当前期刊: Digital Investigation Go to current issue    加入关注    本刊投稿指南
显示样式:        排序: IF: - GO 导出
  • Data acquisition methods using backup data decryption of Sony smartphones
    Digit. Investig. (IF 1.736) Pub Date : 2019-12-04
    Uk Hur, Myungseo Park, Giyoon Kim, Younjai Park, Insoo Lee, Jongsung Kim

    As the storage capacity of smartphones increases, more user data such as call logs, SMS records, media data, and instant messages are stored in smartphones. Therefore, it is important in digital investigation to acquire smartphones containing the personal information of users. However, even when a prime suspect's smartphone is acquired, it is difficult to extract user data without obtaining root privilege

  • Identifying suspicious addresses in Bitcoin thefts
    Digit. Investig. (IF 1.736) Pub Date : 2019-12-04
    Yan Wu, Anthony Luo, Dianxiang Xu

    Bitcoin as a popular digital currency has been a target of theft and other illegal activities. Key to the forensic investigation is to identify bitcoin addresses involved in the bitcoin transfers. This paper presents a framework, FABT, for forensic analysis of bitcoin transactions by identifying suspicious bitcoin addresses. It formalizes the clues of a given case as transaction patterns defined over

  • Reconstructing cached video stream content:- Part 2
    Digit. Investig. (IF 1.736) Pub Date : 2019-12-04
    Graeme Horsman

    In 2018, Horsman (2018a; 2018b) provided guidance for the reconstruction of cached stream remnants following use of the Periscope, Facebook Live and YouTube platforms. These works confirmed that video stream content can be cached to a local device when viewed via an Internet browser, and that following the provided methodology, video content can be rebuilt for subsequent viewing. This work provides

  • An examination of gaming platform policies for law enforcement support
    Digit. Investig. (IF 1.736) Pub Date : 2019-12-04
    Ruth Threadgall, Graeme Horsman

    The problems faced with regulating social media platforms are well known and documented, where frequent abuses of these platforms occur. In addition to this issue, the use of gaming platforms and their inbuilt communication facilities to carry out malicious acts including hate crimes and grooming is now an increasing concern. The regulation of gaming applications is now arguably a necessity with acts

  • Worldwide analysis of crimes by the traces of their online media coverage: The case of jewellery store robberies
    Digit. Investig. (IF 1.736) Pub Date : 2019-12-04
    Giulia Margagliotti, Timothy Bollé, Quentin Rossy

    This empirical study aims to determine whether online media coverage can be used to gather intelligence on specific crimes worldwide. The quality of online news is evaluated as an indicator of the worldwide distribution of jewelry store robberies. This phenomenon was selected because evaluating the risk of criminal events at the global level is a challenge for private companies, who need to settle

  • How to detect cryptocurrency miners? By traffic forensics!
    Digit. Investig. (IF 1.736) Pub Date : 2019-08-22
    Vladimír Veselý, Martin Žádník

    Cryptocurrencies set a new trend for a financial interaction between people. In order to successfully meet this use-case, cryptocurrencies combine various advanced information technologies (e.g., blockchain as a replicated database, asymmetrical ciphers and hashes guaranteeing integrity properties, peer-to-peer networking providing fault-tolerant service). Mining process not only introduces new cryptocurrency

  • A formal model for event reconstruction in digital forensic investigation
    Digit. Investig. (IF 1.736) Pub Date : 2019-08-13
    Somayeh Soltani, Seyed Amin Hosseini Seno

    Event reconstruction is an important phase in digital forensic investigation, which determines what happened during the incident. The digital investigator uses the findings of this phase to prepare reports for the court. Since the results must be reproducible and verifiable, it is necessary that the event reconstruction methods be rigorous and strict. In order to fulfill the legal requirements, this

  • Distributed password cracking with BOINC and hashcat
    Digit. Investig. (IF 1.736) Pub Date : 2019-08-08
    Radek Hranický, Lukáš Zobal, Ondřej Ryšavý, Dušan Kolář

    Considering today's challenges in digital forensics, for password cracking, distributed computing is a necessity. If we limit the selection of password-cracking tools strictly to open-source software, hashcat tool unambiguously wins in speed, repertory of supported hash formats, updates, and community support. Though hashcat itself is by design a single-machine solution, its interface makes it possible

