Comprehensive forensic examination with Belkasoft evidence center

The enhancement and proliferation of information and communication technology (ICT) has tackled every aspect of human activity: work, leisure, sport, communication, medicine, etc. All around us we can see mobile phones and other connected devices that are now ubiquitous, changing trends in consumer behaviour. Therefore, there is no surprise in fact that such technologies can play a significant role in committing or assisting a crime, since data held on digital devices can give a detailed insight into people’s lives, communications, contacts, friends, family and acquaintances. In order to help law enforcement investigation of such crimes, digital forensic is performed with the aim of collecting crime-related evidence from various digital media and analyse it. Investigators use various forensic techniques to search hidden folders, retrieve deleted data, decrypt the data or restore damaged files, etc. Obtaining evidence such as location data, photos, messages or internet searches can be beneficial, if not crucial, in assisting the police with criminal investigations. Since advances in technologies have led to an increase in the volume, variety, velocity, and veracity of data available for digital forensic analysis, without efficient techniques and tools such investigation would require a tremendous amount of effort and time. That is the reason for expansion in the market of digital forensic tools, both proprietary and free for use, that are available today. In this paper an insight of digital forensic process is given, emphasizing the role of digital forensic tools in providing digital evidence. The possibility of one particular tool, Belkasoft Evidence Center – BEC, in acquisition and analysis of digital evidence was briefly described

Perancangan Nenggala Disk Duplicator (Ndd) untuk Mendukung Proses Investigasi Forensik Digital

The development of information technology simplify human life. Its evoke crime loopholes, cyber crime. When solving criminal cases that utilize information technology is required the digital forensic science. In carrying out a digital investigation known multiple frameworks around the worlds. Every devices, every organization has their own framework. The most common framework divided into 4 sections. Preservation, Acquisition, Analysis, and Reporting are the most common used around the worlds. Acquisition is a key part of the investigation process because in this process digital evidence is collected form the electronic evidence. The acquisition processes uses special equipment. Forensic acquisition equipment mostly made by forensic vendors in the world. The problems that arise in the academic realm is the price of the equipment is quite expensive. The existence of the above problem there is a gap to conduct research on the applied field of development of tools for forensic acquisition. This study provides an early overview of the design of a digital forensics acquisition tool called Nenggala Disk Duplicator

4P based forensics investigation framework for smart connected toys

© 2020 ACM. Smart Connected Toys (SCTs) have the potential to collect terabytes of sensitive personal, contextual, and usage information which may be a subject of cybercrime or used as a conduit for cybercrime resulting in a digital forensic investigation which requires the examination of the digital artifact stored, processed or transmitted by the SCT. SCT forensics is challenging in most cases due to non-availability of specialized forensics tools and standardized evidence acquisition interface port. We explore the various privacy and security challenges plaguing the SCT industry and the possible safety risk SCT poses to children as a result of a lack of serious consideration technical controls surrounding the collection, processing, and storage of children\u27s information and possible exposure to crime which will require digital forensic investigation. As a result of this gap in research and industry, we investigate current digital forensic solutions for SCTs and present an abstract forensics investigation framework with the focus on using non-conventional means which allow Investigators to successfully Plan, Preserve Process and Present (4P) as a systematic means to conduct digital forensic analysis on an SCT in a situation where SCT is complicit in a criminal investigation or a subject of crime

A Platform Independent Investigative Process Model for Smartphones

A properly conducted forensic examination is one of the most fundamental aspects of a digital investigation. Examiners are obligated to obtain the skills necessary to use forensic tools and methodologies and rely on sound judgment when analyzing a digital device. Anytime during this process, the quality of the methods, skills, and expertise of the examiner may be challenged, thus, placing the forensic value of the evidence collected during the process in jeopardy. In order to combat the potential challenges posed as a result of the forensic examination process, the digital forensics community must ensure that suitable protocols are used throughout the analysis process. Currently, there is no standard methodology forensic examiners use to analyze a digital device. Examiners have made use of a model derived from the Digital Forensic Research Workshop in 2001 and the application of ad-hoc techniques has become routine. While these approaches may reveal potential data of evidentiary value when applying them to digital devices, their core purpose specifically involves the analysis of computers. It is not clear how effective these methods have been when examining other digital technologies, in particular Small Scale Digital Devices (SSDDs). Due to these mitigating factors, it is critical to develop standard scientifically sound methodologies in the area of digital forensics that allow us to evaluate various digital technologies while considering their distinctive characteristics. This research addresses these issues by introducing the concept of an extendable forensic process model applicable to smartphones regardless of platform. The model has been developed using the property of invariance to construct a core components list which serves as the foundation of the proposed methodology. This dissertation provides a description of the forensic process, the models currently used, the developed model, and experiments to show its usefulness

