Moses Ashawa,Ali Mansour,Jackie Riley,Jude Osamor,Nsikak Pius Owoh

DOI: https://doi.org/10.37256/ccds.5120233845

2023-12-25

Cloud Computing and Data Science

Abstract:The significance of the cloud environment is growing in the current digital world. It provides several advantages, such as reduced expenses, the ability to adjust to different needs, adaptability and enhanced cooperation. The field of digital forensic investigations has encountered substantial difficulties in reconciling the requirement for efficient data analysis with the increasing apprehensions regarding privacy in recent times. As investigators analyse digital evidence to unearth crucial information, they must also traverse an intricate network of privacy rules and regulations. Given the increasing prevalence of remote work and the necessity for businesses to be adaptable and quick to react to shifting market circumstances, the cloud infrastructure has become a crucial asset for organisations of various scales. Although the cloud offers benefits such as scalability, flexibility and enhanced collaboration, it presents difficulties in digital forensic investigations regarding data protection, ownership and jurisdictional boundaries. These concerns are becoming increasingly significant as more data is kept in the cloud. In this paper, we present three major challenges that are faced during cloud-based forensics investigation. We analyse the extent to which different data formats increase complexity in forensics investigations in cyberspace. This paper analyses three core challenges facing digital forensics in the cloud environment: legitimacy, complexity and an increase in data volume, looking at the implications these have on data liable for legal issues in court. These challenges contribute to the backlog in digital forensics investigations due to a lack of modularisation of the procedures. To address these concerns, modularisation model is proposed to offer a way to integrate traditional processing functions while ensuring strict adherence to privacy protocols. To overcome these challenges, we propose modularisation as a strategy for improving the future of digital forensic research's operational efficiency, overcoming the identified challenges faced during cloud-based investigations and demonstrating how organisations can mitigate potential risks associated with storing sensitive information in the cloud.

Iman S. Alansari

DOI: https://doi.org/10.48084/etasr.6316

2023-10-13

Abstract:Investigation in the field of network forensics involves examining network traffic to identify, capture, preserve, reconstruct, analyze, and document network crimes. Although there are different perspectives on the practical and technical aspects of network forensics, there is still a lack of fundamental guidelines. This paper proposes a new detection and investigation model for capturing and analyzing network crimes, using design science research. The proposed model involves six processes: identification, verification, gathering, preservation, examination, analysis, and documentation. Each process is associated with several activities that provide the investigation team with a clear picture of exactly what needs to be performed. In addition, the proposed model has a unique activity, namely reporting. As a result, this model represents a comprehensive approach to network forensics investigations. It is designed to work in conjunction with established forensic techniques to ensure that forensic evidence from the network is collected and analyzed efficiently and effectively following accepted forensic procedures. The proposed model was compared with existing models in terms of completeness, showing that it is complete and can be adapted to any type of network and legal framework.

Fran Casino,Claudia Pina,Pablo López-Aguilar,Edgar Batista,Agusti Solanas,Constantinos Patsakis

DOI: https://doi.org/10.48550/arXiv.2205.12911

2022-05-26

Abstract:Digital evidence underpin the majority of crimes as their analysis is an integral part of almost every criminal investigation. Even if we temporarily disregard the numerous challenges in the collection and analysis of digital evidence, the exchange of the evidence among the different stakeholders has many thorny issues. Of specific interest are cross-border criminal investigations as the complexity is significantly high due to the heterogeneity of legal frameworks which beyond time bottlenecks can also become prohibiting. The aim of this article is to analyse the current state of practice of cross-border investigations considering the efficacy of current collaboration protocols along with the challenges and drawbacks to be overcome. Further to performing a legally-oriented research treatise, we recall all the challenges raised in the literature and discuss them from a more practical yet global perspective. Thus, this article paves the way to enabling practitioners and stakeholders to leverage horizontal strategies to fill in the identified gaps timely and accurately.

Cryptography and Security,Artificial Intelligence

Gilbert Gilibrays Ocen,Ocident Bongomin,Gilbert Barasa Mugeni,Mutua Stephen Makau,Twaibu Semwogerere

DOI: https://doi.org/10.48550/arXiv.2203.13258

2022-03-24

Abstract:The increasing need for the examination of evidence from mobile and portable gadgets increases the essential need to establish dependable measures for the investigation of these gadgets. Many differences exist while detailing the requirement for the examination of each gadget, to help detectives and examiners in guaranteeing that of any kind piece of evidence extracted/ collected from any mobile devices is well documented and the outcomes can be repeatable, a reliable and well-documented investigation process must be implemented if the results of the examination are to be repeatable and defensible in courts of law. In this paper we developed a generic process flow model for the extraction of digital evidence in mobile devices running on android, Windows, iOs and Blackberry operating system. The research adopted survey approach and extensive literature review a s means to collect data. The models developed were validate through expert opinion. Results of this work can guide solution developers in ensuring standardization of evidence extraction tools for mobile devices.