  • Methods for detecting manipulations in 3D scan data
    Digit. Investig. (IF 1.736) Pub Date : 2019-08-02
    Kevin Ponto, Simon Smith, Ross Tredinnick

    While interest in using 3D scanning technology for crime scene investigation (CSI) has grown in recent years, a number of barriers still remain that prevent its wide adoption in the criminal justice system. One such barrier comes from the lack of tools that can validate a 3D scan and verify that it has not been manipulated. While a great deal of research has gone into the detection of manipulations

  • Automatic cephalometric landmarks detection on frontal faces: An approach based on supervised learning techniques
    Digit. Investig. (IF 1.736) Pub Date : 2019-08-02
    Lucas Faria Porto, Laise Nascimento Correia Lima, Marta Regina Pinheiro Flores, Andrea Valsecchi, Oscar Ibanez, Carlos Eduardo Machado Palhares, Flavio de Barros Vidal

    Facial landmarks are employed in many research areas, including facial recognition, craniofacial identification, age and sex estimation being the most important. In forensics, the focus is on the analysis of a particular set of facial landmarks, defined as cephalometric landmarks. Previous studies demonstrated that the descriptive adequacy of these anatomical references for indirect application (photo-anthropometric

  • Automated recovery of damaged audio files using deep neural networks
    Digit. Investig. (IF 1.736) Pub Date : 2019-08-01
    Hee-Soo Heo, Byung-Min So, IL-Ho Yang, Sung-Hyun Yoon, Ha-Jin Yu

    In this paper, we propose two methods to recover damaged audio files using deep neural networks. The presented audio file recovery methods differ from the conventional file carving-based recovery method because the former restore lost data, which are difficult to recover with the latter method. This research suggests that recovery tasks, which are essential yet very difficult or very time consuming

  • Reverse engineering of ReFS
    Digit. Investig. (IF 1.736) Pub Date : 2019-07-23
    Rune Nordvik, Henry Georges, Fergus Toolan, Stefan Axelsson

    File system forensics is an important part of Digital Forensics. Investigators of storage media have traditionally focused on the most commonly used file systems such as NTFS, FAT, ExFAT, Ext2-4, HFS+, APFS, etc. NTFS is the current file system used by Windows for the system volume, but this may change in the future. In this paper we will show the structure of the Resilient File System (ReFS), which

  • Crime control in the sphere of information technologies in the Republic of Turkey
    Digit. Investig. (IF 1.736) Pub Date : 2019-07-23
    Aliya Shukan, Aitugan Abdizhami, Gulnar Ospanova, Dana Abdakimova

    Cybercrime is considered an issue of both local and global concern. Therefore, this study focuses on the local experience in cybercrime control of different countries, including the Republic of Turkey. The article discusses issues in cybersecurity policy and analyzes the legislative framework of the Republic of Turkey on cybercrime issues. The findings underlie the continuing education policy for cybersecurity

  • Digital behavioral-fingerprint for user attribution in digital forensics: Are we there yet?
    Digit. Investig. (IF 1.736) Pub Date : 2019-07-22
    Adeyemi R. Ikuesan, Hein S. Venter

    the need for a reliable and complementary identifier mechanism in a digital forensic analysis is the focus of this study. Mouse dynamics have been applied in information security studies, particularly, continuous authentication and authorization. However, the method applied in security is void of specific behavioral signature of a user, which inhibits its applicability in digital forensic science.

  • Standardization of file recovery classification and authentication
    Digit. Investig. (IF 1.736) Pub Date : 2019-07-20
    Eoghan Casey, Alex Nelson, Jessica Hyde

    Digital forensics can no longer tolerate software that cannot be relied upon to perform specific functions such as file recovery. Indistinct and non-standardized results increase the risk of misinterpretation by digital forensic practitioners, and hinder automated correlation of file recovery results in forensic analysis and tool testing. Treating file recovery results in a clear, distinct manner helps

  • A comprehensive micro unmanned aerial vehicle (UAV/Drone) forensic framework
    Digit. Investig. (IF 1.736) Pub Date : 2019-07-11
    Ankit Renduchintala, Farha Jahan, Raghav Khanna, Ahmad Y. Javaid

