Mapping Process of Digital Forensic Investigation Framework

Digital forensics is essential for the successful prosecution of digital criminals which involve diverse digital devices such as computer system devices, network devices, mobile devices and storage devices. The digital forensic investigation must be retrieved to obtain the evidence that will be accepted in the court of law. Therefore, for digital forensic investigation to be performed successfully, there are a number of important steps that have to be taken into consideration. The aim of this paper is to produce the mapping process between the processes/activities and output for each phase in Digital Forensic Investigation Framework (DFIF). Existing digital forensic frameworks will be reviewed and then the mapping is constructed. The result from the mapping process will provide a new framework to optimize the whole investigation process

The case for validating ADDIE model as a digital forensic model for peer to peer network investigation

Rapid technological advancement can substantially impact the processes of digital forensic investigation and present a myriad of challenges to the investigator. With these challenges, it is necessary to have a standard digital forensic framework as the foundation of any digital investigation. State-of-the-art digital forensic models assume that it is safe to move from one investigation stage to the next. It guides the investigators with the required steps and procedures. This brings a great stride to validate a non-specific framework to be used in most digital investigation procedures. This paper considers a new technique for detecting active peers that participate in a peer-to-peer (P2P) network. As part of our study, we crawled the μTorrent P2P client over ten days in different instances while logging all participating peers. We then employed digital forensic techniques to analyse the popular users and generate evidence within them with high accuracy. We evaluated our approach against the standard Analysis, Design, Development, Implementation, and Evaluation (ADDIE) model for the digital investigation to achieve the credible digital evidence presented in this paper. Finally, we presented a validation case for the ADDIE model using the United States Daubert Test and the United Kingdom’s Forensic Science Regulator Guidance – 218 (FSR-G-218) and Forensic Science Regulator Guidance – 201 (FSR-G-201) to formulate it as a standard digital forensic model

DF 2.0: Designing an automated, privacy preserving, and efficient digital forensic framework

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although it is not directly related to the performance of Digital Forensic Investigation process, preventing data privacy violations during the process is also a big challenge. The investigator gets full access to the forensic image including suspect\u27s private data which may be sensitive at times as well as entirely unrelated to the given case under investigation. With a notion that privacy preservation and completeness of investigation are contradicting to each other, the digital forensics researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a generalized approach that preserves data privacy by affecting neither the capabilities of the investigator nor the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and preserves data privacy in such a way that the overall efficiency of the digital forensic investigation process increases without affecting the integrity and admissibility of the evidence. The framework improves validation to enhance transparency in the investigation process. The framework also uses a secure logging mechanism to capture investigation steps to achieve a higher level of accountability. Since the proposed framework introduces significant enhancements to the current investigative practices more like the next version of Digital Forensics, the authors named it `Digital Forensics 2.0\u27, or DF 2.0 in short

DF 2.0: An Automated, Privacy Preserving, and Efficient Digital Forensic Framework That Leverages Machine Learning for Evidence Prediction and Privacy Evaluation

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a comprehensive approach that preserves data privacy without affecting the capabilities of the investigator or the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and maintains data privacy of non-evidential private files. All these operations are coordinated in a way that the overall efficiency of the digital forensic investigation process increases while the integrity and admissibility of the evidence remain intact. The framework improves validation which boosts transparency in the investigation process. The framework also achieves a higher level of accountability by securely logging the investigation steps. As the proposed solution introduces notable enhancements to the current investigative practices more like the next version of Digital Forensics, the authors have named the framework `Digital Forensics 2.0\u27, or `DF 2.0\u27 in short

Digital forensics investigative framework for control rooms in critical infrastructure

In this paper a cyber-forensic framework with a detailed guideline for protecting control systems is developed to improve the forensic capability for big data in critical infrastructures. The main objective of creating a cyber-forensic plan is to cover the essentials of monitoring, troubleshooting, data reconstruction, recovery, and the safety of classified information. The problem to be addressed in control rooms is the diversity and quantity of data, and for investigators, bringing together the different skill groups for managing data and device diversity. This research embraces establishing of a new digital forensic model for critical infrastructures that supports digital forensic investigators with the necessary information for conducting an advanced forensic investigation in Critical Infrastructures. The framework for investigation is presented here and elaborated. The extended work applies the framework to industry case studies and is not reported here

An Ontology-Based Forensic Analysis Tool

The analysis of forensic investigation results has generally been identified as the most complex phase of a digital forensic investigation. This phase becomes more complicated and time consuming as the storage capacity of digital devices is increasing, while at the same time the prices of those devices are decreasing. Although there are some tools and techniques that assist the investigator in the analysis of digital evidence, they do not adequately address some of the serious challenges, particularly with the time and effort required to conduct such tasks. In this paper, we consider the use of semantic web technologies and in particular the ontologies, to assist the investigator in analyzing digital evidence. A novel ontology-based framework is proposed for forensic analysis tools, which we believe has the potential to influence the development of such tools. The framework utilizes a set of ontologies to model the environment under investigation. The evidence extracted from the environment is initially annotated using the Resource Description Framework (RDF). The evidence is then merged from various sources to identify new and implicit information with the help of inference engines and classification mechanisms. In addition, we present the ongoing development of a forensic analysis tool to analyze content retrieved from Android smart phones. For this purpose, several ontologies have been created to model some concepts of the smart phone environment. Keywords: digital forensic investigation, digital forensic analysis tool, semantic web, ontology, androi

A Case-Based Reasoning Method for Locating Evidence During Digital Forensic Device Triage

The role of triage in digital forensics is disputed, with some practitioners questioning its reliability for identifying evidential data. Although successfully implemented in the field of medicine, triage has not established itself to the same degree in digital forensics. This article presents a novel approach to triage for digital forensics. Case-Based Reasoning Forensic Triager (CBR-FT) is a method for collecting and reusing past digital forensic investigation information in order to highlight likely evidential areas on a suspect operating system, thereby helping an investigator to decide where to search for evidence. The CBR-FT framework is discussed and the results of twenty test triage examinations are presented. CBR-FT has been shown to be a more effective method of triage when compared to a practitioner using a leading commercial application

IoT Forensic -- A digital investigation framework for IoT systems

Security issues, threats, and attacks in relation with the IoT have been identified as promising and challenging area of research. Eventually, the need for a forensics methodology for investigating IoT-related crime is therefore essential. However, the IoT poses many challenges for forensics investigators. These include the wide range and variety of information, the unclear lines of differentiation between networks, for example private networks increasingly fading into public networks. Further, integration of a large number of objects in IoT forensic interest, along with the relevance of identified and collected devices makes forensic of IoT devices more complicated. The scope of this paper is to present a framework for IoT forensic. We aimed at the study and development of the link to support digital investigations of IoT devices and tackle emerging challenges in digital forensics. We emphasize on various steps for digital forensic with respect to IoT devices.Comment: Paper presented at 10th International Conference on Electronics, Computers and Artificial Intelligence, , ECAI 2018 - 28-30 June 2018 - Iasi, Romani

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other