is proposed to detect median filtering for color images.Compared with conventional convolutional neural network,color images can be processed in a holistic manner in the proposed scheme,which makes full use of the correlation between RGB channels.And due to the use of convolutional neural network,it can effectively avoid the one-sidedness of artificial features.Experimental results have shown the scheme’s improvement over the state-of-the-art scheme on the accuracy of color image median filtering detection.展开更多
Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.A...Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.展开更多
As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it ma...As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.展开更多
The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typica...The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.展开更多
The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However,this kind of method is ...The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However,this kind of method is not effective in practice. In fact,memory images are usually acquired by using forensics tools instead of using snapshots. Therefore,the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper,we study the problem in a novel viewpoint. Firstly,several definitions about memory acquisition measure error are introduced to describe the trusty. Then,we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision,which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated,that is,it accounts for the whole error from 30% to 50%.展开更多
Blind forensics of JPEG image tampering as a kind of digital image blind forensics technology is gradually becoming a new research hotspot in the field of image security. Firstly, the main achievements of domestic and...Blind forensics of JPEG image tampering as a kind of digital image blind forensics technology is gradually becoming a new research hotspot in the field of image security. Firstly, the main achievements of domestic and foreign scholars in the blind forensic technology of JPEG image tampering were briefly described. Then, according to the different methods of tampering and detection, the current detection was divided into two types: double JPEG compression detection and block effect inconsistency detection. This paper summarized the existing methods of JPEG image blind forensics detection, and analyzed the two methods. Finally, the existing problems and future research trends were analyzed and prospected to provide further theoretical support for the research of JPEG image blind forensics technology.展开更多
The identification of tissue origin of body fluid can provide clues and evidence for criminal case investigations.To establish an efficient method for identifying body fluid in forensic cases,eight novel body fluid-sp...The identification of tissue origin of body fluid can provide clues and evidence for criminal case investigations.To establish an efficient method for identifying body fluid in forensic cases,eight novel body fluid-specific DNA methylation markers were selected in this study,and a multiplex single base extension reaction(SNaPshot)system for these markers was constructed for the identification of five common body fluids(venous blood,saliva,menstrual blood,vaginal fluid,and semen).The results indicated that the in-house system showed good species specificity,sensitivity,and ability to identify mixed biological samples.At the same time,an artificial body fluid prediction model and two machine learning prediction models based on the support vector machine(SVM)and random forest(RF)algorithms were constructed using previous research data,and these models were validated using the detection data obtained in this study(n=95).The accuracy of the prediction model based on experience was 95.79%;the prediction accuracy of the SVM prediction model was 100.00%for four kinds of body fluids except saliva(96.84%);and the prediction accuracy of the RF prediction model was 100.00%for all five kinds of body fluids.In conclusion,the in-house SNaPshot system and RF prediction model could achieve accurate tissue origin identification of body fluids.展开更多
Digital forensics is the science of identifying, extracting, analyzing and presenting the digital evidence that has been stored in the digital devices. Various digital tools and techniques are being used to achieve th...Digital forensics is the science of identifying, extracting, analyzing and presenting the digital evidence that has been stored in the digital devices. Various digital tools and techniques are being used to achieve this. Our paper explains forensic analysis steps in the storage media, hidden data analysis in the file system, network forensic methods and cyber crime data mining. This paper proposes a new tool which is the combination of digital forensic investigation and crime data mining. The proposed system is designed for finding motive, pattern of cyber attacks and counts of attacks types happened during a period. Hence the proposed tool enables the system administrators to minimize the system vulnerability.展开更多
X-chromosome short tandem repeats(X-STR) analysis has been confirmed to be effective for kinship testing such as in deficiency paternity cases. The aim of this study was to develop a new multiplex polymerase chain r...X-chromosome short tandem repeats(X-STR) analysis has been confirmed to be effective for kinship testing such as in deficiency paternity cases. The aim of this study was to develop a new multiplex polymerase chain reaction(PCR) system that can simultaneously amplify 9 X-STR loci(GATA172D05, DXS10159, DXS6797, HPRTB, DXS10079, DXS6789, DXS9895, DXS10146 and GATA31E08) in the same PCR reaction, and to obtain the database of the 9 X-STR loci in three ethnic populations in China. The genetic data of 815(404 females and 411 males) unrelated Han Chinese from Hubei province, and Yi and Zhuang Chinese from Yunnan province were analyzed by using this multiplex system. The results showed that a total of 93 alleles for all these loci were found, and 7 to 20 alleles for each locus were observed. All of the analyzed loci were in agreement with Hardy-Weinberg equilibrium after Bonferroni correction in the three studied populations. The polymorphism information content(PIC) and power of discrimination(PD) in females were 0.6566–0.8531 and 0.8639–0.9684, respectively. Pairwise comparisons of allele frequency distribution showed significant differences in the most of these loci between different populations. The results indicate that this multiplex system is very useful for forensic analysis of different ethnic populations in China.展开更多