    In the early 1990s, unmanned aerial vehicles (UAV) were used exclusively in military applications by various developed countries. Now with its ease of availability and affordability in the electronic device market, this aerial vehicular technology has augmented its familiarity in public and has expanded its usage to countries all over the world. However, expanded use of UAVs, colloquially known as

  • Investigating the incidence of sexual assault in martial arts coaching using media reports
    Digit. Investig. (IF 1.736) Pub Date : 2019-07-06
    William F. Murphy

    The rapidly expanding martial arts industry, which is presently unregulated within the United States, has seen multiple coaches convicted of sex offenses in recent years. However, there is currently no existing literature on sexual assault within the martial arts industry. We used major search platforms to collect media reports concerning martial arts coaches who were convicted of sex offenses within

  • Digital forensic artifacts of the Your Phone application in Windows 10
    Digit. Investig. (IF 1.736) Pub Date : 2019-06-26
    Patricio Domingues, Miguel Frade, Luis Miguel Andrade, João Victor Silva

    Your Phone is a Microsoft system that comprises two applications: a smartphone app for Android 7 + smartphones and a desktop application for Windows 10/18.03+. It allows users to access their most recent smartphone-stored photos/screenshots and send/receive short message service (SMS) and multimedia messaging service (MMS) within their Your Phone-linked Windows 10 personal computers. In this paper

  • PRNU based source camera attribution for image sets anonymized with patch-match algorithm
    Digit. Investig. (IF 1.736) Pub Date : 2019-06-21
    Ahmet Karaküçük, A. Emir Dirik

    Patch-Match is an efficient algorithm used for structural image editing and available as a tool on popular commercial photo-editing software. The tool allows users to insert or remove objects from photos using information from similar scene content. Recently, a modified version of this algorithm was proposed as a counter-measure against Photo-Response Non-Uniformity (PRNU) based Source Camera Identification

  • Detection of frame deletion in HEVC-Coded video in the compressed domain
    Digit. Investig. (IF 1.736) Pub Date : 2019-06-19
    Jin Hyung Hong, Yoonmo Yang, Byung Tae Oh

    In this paper, we propose an algorithm for detecting frame deletion in HEVC-coded video in the compressed domain. Specifically, we focus on the frame type changes occurring upon frame deletion, which cause slight differences between the coding patterns in original and forged video. Then, we identify discriminating coding patterns for use as features, which are classified by machine learning classifiers

  • Classifying suspicious content in tor darknet through Semantic Attention Keypoint Filtering
    Digit. Investig. (IF 1.736) Pub Date : 2019-06-08
    Eduardo Fidalgo, Enrique Alegre, Laura Fernández-Robles, Víctor González-Castro

    One of the tasks Law Enforcement Agencies are responsible for is to find evidence of criminal activities in the Darknet. However, visiting thousands of domains to locate visual information containing illicit acts manually requires a considerable amount of time and human resources. To support this task, in this paper, we explore the automatic classification of images uploaded to Tor darknet. Unfortunately

  • Differentiating synthetic and optical zooming for passive video forgery detection: An anti-forensic perspective
    Digit. Investig. (IF 1.736) Pub Date : 2019-05-18
    K. Sitara, B.M. Mehtre

    A video can be manipulated using synthetic zooming without using the state-of-the-art video forgeries. Synthetic zooming is performed by upscaling individual frames of a video with varying scale factors followed by cropping them to the original frame size. These manipulated frames resemble genuine natural (optical) camera zoomed frames and hence may be misclassified as a pristine video by video forgery

  • Removing epoxy underfill between neighbouring components using acid for component chip-off
    Digit. Investig. (IF 1.736) Pub Date : 2019-04-22
    Th Heckmann, J.P. McEvoy, K. Markantonakis, R.N. Akram, D. Naccache

    In addition to traditional high temperature eutectic soldering, the use of underfill epoxy to glue the electronic components to the PCB (memory, CPU, cryptographic chips) has now become the norm among mobile phone manufacturers, e.g. Apple, BlackBerry and Samsung. Currently, this technique is the best solution to protect components against various mechanical stresses and improve reliability. Unfortunately

