Science topic

Digital Forensics - Science topic

Explore the latest questions and answers in Digital Forensics, and find Digital Forensics experts.
Questions related to Digital Forensics
  • asked a question related to Digital Forensics
Question
2 answers
Any research update on Mobile (Android) Deduplication from forensic perspective?
Relevant answer
Answer
  • asked a question related to Digital Forensics
Question
3 answers
I am offering M.Sc. Cybersecurity and Digital Forensics, any help on thesis topics
Relevant answer
Answer
Dear Albert,
As part of the issues of cybersecurity and digital forensics, I propose the following topic for the thesis: Analysis of the impact of the increase in the development of e-commerce, e-banking, e-logistics, e-government, etc. recorded during the SARS-CoV-2 (Covid-19) coronavirus pandemic. on the development of cybercrime, including the development of specific techniques of cybercriminal practice, such as the development of various forms of fake mailing, phishing techniques, sending malware and ransomware viruses in e-mails. I described the key determinants of this issue in several of my publications on this Research Gate portal. I invite you to cooperate on this issue.
Best regards,
Dariusz
  • asked a question related to Digital Forensics
Question
8 answers
I am looking for a research papers in Challenges to digital forensics
Relevant answer
Answer
See the following useful RG link : https://onlinelibrary.wiley.com/journal/15564029
  • asked a question related to Digital Forensics
Question
4 answers
Dear Research Gate Community,
I'm finally able to publish my dissertation paper and I'm keen to find the right place to publish it. My old university has just given me permission to publish it online.
First I looked at arXiv however it requires you to have someone who can endorse you for your subject area (My supervisor has now left the University that I originally did my studies at so I'm not expecting to be able to get the endorsement.)
Ideally I'm looking for an open access journal for Digital Forensics and one that accepts submissions in a PDF format.
Another part of me has considered just posting the paper up on my own website however it would be nice to have it in an open journal.
Any tips, tricks or information will be greatly appreicated.
Thank you for your time!
Oliver
Relevant answer
Answer
By "disssertation paper", do you mean your entire thesis as submitted for your degree? For most journals, it would be too long to submit as is, and would most likely require significant reformatting and rewriting. Also, papers in your field have a short lifespan so "old" may be too old. Tong Wu 's preprint archiving suggestion is best if you don't want to rework the thesis.
  • asked a question related to Digital Forensics
Question
3 answers
Please I am looking for a document listing technical artefacts used as evidence in digital forensics classified according to their evidential strength. Example IP address could be spoofed so it is a weak evidence, malware code similarity is a strong evidence etc.
Relevant answer
Answer
Insofar the strength of a digital evidence based on the ability to demonstrate the legal authorisation to obtain it, its authenticity, relevancy, reliability and integrity. Even when there is a reasonable doubt regarding the reliability of digital evidence, this does not necessarily make it inadmissible, but will reduce the amount of weight it is given by the court.
Case in point, United States v. Tank, although the defendant argued that the authenticity and relevance of the digital evidence was not adequately established, the prosecution used a number of witnesses to establish that the logs were authentic. Once a digital evidence is admitted, its reliability is assessed to determine its probative value. "In several cases, attorneys have argued that digital evidence was untrustworthy simply because there was a theoretical possibility that it could have been altered or fabricated. However, as judges become more familiar with digital evidence, they are requiring evidence to support claims of untrustworthiness."
