Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments

© 2020 The Author(s) Machine learning has been shown as a promising approach to mine larger datasets, such as those that comprise data from a broad range of Internet of Things devices, across complex environment(s) to solve different problems. This paper surveys existing literature on the potential of using supervised classical machine learning techniques, such as K-Nearest Neigbour, Support Vector Machines, Naive Bayes and Random Forest algorithms, in performing live digital forensics for different IoT configurations. There are also a number of challenges associated with the use of machine learning techniques, as discussed in this paper

CDBFIP: Common Database Forensic Investigation Processes for Internet of Things

Database forensics is a domain that uses database content and metadata to reveal malicious activities on database systems in an Internet of Things environment. Although the concept of database forensics has been around for a while, the investigation of cybercrime activities and cyber breaches in an Internet of Things environment would benefit from the development of a common investigative standard that unifies the knowledge in the domain. Therefore, this paper proposes common database forensic investigation processes using a design science research approach. The proposed process comprises four phases, namely: 1) identification; 2) artefact collection; 3) artefact analysis; and 4) the documentation and presentation process. It allows the reconciliation of the concepts and terminologies of all common database forensic investigation processes; hence, it facilitates the sharing of knowledge on database forensic investigation among domain newcomers, users, and practitioners

Face Validation of Database Forensic Investigation Metamodel

Using a face validity approach, this paper provides a validation of the Database Forensic Investigation Metamodel (DBFIM). The DBFIM was developed to solve interoperability, heterogeneity, complexity, and ambiguity in the database forensic investigation (DBFI) field, where severalmodels were identified, collected, and reviewed to develop DBFIM. However, the developedDBFIM lacked the face validity-based approach that could ensure DBFIM’s applicability in the DBFIfield. The completeness, usefulness, and logic of the developed DBFIM needed to be validated byexperts. Therefore, the objective of this paper is to perform the validation of the developed DBFIMusing the qualitative face validity approach. The face validity method is a common way of validating metamodels through subject expert inquiry on the domain application of the metamodel to assess whether the metamodel is reasonable and compatible based on the outcomes. For this purpose,six experts were nominated and selected to validate the developed DBFIM. From the expert review,the developed DBFIM was found to be complete, coherent, logical, scalable, interoperable, and useful for the DBFI field.

Towards adapting metamodelling technique for database forensics investigation domain

Threats which come from database insiders or database outsiders have formed a big challenge to the protection of integrity and confidentiality in many database systems. To overcome this situation a new domain called a Database Forensic (DBF) has been introduced to specifically investigate these dynamic threats which have posed many problems in Database Management Systems (DBMS) of many organizations. DBF is a process to identify, collect, preserve, analyse, reconstruct and document all digital evidences caused by this challenge. However, until today, this domain is still lacks having a standard and generic knowledge base for its forensic investigation methods / tools due to many issues and challenges in its complex processes. Therefore, this paper will reveal an approach adapted from a software engineering domain called metamodelling which will unify these DBF complex knowledge processes into an artifact, a metamodel (DBF Metamodel). In future, the DBF Metamodel could benefit many DBF investigation users such as database investigators, stockholders, and other forensic teams in offering various possible solutions for their problem domain

Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field

For every contact that is made in a database, a digital trace will potentially be left and most of the database breaches are mostly aimed at defeating the major security goals (Confidentiality, Integrity, and Authenticity) of data that reside in the database. In order to prove/refute a fact during litigation, it is important to identify suitable investigation techniques that can be used to link a potential incident/suspect to the digital crime. As a result, this paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field. While developing the IIRM, design science methodology has been adapted and the outcome of this study has shown significant and promising approaches that could be leveraged by digital forensic experts, legal practitioners and law enforcement agencies. This is owing to the fact, that IIRM construction has followed incident investigation principles that are stipulated in ISO guidelines

