-
Data acquisition methods using backup data decryption of Sony smartphones Digit. Investig. (IF 1.736) Pub Date : 2019-12-04 Uk Hur, Myungseo Park, Giyoon Kim, Younjai Park, Insoo Lee, Jongsung Kim
As the storage capacity of smartphones increases, more user data such as call logs, SMS records, media data, and instant messages are stored in smartphones. Therefore, it is important in digital investigation to acquire smartphones containing the personal information of users. However, even when a prime suspect's smartphone is acquired, it is difficult to extract user data without obtaining root privilege
-
Identifying suspicious addresses in Bitcoin thefts Digit. Investig. (IF 1.736) Pub Date : 2019-12-04 Yan Wu, Anthony Luo, Dianxiang Xu
Bitcoin as a popular digital currency has been a target of theft and other illegal activities. Key to the forensic investigation is to identify bitcoin addresses involved in the bitcoin transfers. This paper presents a framework, FABT, for forensic analysis of bitcoin transactions by identifying suspicious bitcoin addresses. It formalizes the clues of a given case as transaction patterns defined over
-
Reconstructing cached video stream content:- Part 2 Digit. Investig. (IF 1.736) Pub Date : 2019-12-04 Graeme Horsman
In 2018, Horsman (2018a; 2018b) provided guidance for the reconstruction of cached stream remnants following use of the Periscope, Facebook Live and YouTube platforms. These works confirmed that video stream content can be cached to a local device when viewed via an Internet browser, and that following the provided methodology, video content can be rebuilt for subsequent viewing. This work provides
-
An examination of gaming platform policies for law enforcement support Digit. Investig. (IF 1.736) Pub Date : 2019-12-04 Ruth Threadgall, Graeme Horsman
The problems faced with regulating social media platforms are well known and documented, where frequent abuses of these platforms occur. In addition to this issue, the use of gaming platforms and their inbuilt communication facilities to carry out malicious acts including hate crimes and grooming is now an increasing concern. The regulation of gaming applications is now arguably a necessity with acts
-
Worldwide analysis of crimes by the traces of their online media coverage: The case of jewellery store robberies Digit. Investig. (IF 1.736) Pub Date : 2019-12-04 Giulia Margagliotti, Timothy Bollé, Quentin Rossy
This empirical study aims to determine whether online media coverage can be used to gather intelligence on specific crimes worldwide. The quality of online news is evaluated as an indicator of the worldwide distribution of jewelry store robberies. This phenomenon was selected because evaluating the risk of criminal events at the global level is a challenge for private companies, who need to settle
-
How to detect cryptocurrency miners? By traffic forensics! Digit. Investig. (IF 1.736) Pub Date : 2019-08-22 Vladimír Veselý, Martin Žádník
Cryptocurrencies set a new trend for a financial interaction between people. In order to successfully meet this use-case, cryptocurrencies combine various advanced information technologies (e.g., blockchain as a replicated database, asymmetrical ciphers and hashes guaranteeing integrity properties, peer-to-peer networking providing fault-tolerant service). Mining process not only introduces new cryptocurrency
-
A formal model for event reconstruction in digital forensic investigation Digit. Investig. (IF 1.736) Pub Date : 2019-08-13 Somayeh Soltani, Seyed Amin Hosseini Seno
Event reconstruction is an important phase in digital forensic investigation, which determines what happened during the incident. The digital investigator uses the findings of this phase to prepare reports for the court. Since the results must be reproducible and verifiable, it is necessary that the event reconstruction methods be rigorous and strict. In order to fulfill the legal requirements, this
-
Distributed password cracking with BOINC and hashcat Digit. Investig. (IF 1.736) Pub Date : 2019-08-08 Radek Hranický, Lukáš Zobal, Ondřej Ryšavý, Dušan Kolář
Considering today's challenges in digital forensics, for password cracking, distributed computing is a necessity. If we limit the selection of password-cracking tools strictly to open-source software, hashcat tool unambiguously wins in speed, repertory of supported hash formats, updates, and community support. Though hashcat itself is by design a single-machine solution, its interface makes it possible
-
Methods for detecting manipulations in 3D scan data Digit. Investig. (IF 1.736) Pub Date : 2019-08-02 Kevin Ponto, Simon Smith, Ross Tredinnick
While interest in using 3D scanning technology for crime scene investigation (CSI) has grown in recent years, a number of barriers still remain that prevent its wide adoption in the criminal justice system. One such barrier comes from the lack of tools that can validate a 3D scan and verify that it has not been manipulated. While a great deal of research has gone into the detection of manipulations