  • Decrease of energy deposited during laser decapsulation attacks by dyeing and pigmenting the ECA: Application to the forensic micro-repair of wire bonding
    Digit. Investig. (IF 1.736) Pub Date : 2019-04-22
    Th. Heckmann, Th. Souvignet, D. Naccache

    Polymeric adhesives are of interest in the digital forensics domain. They can be used to perform more or less complex repairs or even to realise advanced man-in-the-middle attacks in order to carry out reverse engineering of secure systems (Heckmann et al., 2017). The main aim of this paper is to develop a technique that makes polymeric adhesives sensitive to laser decapsulation attacks while decreasing

  • Ten years of critical review on database forensics research
    Digit. Investig. (IF 1.736) Pub Date : 2019-04-11
    Rupali Chopade, V.K. Pachghare

    The database is at the heart of any digital application. With the increased use of high-tech applications, the database is used to store important and sensitive information. Sensitive information storage leads to crimes related to computer activities. Digital forensics is an investigation process to discover any un-trusted or malicious movement, which can be presented as testimony in a court of law

  • A multilayered semantic framework for integrated forensic acquisition on social media
    Digit. Investig. (IF 1.736) Pub Date : 2019-04-11
    Humaira Arshad, Aman Jantan, Gan Keng Hoon, Anila Sahar Butt

    In recent years, examination of the social media networks has become an integral part of investigations. Law enforcement agencies and legal practitioners frequently utilize social networks to quickly access the information related to the participants of any illicit incident. However, the forensic process needs collection and analysis of the information which is immense, heterogeneous, and spread across

  • Forensic analysis of Microsoft Skype for Business
    Digit. Investig. (IF 1.736) Pub Date : 2019-04-05
    Marco Nicoletti, Massimo Bernaschi

    We present three case studies to illustrate a methodology for conducting forensics investigation on Microsoft Skype for Business. The proposed methodology helps to retrieve information on chat and audio communications made by any account who accessed the PC, to retrieve IP addresses and communication routes for all the participants of a call, and to retrieve forensics evidence to identify the end-user

  • A Forensic Audit of the Tor Browser Bundle
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-30
    Matt Muir, Petra Leimich, William J. Buchanan

    The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator

  • Cognitive and human factors in digital forensics: Problems, challenges, and the way forward
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-29
    Nina Sunde, Itiel E. Dror

    Digital forensics is an important and growing forensic domain. Research on miscarriages of justice and misleading evidence, as well as various inquires in the UK and the US, have highlighted human error as an issue within forensic science. This has led to increased attention to the sources of cognitive bias and potential countermeasures within many forensic disciplines. However, the area of digital

  • Decrypting live SSH traffic in virtual environments
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-29
    Peter McLaren, Gordon Russell, William J. Buchanan, Zhiyuan Tan

    Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDecrypt framework to investigate the discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual

  • A review of digital video tampering: From simple editing to full synthesis
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-22
    Pamela Johnston, Eyad Elyan

    Video tampering methods have witnessed considerable progress in recent years. This is partly due to the rapid development of advanced deep learning methods, and also due to the large volume of video footage that is now in the public domain. Historically, convincing video tampering has been too labour intensive to achieve on a large scale. However, recent developments in deep learning-based methods

  • PRNU-based source device attribution for YouTube videos
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-21
    Emmanuel Kiegaing Kouokam, Ahmet Emir Dirik

    Photo Response Non-Uniformity (PRNU) is a camera imaging sensor imperfection which has earned a great interest for source device attribution of digital videos. A majority of recent researches about PRNU-based source device attribution for digital videos do not take into consideration the effects of video compression on the PRNU noise in video frames, but rather consider video frames as isolated images

  • CaseNote: Mobile phone call data obfuscation & techniques for call correlation
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-20
    Angus M. Marshall, Peter Miller

    The use of call data records (CDRs) to establish links between suspects is well known and understood. In a number of major enquiries in the UK, however, it was found that CDRs contained apparently erroneous or nonsensical data which prevented the use of well-established techniques based on caller IDs contained within CDRs. Further analysis suggested that some form of number “spoofing” was being used

  • Source smartphone identification by exploiting encoding characteristics of recorded speech
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-20
    Chao Jin, Rangding Wang, Diqun Yan

    Source device identification has become a hot topic in multimedia forensics recently. In this paper, a novel method is proposed for source smartphone identification by using encoding characteristics as the intrinsic fingerprint of recording devices. The encoding characteristics for the smartphones of 24 popular models derived from 7 mainstream brands are investigated and statistical features of some

  • Forensic analysis of Nucleus RTOS on MTK smartwatches
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-19
    J. Gregorio, B. Alarcos, A. Gardel

    Embedded personal devices as smartwatches can be a valuable source of information for the investigation of criminal acts, as they can store contact data, call records, instant messages, multimedia files and so, without requiring access to the connected smartphone. This paper presents the acquisition and forensic analysis done on different non-android smartwatches equipped with a low-cost MTK chip.

