35 research outputs found
Significance of Semantic Reconciliation in Digital Forensics
Digital forensics (DF) is a growing field that is gaining popularity among many computer professionals, law enforcement agencies and other stakeholders who must always cooperate in this profession. Unfortunately, this has created an environment replete with semantic disparities within the domain that needs to be resolved and/or eliminated. For the purpose of this study, semantic disparity refers to disagreements about the meaning, interpretation, descriptions and the intended use of the same or related data and terminologies. If semantic disparity is not detected and resolved, it may lead to misunderstandings. Even worse, since the people involved may not be from the same neighbourhood, they may not be aware of the existence of the semantic disparities, and probably might not easily realize it. The aim of this paper, therefore, is to discuss semantic disparity in DF and further elaborates on how to manage it. In addition, this paper also presents the significance of semantic reconciliation in DF. Semantic reconciliation refers to reconciling the meaning (including the interpretations and descriptions) of terminologies and data used in digital forensics. Managing semantic disparities and the significance of semantic reconciliation in digital forensics constitutes the main contributions of this paper.
Keywords: Digital forensics, semantic disparity, managing semantic disparity, semantic reconciliation, significance of semantic reconciliatio
Real-time monitoring as a supplementary security component of vigilantism in modern network environments
© 2020, The Author(s). The phenomenon of network vigilantism is autonomously attributed to how anomalies and obscure activities from adversaries can be tracked in real-time. Needless to say, in todayâs dynamic, virtualized, and complex network environments, it has become undeniably necessary for network administrators, analysts as well as engineers to practice network vigilantism, on traffic as well as other network events in real-time. The reason is to understand the exact security posture of an organizationâs network environment at any given time. This is driven by the fact that modern network environments do, not only present new opportunities to organizations but also a different set of new and complex cybersecurity challenges that need to be resolved daily. The growing size, scope, complexity, and volume of networked devices in our modern network environments also makes it hard even for the most experienced network administrators to independently provide the breadth and depth of knowledge needed to oversee or diagnose complex network problems. Besides, with the growing number of Cyber Security Threats (CSTs) in the world today, many organisations have been forced to change the way they plan, develop and implement cybersecurity strategies as a way to reinforce their ability to respond to cybersecurity incidents. This paper, therefore, examines the relevance of Real-Time Monitoring (RTM) as a supplementary security component of vigilantism in modern network environments, more especially for proper planning, preparedness, and mitigation in case of a cybersecurity incident. Additionally, this paper also investigates some of the key issues and challenges surrounding the implementation of RTM for security vigilantism in our modern network environments
Adding Digital Forensic Readiness as a Security Component to the IoT Domain
The unique identities of remote sensing, monitoring, self-actuating, selfâadapting and self-configuring âthingsâ in Internet of Things (IoT) has come out as fundamental building blocks for the development of âsmart environmentsâ. This experience has begun to be felt across different IoT-based domains like healthcare, surveillance, energy systems, home appliances, industrial machines, smart grids and smart cities. These developments have, however, brought about a more complex and heterogeneous environment which is slowly becoming a home to cyber attackers. Digital Forensic Readiness (DFR) though can be employed as a mechanism for maximizing the potential use of digital evidence while minimizing the cost of conducting a digital forensic investigation process in IoT environments in case of an incidence. The problem addressed in this paper, therefore, is that at the time of writing this paper, there still exist no IoT architectures that have a DFR capability that is able to attain incident preparedness across IoT environments as a mechanism of preparing for post-event response process. It is on this premise, that the authors are proposing an architecture for incorporating DFR to IoT domain for proper planning and preparing in the case of security incidents. It is paramount to note that the DFR mechanism in IoT discussed in this paper complies with ISO/IEC 27043: 2015, 27030:2012 and 27017: 2015 international standards. It is the authorsâ opinion that the architecture is holistic and very significant in IoT forensics
Toward a general ontology for digital forensic disciplines
Ontologies are widely used in different disciplines as a technique for representing and
reasoning about domain knowledge. However, despite the widespread ontology-related research activities
and applications in different disciplines, the development of ontologies and ontology research activities are
still wanting in digital forensic disciplines.