-
Automatic cephalometric landmarks detection on frontal faces: An approach based on supervised learning techniques Digit. Investig. (IF 1.736) Pub Date : 2019-08-02 Lucas Faria Porto, Laise Nascimento Correia Lima, Marta Regina Pinheiro Flores, Andrea Valsecchi, Oscar Ibanez, Carlos Eduardo Machado Palhares, Flavio de Barros Vidal
Facial landmarks are employed in many research areas, including facial recognition, craniofacial identification, age and sex estimation being the most important. In forensics, the focus is on the analysis of a particular set of facial landmarks, defined as cephalometric landmarks. Previous studies demonstrated that the descriptive adequacy of these anatomical references for indirect application (photo-anthropometric
-
Automated recovery of damaged audio files using deep neural networks Digit. Investig. (IF 1.736) Pub Date : 2019-08-01 Hee-Soo Heo, Byung-Min So, IL-Ho Yang, Sung-Hyun Yoon, Ha-Jin Yu
In this paper, we propose two methods to recover damaged audio files using deep neural networks. The presented audio file recovery methods differ from the conventional file carving-based recovery method because the former restore lost data, which are difficult to recover with the latter method. This research suggests that recovery tasks, which are essential yet very difficult or very time consuming
-
Reverse engineering of ReFS Digit. Investig. (IF 1.736) Pub Date : 2019-07-23 Rune Nordvik, Henry Georges, Fergus Toolan, Stefan Axelsson
File system forensics is an important part of Digital Forensics. Investigators of storage media have traditionally focused on the most commonly used file systems such as NTFS, FAT, ExFAT, Ext2-4, HFS+, APFS, etc. NTFS is the current file system used by Windows for the system volume, but this may change in the future. In this paper we will show the structure of the Resilient File System (ReFS), which
-
Crime control in the sphere of information technologies in the Republic of Turkey Digit. Investig. (IF 1.736) Pub Date : 2019-07-23 Aliya Shukan, Aitugan Abdizhami, Gulnar Ospanova, Dana Abdakimova
Cybercrime is considered an issue of both local and global concern. Therefore, this study focuses on the local experience in cybercrime control of different countries, including the Republic of Turkey. The article discusses issues in cybersecurity policy and analyzes the legislative framework of the Republic of Turkey on cybercrime issues. The findings underlie the continuing education policy for cybersecurity
-
Digital behavioral-fingerprint for user attribution in digital forensics: Are we there yet? Digit. Investig. (IF 1.736) Pub Date : 2019-07-22 Adeyemi R. Ikuesan, Hein S. Venter
the need for a reliable and complementary identifier mechanism in a digital forensic analysis is the focus of this study. Mouse dynamics have been applied in information security studies, particularly, continuous authentication and authorization. However, the method applied in security is void of specific behavioral signature of a user, which inhibits its applicability in digital forensic science.
-
Standardization of file recovery classification and authentication Digit. Investig. (IF 1.736) Pub Date : 2019-07-20 Eoghan Casey, Alex Nelson, Jessica Hyde
Digital forensics can no longer tolerate software that cannot be relied upon to perform specific functions such as file recovery. Indistinct and non-standardized results increase the risk of misinterpretation by digital forensic practitioners, and hinder automated correlation of file recovery results in forensic analysis and tool testing. Treating file recovery results in a clear, distinct manner helps
-
A comprehensive micro unmanned aerial vehicle (UAV/Drone) forensic framework Digit. Investig. (IF 1.736) Pub Date : 2019-07-11 Ankit Renduchintala, Farha Jahan, Raghav Khanna, Ahmad Y. Javaid
In the early 1990s, unmanned aerial vehicles (UAV) were used exclusively in military applications by various developed countries. Now with its ease of availability and affordability in the electronic device market, this aerial vehicular technology has augmented its familiarity in public and has expanded its usage to countries all over the world. However, expanded use of UAVs, colloquially known as
-
Investigating the incidence of sexual assault in martial arts coaching using media reports Digit. Investig. (IF 1.736) Pub Date : 2019-07-06 William F. Murphy
The rapidly expanding martial arts industry, which is presently unregulated within the United States, has seen multiple coaches convicted of sex offenses in recent years. However, there is currently no existing literature on sexual assault within the martial arts industry. We used major search platforms to collect media reports concerning martial arts coaches who were convicted of sex offenses within
-
Digital forensic artifacts of the Your Phone application in Windows 10 Digit. Investig. (IF 1.736) Pub Date : 2019-06-26 Patricio Domingues, Miguel Frade, Luis Miguel Andrade, João Victor Silva