notes:
i) Albert Antwi-Boasiako, Hein Venter. A Model for Digital Evidence Admissibility Assessment. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.23-38, ff10.1007/978-3-319-67208-3_2ff. ffhal-01716394
ii) Digital Evidence and Computer Crime, Second Edition 7.2 Authenticity and Reliability
  • asked a question related to Digital Forensics
Question
11 answers
recent hot area of research in the field of cyber forensics
Relevant answer
Answer
Below I briefly described the issues related to cybercrime and cybersecurity, which I researched and described in scientific publications that are available on the Research Gate portal. Over the past few years, the scale of cybercrime attacks on the IT systems of various institutions, including government institutions, on the databases of social media portals, on the ICT systems of banks, on electronic banking systems has been growing. Cybercriminals are increasingly attacking mobile online banking systems made available to Internet users and bank customers through mobile devices, mainly via smartphones. Research shows that the scale of cybercrime attacks on the IT systems of banks, institutions, etc. using social engineering combined with perfidiously created malicious software such as ransomware, i.e. encrypting access to data on disks or redirecting users to fake websites of banks and institutions on the Internet to phishing personal data, access passwords to electronic banking accounts and, as a result, to steal money. For several years, many mailbox users have appeared strange emails of unknown origin, which are sent as spam from private other email accounts or others with false information. Attachments containing false information are attached to many of these suspicious emails, usually sent by cybercriminals and hackers. Attachments are usually of the WORD * .doc document type, the Acrobat Reader * .pdf format, image files or other formats, and often contain Ransomware-type viruses. These are very dangerous viruses that encrypt access to a computer's disk. In addition, cyber criminals are increasingly using mailboxes set up on the e-mail portal to send infected e-mails to subsequent Internet users by generating fake emails so that they look like a specific user of the mailbox would send e-mails prepared by cybercriminals to their friends. These types of cybercrime techniques are becoming more common. Why are Internet technology companies that dominate the market and offer e-mail services do not improve the security of e-mail communication systems using e-mail boxes to significantly reduce cybercriminals' activity harmful to citizens? This question is still valid. On the other hand, internet banks and technology internet companies, technology fintechs are constantly improving cyber security techniques. The development of Business Intelligence business intelligence, Blockchain technology, data analysis in Big Data database systems, artificial intelligence to track movements and attacks made by cybercriminals, for prognostic analyzes, etc. can be helpful in the process of improving IT systems risk management. Therefore, the skilful and efficient use of data science technology can be helpful in combating cybercrime, but it all depends on how these technologies will be used and, as a consequence, who will win in the following years in this IT, information "arms race". I conduct research in this area. Conclusions from the research I published in scientific publications that are available on the Research Gate website. I invite you to scientific cooperation.
Greetings,
Dariusz Prokopowicz
  • asked a question related to Digital Forensics
Question
5 answers
Smartphones are fast becoming an ubiquitous device used throughout the day to undertake a variety of activities which may have been traditionally completed using a PC. What are the implications in the rise of smartphones for forensic practitioners?
Relevant answer
Answer
Hi Osama, I am also working on this topic as you did before. I just want to know that what can be implications with the rise of smartphones
  • asked a question related to Digital Forensics
Question
6 answers
what are the current hot topics for research in digital forensics for PHD?
Relevant answer
Answer
  • asked a question related to Digital Forensics
Question
3 answers
I need to extract some features from the temporal domain for digital video analyzing
Relevant answer
Answer
Derivatives, moments, or polynomial coefficients?
  • asked a question related to Digital Forensics
Question
4 answers
can reversible data hiding in encrypted images be carried out in digital forensics? what are the future researches that can be done on reversible data hiding for increasing the embedding capacity
Relevant answer
Answer
Yes, you can. Many literature does it.
[1] Abboud, George, Jeffrey Marean, and Roman V. Yampolskiy. "Steganography and visual cryptography in computer forensics." 2010 Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering. IEEE, 2010.
[2] Abboud, George, Jeffrey Marean, and Roman V. Yampolskiy. "Steganography and visual cryptography in computer forensics." 2010 Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering. IEEE, 2010.
  • asked a question related to Digital Forensics
Question
2 answers
Because a mobile device forensics has become a significant part of digital forensics. I am looking for Important parts of a device which used in the digital forensics.
Relevant answer
Answer
The most important is the eMMC memory chip. Often the data is also stored in external media, usually microSD. Mobile devices are often also doors that allow access to user's cloud resources. Familiarize yourself with the materials on the websites: https://rusolut.com/ https://www.cellebrite.com/en/products/ufed-ultimate/ There is a lot of marketing in it, but do not expect that you can find a lot of technical data, especially those related to data security on these devices in open access.
  • asked a question related to Digital Forensics
Question
5 answers
Possibly on some techniques or methodologies in analysis of forensic sources of data
Relevant answer
Answer
One author recommended in this area is Eoghan Casey. Other authors are Dan Farmer and Wietse Venema. They talk about various aspects of computer forensics.