An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data

The major challenges with big data examination and analysis are volume, complex interdependence across content, and heterogeneity. The examination and analysis phases are considered essential to a digital forensics process. However, traditional techniques for the forensic investigation use one or more forensic tools to examine and analyse each resource. In addition, when multiple resources are included in one case, there is an inability to cross-correlate findings which often leads to inefficiencies in processing and identifying evidence. Furthermore, most current forensics tools cannot cope with large volumes of data. This paper develops a novel framework for digital forensic analysis of heterogeneous big data. The framework mainly focuses upon the investigations of three core issues: data volume, heterogeneous data and the investigators cognitive load in understanding the relationships between artefacts. The proposed approach focuses upon the use of metadata to solve the data volume problem, semantic web ontologies to solve the heterogeneous data sources and artificial intelligence models to support the automated identification and correlation of artefacts to reduce the burden placed upon the investigator to understand the nature and relationship of the artefacts

A study on the false positive rate of Stegdetect

In this paper we analyse Stegdetect, one of the well-known image steganalysis tools, to study its false positive rate. In doing so, we process more than 40,000 images randomly downloaded from the Internet using Google images, together with 25,000 images from the ASIRRA (Animal Species Image Recognition for Restricting Access) public corpus. The aim of this study is to help digital forensic analysts, aiming to study a large number of image files during an investigation, to better understand the capabilities and the limitations of steganalysis tools like Stegdetect. The results obtained show that the rate of false positives generated by Stegdetect depends highly on the chosen sensitivity value, and it is generally quite high. This should support the forensic expert to have better interpretation in their results, and taking the false positive rates into consideration. Additionally, we have provided a detailed statistical analysis for the obtained results to study the difference in detection between selected groups, close groups and different groups of images. This method can be applied to any steganalysis tool, which gives the analyst a better understanding of the detection results, especially when he has no prior information about the false positive rate of the tool

Comprehensive forensic examination with Belkasoft evidence center

The enhancement and proliferation of information and communication technology (ICT) has tackled every aspect of human activity: work, leisure, sport, communication, medicine, etc. All around us we can see mobile phones and other connected devices that are now ubiquitous, changing trends in consumer behaviour. Therefore, there is no surprise in fact that such technologies can play a significant role in committing or assisting a crime, since data held on digital devices can give a detailed insight into people’s lives, communications, contacts, friends, family and acquaintances. In order to help law enforcement investigation of such crimes, digital forensic is performed with the aim of collecting crime-related evidence from various digital media and analyse it. Investigators use various forensic techniques to search hidden folders, retrieve deleted data, decrypt the data or restore damaged files, etc. Obtaining evidence such as location data, photos, messages or internet searches can be beneficial, if not crucial, in assisting the police with criminal investigations. Since advances in technologies have led to an increase in the volume, variety, velocity, and veracity of data available for digital forensic analysis, without efficient techniques and tools such investigation would require a tremendous amount of effort and time. That is the reason for expansion in the market of digital forensic tools, both proprietary and free for use, that are available today. In this paper an insight of digital forensic process is given, emphasizing the role of digital forensic tools in providing digital evidence. The possibility of one particular tool, Belkasoft Evidence Center – BEC, in acquisition and analysis of digital evidence was briefly described

Comprehensive forensic examination with Belkasoft evidence center

The enhancement and proliferation of information and communication technology (ICT) has tackled every aspect of human activity: work, leisure, sport, communication, medicine, etc. All around us we can see mobile phones and other connected devices that are now ubiquitous, changing trends in consumer behaviour. Therefore, there is no surprise in fact that such technologies can play a significant role in committing or assisting a crime, since data held on digital devices can give a detailed insight into people’s lives, communications, contacts, friends, family and acquaintances. In order to help law enforcement investigation of such crimes, digital forensic is performed with the aim of collecting crime-related evidence from various digital media and analyse it. Investigators use various forensic techniques to search hidden folders, retrieve deleted data, decrypt the data or restore damaged files, etc. Obtaining evidence such as location data, photos, messages or internet searches can be beneficial, if not crucial, in assisting the police with criminal investigations. Since advances in technologies have led to an increase in the volume, variety, velocity, and veracity of data available for digital forensic analysis, without efficient techniques and tools such investigation would require a tremendous amount of effort and time. That is the reason for expansion in the market of digital forensic tools, both proprietary and free for use, that are available today. In this paper an insight of digital forensic process is given, emphasizing the role of digital forensic tools in providing digital evidence. The possibility of one particular tool, Belkasoft Evidence Center – BEC, in acquisition and analysis of digital evidence was briefly described

Mobile Forensic of Vaccine Hoaxes on Signal Messenger using DFRWS Framework

The COVID-19 pandemic is one of the factors that has increased the use of social media. One of the negative impacts of using social media is the occurrence of cybercrime. The possibility of cybercrime can also happen on one of the social media platforms, such as the Signal Messenger application. In the investigation process, law enforcement needs mobile forensic methods and appropriate forensic tools so that the digital evidence found on the perpetrator's smartphone can be accepted by the court. This research aims to get digital evidence from cases of spreading the COVID-19 vaccine hoaxes. The method used in this research is a mobile forensics method based on the Digital Forensic Research Workshop (DFRWS) framework. The DFRWS framework consists of identification, preservation, collection, examination, analysis, and preservation. The results showed that the MOBILedit tool could reveal digital evidence in the form of application information and contact information with a performance value of 22.22%. Meanwhile, Magnet AXIOM cannot reveal digital evidence at all. The research results were obtained following the expected research objectives