Your Phone is a Microsoft system that comprises two applications: a smartphone app for Android 7 + smartphones and a desktop application for Windows 10/18.03+. It allows users to access their most recent smartphone-stored photos/screenshots and send/receive short message service (SMS) and multimedia messaging service (MMS) within their Your Phone-linked Windows 10 personal computers. In this paper
-
PRNU based source camera attribution for image sets anonymized with patch-match algorithm Digit. Investig. (IF 1.736) Pub Date : 2019-06-21 Ahmet Karaküçük, A. Emir Dirik
Patch-Match is an efficient algorithm used for structural image editing and available as a tool on popular commercial photo-editing software. The tool allows users to insert or remove objects from photos using information from similar scene content. Recently, a modified version of this algorithm was proposed as a counter-measure against Photo-Response Non-Uniformity (PRNU) based Source Camera Identification
-
Detection of frame deletion in HEVC-Coded video in the compressed domain Digit. Investig. (IF 1.736) Pub Date : 2019-06-19 Jin Hyung Hong, Yoonmo Yang, Byung Tae Oh
In this paper, we propose an algorithm for detecting frame deletion in HEVC-coded video in the compressed domain. Specifically, we focus on the frame type changes occurring upon frame deletion, which cause slight differences between the coding patterns in original and forged video. Then, we identify discriminating coding patterns for use as features, which are classified by machine learning classifiers
-
Classifying suspicious content in tor darknet through Semantic Attention Keypoint Filtering Digit. Investig. (IF 1.736) Pub Date : 2019-06-08 Eduardo Fidalgo, Enrique Alegre, Laura Fernández-Robles, Víctor González-Castro
One of the tasks Law Enforcement Agencies are responsible for is to find evidence of criminal activities in the Darknet. However, visiting thousands of domains to locate visual information containing illicit acts manually requires a considerable amount of time and human resources. To support this task, in this paper, we explore the automatic classification of images uploaded to Tor darknet. Unfortunately
-
Differentiating synthetic and optical zooming for passive video forgery detection: An anti-forensic perspective Digit. Investig. (IF 1.736) Pub Date : 2019-05-18 K. Sitara, B.M. Mehtre
A video can be manipulated using synthetic zooming without using the state-of-the-art video forgeries. Synthetic zooming is performed by upscaling individual frames of a video with varying scale factors followed by cropping them to the original frame size. These manipulated frames resemble genuine natural (optical) camera zoomed frames and hence may be misclassified as a pristine video by video forgery
-
Removing epoxy underfill between neighbouring components using acid for component chip-off Digit. Investig. (IF 1.736) Pub Date : 2019-04-22 Th Heckmann, J.P. McEvoy, K. Markantonakis, R.N. Akram, D. Naccache
In addition to traditional high temperature eutectic soldering, the use of underfill epoxy to glue the electronic components to the PCB (memory, CPU, cryptographic chips) has now become the norm among mobile phone manufacturers, e.g. Apple, BlackBerry and Samsung. Currently, this technique is the best solution to protect components against various mechanical stresses and improve reliability. Unfortunately
-
Decrease of energy deposited during laser decapsulation attacks by dyeing and pigmenting the ECA: Application to the forensic micro-repair of wire bonding Digit. Investig. (IF 1.736) Pub Date : 2019-04-22 Th. Heckmann, Th. Souvignet, D. Naccache
Polymeric adhesives are of interest in the digital forensics domain. They can be used to perform more or less complex repairs or even to realise advanced man-in-the-middle attacks in order to carry out reverse engineering of secure systems (Heckmann et al., 2017). The main aim of this paper is to develop a technique that makes polymeric adhesives sensitive to laser decapsulation attacks while decreasing
-
Ten years of critical review on database forensics research Digit. Investig. (IF 1.736) Pub Date : 2019-04-11 Rupali Chopade, V.K. Pachghare
The database is at the heart of any digital application. With the increased use of high-tech applications, the database is used to store important and sensitive information. Sensitive information storage leads to crimes related to computer activities. Digital forensics is an investigation process to discover any un-trusted or malicious movement, which can be presented as testimony in a court of law
-
A multilayered semantic framework for integrated forensic acquisition on social media Digit. Investig. (IF 1.736) Pub Date : 2019-04-11 Humaira Arshad, Aman Jantan, Gan Keng Hoon, Anila Sahar Butt