This paper therefore presents the case for establishing an ontology for digital forensic disciplines. Such
an ontology would enable better categorisation of digital forensic disciplines, as well as help with the
development of methodologies that can offer direction in different areas of digital forensics, such as
professional specialisation, certifications, development digital forensic tools, curricula and educational
materials. In addition, the ontology presented in this paper can be used, for example, to better organise
digital forensics domain knowledge and explicitly describe the discipline's semantics in a common way.
Finally, this paper is meant to spark discussions and further research on an internationally agreed
ontological distinction of the digital forensic disciplines. Digital forensic disciplines ontology is a novel
approach towards organising the digital forensics domain knowledge and constitutes the main contribution
of this paper.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-4029hb201
Taxonomy of challenges for digital forensics
Since its inception, over a decade ago, the field of digital forensics has faced numerous
challenges. Despite different researchers and digital forensic practitioners having studied and analysed
various known digital forensic challenges, as of 2013, there still exists a need for a formal classification of
these challenges. This paper, therefore, reviews existing research literature and highlights the various
challenges that digital forensics has faced for the last ten years. In conducting this research study, however,
it was difficult for the authors to review all the existing research literature in the digital forensic domain,
hence, sampling and randomisation techniques were employed to facilitate the review of the gathered
literature. Taxonomy of the various challenges is subsequently proposed in this paper based on our review
of the literature. The taxonomy classifies the large number of digital forensic challenges into four welldefined
and easily understood categories. The proposed taxonomy can be useful, for example, in future
developments of automated digital forensic tools by explicitly describing processes and procedures that
focus on addressing specific challenges identified in this paper. However, it should also be noted that the
purpose of this paper is not to propose any solutions to the individual challenges that digital forensics face,
but to serve as a survey of the state of the art of the research area.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-40292016-07-31hb201
Digital forensic readiness intelligence crime repository
It may not always be possible to conduct a digital (forensic) investigation post-event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic-by-design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross-reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from different sources and creating a DFR repository that can be able to be shared across diverse jurisdictions among digital forensic experts and law enforcement agencies (LEAs), in the form of intelligence. To validate the approach, the study has employed a qualitative approach based on a number of metrics and an analysis of experts\u27 opinion has been incorporated. The DFRIR seeks to maximize the collection of PDE, and reducing the time needed to conduct forensic investigation (e.g., by reducing the time for learning). This study then explains how such an approach can be employed in conjunction with ISO/IEC 27043: 2015
Ontologyâdriven perspective of CFRaaS
A Cloud Forensic Readiness as a Service (CFRaaS) model allows an environment to preemptively accumulate relevant potential digital evidence (PDE) which may be needed during a postâevent response process. The benefit of applying a CFRaaS model in a cloud environment, is that, it is designed to prevent the modification/tampering of the cloud architectures or the infrastructure during the reactive process, which if it could, may end up having farâreaching implications. The authors of this article present the reactive process as a very costly exercise when the infrastructure must be reprogrammed every time the process is conducted. This may hamper successful investigation from the forensic experts and law enforcement agencies perspectives. The CFRaaS model, in its current state, has not been presented in a way that can help to classify or visualize the different types of potential evidence in all the cloud deployable models, and this may limit the expectations of what or how the required PDE may be collected. To address this problem, the article presents the CFRaaS from a holistic ontologyâdriven perspective, which allows the forensic experts to be able to apply the CFRaaS based on its simplicity of the concepts, relationship or semantics between different form of potential evidence, as well as how the security of a digital environment being investigated could be upheld. The CFRaaS in this context follows a fundamental ontology engineering approach that is based on the classical Resource Description Framework. The proposed ontologyâdriven approach to CFRaaS is, therefore, a knowledgeâbase that uses layerâdependencies, which could be an essential toolkit for digital forensic examiners and other stakeholders in cloudâsecurity. The implementation of this approach could further provide a platform to develop other knowledge base components for cloud forensics and security