  • A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-15
    Asanka Sayakkara, Nhien-An Le-Khac, Mark Scanlon

    The increasing prevalence of Internet of Things (IoT) devices has made it inevitable that their pertinence to digital forensic investigations will increase into the foreseeable future. These devices produced by various vendors often posses limited standard interfaces for communication, such as USB ports or WiFi/Bluetooth wireless interfaces. Meanwhile, with an increasing mainstream focus on the security

  • Forensic signature for tracking storage devices: Analysis of UEFI firmware image, disk signature and windows artifacts
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-05
    Doowon Jeong, Sangjin Lee

    Tracking storage devices is one of the important fields in digital forensics. The existing methods and tools about registry, event log or IconCache analysis help solving cases on confidential leakage, illegal copying, and security incident cases. However, previous approach has drawback in tracking storage devices such as HDD, SSD, and etc since it was based on the good performance of USB device tracking

  • A survey on forensic investigation of operating system logs
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-04
    Hudan Studiawan, Ferdous Sohel, Christian Payne

    Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event

  • Frameup: An incriminatory attack on Storj: A peer to peer blockchain enabled distributed storage system
    Digit. Investig. (IF 1.736) Pub Date : 2019-03-02
    Xiaolu Zhang, Justin Grannis, Ibrahim Baggili, Nicole Lang Beebe

    In this work we present a primary account of frameup, an incriminatory attack made possible because of existing implementations in distributed peer to peer storage. The frameup attack shows that an adversary has the ability to store unencrypted data on the hard drives of people renting out their hard drive space. This is important to forensic examiners as it opens the door for possibly framing an innocent

  • An analysis of optical contributions to a photo-sensor's ballistic fingerprints
    Digit. Investig. (IF 1.736) Pub Date : 2019-02-14
    R. Matthews, M. Sorell, N. Falkner

    Lens aberrations have previously been used to determine the provenance of an image. However, this is not necessarily unique to an image sensor, as lens systems are often interchanged. Photo-response non-uniformity noise was proposed in 2005 by Lukáš, Goljan and Fridrich as a stochastic signal which describes a sensor uniquely, akin to a “ballistic” fingerprint. This method, however, did not account

  • Evidence collection and forensics on social networks: Research challenges and directions
    Digit. Investig. (IF 1.736) Pub Date : 2019-02-10
    Humaira Arshad, Aman Jantan, Esther Omolara

    Social Media (SM) evidence is a new and rapidly emerging frontier in digital forensics. The trail of digital information on social media, if explored correctly, can offer remarkable support in criminal investigations. However, exploring social media for potential evidence and presenting these proofs in court is not a straightforward task. Social media evidence must be collected by a legally and scientifically

  • Tool testing and reliability issues in the field of digital forensics
    Digit. Investig. (IF 1.736) Pub Date : 2019-02-01
    Graeme Horsman

    The digital forensic discipline is wholly reliant upon software applications and tools designed and marketed for the acquisition, display and interpretation of digital data. The results of any subsequent investigation using such tools must be reliable and repeatable whilst supporting the establishment of fact, allowing criminal justice proceedings the ability to digest any findings during the process

  • Developing a ‘router examination at scene’ standard operating procedure for crime scene investigators in the United Kingdom
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-30
    Graeme Horsman, Benjamin Findlay, Tim James

    As the majority of dwellings now maintain some form of Internet connectivity, the examination of routers at crime scenes is an increasing requirement. Due to cost and resourcing constraints, police forces are looking to transfer responsibility for carrying out this task to front line crime scene investigators, despite such staff typically lacking specialist training for this type of examination. Such