基金supported by the National Natural Science Foundation of China under Grant No.60903166 the National High Technology Research and Development Program of China(863 Program) under Grants No.2012AA012506,No.2012AA012901,No.2012AA012903+9 种基金 Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032 the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065 the Opening Project of Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security) under Grant No.C13613 the China Postdoctoral Science Foundation General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012 the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24 the Beijing Municipal Natural Science Foundation Sponsored by Hunan Postdoctoral Scientific Program Open Research Fund of Beijing Key Laboratory of Trusted Computing Funds for the Central Universities, Contract No.2012JBM030
文摘Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.
基金National Natural Science Foundation of China(No.61602109)Distinguished Young Professor Program of Donghua University,China(No.LZB2019003)+1 种基金Shanghai Science and Technology Innovation Action Plan,China(No.19511101802)Fundamental Research Funds for the Central Universities。
文摘In this age when most organizations make use of cloud computing,it is important to not only protect cloud computing resources from cyber⁃attacks but also investigate these attacks.During forensic investigations in a cloud environment,the investigators fall on service providers for pieces of evidence like log files.The challenge,however,is the integrity of these logs provided by the service providers.To this end,we propose a blockchain⁃based log verification system called BlogVerifier that uses a decentralized approach to solve forensics issues in the cloud.BlogVerifier extracts logs produced in cloud environments,hashes these logs and stores the hashed values as transactional values on the blockchain.The transactions are then merged into blocks and shared on the blockchain.The proposed system also ensures the continuation of an investigation even when the primary source of a log is compromised by using encryption and smart contracts.The proposed system also makes it possible for any stakeholder involved in the forensic process to verify the authenticity of log files.The performance results show that BlogVerifier can be integrated into the cloud environment without any significant impact on system resources and increase in computational cost.
文摘The proliferation of cloud computing and internet of things has led to the connectivity of states and nations(developed and developing countries)worldwide in which global network provide platform for the connection.Digital forensics is a field of computer security that uses software applications and standard guidelines which support the extraction of evidences from any computer appliances which is perfectly enough for the court of law to use and make a judgment based on the comprehensiveness,authenticity and objectivity of the information obtained.Cybersecurity is of major concerned to the internet users worldwide due to the recent form of attacks,threat,viruses,intrusion among others going on every day among internet of things.However,it is noted that cybersecurity is based on confidentiality,integrity and validity of data.The aim of this work is make a systematic review on the application of machine learning algorithms to cybersecurity and cyber forensics and pave away for further research directions on the application of deep learning,computational intelligence,soft computing to cybersecurity and cyber forensics.
基金supported by the National Fund Cultivation Project from China People’s Police University(Grant Number:JJPY202402)National Natural Science Foundation of China(Grant Number:62172165).
文摘With the rapid advancement of visual generative models such as Generative Adversarial Networks(GANs)and stable Diffusion,the creation of highly realistic Deepfake through automated forgery has significantly progressed.This paper examines the advancements inDeepfake detection and defense technologies,emphasizing the shift from passive detection methods to proactive digital watermarking techniques.Passive detection methods,which involve extracting features from images or videos to identify forgeries,encounter challenges such as poor performance against unknown manipulation techniques and susceptibility to counter-forensic tactics.In contrast,proactive digital watermarking techniques embed specificmarkers into images or videos,facilitating real-time detection and traceability,thereby providing a preemptive defense againstDeepfake content.We offer a comprehensive analysis of digitalwatermarking-based forensic techniques,discussing their advantages over passivemethods and highlighting four key benefits:real-time detection,embedded defense,resistance to tampering,and provision of legal evidence.Additionally,the paper identifies gaps in the literature concerning proactive forensic techniques and suggests future research directions,including cross-domain watermarking and adaptive watermarking strategies.By systematically classifying and comparing existing techniques,this review aims to contribute valuable insights for the development of more effective proactive defense strategies in Deepfake forensics.
