On a Distributed Approach for Density-based Clustering

Efficient extraction of useful knowledge from these data is still a challenge, mainly when the data is distributed, heterogeneous and of different quality depending on its corresponding local infrastructure. To reduce the overhead cost, most of the existing distributed clustering approaches generate global models by aggregating local results obtained on each individual node. The complexity and quality of solutions depend highly on the quality of the aggregation. In this respect, we proposed for distributed density-based clustering that both reduces the communication overheads due to the data exchange and improves the quality of the global models by considering the shapes of local clusters. From preliminary results we show that this algorithm is very promising

MapExif: an image scanning and mapping tool for investigators

Recently, the integration of geographical coordinates into a picture has become more and more popular. Indeed almost all smartphones and many cameras today have a built-in GPS receiver that stores the location information in the Exif header when a picture is taken. Although the automatic embedding of geotags in pictures is often ignored by smart phone users as it can lead to endless discussions about privacy implications, these geotags could be really useful for investigators in analysing criminal activity. Currently, there are many free tools as well as commercial tools available in the market that can help computer forensics investigators to cover a wide range of geographic information related to criminal scenes or activities. However, there are not specific forensic tools available to deal with the geolocation of pictures taken by smart phones or cameras. In this paper, we propose and develop an image scanning and mapping tool for investigators. This tool scans all the files in a given directory and then displays particular photos based on optional filters (date, time, device, localisation) on Google Map. The file scanning process is not based on the file extension but its header. This tool can also show efficiently to users if there is more than one image on the map with the same GPS coordinates, or even if there are images with no GPS coordinates taken by the same device in the same timeline. Moreover, this new tool is portable; investigators can run it on any operating system without any installation. Another useful feature is to be able to work in a read-only environment, so that forensic results will not be modified. We also present and evaluate this tool real world application in this paper

A Survey of Electromagnetic Side-Channel Attacks and Discussion on their Case-Progressing Potential for Digital Forensics

The increasing prevalence of Internet of Things (IoT) devices has made it inevitable that their pertinence to digital forensic investigations will increase into the foreseeable future. These devices produced by various vendors often posses limited standard interfaces for communication, such as USB ports or WiFi/Bluetooth wireless interfaces. Meanwhile, with an increasing mainstream focus on the security and privacy of user data, built-in encryption is becoming commonplace in consumer-level computing devices, and IoT devices are no exception. Under these circumstances, a significant challenge is presented to digital forensic investigations where data from IoT devices needs to be analysed. This work explores the electromagnetic (EM) side-channel analysis literature for the purpose of assisting digital forensic investigations on IoT devices. EM side-channel analysis is a technique where unintentional electromagnetic emissions are used for eavesdropping on the operations and data handling of computing devices. The non-intrusive nature of EM side-channel approaches makes it a viable option to assist digital forensic investigations as these attacks require, and must result in, no modification to the target device. The literature on various EM side-channel analysis attack techniques are discussed - selected on the basis of their applicability in IoT device investigation scenarios. The insight gained from the background study is used to identify promising future applications of the technique for digital forensic analysis on IoT devices - potentially progressing a wide variety of currently hindered digital investigations.Comment: Digital Investigation (2019

Leveraging Electromagnetic Side-Channel Analysis for the Investigation of IoT Devices

Internet of Things (IoT) devices have expanded the horizon of digital forensic investigations by providing a rich set of new evidence sources. IoT devices includes health implants, sports wearables, smart burglary alarms, smart thermostats, smart electrical appliances, and many more. Digital evidence from these IoT devices is often extracted from third party sources, e.g., paired smartphone applications or the devices' back-end cloud services. However vital digital evidence can still reside solely on the IoT device itself. The specifics of the IoT device's hardware is a black-box in many cases due to the lack of proven, established techniques to inspect IoT devices. This paper presents a novel methodology to inspect the internal software activities of IoT devices through their electromagnetic radiation emissions during live device investigation. When a running IoT device is identified at a crime scene, forensically important software activities can be revealed through an electromagnetic side-channel analysis (EM-SCA) attack. By using two representative IoT hardware platforms, this work demonstrates that cryptographic algorithms running on high-end IoT devices can be detected with over 82% accuracy, while minor software code differences in low-end IoT devices could be detected over 90% accuracy using a neural network-based classifier. Furthermore, it was experimentally demonstrated that malicious modification of the stock firmware of an IoT device can be detected through machine learning-assisted EM-SCA techniques. These techniques provide a new investigative vector for digital forensic investigators to inspect IoT devices.Comment: Digital Investigation, 201

