DF 2.0: Designing an automated, privacy preserving, and efficient digital forensic framework

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although it is not directly related to the performance of Digital Forensic Investigation process, preventing data privacy violations during the process is also a big challenge. The investigator gets full access to the forensic image including suspect\u27s private data which may be sensitive at times as well as entirely unrelated to the given case under investigation. With a notion that privacy preservation and completeness of investigation are contradicting to each other, the digital forensics researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a generalized approach that preserves data privacy by affecting neither the capabilities of the investigator nor the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and preserves data privacy in such a way that the overall efficiency of the digital forensic investigation process increases without affecting the integrity and admissibility of the evidence. The framework improves validation to enhance transparency in the investigation process. The framework also uses a secure logging mechanism to capture investigation steps to achieve a higher level of accountability. Since the proposed framework introduces significant enhancements to the current investigative practices more like the next version of Digital Forensics, the authors named it `Digital Forensics 2.0\u27, or DF 2.0 in short

DF 2.0: An Automated, Privacy Preserving, and Efficient Digital Forensic Framework That Leverages Machine Learning for Evidence Prediction and Privacy Evaluation

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a comprehensive approach that preserves data privacy without affecting the capabilities of the investigator or the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and maintains data privacy of non-evidential private files. All these operations are coordinated in a way that the overall efficiency of the digital forensic investigation process increases while the integrity and admissibility of the evidence remain intact. The framework improves validation which boosts transparency in the investigation process. The framework also achieves a higher level of accountability by securely logging the investigation steps. As the proposed solution introduces notable enhancements to the current investigative practices more like the next version of Digital Forensics, the authors have named the framework `Digital Forensics 2.0\u27, or `DF 2.0\u27 in short

Experience Constructing the Artifact Genome Project (AGP): Managing the Domain\u27s Knowledge One Artifact at a Time

While various tools have been created to assist the digital forensics community with acquiring, processing, and organizing evidence and indicating the existence of artifacts, very few attempts have been made to establish a centralized system for archiving artifacts. The Artifact Genome Project (AGP) has aimed to create the largest vetted and freely available digital forensics repository for Curated Forensic Artifacts (CuFAs). This paper details the experience of building, implementing, and maintaining such a system by sharing design decisions, lessons learned, and future work. We also discuss the impact of AGP in both the professional and academic realms of digital forensics. Our work shows promise in the digital forensics academic community to champion the effort in curating digital forensic artifacts by integrating AGP into courses, research endeavors, and collaborative projects

The Impact of Culture and Religion on Digital Forensics: The Study of the Role of Digital Evidence in the Legal Process in Saudi Arabia

This work contributes to the multi-disciplinary community of researchers in computer science, information technology and computer forensics working together with legal enforcement professionals involved in digital forensic investigations. It is focused on the relationship between scientific approaches underpinning digital forensics and the Islamic law underpinning legal enforcement. Saudi Arabia (KSA) is studied as an example of an Islamic country that has adopted international guidelines, such as ACPO, in its legal enforcement procedures. The relationship between Islamic law and scientific ACPO guidelines is examined in detail through the practices of digital forensic practitioners in the process of discovery, preparation and presentation of digital evidence for use in Islamic courts in KSA. In this context, the influence of religion and culture on the role and status of digital evidence throughout the entire legal process has been the main focus of this research. Similar studies in the literature confirm that culture and religion are significant factors in the relationship between law, legal enforcement procedure and digital evidence. Islamic societies, however, have not been extensively studied from this perspective, and this study aims to address issues that arise at both professional and personal levels. Therefore the research questions that this study aims to answer are: in what way and to what extent Islamic religion and Saudi culture affect the status of digital evidence in the KSA legal process and what principles the practitioners have to observe in the way they treat digital evidence in judicial proceedings. The methodology is based on a mixed-method approach where the pilot questionnaire identified legal professionals who come into contact with digital evidence, their educational and professional profiles. Qualitative methods included case studies, interviews and documentary evidence to discover how their beliefs and attitudes influence their trust in digital evidence. The findings show that a KSA judge would trust witnesses more than digital evidence, due to the influence of tradition, which regards justice and law to arise from the relationship between Man and God. Digital evidence, as it arises from the scientific method, is acceptable, but there is underlying lack of trust in its authenticity, reliability and credibility. In the eyes of the legal enforcement professionals working in all areas of the KSA legal process, acceptance of digital evidence in the KSA judicial system can best be improved if knowledge, education and skills of digital forensics specialists is improved also, so that they can be trusted as expert witnesses. This further shows the significance of KSA laws, regulations and education of digital forensic experts as the primary means for establishing trust in digital evidence. Further research following from this study will be focused on comparative studies of other Islamic non-Islamic legal systems as they adopt and adapt western guidelines such as ACPO to their religion, culture and legal systemsSaudi Cultural Bureau,London, U

Mobile bullying : investigating the non-technical factors that influence forensic readiness in township schools in South Africa