In recent years, examination of the social media networks has become an integral part of investigations. Law enforcement agencies and legal practitioners frequently utilize social networks to quickly access the information related to the participants of any illicit incident. However, the forensic process needs collection and analysis of the information which is immense, heterogeneous, and spread across
-
Forensic analysis of Microsoft Skype for Business Digit. Investig. (IF 1.736) Pub Date : 2019-04-05 Marco Nicoletti, Massimo Bernaschi
We present three case studies to illustrate a methodology for conducting forensics investigation on Microsoft Skype for Business. The proposed methodology helps to retrieve information on chat and audio communications made by any account who accessed the PC, to retrieve IP addresses and communication routes for all the participants of a call, and to retrieve forensics evidence to identify the end-user
-
A Forensic Audit of the Tor Browser Bundle Digit. Investig. (IF 1.736) Pub Date : 2019-03-30 Matt Muir, Petra Leimich, William J. Buchanan
The increasing use of encrypted data within file storage and in network communications leaves investigators with many challenges. One of the most challenging is the Tor protocol, as its main focus is to protect the privacy of the user, in both its local footprint within a host and over a network connection. The Tor browser, though, can leave behind digital artefacts which can be used by an investigator
-
Cognitive and human factors in digital forensics: Problems, challenges, and the way forward Digit. Investig. (IF 1.736) Pub Date : 2019-03-29 Nina Sunde, Itiel E. Dror
Digital forensics is an important and growing forensic domain. Research on miscarriages of justice and misleading evidence, as well as various inquires in the UK and the US, have highlighted human error as an issue within forensic science. This has led to increased attention to the sources of cognitive bias and potential countermeasures within many forensic disciplines. However, the area of digital
-
Decrypting live SSH traffic in virtual environments Digit. Investig. (IF 1.736) Pub Date : 2019-03-29 Peter McLaren, Gordon Russell, William J. Buchanan, Zhiyuan Tan
Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDecrypt framework to investigate the discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual
-
A review of digital video tampering: From simple editing to full synthesis Digit. Investig. (IF 1.736) Pub Date : 2019-03-22 Pamela Johnston, Eyad Elyan
Video tampering methods have witnessed considerable progress in recent years. This is partly due to the rapid development of advanced deep learning methods, and also due to the large volume of video footage that is now in the public domain. Historically, convincing video tampering has been too labour intensive to achieve on a large scale. However, recent developments in deep learning-based methods
-
PRNU-based source device attribution for YouTube videos Digit. Investig. (IF 1.736) Pub Date : 2019-03-21 Emmanuel Kiegaing Kouokam, Ahmet Emir Dirik
Photo Response Non-Uniformity (PRNU) is a camera imaging sensor imperfection which has earned a great interest for source device attribution of digital videos. A majority of recent researches about PRNU-based source device attribution for digital videos do not take into consideration the effects of video compression on the PRNU noise in video frames, but rather consider video frames as isolated images
-
CaseNote: Mobile phone call data obfuscation & techniques for call correlation Digit. Investig. (IF 1.736) Pub Date : 2019-03-20 Angus M. Marshall, Peter Miller
The use of call data records (CDRs) to establish links between suspects is well known and understood. In a number of major enquiries in the UK, however, it was found that CDRs contained apparently erroneous or nonsensical data which prevented the use of well-established techniques based on caller IDs contained within CDRs. Further analysis suggested that some form of number “spoofing” was being used
-
Source smartphone identification by exploiting encoding characteristics of recorded speech Digit. Investig. (IF 1.736) Pub Date : 2019-03-20 Chao Jin, Rangding Wang, Diqun Yan
Source device identification has become a hot topic in multimedia forensics recently. In this paper, a novel method is proposed for source smartphone identification by using encoding characteristics as the intrinsic fingerprint of recording devices. The encoding characteristics for the smartphones of 24 popular models derived from 7 mainstream brands are investigated and statistical features of some
-
Forensic analysis of Nucleus RTOS on MTK smartwatches Digit. Investig. (IF 1.736) Pub Date : 2019-03-19 J. Gregorio, B. Alarcos, A. Gardel
Embedded personal devices as smartwatches can be a valuable source of information for the investigation of criminal acts, as they can store contact data, call records, instant messages, multimedia files and so, without requiring access to the connected smartphone. This paper presents the acquisition and forensic analysis done on different non-android smartwatches equipped with a low-cost MTK chip.
