1,797 research outputs found
Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive
With the volume of digital forensic evidence rapidly increasing, this paper proposes a data reduction and data mining framework that incorporates a process of reducing data volume by focusing on a subset of information.
Foreword
The volume of digital forensic evidence is rapidly increasing, leading to large backlogs. In this paper, a Digital Forensic Data Reduction and Data Mining Framework is proposed. Initial research with sample data from South Australia Police Electronic Crime Section and Digital Corpora Forensic Images using the proposed framework resulted in significant reduction in the storage requirements—the reduced subset is only 0.196 percent and 0.75 percent respectively of the original data volume. The framework outlined is not suggested to replace full analysis, but serves to provide a rapid triage, collection, intelligence analysis, review and storage methodology to support the various stages of digital forensic examinations. Agencies that can undertake rapid assessment of seized data can more effectively target specific criminal matters. The framework may also provide a greater potential intelligence gain from analysis of current and historical data in a timely manner, and the ability to undertake research of trends over time
Digital evidence bags
This thesis analyses the traditional approach and methodology used to conduct
digital forensic information capture, analysis and investigation. The predominant
toolsets and utilities that are used and the features that they provide are reviewed.
This is used to highlight the difficulties that are encountered due to both
technological advances and the methodologies employed. It is suggested that these
difficulties are compounded by the archaic methods and proprietary formats that are
used.
An alternative framework for the capture and storage of information used in digital
forensics is defined named the `Digital Evidence Bag' (DEB). A DEB is a universal
extensible container for the storage of digital information acquired from any digital
source. The format of which can be manipulated to meet the requirements of the
particular information that is to be stored. The format definition is extensible thereby
allowing it to encompass new sources of data, cryptographic and compression
algorithms and protocols as developed, whilst also providing the flexibility for some
degree of backwards compatibility as the format develops.
The DEB framework utilises terminology to define its various components that are
analogous with evidence bags, tags and seals used for traditional physical evidence
storage and continuity. This is crucial for ensuring that the functionality provided by
each component is comprehensible by the general public, judiciary and law
enforcement personnel without detracting or obscuring the evidential information
contained within.
Furthermore, information can be acquired from a dynamic or more traditional static
environment and from a disparate range of digital devices. The flexibility of the DEB
framework permits selective and/or intelligent acquisition methods to be employed
together with enhanced provenance and continuity audit trails to be recorded.
Evidential integrity is assured using accepted cryptographic techniques and
algorithms.
The DEB framework is implemented in a number of tool demonstrators and applied
to a number of typical scenarios that illustrate the flexibility of the DEB framework
and format.
The DEB framework has also formed the basis of a patent application
A Conceptual Framework on Digital Forensics Readiness for Criminals Tracking: Data Reduction Modalities
The ever-growing threats of fraud and security incidents present many challenges to law enforcement and organizations across the globe. The volume of digital forensic evidence is rapidly increasing, leading to large backlogs. However, Digital Forensic Data Reduction and Data Mining Framework is proposed. The framework outlined is not suggested to replace full analysis, but serves to provide a rapid triage, collection, intelligence analysis, and review and storage methodology to support the various stages of digital forensic examinations. This study contributes to the greater body of knowledge on the design and implementation of a digital forensic readiness programme, aimed at maximizing the use of digital evidence in an organization
DOI: 10.17762/ijritcc2321-8169.15082
Protecting digital legal professional privilege LPP data
The Best Paper AwardTo enable free communication between legal advisor and his client for proper functioning of the legal system, certain documents, known as Legal professional privilege (LPP) documents, can be excluded as evidence for prosecution. In physical world, protection of LPP information is well addressed and proper procedure for handling LPP articles has been established. However, there does not exist a forensically sound procedure for protecting 'digital' LPP information. In this paper, we try to address this important, but rarely addressed, issue. We point out the difficulties of handling digital LPP data and discuss the shortcomings of the current practices, then we propose a feasible procedure for solving this problem. © 2008 IEEE.published_or_final_versionThe 3rd International Workshop on Systematic Approaches to Digital Forensic Engineering (IEEE/SADFE 2008), Oakland, CA., 22 May 2008. In Proceedings of the 3rd SADFE, 2008, p. 91-10
An Ontology-Based Transformation Model for the Digital Forensics Domain
The creation of an ontology makes it possible to form common information structures, to reuse knowledge, to make assumptions within a domain and to analyse every piece of knowledge. In this paper, we aim to create an ontologybased transformation model and a framework to develop an ontology-based transformation system in the digital forensics domain. We describe the architecture of the ontology-based transformation system and its components for assisting computer forensics experts in the appropriate selection of tools for digital evidence investigation. We consider the use of the attributes of Extensible Markup Language document transformation to map the computer forensics ontology and we use the representations in the National Institute of Standards and Technology's "Computer Forensics Tool Catalog" for aligning one form with the other
Digital Evidence Bag Selection for P2P Network Investigation
The collection and handling of court admissible evidence is a fundamental component of any digital forensic investigation. While the procedures for handling digital evidence take much of their influence from the established policies for the collection of physical evidence, due to the obvious differences in dealing with non-physical evidence, a number of extra policies and procedures are required. This paper compares and contrasts some of the existing digital evidence formats or “bags” and analyses them for their compatibility with evidence gathered from a network source. A new digital extended evidence bag is proposed to specifically deal with evidence gathered from P2P networks, incorporating the network byte stream and on-the-fly metadata generation to aid in expedited identification and analysis
Maintaining hard disk integrity with digital legal professional privilege (LPP) data
published_or_final_versio
An Ontology-Based Forensic Analysis Tool
The analysis of forensic investigation results has generally been identified as the most complex phase of a digital forensic investigation. This phase becomes more complicated and time consuming as the storage capacity of digital devices is increasing, while at the same time the prices of those devices are decreasing. Although there are some tools and techniques that assist the investigator in the analysis of digital evidence, they do not adequately address some of the serious challenges, particularly with the time and effort required to conduct such tasks. In this paper, we consider the use of semantic web technologies and in particular the ontologies, to assist the investigator in analyzing digital evidence. A novel ontology-based framework is proposed for forensic analysis tools, which we believe has the potential to influence the development of such tools. The framework utilizes a set of ontologies to model the environment under investigation. The evidence extracted from the environment is initially annotated using the Resource Description Framework (RDF). The evidence is then merged from various sources to identify new and implicit information with the help of inference engines and classification mechanisms. In addition, we present the ongoing development of a forensic analysis tool to analyze content retrieved from Android smart phones. For this purpose, several ontologies have been created to model some concepts of the smart phone environment.
Keywords: digital forensic investigation, digital forensic analysis tool, semantic web, ontology, androi
- …