4,753 research outputs found
A framework for the forensic investigation of unstructured email relationship data
Our continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. Moreover, email investigations may involve many hundreds of actors and thousands of messages. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation
A Comprehensive Analysis of the Role of Artificial Intelligence and Machine Learning in Modern Digital Forensics and Incident Response
In the dynamic landscape of digital forensics, the integration of Artificial
Intelligence (AI) and Machine Learning (ML) stands as a transformative
technology, poised to amplify the efficiency and precision of digital forensics
investigations. However, the use of ML and AI in digital forensics is still in
its nascent stages. As a result, this paper gives a thorough and in-depth
analysis that goes beyond a simple survey and review. The goal is to look
closely at how AI and ML techniques are used in digital forensics and incident
response. This research explores cutting-edge research initiatives that cross
domains such as data collection and recovery, the intricate reconstruction of
cybercrime timelines, robust big data analysis, pattern recognition,
safeguarding the chain of custody, and orchestrating responsive strategies to
hacking incidents. This endeavour digs far beneath the surface to unearth the
intricate ways AI-driven methodologies are shaping these crucial facets of
digital forensics practice. While the promise of AI in digital forensics is
evident, the challenges arising from increasing database sizes and evolving
criminal tactics necessitate ongoing collaborative research and refinement
within the digital forensics profession. This study examines the contributions,
limitations, and gaps in the existing research, shedding light on the potential
and limitations of AI and ML techniques. By exploring these different research
areas, we highlight the critical need for strategic planning, continual
research, and development to unlock AI's full potential in digital forensics
and incident response. Ultimately, this paper underscores the significance of
AI and ML integration in digital forensics, offering insights into their
benefits, drawbacks, and broader implications for tackling modern cyber
threats
Visualizing Instant Messaging Author Writeprints for Forensic Analysis
As cybercrime continues to increase, new cyber forensics techniques are needed to combat the constant challenge of Internet anonymity. In instant messaging (IM) communications, criminals use virtual identities to hide their true identity, which hinders social accountability and facilitates cybercrime. Current instant messaging products are not addressing the anonymity and ease of impersonation over instant messaging. It is necessary to have IM cyber forensics techniques to assist in identifying cyber criminals as part of the criminal investigation. Instant messaging behavioral biometrics include online writing habits, which may be used to create an author writeprint to assist in identifying an author of a set of instant messages. The writeprint is a digital fingerprint that represents an author’s distinguishing stylometric features that occur in his/her computer-mediated communications. Writeprints can provide cybercrime investigators a unique tool for analyzing IMassisted cybercrimes. The analysis of IM author writeprints in this paper provides a foundation for using behavioral biometrics as a cyber forensics element of criminal investigations. This paper demonstrates a method to create and analyze behavioral biometrics-based instant messaging writeprints as cyber forensics input for cybercrime investigations. The research uses the Principal Component Analysis (PCA) statistical method to analyze IM conversation logs from two distinct data sets to visualize authorship identification.
Keywords: writeprints, authorship attribution, authorship identification, principal component analysi
Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments
© 2020 The Author(s) Machine learning has been shown as a promising approach to mine larger datasets, such as those that comprise data from a broad range of Internet of Things devices, across complex environment(s) to solve different problems. This paper surveys existing literature on the potential of using supervised classical machine learning techniques, such as K-Nearest Neigbour, Support Vector Machines, Naive Bayes and Random Forest algorithms, in performing live digital forensics for different IoT configurations. There are also a number of challenges associated with the use of machine learning techniques, as discussed in this paper
Towards a Threat Intelligence Informed Digital Forensics Readiness Framework
Digital Forensic Readiness (DFR) has received little attention by the research community, when compared to the core digital forensic investigation processes. DFR was primarily about logging of security events to be leveraged by the forensic analysis phase. However, the increasing number of security incidents and the overwhelming volumes of data produced mandate the development of more effective and efficient DFR approaches. We propose a DFR framework focusing on the prioritisation, triaging and selection of Indicators of Compromise (IoC) to be used in investigations of security incidents. A core component of the framework is the contextualisation of the IoCs to the underlying organisation, which can be achieved with the use of clustering and classification algoriihms and a local IoC database
An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data
The major challenges with big data examination and analysis are volume, complex interdependence across content, and heterogeneity. The examination and analysis phases are considered essential to a digital forensics process. However, traditional techniques for the forensic investigation use one or more forensic tools to examine and analyse each resource. In addition, when multiple resources are included in one case, there is an inability to cross-correlate findings which often leads to inefficiencies in processing and identifying evidence. Furthermore, most current forensics tools cannot cope with large volumes of data. This paper develops a novel framework for digital forensic analysis of heterogeneous big data. The framework mainly focuses upon the investigations of three core issues: data volume, heterogeneous data and the investigators cognitive load in understanding the relationships between artefacts. The proposed approach focuses upon the use of metadata to solve the data volume problem, semantic web ontologies to solve the heterogeneous data sources and artificial intelligence models to support the automated identification and correlation of artefacts to reduce the burden placed upon the investigator to understand the nature and relationship of the artefacts
Development of A National Repository of Digital Forensic Intelligence
Many people do all of their banking online, we and our children communicate with peers through computer systems, and there are many jobs that require near continuous interaction with computer systems. Criminals, however, are also “connected”, and our online interaction provides them a conduit into our information like never before. Our credit card numbers and other fiscal information are at risk, our children\u27s personal information is exposed to the world, and our professional reputations are on the line.
The discipline of Digital Forensics in law enforcement agencies around the nation and world has grown to match the increased risk and potential for cyber crimes. Even crimes that are not themselves computer-based, may be solved or prosecuted based on digital evidence left behind by the perpetrator. However, no widely accepted mechanism to facilitate sharing of ideas and methodologies has emerged. Different agencies re-develop approaches that have been tested in other jurisdictions. Even within a single agency, there is often significant redundant work. There is great potential efficiency gain in sharing information from digital forensic investigations.
This paper describes an on-going design and development project between Oklahoma State University’s Center for Telecommunications and Network Security and the Defense Cyber Crimes Center to develop a Repository of Digital Forensic Knowledge. In its full implementation, the system has potential to provide exceptional gains in efficiency for examiners and investigators. It provides a better conduit to share relevant information between agencies and a structure through which cases can be cross-referenced to have the most impact on a current investigation
Development of a National Repository of Digital Forensic Intelligence
Many people do all of their banking online, we and our children communicate with peers through computer systems, and there are many jobs that require near continuous interaction with computer systems. Criminals, however, are also “connected”, and our online interaction provides them a conduit into our information like never before. Our credit card numbers and other fiscal information are at risk, our children\u27s personal information is exposed to the world, and our professional reputations are on the line.The discipline of Digital Forensics in law enforcement agencies around the nation and world has grown to match the increased risk and potential for cyber crimes. Even crimes that are not themselves computer-based, may be solved or prosecuted based on digital evidence left behind by the perpetrator. However, no widely accepted mechanism to facilitate sharing of ideas and methodologies has emerged. Different agencies re-develop approaches that have been tested in other jurisdictions. Even within a single agency, there is often significant redundant work. There is great potential efficiency gain in sharing information from digital forensic investigations.This paper describes an on-going design and development project between Oklahoma State University’s Center for Telecommunications and Network Security and the Defense Cyber Crimes Center to develop a Repository of Digital Forensic Knowledge. In its full implementation, the system has potential to provide exceptional gains in efficiency for examiners and investigators. It provides a better conduit to share relevant information between agencies and a structure through which cases can be cross-referenced to have the most impact on a current investigation
- …