Cryptography and Security

Lena Klasén,Niclas Fock,Robert Forchheimer

DOI: https://doi.org/10.1016/j.forsciint.2024.112133

Abstract:Digital transformation rapidly changes how we live our lives in the post pandemic world. Unfortunately, digital technology is not limited to law abiding organisations and citizens. Criminal organisations and individuals are quick to identify new opportunities with new technologies, and digital transformation is dramatically changing the character of crimes, terror, and other threats. The fast emergence of new crimes is facilitated by possibilities brought by disruptive technologies such as AI, Internet of Things, drones, and cryptocurrencies that can be disastrous tools in the hands of criminals. Consequently, our society needs far better capacity to prevent and investigate criminal acts to protect organisations and citizens. This brings an urgent need to proactively reform digital forensics to significantly increase our capability to meet the strain on society brought by crimes evolving in the digital transformation era. The future of forensic science is already here, characterized by a mix of opportunities and challenges. It is essential to make it harder to effectively use digital technologies for criminal activities, while leveraging the possibilities of digital technologies by those affected, law enforcement agencies, business and organisations. As digital technologies continue to evolve, we need to stay up to date with the latest developments to effectively investigate and prosecute crimes in the digital age. There is an increased reliance on digital evidence, and the amount of heterogeneous digital evidence in criminal cases keep increasing. The forensic science techniques thus become more sophisticated and play an increasingly important role. However, the scientific area is extremely broad, and beyond the capability of most forensic science labs to keep up with the technology forefront development speed. Besides an urgent need to bring up the subject to the political arena, examples of how we can meet the challenges are discussed such as by extending our cooperation, encourage and facilitate cooperation for training and education to handle the extremely broad and rapid development, working out methods for explaining and visualising evidence for the treatment and legal values of digital evidence in prosecution, and cooperation between product developers and crime investigators for swift innovation of digital forensics tools and methodologies for quickly emerging threats. This paper will highlight specific examples where modern digital techniques are used to solve crimes in the physical world as well as crimes committed in the digital domain and discuss how "good AI" can be used to fight "evil AI" and finally touch on the sensitive balance between the increased power of the new digital forensic tools and private integrity.

Yee Ching Tok,Davis Zheng Yang,Sudipta Chattopadhyay

2024-08-04

Abstract:Cybercrime and the market for cyber-related compromises are becoming attractive revenue sources for state-sponsored actors, cybercriminals and technical individuals affected by financial hardships. Due to burgeoning cybercrime on new technological frontiers, efforts have been made to assist digital forensic investigators (DFI) and law enforcement agencies (LEA) in their investigative efforts. Forensic tool innovations and ontology developments, such as the Unified Cyber Ontology (UCO) and Cyber-investigation Analysis Standard Expression (CASE), have been proposed to assist DFI and LEA. Although these tools and ontologies are useful, they lack extensive information sharing and tool interoperability features, and the ontologies lack the latest Smart City Infrastructure (SCI) context that was proposed. To mitigate the weaknesses in both solutions and to ensure a safer cyber-physical environment for all, we propose the Smart City Ontological Paradigm Expression (SCOPE), an expansion profile of the UCO and CASE ontology that implements SCI threat models, SCI digital forensic evidence, attack techniques, patterns and classifications from MITRE. We showcase how SCOPE could present complex data such as SCI-specific threats, cybercrime, investigation data and incident handling workflows via an incident scenario modelled after publicly reported real-world incidents attributed to Advanced Persistent Threat (APT) groups. We also make SCOPE available to the community so that threats, digital evidence and cybercrime in emerging trends such as SCI can be identified, represented, and shared collaboratively.

Cryptography and Security

Xiaoyu Du,Nhien-An Le-Khac,Mark Scanlon

DOI: https://doi.org/10.48550/arXiv.1708.01730

2017-08-05

Abstract:Digital forensic science is very much still in its infancy, but is becoming increasingly invaluable to investigators. A popular area for research is seeking a standard methodology to make the digital forensic process accurate, robust, and efficient. The first digital forensic process model proposed contains four steps: Acquisition, Identification, Evaluation and Admission. Since then, numerous process models have been proposed to explain the steps of identifying, acquiring, analysing, storage, and reporting on the evidence obtained from various digital devices. In recent years, an increasing number of more sophisticated process models have been proposed. These models attempt to speed up the entire investigative process or solve various of problems commonly encountered in the forensic investigation. In the last decade, cloud computing has emerged as a disruptive technological concept, and most leading enterprises such as IBM, Amazon, Google, and Microsoft have set up their own cloud-based services. In the field of digital forensic investigation, moving to a cloud-based evidence processing model would be extremely beneficial and preliminary attempts have been made in its implementation. Moving towards a Digital Forensics as a Service model would not only expedite the investigative process, but can also result in significant cost savings - freeing up digital forensic experts and law enforcement personnel to progress their caseload. This paper aims to evaluate the applicability of existing digital forensic process models and analyse how each of these might apply to a cloud-based evidence processing paradigm.