文摘The smart home platform integrates with Internet of Things(IoT)devices,smartphones,and cloud servers,enabling seamless and convenient services.It gathers and manages extensive user data,including personal information,device operations,and patterns of user behavior.Such data plays an essential role in criminal inves-tigations,highlighting the growing importance of specialized smart home forensics.Given the rapid advancement in smart home software and hardware technologies,many companies are introducing new devices and services that expand the market.Consequently,scalable and platform-specific forensic research is necessary to support efficient digital investigations across diverse smart home ecosystems.This study thoroughly examines the core components and structures of smart homes,proposing a generalized architecture that represents various operational environments.A three-stage smart home forensics framework is introduced:(1)analyzing application functions to infer relevant data,(2)extracting and processing data from interconnected devices,and(3)identifying data valuable for investigative purposes.The framework’s applicability is validated using testbeds from Samsung SmartThings and Xiaomi Mi Home platforms,offering practical insights for real-world forensic applications.The results demonstrate that the proposed forensic framework effectively acquires and classifies relevant digital evidence in smart home platforms,confirming its practical applicability in smart home forensic investigations.
基金supported in part by Natural Science Foundation of Hubei Province of China under Grant 2023AFB016the 2022 Opening Fund for Hubei Key Laboratory of Intelligent Vision Based Monitoring for Hydroelectric Engineering under Grant 2022SDSJ02the Construction Fund for Hubei Key Laboratory of Intelligent Vision Based Monitoring for Hydroelectric Engineering under Grant 2019ZYYD007.
文摘Images and videos play an increasingly vital role in daily life and are widely utilized as key evidentiary sources in judicial investigations and forensic analysis.Simultaneously,advancements in image and video processing technologies have facilitated the widespread availability of powerful editing tools,such as Deepfakes,enabling anyone to easily create manipulated or fake visual content,which poses an enormous threat to social security and public trust.To verify the authenticity and integrity of images and videos,numerous approaches have been proposed,which are primarily based on content analysis and their effectiveness is susceptible to interference from various image or video post-processing operations.Recent research has highlighted the potential of file containers analysis as a promising forensic approach that offers efficient and interpretable results.However,there is still a lack of review articles on this kind of approach.In order to fill this gap,we present a comprehensive review of file containers-based image and video forensics in this paper.Specifically,we categorize the existing methods into two distinct stages,qualitative analysis and quantitative analysis.In addition,an overall framework is proposed to organize the exiting approaches.Then,the advantages and disadvantages of the schemes used across different forensic tasks are provided.Finally,we outline the trends in this research area,aiming to provide valuable insights and technical guidance for future research.
文摘Electric Vehicle Charging Systems(EVCS)are increasingly vulnerable to cybersecurity threats as they integrate deeply into smart grids and Internet ofThings(IoT)environments,raising significant security challenges.Most existing research primarily emphasizes network-level anomaly detection,leaving critical vulnerabilities at the host level underexplored.This study introduces a novel forensic analysis framework leveraging host-level data,including system logs,kernel events,and Hardware Performance Counters(HPC),to detect and analyze sophisticated cyberattacks such as cryptojacking,Denial-of-Service(DoS),and reconnaissance activities targeting EVCS.Using comprehensive forensic analysis and machine learning models,the proposed framework significantly outperforms existing methods,achieving an accuracy of 98.81%.The findings offer insights into distinct behavioral signatures associated with specific cyber threats,enabling improved cybersecurity strategies and actionable recommendations for robust EVCS infrastructure protection.
基金supported by the Key Research and Development Program of Shaanxi(No.S2024-YF-YB-SF-1359).