-
A survey of electromagnetic side-channel attacks and discussion on their case-progressing potential for digital forensics Digit. Investig. (IF 1.736) Pub Date : 2019-03-15 Asanka Sayakkara, Nhien-An Le-Khac, Mark Scanlon
The increasing prevalence of Internet of Things (IoT) devices has made it inevitable that their pertinence to digital forensic investigations will increase into the foreseeable future. These devices produced by various vendors often posses limited standard interfaces for communication, such as USB ports or WiFi/Bluetooth wireless interfaces. Meanwhile, with an increasing mainstream focus on the security
-
Forensic signature for tracking storage devices: Analysis of UEFI firmware image, disk signature and windows artifacts Digit. Investig. (IF 1.736) Pub Date : 2019-03-05 Doowon Jeong, Sangjin Lee
Tracking storage devices is one of the important fields in digital forensics. The existing methods and tools about registry, event log or IconCache analysis help solving cases on confidential leakage, illegal copying, and security incident cases. However, previous approach has drawback in tracking storage devices such as HDD, SSD, and etc since it was based on the good performance of USB device tracking
-
A survey on forensic investigation of operating system logs Digit. Investig. (IF 1.736) Pub Date : 2019-03-04 Hudan Studiawan, Ferdous Sohel, Christian Payne
Event logs are one of the most important sources of digital evidence for forensic investigation because they record essential activities on the system. In this paper, we present a comprehensive literature survey of the forensic analysis on operating system logs. We present a taxonomy of various techniques used in this area. Additionally, we discuss the tools that support the examination of the event
-
Frameup: An incriminatory attack on Storj: A peer to peer blockchain enabled distributed storage system Digit. Investig. (IF 1.736) Pub Date : 2019-03-02 Xiaolu Zhang, Justin Grannis, Ibrahim Baggili, Nicole Lang Beebe
In this work we present a primary account of frameup, an incriminatory attack made possible because of existing implementations in distributed peer to peer storage. The frameup attack shows that an adversary has the ability to store unencrypted data on the hard drives of people renting out their hard drive space. This is important to forensic examiners as it opens the door for possibly framing an innocent
-
An analysis of optical contributions to a photo-sensor's ballistic fingerprints Digit. Investig. (IF 1.736) Pub Date : 2019-02-14 R. Matthews, M. Sorell, N. Falkner
Lens aberrations have previously been used to determine the provenance of an image. However, this is not necessarily unique to an image sensor, as lens systems are often interchanged. Photo-response non-uniformity noise was proposed in 2005 by Lukáš, Goljan and Fridrich as a stochastic signal which describes a sensor uniquely, akin to a “ballistic” fingerprint. This method, however, did not account
-
Evidence collection and forensics on social networks: Research challenges and directions Digit. Investig. (IF 1.736) Pub Date : 2019-02-10 Humaira Arshad, Aman Jantan, Esther Omolara
Social Media (SM) evidence is a new and rapidly emerging frontier in digital forensics. The trail of digital information on social media, if explored correctly, can offer remarkable support in criminal investigations. However, exploring social media for potential evidence and presenting these proofs in court is not a straightforward task. Social media evidence must be collected by a legally and scientifically
-
Tool testing and reliability issues in the field of digital forensics Digit. Investig. (IF 1.736) Pub Date : 2019-02-01 Graeme Horsman
The digital forensic discipline is wholly reliant upon software applications and tools designed and marketed for the acquisition, display and interpretation of digital data. The results of any subsequent investigation using such tools must be reliable and repeatable whilst supporting the establishment of fact, allowing criminal justice proceedings the ability to digest any findings during the process
-
Developing a ‘router examination at scene’ standard operating procedure for crime scene investigators in the United Kingdom Digit. Investig. (IF 1.736) Pub Date : 2019-01-30 Graeme Horsman, Benjamin Findlay, Tim James
As the majority of dwellings now maintain some form of Internet connectivity, the examination of routers at crime scenes is an increasing requirement. Due to cost and resourcing constraints, police forces are looking to transfer responsibility for carrying out this task to front line crime scene investigators, despite such staff typically lacking specialist training for this type of examination. Such
-
Decrypting password-based encrypted backup data for Huawei smartphones Digit. Investig. (IF 1.736) Pub Date : 2019-01-29 Myungseo Park, Giyoon Kim, Younjai Park, Insoo Lee, Jongsung Kim