Realising a Push Button Modality for Video-Based Forensics

Complexity and sophistication among multimedia-based tools have made it easy for perpetrators to conduct digital crimes such as counterfeiting, modification, and alteration without being detected. It may not be easy to verify the integrity of video content that, for example, has been manipulated digitally. To address this perennial investigative challenge, this paper proposes the integration of a forensically sound push button forensic modality (PBFM) model for the investigation of the MP4 video file format as a step towards automated video forensic investigation. An open-source multimedia forensic tool was developed based on the proposed PBFM model. A comprehensive evaluation of the efficiency of the tool against file alteration showed that the tool was capable of identifying falsified files, which satisfied the underlying assertion of the PBFM model. Furthermore, the outcome can be used as a complementary process for enhancing the evidence admissibility of MP4 video for forensic investigation.Validerad;2021;Nivå 2;2021-04-12 (alebob)</p

Research Challenges and Opportunities in Drone Forensics Models

The emergence of unmanned aerial vehicles (also referred to as drones) has transformed the digital landscape of surveillance and supply chain logistics, especially in terrains where such was previously deemed unattainable. Moreover, the adoption of drones has further led to the proliferation of diverse drone types and drone-related criminality, which has introduced a myriad of security and forensics-related concerns. As a step towards understanding the state-of-the-art research into these challenges and potential approaches to mitigation, this study provides a detailed review of existing digital forensic models using the Design Science Research method. The outcome of this study generated in-depth knowledge of the research challenges and opportunities through which an effective investigation can be carried out on drone-related incidents. Furthermore, a potential generic investigation model has been proposed. The findings presented in this study are essentially relevant to forensic researchers and practitioners towards a guided methodology for drone-related event investigation. Ultimately, it is important to mention that this study presents a background for the development of international standardization for drone forensics.Validerad;2021;Nivå 2;2021-06-28 (alebob)</p

A Review of Mobile Forensic Investigation Process Models

Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for investigation

Forecasting and Trading of the Stable Cryptocurrencies With Machine Learning and Deep Learning Algorithms for Market Conditions

The digital market trend is rapidly expanding due to key characteristics like decentralization, accessibility, and market diversity enabled by blockchain technology. This study proposes a Predictive Analytics System to provide simplified reporting for the three most popular cryptocurrencies with varying digits, namely ADA Cardano, Ethereum, and Binance coin, for ten days to contribute to this emerging technology. Thus, this proposed system employs a data science-based framework and six highly advanced data-driven Machine learning and Deep learning algorithms: Support Vector Regressor, Auto-Regressive Integrated Moving Average (ARIMA), Facebook Prophet, Unidirectional LSTM, Bidirectional LSTM, Stacked LSTM. Moreover, the research experiments are repeated several times to achieve the best results by employing hyperparameter tuning of each algorithm. This involves selecting an appropriate kernel and suitable data normalization technique for SVR, determining ARIMA&#x2019;s (p, d, q) values, and optimizing the loss function values, number of neurons, hidden layers, and epochs in LSTM models. For the model validation, we utilize widely used evaluation techniques: Mean Absolute Error, Root Mean Squared Error, Mean Absolute Percentage Error, and R-squared. Results demonstrate that ARIMA outperforms the other models in all cases, accurately projecting the price variability within the actual price range. Conversely, Facebook Prophet exhibits good performance to some extent. The paper suggests that the ARIMA technique offers practical implications for market analysts, enabling them to make well-informed decisions based on accurate price projections

Quantifying the need for supervised machine learning in conducting liveforensic analysis of emergent configurations (ECO) in IoT environments

Machine learning has been shown as a promising approach to mine larger datasets, such as those that comprise datafrom a broad range of Internet of Things devices, across complex environment(s) to solve different problems. Thispaper surveys existing literature on the potential of using supervised classical machine learning techniques, such asK-Nearest Neigbour, Support Vector Machines, Naive Bayes and Random Forest algorithms, in performing livedigital forensics for different IoT configurations. There are also a number of challenges associated with the use ofmachine learning techniques, as discussed in this paper