文摘Objective Current autosomal short tandem repeat(STR)assays can analyze the zygotic composition by comparing the allelic genes at each locus of complete hydatidiform moles(CHM),with a maternal genotype serving as an essential reference for comparative analysis.However,their application in pathology represents a challenge because of deficiency or contamination of maternal-origin tissues.This study aimed to develop a novel STR genotyping method for identifying CHM genotypes without a maternal component.Methods Samples with the pathologic description of molar pregnancy were collected.Routine hematoxylin–eosin(HE)staining and p57 immunohistochemistry staining were conducted in accordance with standard guidelines.A novel 26-plex system was explored to classify CHM and diploid pregnancies.The system combined 22 STRs on chromosomes 21/18/13/X,3 sex loci,and 1 quality control marker(TAF9L),enabling molecular diagnosis in the absence of maternal tissue.At last,traditional DNA typing based on villi and decidua(maternal component)of each case was used for result consistency analysis.Results CHM and nonmolar abortus could not be distinguished by the basic HE staining with no fetal evidence or other prominent features.DNA typing was successfully processed for all cases according to the novel 26-plex and traditional system.CHM(46XX)diagnosis required single A-STR/X-STR peaks and absent Y-chromosome markers,excluding chromosomal abnormalities via TAF9L analysis.When the villous tissue analysis revealed single peaks at X-STR/SRY loci,a 1:1 amelogenin ratio,and a 2:1 TAF9L peak ratio,these results overlapped with those of 46XY hydropic abortus or CHM.Notably,p57 immunohistochemical staining resolved the ambiguity.Consistency with traditional DNA genotyping confirmed system accuracy.This multiplex assay enhanced reliability in mole diagnosis,supporting clinical differentiation and genetic counseling.Conclusion This study presents a rapid and cost-effective assay for the genotypic identification of CHM without the need for a maternal component.The method combined the characteristics of STR loci distributed across different chromosomes and developed the clinic application of forensic biomarkers.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2021R1I1A3049788).
文摘In today’s digital era,the rapid evolution of image editing technologies has brought about a significant simplification of image manipulation.Unfortunately,this progress has also given rise to the misuse of manipulated images across various domains.One of the pressing challenges stemming from this advancement is the increasing difficulty in discerning between unaltered and manipulated images.This paper offers a comprehensive survey of existing methodologies for detecting image tampering,shedding light on the diverse approaches employed in the field of contemporary image forensics.The methods used to identify image forgery can be broadly classified into two primary categories:classical machine learning techniques,heavily reliant on manually crafted features,and deep learning methods.Additionally,this paper explores recent developments in image forensics,placing particular emphasis on the detection of counterfeit colorization.Image colorization involves predicting colors for grayscale images,thereby enhancing their visual appeal.The advancements in colorization techniques have reached a level where distinguishing between authentic and forged images with the naked eye has become an exceptionally challenging task.This paper serves as an in-depth exploration of the intricacies of image forensics in the modern age,with a specific focus on the detection of colorization forgery,presenting a comprehensive overview of methodologies in this critical field.
基金supported by the National Natural Science Foundation of China under Grant Nos.61370195and 11101048Beijing Natural Science Foundation under Grant No.4132060the National Cryptography Development Foundation of China under Grant No.MMJJ201201002
文摘Recently, the digital image blind forensics technology has received an increasing attention in academic community. This paper aims at developing a new identification approach based on the statistical noise and exchangeable image file format (EXIF) information of image for images authen- tication. In particular, the authors can identify whether the current image has been modified or not by utilizing the relevance between noise and EXIF parameters and comparing the real values with the estimated values of the EXIF parameters. Experimental results validate the proposed method. That is, the detecting system can identify the doctored image effectively.
文摘As a common medium in our daily life,images are important for most people to gather information.There are also people who edit or even tamper images to deliberately deliver false information under different purposes.Thus,in digital forensics,it is necessary to understand the manipulating history of images.That requires to verify all possible manipulations applied to images.Among all the image editing manipulations,recoloring is widely used to adjust or repaint the colors in images.The color information is an important visual information that image can deliver.Thus,it is necessary to guarantee the correctness of color in digital forensics.On the other hand,many image retouching or editing applications or software are equipped with recoloring function.This enables ordinary people without expertise of image processing to apply recoloring for images.Hence,in order to secure the color information of images,in this paper,a recoloring detection method is proposed.The method is based on convolutional neural network which is quite popular in recent years.Unlike the traditional linear classifier,the proposed method can be employed for binary classification as well as multiple labels classification.The classification performance of different structure for the proposed architecture is also investigated in this paper.
