Visualizing Instant Messaging Author Writeprints for Forensic Analysis

As cybercrime continues to increase, new cyber forensics techniques are needed to combat the constant challenge of Internet anonymity. In instant messaging (IM) communications, criminals use virtual identities to hide their true identity, which hinders social accountability and facilitates cybercrime. Current instant messaging products are not addressing the anonymity and ease of impersonation over instant messaging. It is necessary to have IM cyber forensics techniques to assist in identifying cyber criminals as part of the criminal investigation. Instant messaging behavioral biometrics include online writing habits, which may be used to create an author writeprint to assist in identifying an author of a set of instant messages. The writeprint is a digital fingerprint that represents an author’s distinguishing stylometric features that occur in his/her computer-mediated communications. Writeprints can provide cybercrime investigators a unique tool for analyzing IMassisted cybercrimes. The analysis of IM author writeprints in this paper provides a foundation for using behavioral biometrics as a cyber forensics element of criminal investigations. This paper demonstrates a method to create and analyze behavioral biometrics-based instant messaging writeprints as cyber forensics input for cybercrime investigations. The research uses the Principal Component Analysis (PCA) statistical method to analyze IM conversation logs from two distinct data sets to visualize authorship identification. Keywords: writeprints, authorship attribution, authorship identification, principal component analysi

Steganalysis: A Steganography Intrusion Detection System

Steganography is the art of information hiding. In today’s digital age messages can be hidden in images, sound files, text, and other digital objects. To a casual observer, these messages are invisible. The use of steganography on public networks, such as the Internet, is unknown due to its stealthy nature. Unless it is being actively looked for, one would not know that it is there. For example, pop-up ads, photos on Ebay, and other recreational sites, all have the potential of containing hidden messages. Although some groups have taken on the vast responsibility of searching large web sites and news group areas for potential steganographic images, this is not something an average organization would do. Most organizations can and do, however, monitor network traffic that is entering and exiting the local area network. This paper presents a detection framework that includes tools to detect, retrieve, and analyze images for steganographic content as they enter and exit a monitored network. The framework is comprised of the Steg_IDS engine that operates in the UNIX environment. Steg_IDS combines both custom written and third party software and processes to deliver a purpose-built steganography intrusion detection system. 1