  • asked a question related to Digital Forensics
Question
5 answers
Talking about a multi-platform digital forensic software that supports computer and smartphones, including tablets.
Relevant answer
Answer
It depends on what are you looking for, commercial or open source. However, here is a wiki list that contains both categories with a brief description for each software/tool.
  • asked a question related to Digital Forensics
Question
3 answers
I need the database of digital crimes committed especially for cases already established may be in a court of law.
Relevant answer
Answer
You might be also interested in the IoT Forensics Challenge provided by DFRWS. Have a look here.
  • asked a question related to Digital Forensics
Question
7 answers
what are the various forensic tool kits, i want to generate reports from them is there any which works effectively, or how to know more about Forenic Tool Kits are they freeware's , how much reliable are they.
Relevant answer
Answer
Dibakar,
This is not a definitional issue but an operational and practical one. In my experience courts are skeptical of network traces and give more weight to dead system forensics ( electronic discovery and malware forensics have different requirements and in my case the focus is on electronic discovery).
In my view more emphasis is needed to do procedures on VM image acquisitions such as novel procedures on hashing temporal variations of the VM, validating integrity of host against escaping/jail breaking (without access to the underlying machine), minimization of impact of image acquisition through the VM OS, etc. Each provider and service provides different levels of access to the platform and procedures should be flexible enough to provide the necessary information and integrity to stand up to scrutiny.
Network forensics is very lacking in integrity procedures such as built in hashing of network traces, cross validation procedures against spoofing , etc.  Tying the trace to the machine to the user is extremely difficult to show in court without additional evidence that lies outside network forensics and this should be the focus in my view
  • asked a question related to Digital Forensics
Question
15 answers
Relevant answer
Answer
There are many tools  are available esp for Ransomware virus.
Trend Micro has released a Ransomware File Decryptor tool to attempt to decrypt files encrypted by the various ransomware families.
TeslaCrypt V1
AutoLocky
BadBlock
Stampado
Kaspersky's RakhniDecryptor tool is also designed to decrypt such files
  • asked a question related to Digital Forensics
Question
4 answers
We need a documentation about EXT4 file system in Android mobile for digital forensics?
Relevant answer
Answer
Try this method : https://www.cyberciti.biz/tips/linux-ext3-ext4-deleted-files-recovery-howto.html A straight hex editor is just going to be hard work as you need to parse the journal to locate the file fragments post-deletion.
  • asked a question related to Digital Forensics
Question
4 answers
is the topic a future topic what are the resources from where one can get an updated information about cloud forensic what what is the current research going on in it
Relevant answer
Answer
its a fantastic work dr.min especially for the freshers into CLOUD..CONGRATULATIONS
  • asked a question related to Digital Forensics
Question
7 answers
resources and tools
Relevant answer
Answer
Hi Khaja
Start by doing a Google Book search on cloud forensics. You will be able to access many books, some of which you will be able to read for free. Check also the major cloud forensic conferences for suitable cloud forensic papers.
I have added a list of papers from a broad range of diciplines that you can get access to to see how forensics are viewed across disciplines.
Digital forensics are challenging, but cloud brings much more difficulty to forensic investigations, introducing special technical complexities to the equation.
I hope that will get you started.
Regards
Bob
  • asked a question related to Digital Forensics
Question
3 answers
We all or some of us have an idea of the capabilities of Zeus which is still commercial as we speak. Zeus has managed to steal a lot of millions of $$ and a pretty good amount of personal information through the herders. Why is the pace of stopping Zeus or take down so slow? I know the binaries keep changing each day. Nevertheless, can we attribute that the anti-forensics techniques are still far much ahead of the available digital forensic tools?Other than EnCase and other major FTKs, what can stop this mess once and for all? 
Relevant answer
Answer
The problem with takedowns of botnet command and control servers is partially a legal issue, since some internet service providers in some countries do not respond to such requests. Some of these may even profit from being a safe haven for cyber crime. It is also very much harder to stop the growth of a botnet than to grow one, since it is opportunistic and may only need one exploitable vulnerability to successfully infect new hosts, whereas to protect against such attacks all vulnerabilities must be covered. I do not think the sofistication of the attack tools is to blame, it is more the opportunity from huge amounts of poorly implemented or nonexisting cyber security.