基金The work was supported in part by the Natural Science Foundation of China under Grants(Nos.61772281,61502241,61272421,61232016,61402235 and 61572258)in part by the Natural Science Foundation of Jiangsu Province,China under Grant BK20141006+1 种基金in part by the Natural Science Foundation of the Universities in Jiangsu Province under Grant 14KJB520024the PAPD fund and the CICAEET fund.
文摘In the paper,a convolutional neural network based on quaternion transformation is proposed to detect median filtering for color images.Compared with conventional convolutional neural network,color images can be processed in a holistic manner in the proposed scheme,which makes full use of the correlation between RGB channels.And due to the use of convolutional neural network,it can effectively avoid the one-sidedness of artificial features.Experimental results have shown the scheme’s improvement over the state-of-the-art scheme on the accuracy of color image median filtering detection.
文摘Since its birth in the early 90 's,digital forensics has been mainly focused on collecting and examining digital evidence from computers and networks that are controlled and owned by individuals or organizations.As cloud computing has recently emerged as a dominant platform for running applications and storing data,digital forensics faces well-known challenges in the cloud,such as data inaccessibility,data and service volatility,and law enforcement lacks control over the cloud.To date,very little research has been done to develop efficient theory and practice for digital forensics in the cloud.In this paper,we present a novel framework,Cloud Foren,which systematically addresses the challenges of forensics in cloud computing.Cloud Foren covers the entire process of digital forensics,from the initial point of complaint to the final point where the evidence is confirmed.The key components of Cloud Foren address some challenges,which are unique to the cloud.The proposed forensic process allows cloud forensic examiner,cloud provider,and cloud customer collaborate naturally.We use two case studies to demonstrate the applicability of Cloud Foren.We believe Cloud Foren holds great promise for more precise and automatic digital forensics in a cloud computing environment.
文摘As the advent and growing popularity of image rendering software,photorealistic computer graphics are becoming more and more perceptually indistinguishable from photographic images.If the faked images are abused,it may lead to potential social,legal or private consequences.To this end,it is very necessary and also challenging to find effective methods to differentiate between them.In this paper,a novel leading digit law,also called Benford's law,based method to identify computer graphics is proposed.More specifically,statistics of the most significant digits are extracted from image's Discrete Cosine Transform(DCT) coefficients and magnitudes of image's gradient,and then the Support Vector Machine(SVM) based classifiers are built.Results of experiments on the image datasets indicate that the proposed method is comparable to prior works.Besides,it possesses low dimensional features and low computational complexity.
基金supported by NSFC(No.61702429)Sichuan Science and Technology Program(No.19yyjc1656).
文摘The multi-purpose forensics is an important tool for forge image detection.In this paper,we propose a universal feature set for the multi-purpose forensics which is capable of simultaneously identifying several typical image manipulations,including spatial low-pass Gaussian blurring,median filtering,re-sampling,and JPEG compression.To eliminate the influences caused by diverse image contents on the effectiveness and robustness of the feature,a residual group which contains several high-pass filtered residuals is introduced.The partial correlation coefficient is exploited from the residual group to purely measure neighborhood correlations in a linear way.Besides that,we also combine autoregressive coefficient and transition probability to form the proposed composite feature which is used to measure how manipulations change the neighborhood relationships in both linear and non-linear way.After a series of dimension reductions,the proposed feature set can accelerate the training and testing for the multi-purpose forensics.The proposed feature set is then fed into a multi-classifier to train a multi-purpose detector.Experimental results show that the proposed detector can identify several typical image manipulations,and is superior to the complicated deep CNN-based methods in terms of detection accuracy and time efficiency for JPEG compressed image with low resolution.