Digital investigators sometimes obtain key evidence by extracting user data from the smartphones of suspects. However, it is becoming more difficult to extract user data from smartphones, due to continuous updates and the use of data encryption functions, such as Full Disk Encryption (FDE) and File Based Encryption (FBE). Backup data are usually stored in an encrypted form, in order to protect user
-
Unauthorized access crime in Jordanian law (comparative study) Digit. Investig. (IF 1.736) Pub Date : 2019-01-28 Hamzeh abu issa, Mahmoud Ismail, Omar Aamar
This research cared about clarifying the legal provisions of the unauthorized access crime contained in article 3 of the Jordanian Cybercrime act of 2015 and comparing it to other Arabic legislations and French law as well as clarifying the position of international conventions on this crime. The analysis of the crime included clarifying its elements, its sanction and the aggravating circumstances
-
Formalising investigative decision making in digital forensics: Proposing the Digital Evidence Reporting and Decision Support (DERDS) framework Digit. Investig. (IF 1.736) Pub Date : 2019-01-25 Graeme Horsman
In the field of digital forensics it is crucial for any practitioner to possess the ability to make reliable investigative decisions which result in the reporting of credible evidence. This competency should be considered a core attribute of a practitioner’s skill set and it is often taken for granted that all practitioners possess this ability; in reality this is not the case. A lack of dedicated
-
Investigating spotlight internals to extract metadata Digit. Investig. (IF 1.736) Pub Date : 2019-01-21 Yogesh Khatri
Index based desktop search tools have become the primary means for finding files or launching applications on desktop computer systems. Every major operating system ships with one. Spotlight is the default desktop search app on macOS (formerly OSX) that searches files based on metadata and content. This paper explores the format of the spotlight metadata cache database and opens up another avenue of
-
Mal-Flux: Rendering hidden code of packed binary executable Digit. Investig. (IF 1.736) Pub Date : 2019-01-21 Charles Lim, Suryadi, Kalamullah Ramli, Yohanes Syailendra Kotualubun
A binary packer has commonly been used to protect the original code inside the binary executables from being detected as malicious code by anti-malware software. Various methods of unpacking packed binary executables have been extensively studied, and several unpacking approaches have been proposed. Some of these solutions depend on various assumptions, which may limit their effectiveness. Here, a
-
Sifting through the ashes: Amazon Fire TV stick acquisition and analysis Digit. Investig. (IF 1.736) Pub Date : 2019-01-14 M. Hadgkiss, S. Morris, S. Paget
The Amazon Fire TV Stick is a popular device that is the centre of entertainment for many homes. Its collection of functions and features generates a considerable amount of data, giving this device the potential to be included in a multiple investigations. Highlighting a clear requirement for a forensic analysis of the device. Previous research of smart entertainment devices focuses on the larger areas
-
Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer Digit. Investig. (IF 1.736) Pub Date : 2019-01-10 Auqib Hamid Lone, Roohie Naaz Mir
Advancements in Information Technology landscape over the past two decades have made the collection, preservation, and analysis of digital evidence an extremely important tool for solving cybercrimes and preparing court cases. Digital evidence plays an important role in cybercrime investigation, as it is used to link individuals with criminal activities. Thus it is of utmost importance to guarantee
-
A universal taxonomy and survey of forensic memory acquisition techniques Digit. Investig. (IF 1.736) Pub Date : 2019-01-08 Tobias Latzo, Ralph Palutke, Felix Freiling
Main memory analysis plays an increasingly important role in today's digital forensic analysis. It can be used to retrieve encryption keys or to analyze malware that solely resides in RAM. Typically, the memory is acquired prior to analysis. As of today, there exist a large number of different techniques and tools to accomplish this task that all have their own advantages and disadvantages and appear
-
Timeline2GUI: A Log2Timeline CSV parser and training scenarios Digit. Investig. (IF 1.736) Pub Date : 2018-12-31 Mark Debinski, Frank Breitinger, Parvathy Mohan
Crimes involving digital evidence are getting more complex due to the increasing storage capacities and utilization of devices. Event reconstruction (i.e., understanding the timeline) is an essential step for investigators to understand a case where a prominent tool is Log2Timeline (a tool that creates super timelines which is a combination of several log files and events throughout a system). While