  • Decrypting password-based encrypted backup data for Huawei smartphones
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-29
    Myungseo Park, Giyoon Kim, Younjai Park, Insoo Lee, Jongsung Kim

    Digital investigators sometimes obtain key evidence by extracting user data from the smartphones of suspects. However, it is becoming more difficult to extract user data from smartphones, due to continuous updates and the use of data encryption functions, such as Full Disk Encryption (FDE) and File Based Encryption (FBE). Backup data are usually stored in an encrypted form, in order to protect user

  • Unauthorized access crime in Jordanian law (comparative study)
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-28
    Hamzeh abu issa, Mahmoud Ismail, Omar Aamar

    This research cared about clarifying the legal provisions of the unauthorized access crime contained in article 3 of the Jordanian Cybercrime act of 2015 and comparing it to other Arabic legislations and French law as well as clarifying the position of international conventions on this crime. The analysis of the crime included clarifying its elements, its sanction and the aggravating circumstances

  • Formalising investigative decision making in digital forensics: Proposing the Digital Evidence Reporting and Decision Support (DERDS) framework
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-25
    Graeme Horsman

    In the field of digital forensics it is crucial for any practitioner to possess the ability to make reliable investigative decisions which result in the reporting of credible evidence. This competency should be considered a core attribute of a practitioner’s skill set and it is often taken for granted that all practitioners possess this ability; in reality this is not the case. A lack of dedicated

  • Investigating spotlight internals to extract metadata
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-21
    Yogesh Khatri

    Index based desktop search tools have become the primary means for finding files or launching applications on desktop computer systems. Every major operating system ships with one. Spotlight is the default desktop search app on macOS (formerly OSX) that searches files based on metadata and content. This paper explores the format of the spotlight metadata cache database and opens up another avenue of

  • Mal-Flux: Rendering hidden code of packed binary executable
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-21
    Charles Lim, Suryadi, Kalamullah Ramli, Yohanes Syailendra Kotualubun

    A binary packer has commonly been used to protect the original code inside the binary executables from being detected as malicious code by anti-malware software. Various methods of unpacking packed binary executables have been extensively studied, and several unpacking approaches have been proposed. Some of these solutions depend on various assumptions, which may limit their effectiveness. Here, a

  • Sifting through the ashes: Amazon Fire TV stick acquisition and analysis
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-14
    M. Hadgkiss, S. Morris, S. Paget

    The Amazon Fire TV Stick is a popular device that is the centre of entertainment for many homes. Its collection of functions and features generates a considerable amount of data, giving this device the potential to be included in a multiple investigations. Highlighting a clear requirement for a forensic analysis of the device. Previous research of smart entertainment devices focuses on the larger areas

  • Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-10
    Auqib Hamid Lone, Roohie Naaz Mir

    Advancements in Information Technology landscape over the past two decades have made the collection, preservation, and analysis of digital evidence an extremely important tool for solving cybercrimes and preparing court cases. Digital evidence plays an important role in cybercrime investigation, as it is used to link individuals with criminal activities. Thus it is of utmost importance to guarantee

  • A universal taxonomy and survey of forensic memory acquisition techniques
    Digit. Investig. (IF 1.736) Pub Date : 2019-01-08
    Tobias Latzo, Ralph Palutke, Felix Freiling

    Main memory analysis plays an increasingly important role in today's digital forensic analysis. It can be used to retrieve encryption keys or to analyze malware that solely resides in RAM. Typically, the memory is acquired prior to analysis. As of today, there exist a large number of different techniques and tools to accomplish this task that all have their own advantages and disadvantages and appear

  • Timeline2GUI: A Log2Timeline CSV parser and training scenarios
    Digit. Investig. (IF 1.736) Pub Date : 2018-12-31
    Mark Debinski, Frank Breitinger, Parvathy Mohan

    Crimes involving digital evidence are getting more complex due to the increasing storage capacities and utilization of devices. Event reconstruction (i.e., understanding the timeline) is an essential step for investigators to understand a case where a prominent tool is Log2Timeline (a tool that creates super timelines which is a combination of several log files and events throughout a system). While

  • Detecting bot-infected machines using DNS fingerprinting
    Digit. Investig. (IF 1.736) Pub Date : 2018-12-28
    Manmeet Singh, Maninder Singh, Sanmeet Kaur