Multimedia security and privacy protection in the internet of things: research developments and challenges
With the rapid growth of the internet of things (IoT), huge amounts of multimedia data are being generated from and/or exchanged through various IoT devices, systems and applications. The security and privacy of multimedia data have, however, emerged as key challenges that have the potential to impact the successful deployment of IoT devices in some data-sensitive applications. In this paper, we conduct a comprehensive survey on multimedia data security and privacy protection in the IoT. First, we classify multimedia data into different types and security levels according to application areas. Then, we analyse and discuss the existing multimedia data protection schemes in the IoT, including traditional techniques (e.g., cryptography and watermarking) and emerging technologies (e.g., blockchain and federated learning). Based on the detailed analysis on the research development of IoT-related multimedia security and privacy protection, we point out some open challenges and provide future research directions, aiming to advance the study in the relevant fields and assist researchers in gaining a deeper understanding of the state of the art on multimedia data protection in the IoT
Taxonomy for digital forensic evidence
The conference aimed at supporting and stimulating active productive research set to strengthen the technical foundations of engineers and scientists in the continent, through developing strong technical foundations and skills, leading to new small to medium enterprises within the African sub-continent. It also seeked to encourage the emergence of functionally skilled technocrats within the continent.Modern society has increased its dependencies on digital systems and computer networks in almost every area of life today. Although this dependency is good it has opened a whole new world of possibilities for criminals to exploit. This has been seen in areas where criminals are able to use existing digital systems to share information and to reinforce their hacking techniques for nefarious purposes. As a result, major potential security risks, such as malicious insiders, data loss or leakage and policy violations have now invaded our digital world with worrying trends of digital and cyber-crimes. This, therefore, has made computer based information a primary source of digital evidence in many legal matters and digital investigations. The understanding of the different types of information generated by computer systems is thus an importance aspect of any digital forensic investigation process. For this reason, this paper reviews existing digital forensic research literature and highlights the different types of digital evidence that can potentially be admissible in our courts of law today. In conducting this research study, however, it was difficult for the authors to review all the existing research literature in the digital forensic domain; hence, sampling and randomization techniques were employed to facilitate the review of the gathered literature. The taxonomy classifies a large number of Digital Forensic Evidence (DFE) into a few well-defined and easily understood categories which can be useful, for example, the future developments of digital forensic tools. In addition, the taxonomy can also be helpful to practitioners, for example, in classifying the different types of DFE that can be admissible in courts. The main contribution of this research is, therefore, to propose a taxonomy for DFE that can assist digital forensic analysts and forensic practitioners to understand the different types of evidence with ease and their applicability in different legal matters.Strathmore University; Institute of Electrical and Electronics Engineers (IEEE
Functional requirements for adding digital forensic readiness as a security component in IoT environments
For every contact made on a digital device, a trace is left behind; this means that every digital device contains some form of
electronic evidence that may be associated to the behaviour of the users in a given environment. This evidence can be used to prove or
disprove facts if a cyber-incident is detected. However, the world has seen a shift on how devices communicate and connect as a result
of increased devices and connectivity, which has led to the creation of âsmart environmentsâ where the Internet of Things (IoT) plays
a key role. Still, we can harness this proliferation of digital devices and smart environments to Digital Forensic (DF) technology which
might help to solve the puzzle of how proactive strategies can help to minimise the time and cost needed to conduct a digital
investigation. This article introduces the Functional Requirements (FRs) and processes needed when Digital Forensic Readiness
(DFR) process is employed as a security component in the IoT-based environment. The paper serves as a continuation of the initially
proposed architecture for adding DFR as a security component to IoT environment. The aspects and claims presented in this paper
can be used as basic building blocks for implementing DFR technologies that guarantee security in the IoT-based environment. It is
worth noting again that the processes that have been defined in this paper comply with the ISO/IEC 27043: 2015 International
Standard.http://ijaseit.insightsociety.orgam2018Computer Scienc