-
Detecting bot-infected machines using DNS fingerprinting Digit. Investig. (IF 1.736) Pub Date : 2018-12-28 Manmeet Singh, Maninder Singh, Sanmeet Kaur
The never-ending menace of botnet is causing many serious problems on the Internet. Although there are significant efforts on detecting botnet at the global level which rely heavily on finding failed queries and domain flux information for botnet detection, there are very few efforts being made to detect bot infection at an enterprise level. Detecting bot-infected machines is vital for any organization
-
Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes Digit. Investig. (IF 1.736) Pub Date : 2018-12-15 Noora Al Mutawa, Joanne Bryce, Virginia N.L. Franqueira, Andrew Marrington, Janet C. Read
The state-of-the-art and practice show an increased recognition, but limited adoption, of Behavioural Evidence Analysis (BEA) within the Digital Forensics (DF) investigation process. Yet, there is currently no BEA-driven process model and guidelines for DF investigators to follow in order to take advantage of such an approach. This paper proposes the Behavioural Digital Forensics Model to fill this
-
Attacks on the confidentiality, integrity and availability of data and computer systems in the criminal case law of the Czech Republic Digit. Investig. (IF 1.736) Pub Date : 2018-12-07 Tomáš Gřivna, Jakub Drápal
Uncovering attacks on data and computer systems and those responsible for them is one of the contemporary problems that the authorities involved in criminal proceedings have to deal with. Where this sort of cybercrime is concerned we can expect not only high levels of latency but also a low clear-up rate for crimes on file. This paper demonstrates this using the example of the Czech Republic, by providing
-
Geographic profiling for serial cybercrime investigation Digit. Investig. (IF 1.736) Pub Date : 2018-12-03 Asmir Butkovic, Sasa Mrdovic, Suleyman Uludag, Anel Tanovic
Today’s cybercrimes are much more difficult to detect and prosecute than traditional crimes. In the investigation of cybercrimes, law enforcement agencies follow similar techniques to traditional crimes that, however, have to be modified to meet the unique conditions and requirements of virtual space. This paper examines cybercrime profiling techniques prevalent today, and focuses on the feasibility
-
A preliminary assessment of latent fingerprint evidence damage on mobile device screens caused by digital forensic extractions Digit. Investig. (IF 1.736) Pub Date : 2018-10-11 Graeme Horsman, Helen Page, Peter Beveridge
Mobile devices continue to feature heavily in criminal investigations and often bear multiple forms of potentially relevant evidence. In the context of identifying the owner of a device, both latent fingerprints and resident digital data may be crucial to investigations, yet each individual process may have a detrimental impact on the other. Fingerprint development techniques are known to impact device
-
Dynamic analysis with Android container: Challenges and opportunities Digit. Investig. (IF 1.736) Pub Date : 2018-10-05 Ngoc-Tu Chau, Souhwan Jung
Until now, researchers have been analyzing Android applications dynamically with the use of either emulators or real devices. Emulators are an option that testers currently have to achieve scalability. Besides, these approaches can also take snapshots which help to revert back to a known state in a matter of seconds. However, emulators are often slow in performance and contain heuristic emulation traces
-
A malware classification method based on memory dump grayscale image Digit. Investig. (IF 1.736) Pub Date : 2018-09-25 Yusheng Dai, Hui Li, Yekui Qian, Xidong Lu
Effective analysis of malware is of great significance in guaranteeing the reliability of the system operation. Malware can easily escape from existing dynamic analysis methods. Aiming at the deficiencies of current methods for detecting malware dynamically, a method of using hardware features is proposed, namely, a memory dump file is extracted and converted into a grayscale image, the image is converted
-
The darknet's smaller than we thought: The life cycle of Tor Hidden Services Digit. Investig. (IF 1.736) Pub Date : 2018-09-22 Gareth Owenson, Sarah Cortes, Andrew Lewman
The Tor Darknet is a pseudo-anonymous place to host content online frequently used by criminals to sell narcotics and to distribute illicit material. Many studies have attempted to estimate the size of the darknet, but this paper will show that previous estimates on size are inaccurate due to hidden service lifecycle. The first examination of its kind will be presented on the differences between short-lived
Contents have been reproduced by permission of the publishers.