Identifying interception possibilities for WhatsApp communication

On a daily basis, law enforcement officers struggle with suspects using mobile communication applications for criminal activities. These mobile applications replaced SMS-messaging and evolved the last few years from plain-text data transmission and storage to an encrypted version. Regardless of the benefits for all law abiding citizens, this is considered to be the downside for criminal investigations. Normal smartphone, computer or network investigations do no longer provide the contents of the communication in real-time when suspects are using apps like WhatsApp, Signal or Telegram. Among them, WhatsApp is one of the most common smartphone applications for communication, both criminal as well as legal activities. Early 2016 WhatsApp introduced end-to-end encryption for all users, immediately keeping law enforcement officers around the world in the dark. Existing research to recuperate the position of law enforcement is limited to a single field of investigation and often limited to post mortem research on smartphone or computer while wiretapping is limited to metadata information. Therefore, it provides only historical data or metadata while law enforcement officers want a continuous stream of live and substantive information. This paper identified that gap in available scenarios for law enforcement investigations and identified a gap in methods available for forensic acquiring and processing these scenarios. In this paper, we propose a forensic approach to create real-time insight in the WhatsApp communication. Our approach is based on the wiretapping, decrypting WhatsApp databases, open source intelligence and WhatsApp Web communication analysis. We also evaluate our method with different scenarios in WhatsApp forensics to prove its feasibility and efficiency

Admire framework: Distributed data mining on data grid platforms

In this paper, we present the ADMIRE architecture; a new framework for developing novel and innovative data mining techniques to deal with very large and distributed heterogeneous datasets in both commercial and academic applications. The main ADMIRE components are detailed as well as its interfaces allowing the user to efficiently develop and implement their data mining applications techniques on a Grid platform such as Globus ToolKit, DGET, etc

Toward a Distributed Knowledge Discovery system for Grid systems

During the last decade or so, we have had a deluge of data from not only science fields but also industry and commerce fields. Although the amount of data available to us is constantly increasing, our ability to process it becomes more and more difficult. Efficient discovery of useful knowledge from these datasets is therefore becoming a challenge and a massive economic need. This led to the need of developing large-scale data mining (DM) techniques to deal with these huge datasets either from science or economic applications. In this chapter, we present a new DDM system combining dataset-driven and architecture-driven strategies. Data-driven strategies will consider the size and heterogeneity of the data, while architecture driven will focus on the distribution of the datasets. This system is based on a Grid middleware tools that integrate appropriate large data manipulation operations. Therefore, this allows more dynamicity and autonomicity during the mining, integrating and processing phase

Forensic Analysis of TomTom Navigation Application

In the forensic field of digital technology, there has been a great deal of investigation into the decoding of navigation systems of the brand TomTom. As TomTom is the market leader in navigation systems, a large number of these devices are investigated. These devices can hold an abundance of significant location information. Currently, it is possible with the use of multiple methods to make physical copies of mobile devices running Android. The next great forensic problem is all the various programs that can be installed on these devices. There is now an application available from the company TomTom in the Google Play Store. This application mimics a navigation system on your Android mobile device. Indeed, the TomTom application on Android can hold a great deal of information. In this paper, we present a process of forensic acquisition and analysis of the TomTom Android application. We focus on the following questions: Is there a possibility to find previously driven routes or GPS coordinates with timestamps in the memory of the mobile device? To investigate what is stored in these files, driving tests were performed. During these driving tests a copy was made of the most important file using a self-written program. The significant files were found and the data in these files was decoded. We show and analyse our results with Samsung mobile devices. We compare also these results with forensic acquisition from TomTom GPS devices

Grid-based Approaches for Distributed Data Mining Applications

The data mining field is an important source of large-scale applications and datasets which are getting more and more common. In this paper, we present grid-based approaches for two basic data mining applications, and a performance evaluation on an experimental grid environment that provides interesting monitoring capabilities and configuration tools. We propose a new distributed clustering approach and a distributed frequent itemsets generation well-adapted for grid environments. Performance evaluation is done using the Condor system and its workflow manager DAGMan. We also compare this performance analysis to a simple analytical model to evaluate the overheads related to the workflow engine and the underlying grid system. This will specifically show that realistic performance expectations are currently difficult to achieve on the grid

Forensic Analysis of the exFAT artefacts

Although keeping some basic concepts inherited from FAT32, the exFAT file system introduces many differences, such as the new mapping scheme of directory entries. The combination of exFAT mapping scheme with the allocation of bitmap files and the use of FAT leads to new forensic possibilities. The recovery of deleted files, including fragmented ones and carving becomes more accurate compared with former forensic processes. Nowadays, the accurate and sound forensic analysis is more than ever needed, as there is a high risk of erroneous interpretation. Indeed, most of the related work in the literature on exFAT structure and forensics, is mainly based on reverse engineering research, and only few of them cover the forensic interpretation. In this paper, we propose a new methodology using of exFAT file systems features to improve the interpretation of inactive entries by using bitmap file analysis and recover the file system metadata information for carved files. Experimental results show how our approach improves the forensic interpretation accuracy