基金Sponsored by the National Natural Science Foundation of China (Grant No.61303199)Natural Science Foundation of Shandong Province (Grant No.ZR2013FQ001 and ZR2011FQ030)+1 种基金Outstanding Research Award Fund for Young Scientists of Shandong Province,China (Grant No.BS2013DX010)Academy of Sciences Youth Fund Project of Shandong Province (Grant No.2013QN007)
文摘The integrity and fidelity of digital evidence are very important in live forensics. Previous studies have focused the uncertainty of live forensics based on different memory snapshots. However,this kind of method is not effective in practice. In fact,memory images are usually acquired by using forensics tools instead of using snapshots. Therefore,the integrity and fidelity of live evidence should be evaluated during the acquisition process. In this paper,we study the problem in a novel viewpoint. Firstly,several definitions about memory acquisition measure error are introduced to describe the trusty. Then,we analyze the experimental error and propose some suggestions on how to reduce it. A novel method is also developed to calculate the system error in detail. The results of a case study on Windows 7 and VMware virtual machine show that the experimental error has good accuracy and precision,which demonstrate the efficacy of the proposed reducing methods. The system error is also evaluated,that is,it accounts for the whole error from 30% to 50%.
文摘Blind forensics of JPEG image tampering as a kind of digital image blind forensics technology is gradually becoming a new research hotspot in the field of image security. Firstly, the main achievements of domestic and foreign scholars in the blind forensic technology of JPEG image tampering were briefly described. Then, according to the different methods of tampering and detection, the current detection was divided into two types: double JPEG compression detection and block effect inconsistency detection. This paper summarized the existing methods of JPEG image blind forensics detection, and analyzed the two methods. Finally, the existing problems and future research trends were analyzed and prospected to provide further theoretical support for the research of JPEG image blind forensics technology.
基金supported by the National Natural Science Foundation of China(Nos.81930055 and 81772031).
文摘The identification of tissue origin of body fluid can provide clues and evidence for criminal case investigations.To establish an efficient method for identifying body fluid in forensic cases,eight novel body fluid-specific DNA methylation markers were selected in this study,and a multiplex single base extension reaction(SNaPshot)system for these markers was constructed for the identification of five common body fluids(venous blood,saliva,menstrual blood,vaginal fluid,and semen).The results indicated that the in-house system showed good species specificity,sensitivity,and ability to identify mixed biological samples.At the same time,an artificial body fluid prediction model and two machine learning prediction models based on the support vector machine(SVM)and random forest(RF)algorithms were constructed using previous research data,and these models were validated using the detection data obtained in this study(n=95).The accuracy of the prediction model based on experience was 95.79%;the prediction accuracy of the SVM prediction model was 100.00%for four kinds of body fluids except saliva(96.84%);and the prediction accuracy of the RF prediction model was 100.00%for all five kinds of body fluids.In conclusion,the in-house SNaPshot system and RF prediction model could achieve accurate tissue origin identification of body fluids.
文摘Digital forensics is the science of identifying, extracting, analyzing and presenting the digital evidence that has been stored in the digital devices. Various digital tools and techniques are being used to achieve this. Our paper explains forensic analysis steps in the storage media, hidden data analysis in the file system, network forensic methods and cyber crime data mining. This paper proposes a new tool which is the combination of digital forensic investigation and crime data mining. The proposed system is designed for finding motive, pattern of cyber attacks and counts of attacks types happened during a period. Hence the proposed tool enables the system administrators to minimize the system vulnerability.
文摘X-chromosome short tandem repeats(X-STR) analysis has been confirmed to be effective for kinship testing such as in deficiency paternity cases. The aim of this study was to develop a new multiplex polymerase chain reaction(PCR) system that can simultaneously amplify 9 X-STR loci(GATA172D05, DXS10159, DXS6797, HPRTB, DXS10079, DXS6789, DXS9895, DXS10146 and GATA31E08) in the same PCR reaction, and to obtain the database of the 9 X-STR loci in three ethnic populations in China. The genetic data of 815(404 females and 411 males) unrelated Han Chinese from Hubei province, and Yi and Zhuang Chinese from Yunnan province were analyzed by using this multiplex system. The results showed that a total of 93 alleles for all these loci were found, and 7 to 20 alleles for each locus were observed. All of the analyzed loci were in agreement with Hardy-Weinberg equilibrium after Bonferroni correction in the three studied populations. The polymorphism information content(PIC) and power of discrimination(PD) in females were 0.6566–0.8531 and 0.8639–0.9684, respectively. Pairwise comparisons of allele frequency distribution showed significant differences in the most of these loci between different populations. The results indicate that this multiplex system is very useful for forensic analysis of different ethnic populations in China.