  • asked a question related to Digital Forensics
Question
3 answers
In the case of file digital evidence resulting from the acquisition and imaging of electronic device, is there any metadata standard used to be applied to digital evidence. Are there any similar research that discusses about metadata (standard / specification / schema / element)  for digital evidence ?
Relevant answer
Answer
ACPO guidline. ISO, NIST etc guidelines shows metadata forensic is important but it depends upon case requirements...
  • asked a question related to Digital Forensics
Question
4 answers
If we employ a forensic agent/multi-agent to gather digital forensic data "potential" across diverse platforms, we all know that, this data will be streaming from different platforms. So if this is true, How can we solve the problem of Time synchronization across the different platforms  if all agents in the machines are synchronized within the same time zone
*Take note: If we have to normalize based on attributes.
Relevant answer
Answer
Hello Victor,
In addition to NTP,you shall also make the systems to sync the date with google servers.This is also applicable if your application is distributed in different geographical locations.
  • asked a question related to Digital Forensics
Question
8 answers
If we are  only collecting logs, content may be gone by the time someone initiates an investigation. On the same note if we are collecting all content/data on the system and the logs, this becomes an impossible proposition, since you need more storage than all of the content on the system to contain content and logs. Whenever i see analysis being addressed (although MapReduce is now on the way as other, more effective analysis methods have been brought to bear). Whenever we experience  storage problems, is it an advantage if you have effective data computation mechanisms or still the suspect would have erased the traces. From an expert opinion: You might be removing what you are looking for WRT analysis.What is what in this context?
Relevant answer
Answer
You could look at application of Provenance for forensic/compliance (I think a lot of work left to be done in that area). The following papers are not necessarily directly relevant but may give you a good intuition.
  • asked a question related to Digital Forensics
Question
6 answers
I am working on Data hiding at Edges. In my contribution i am getting PSNR value greater than 100 for some images.
Relevant answer
Answer
That is what I expected: 8 bit gray scale makes max. 48 dB from the pixel values (20 * log (MaxI). (Less, if you have images not reaching the 0xFF white level.)
Anything beyond that comes from very small MSE-Values. MSE 0.01 would add 11.6 dB, but I guess you have much lower values in some images. Could be from a lack of edges at all, could be from "soft edges".
So, everything is according to the theory. When looking at an explanation, the term spitting the PSNR into terms for image content and MSE contribution should help assessing the "meaning" of PSNR values below/above 100 dBs.
Good luck and have fun
  • asked a question related to Digital Forensics
Question
6 answers
digital forensic investigations in the cloud
Relevant answer
Answer
Mr John Kingathia, Thanks for your input. What you mentioned is the problem that i was asking but you forgot something small. My focus in this is not the generic aspect of forensics. While the domain is literally enormous i am inclined towards Digital Forensics/Computer forensics. Well while i concur about what you suggest about the standards, it is worth noting that currently we do not have any acceptable digital forensic standards that can spearhead the process. I am currently working alongside a recently published  ISO  standard that my research group proposed and it was seconded worldwide but its focus is on the proactive side. Now the reason why professional bodies might be void in this context is because, the legal considerations again regarding "digital forensic evidence" will vary always, you cannot impose to a jurisdiction to accept what they feel is not supported by their law. Something else that i mentioned again was the aspect of the cloud, the servers that holds some objects might reside in a different jurisdiction while the crime might occur in a totally different jurisdiction. How would you provide the provenance? As Arturo Geigel quoted up there we should try and look into that important aspect per se "comprehensive global risk assessment guidelines for cloud services that include risks incurred when doing a forensic data acquisition. Once consensus is reached on the risks, then proper mitigation through legislation or forensic guidelines/ technology can be developed". How will the rule of evidence apply? What tools will be novel in this case? How will you prove evidential data is what it should be? What are the evidential requirements with respect to the cloud? How will you perform segregation? What will be different from what exist now? What is the current-state-of art? That is why i introduce the Cloud forensic architectures.