The increasing use of mobile devices by high school learners has resulted in increased networking activities for learners who take advantage of opportunities presented by mobile technologies. Mobile technology continues to play a key role in facilitating online interactions amongst South African youth, and some learners use mobile technology to enhance their learning capabilities. However, such electronic operations have also presented new risks particularly in the developing countries where online bullying is on the rise and investigations of such incidents or threats are expensive. Mobile bullying and lack of discipline of bullies, for instance, are major concerns in the society at large. To control these incidents, learners and teachers need to know what to do when incidents arise. The process of digital forensic investigation is typically left for those specialising in the field of digital forensics. Those responsible for learner's safety in schools are often faced with situations where they have to perform basic investigations or preserve evidence for incident escalation to the specialists. However, schools often do not prepare themselves well enough for the challenges relating to mobile bullying. They find themselves not knowing where to start or how to preserve evidence. Digital forensic investigations are even more challenging in school settings because of the dynamic nature of these environments. While studies have been conducted in the developed countries, little is still known about how schools in the developing world, for instance South Africa, may handle mobile bullying. Very little is known about how schools in the developing countries may maximise their potential to use digital evidence while minimising the impact resulting from the incident. There is limited guidance on how to be digital forensic ready in schools where teachers, learners, principals, and other role players are not trained well enough to deal with mobile bullying. The objective of this study was to provide insight into factors that enhance the non-technical forensic readiness program in township schools and the ability of teachers to investigate mobile bullying incidents. The study aimed at employing concepts of forensic readiness to ignite schools' ability to prepare for response to mobile bullying incidents and create a digital forensic ready learning environment. The study was conducted in South Africa, Limpopo and North West provinces. Five schools agreed to participate in this study; eighty-two valid responses were obtained from teachers. The study followed mixed methods approach to the theory

The ADSL Router Forensics Process

In 2010 the number of threats targeting ADSL routers is continually increasing. New and emergent threats have been developed to bypass authentication processes and obtain admin privileges directly to the device. As a result many malicious attempts are being made to alter the configuration data and make the device subsequently vulnerable. This paper discusses the non-invasive digital forensics approach into extracting evidence from ADSL routers. Specifically it validates an identified digital forensic process of acquisition. The paper then discusses how the approach may be utilised to extract configuration data ever after a device has been compromised to the point where a lock-out state has been initiated

Forensic genetics in the governance of crime

This open access book uses a critical sociological perspective to explore contemporary ways of reformulating the governance of crime through genetics. Through the lens of scientific knowledge and genetic technology, Machado and Granja offer a unique perspective on current trends in crime governance. They explore the place and role of genetics in criminal justice systems, and show how classical and contemporary social theory can help address challenges posed by social processes and interactions generated by the uses, meanings, and expectations attributed to genetics in the governance of crime. Cutting-edge methods and research techniques are also integrated to address crucial aspects of this social reality. Finally, the authors examine new challenges emerging from recent paradigm shifts within forensic genetics, moving away from the construction of evidence as presented in court to the production of intelligence guiding criminal investigations.This work has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement no. 648608), within the project “EXCHANGE—Forensic geneticists and the transnational exchange of DNA data in the EU: Engaging science with social control, citizenship and democracy” led by Helena Machado and hosted at the Communication and Society Research Centre, Institute for Social Sciences of University of Minho, Portugal

Forensic science in combat of human trafficking

Although Forensic Science has become a crucial part of the investigation of many types of crime, the low number of scientific publications on the usage of Forensic Science to eliminate Human Trafficking or to speed up crime investigation, has given rise to the idea of conducting research on the role of Forensic Science in the investigation of Human Trafficking cases. The following literature review aims at judging the current importance of Forensic Science in solving and preventing Human Trafficking cases, at gathering ideas for the introduction of novel techniques and at identifying gaps of research within this field. For this purpose, a wider view, also addressing socio-economic topics, was applied

Online social networking, order and disorder

Whilst online social networking has been used successfully for many years by all strata of the world’s population, its use to ferment and prevent civil disturbances is a relatively new phenomenon. It is clear that the way in which online social networking sites are being used is evolving, and that changing user perceptions of online privacy may impact on the ability of the law enforcement community to adapt to new methods of monitoring and evidence gathering. This paper focuses primarily on the London riots of August 2011, and as such discusses legal issues from a UK perspective. However, the matters discussed are of relevance worldwide, with reference made to similar events outside the UK, to show that what occurred in London was not an isolated incident, or a quirk of the UK social networking scene. This paper explores what occurred, the platforms that were used and how they were used, and the legal framework in which investigations took place. It examines the use of social networking to organise rioters, support community defence, and shape the response of law enforcement agencies such as the police, government and the courts. It concludes that there is significant potential for problems of this type to occur in the future, which will require the evolution of law enforcement methods and procedures, and could change the way in which the law enforcement community utilise e-Government systems