DF 2.0: Designing an automated, privacy preserving, and efficient digital forensic framework

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although it is not directly related to the performance of Digital Forensic Investigation process, preventing data privacy violations during the process is also a big challenge. The investigator gets full access to the forensic image including suspect\u27s private data which may be sensitive at times as well as entirely unrelated to the given case under investigation. With a notion that privacy preservation and completeness of investigation are contradicting to each other, the digital forensics researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a generalized approach that preserves data privacy by affecting neither the capabilities of the investigator nor the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and preserves data privacy in such a way that the overall efficiency of the digital forensic investigation process increases without affecting the integrity and admissibility of the evidence. The framework improves validation to enhance transparency in the investigation process. The framework also uses a secure logging mechanism to capture investigation steps to achieve a higher level of accountability. Since the proposed framework introduces significant enhancements to the current investigative practices more like the next version of Digital Forensics, the authors named it `Digital Forensics 2.0\u27, or DF 2.0 in short

Precognition: Automated Digital Forensic Readiness System for Mobile Computing Devices in Enterprises

Enterprises are facing an unprecedented risk of security incidents due to the influx of emerging technologies, like smartphones and wearables. Most of the current Mobile security systems are not maturing in pace with technological advances. They lack the ability to learn and adapt from the past knowledge base. In the case of a security incident, enterprises find themselves underprepared for the lack of evidence and data. The systems are not designed to be forensic ready. There is a need for automated security analysis and forensically ready solution, which can learn and continuously adapt to new challenges, improve efficiency and productivity of the system. In this research, the authors have designed a security analysis and digital forensic readiness system targeted at smartphones and wearables in an enterprise environment. The proposed system detects applications violating security policies, analyzes Android and iOS applications to identify possible vulnerabilities on the server, apply machine learning algorithms to improve the efficiency and accuracy of vulnerability prediction. The System continuously learns from past incidents, proactively collect required information from the devices which can help in digital forensics. Machine learning techniques are applied to the set of features extracted from the decompiled Mobile applications and applications classified based on consisting of one or more vulnerabilities. The system was evaluated in a real-world enterprise environment with 14151 mobile applications and vulnerabilities was predicted with an accuracy of 94.2%. The system can also work on virtual instances of the mobile devices

DF 2.0: An Automated, Privacy Preserving, and Efficient Digital Forensic Framework That Leverages Machine Learning for Evidence Prediction and Privacy Evaluation

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a comprehensive approach that preserves data privacy without affecting the capabilities of the investigator or the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and maintains data privacy of non-evidential private files. All these operations are coordinated in a way that the overall efficiency of the digital forensic investigation process increases while the integrity and admissibility of the evidence remain intact. The framework improves validation which boosts transparency in the investigation process. The framework also achieves a higher level of accountability by securely logging the investigation steps. As the proposed solution introduces notable enhancements to the current investigative practices more like the next version of Digital Forensics, the authors have named the framework `Digital Forensics 2.0\u27, or `DF 2.0\u27 in short

Analyzing Mobile Device Ads to Identify Users

Part 2: MOBILE DEVICE FORENSICSInternational audienceUser browsing behavior is tracked by search providers in order to construct activity profiles that are used to fine-tune searches and present user-specific advertisements. When a search input matches a commercial product or service offering, ads based on the previously-saved interests, likes and dislikes are displayed. The number of web searches from mobile devices has exceeded those conducted from desktops. Mobile devices are being used for critical business tasks such as e-commerce, banking transactions, video conferences, email communications and confidential data storage. Companies are moving towards mobile-app-only strategies and advertisers are displaying ads on mobile apps as well. Mobile device ads can often reveal information such as location, gender, age and other valuable data about users. This chapter describes a methodology for extracting and analyzing ads on mobile devices to retrieve user-specific information, reconstruct a user profile and predict user identity. The results show that the methodology can identify a user even if he or she uses the same device, multiple devices, different networks or follows different usage patterns. The methodology can be used to support a digital forensic readiness framework for mobile devices. Additionally, it has applications in context-based security and proactive and reactive digital forensic investigations

FORENSIC-READY SECURE iOS APPS FOR JAILBROKEN iPHONES

Part 4: MOBILE DEVICE FORENSICSInternational audienceApple iOS is one of the most popular smartphone operating systems, but it restricts the installation of apps that are not from the Apple App Store. As a result, users often jailbreak their iPhones to defeat this restriction. Jailbroken iPhones are making their way into enterprises that have a Bring Your Own Device (BYOD) policy, but these devices are often barred or restricted by mobile device management software because they pose security risks. This chapter describes the iSecureRing solution that secures mobile apps and preserves the dates and timestamps of events in order to support forensic examinations of jailbroken iPhones. An analysis of the literature reveals that iSecureRing is the first forensicready mobile app security solution for iOS applications that execute in unsecured enterprise environments