  • asked a question related to Digital Forensics
Question
2 answers
How do these impact current digital forensic techniques? Any suggestions on alternative forensic analysis technique?
Relevant answer
Answer
Thanks Sergio, ...... lookin into the book contents.....
  • asked a question related to Digital Forensics
Question
7 answers
I am interested in buying forensic softwares, please suggest along with vendors and prices. Thank you.
Relevant answer
Answer
We use AssecData FTK 5, Encase 7, and X-Ways. Additionally OS Forensics is also a good and cheap tool. For Smartphone forensics we use Oxygen Forensic Suite.
  • asked a question related to Digital Forensics
Question
2 answers
Recent technological advances in mobile phones and the development of smart phones has led to increased use and dependence on the mobile phone.
Relevant answer
Answer
Smart devices are complex devices for forensic investigations. Different Operating System, Various Hardware combinations, No standard tools which support whole smart device base. So Mobile Forensic is a big challenge to us. Technically said each phone separate investigation tool is needed. No standard procedure to follow for evidence analysis.
  • asked a question related to Digital Forensics
Question
1 answer
It is possible to use Shot boudaries por counter the problem of synchronization (Time shift) in video systems fingerpinting. and also what is the extent of this timing shift in the accuracy of results. thanks and best regards.
Relevant answer
Answer
Dear Aissa Boukhari, Read the article accessible at link given below. Check how much it is useful for you. With best wishes, Good Luck!
  • asked a question related to Digital Forensics
Question
3 answers
I need the vendor details and approximate cost of the software in INR.
Relevant answer
Answer
I am assuming that your question is directed at dead system forensic analysis and will answer based on this assumption.
I have used:
*FTK (do not know current price, but when I bought it was about the same as Encase) http://www.accessdata.com/products/digital-forensics/ftk
*X-ways forensics(~94313.11)http://www.x-ways.net/order.html
These are costly to maintain and if you can sit down for a while and read the code you can in principle testify on the validity of open source tools such as:
* dd, md5sum, sha512sum, Autopsy and the Sleuthkit which are already available to install on most Linux distributions. Another alternative is that you can download Backtrack or its more recent incarnation of Kali (which I have not personally used but is the rewrite of Backtrack) which already comes with the software to use on external media.
An additional benefit from Linux distribution in external media is that the applications will not run using your computer hard drive and that is a plus in case it is requested as evidence.
Note: Most of the investigations I have carried out I do first on open source tools and validate with commercial ones.
hope this helps
  • asked a question related to Digital Forensics
Question
14 answers
Given that a piece of malware generally has escalated privileges when it has infected a host, it should be plausible to change/fake the MAC address for traffic coming from the infected host. Has anyone come across any malware that does this?
Relevant answer
Answer
"MAC address filtering for wireless networking isn’t real “security"
"You can spoof a MAC address when using Nmap with nothing more than a –spoof-mac command line option for Nmap itself to hide the true source of Nmap probes. If you give it a MAC address argument of “0″, it will even generate a random MAC address for you."
  • asked a question related to Digital Forensics
Question
1 answer
Here is the steps that I am successful so far :
1.Apply 3Level of DWT to host image
2.Apply SVD to one of the subbands
3.convert the subband and SV's to semi-binary using my own algorithm which will convert a number such as 205.36 to a semi-binary form like :
1.36 0 1 1 0 0 1 1
4.insert my watermark inside the frist and second LSB of the semi-binary form
5.Apply the reverse SVD
6.Apply the IDWT
Until here my watermark is remain intact But when I am going to write the image like
% convert back to uint8
WImg8=uint8(WImg);
imwrite(WImg8,'dwt_watermarked.bmp','bmp');
After extracting the watermark , the watermark is something else, I was wondering if I am doing something wrong? DO I have to convert the whole thing to uint8? because otherwise the written image is one blank image if I don't convert it to unit8
Relevant answer
Answer
I Think you don't pay attention to the matter that the image representation in spatial (color) domain contains only integer numbers, so if your watermarking is sensitive to the fractional part it will be discarded.
At the most of the practical methods, parameters are set in way that the method became robust against this quantization error.