    The never-ending menace of botnet is causing many serious problems on the Internet. Although there are significant efforts on detecting botnet at the global level which rely heavily on finding failed queries and domain flux information for botnet detection, there are very few efforts being made to detect bot infection at an enterprise level. Detecting bot-infected machines is vital for any organization

  • Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes
    Digit. Investig. (IF 1.736) Pub Date : 2018-12-15
    Noora Al Mutawa, Joanne Bryce, Virginia N.L. Franqueira, Andrew Marrington, Janet C. Read

    The state-of-the-art and practice show an increased recognition, but limited adoption, of Behavioural Evidence Analysis (BEA) within the Digital Forensics (DF) investigation process. Yet, there is currently no BEA-driven process model and guidelines for DF investigators to follow in order to take advantage of such an approach. This paper proposes the Behavioural Digital Forensics Model to fill this

  • Attacks on the confidentiality, integrity and availability of data and computer systems in the criminal case law of the Czech Republic
    Digit. Investig. (IF 1.736) Pub Date : 2018-12-07
    Tomáš Gřivna, Jakub Drápal

    Uncovering attacks on data and computer systems and those responsible for them is one of the contemporary problems that the authorities involved in criminal proceedings have to deal with. Where this sort of cybercrime is concerned we can expect not only high levels of latency but also a low clear-up rate for crimes on file. This paper demonstrates this using the example of the Czech Republic, by providing

  • Geographic profiling for serial cybercrime investigation
    Digit. Investig. (IF 1.736) Pub Date : 2018-12-03
    Asmir Butkovic, Sasa Mrdovic, Suleyman Uludag, Anel Tanovic

    Today’s cybercrimes are much more difficult to detect and prosecute than traditional crimes. In the investigation of cybercrimes, law enforcement agencies follow similar techniques to traditional crimes that, however, have to be modified to meet the unique conditions and requirements of virtual space. This paper examines cybercrime profiling techniques prevalent today, and focuses on the feasibility

  • A preliminary assessment of latent fingerprint evidence damage on mobile device screens caused by digital forensic extractions
    Digit. Investig. (IF 1.736) Pub Date : 2018-10-11
    Graeme Horsman, Helen Page, Peter Beveridge

    Mobile devices continue to feature heavily in criminal investigations and often bear multiple forms of potentially relevant evidence. In the context of identifying the owner of a device, both latent fingerprints and resident digital data may be crucial to investigations, yet each individual process may have a detrimental impact on the other. Fingerprint development techniques are known to impact device

  • Dynamic analysis with Android container: Challenges and opportunities
    Digit. Investig. (IF 1.736) Pub Date : 2018-10-05
    Ngoc-Tu Chau, Souhwan Jung

    Until now, researchers have been analyzing Android applications dynamically with the use of either emulators or real devices. Emulators are an option that testers currently have to achieve scalability. Besides, these approaches can also take snapshots which help to revert back to a known state in a matter of seconds. However, emulators are often slow in performance and contain heuristic emulation traces

  • A malware classification method based on memory dump grayscale image
    Digit. Investig. (IF 1.736) Pub Date : 2018-09-25
    Yusheng Dai, Hui Li, Yekui Qian, Xidong Lu

    Effective analysis of malware is of great significance in guaranteeing the reliability of the system operation. Malware can easily escape from existing dynamic analysis methods. Aiming at the deficiencies of current methods for detecting malware dynamically, a method of using hardware features is proposed, namely, a memory dump file is extracted and converted into a grayscale image, the image is converted

  • The darknet's smaller than we thought: The life cycle of Tor Hidden Services
    Digit. Investig. (IF 1.736) Pub Date : 2018-09-22
    Gareth Owenson, Sarah Cortes, Andrew Lewman

    The Tor Darknet is a pseudo-anonymous place to host content online frequently used by criminals to sell narcotics and to distribute illicit material. Many studies have attempted to estimate the size of the darknet, but this paper will show that previous estimates on size are inaccurate due to hidden service lifecycle. The first examination of its kind will be presented on the differences between short-lived

Contents have been reproduced by permission of the publishers.
Springer 纳米技术权威期刊征稿
ACS ES&T Engineering
ACS ES&T Water