Cryptography and Security

Mario Raciti

DOI: https://doi.org/10.5220/0012449700003648

2023-12-23

Abstract:The widespread integration of Internet of Things (IoT) devices in households generates extensive digital footprints, notably within Smart Home ecosystems. These IoT devices, brimming with data about residents, inadvertently offer insights into human activities, potentially embodying even criminal acts, such as a murder. As technology advances, so does the concern for criminals seeking to exploit various techniques to conceal evidence and evade investigations. This paper delineates the application of Anti-Digital Forensics (ADF) in Smart Home scenarios and recognises its potential to disrupt (digital) investigations. It does so by elucidating the current challenges and gaps and by arguing, in response, the conceptualisation of an ADF Kill Chain tailored to Smart Home ecosystems. While seemingly arming criminals, the Kill Chain will allow a better understanding of the distinctive peculiarities of Anti-Digital Forensics in Smart Home scenario. This understanding is essential for fortifying the Digital Forensics process and, in turn, developing robust countermeasures against malicious activities.

Cryptography and Security

Mariam Nouh,Jason R. C. Nurse,Helena Webb,Michael Goldsmith,Jason R.C. Nurse

DOI: https://doi.org/10.48550/arXiv.1902.06961

IF: 6.4588

2019-02-19

Human-Computer Interaction

Abstract:Cybercrime investigators face numerous challenges when policing online crimes. Firstly, the methods and processes they use when dealing with traditional crimes do not necessarily apply in the cyber-world. Additionally, cyber criminals are usually technologically-aware and constantly adapting and developing new tools that allow them to stay ahead of law enforcement investigations. In order to provide adequate support for cybercrime investigators, there needs to be a better understanding of the challenges they face at both technical and socio-technical levels. In this paper, we investigate this problem through an analysis of current practices and workflows of investigators. We use interviews with experts from government and private sectors who investigate cybercrimes as our main data gathering process. From an analysis of the collected data, we identify several outstanding challenges faced by investigators. These pertain to practical, technical, and social issues such as systems availability, usability, and in computer-supported collaborative work. Importantly, we use our findings to highlight research areas where user-centric workflows and tools are desirable. We also define a set of recommendations that can aid in providing a better foundation for future research in the field and allow more effective combating of cybercrimes.

Vladimir A. Meshcheryakov,Olesya Yu. Tsurluj,,

DOI: https://doi.org/10.37399/issn2072-909x.2022.si.162-171

2022-10-05

Rossijskoe pravosudie

Abstract:The development of technology entails changes in all areas of activity, including the investigation and disclosure of crimes. The use of digital technologies for the commission of crimes necessitates the use of similar technologies for their investigation. Virtual space as a crime scene forms a specific mechanism of trace formation by supplementing it with the laws of cybernetic space, namely electronic-digital mapping, virtual traces, new properties of emerging traces and features of the formation of a trace pattern. The specifics of the mechanism of formation of virtual traces necessitates the use of special methods of detection, seizure, research and use of this type of traces in order to investigate and solve crimes in the field of high technology. The authors analyzed the main stages of the formation of evidentiary information in the virtual space, which justifies the expediency of forming recommendations on the use of the capabilities of new information technologies and telecommunication systems in the investigation of crimes. The article discusses the mechanism of electronic digital display of the trace when committing a crime in cyberspace. The definition of a virtual footprint will make it possible to formulate technical recommendations for the detection, removal, preservation, research and use of this type of footprint for the purpose of investigating and solving crimes. At the same time, the concept of a virtual trace is inextricably linked with the traditional definition of criminal procedural categories of information, trace and evidence. In the interrelation of approaches developed by the science of criminology to understanding the mechanism of trace formation, taking into account the specifics of modern ways of committing crimes using digital technologies, it is possible to develop effective recommendations for the investigation and disclosure of crimes. In order to achieve the set goals, the authors analyzed the currently available opinions on the issues studied in this article.

Yoan Chabot,Aurélie Bertaux,Christophe Nicollea,Tahar Kechadi

DOI: https://doi.org/10.1016/j.diin.2014.05.009

2019-02-21

Abstract:Having a clear view of events that occurred over time is a difficult objective to achieve in digital investigations (DI). Event reconstruction, which allows investigators to understand the timeline of a crime, is one of the most important step of a DI process. This complex task requires exploration of a large amount of events due to the pervasiveness of new technologies nowadays. Any evidence produced at the end of the investigative process must also meet the requirements of the courts, such as reproducibility, verifiability, validation, etc. For this purpose, we propose a new methodology, supported by theoretical concepts, that can assist investigators through the whole process including the construction and the interpretation of the events describing the case. The proposed approach is based on a model which integrates knowledge of experts from the fields of digital forensics and software development to allow a semantically rich representation of events related to the incident. The main purpose of this model is to allow the analysis of these events in an automatic and efficient way. This paper describes the approach and then focuses on the main conceptual and formal aspects: a formal incident modelization and operators for timeline reconstruction and analysis.

Computers and Society,Cryptography and Security,Machine Learning

Lamprini Zarpala,Fran Casino

DOI: https://doi.org/10.1007/s42521-021-00035-5

2021-07-15

Digital Finance

Abstract:The financial crime landscape is evolving along with the digitisation of financial services. Laws, regulations and forensic methodologies cannot efficiently cope with the growth pace of novel technologies, which translates into late adoption of measures and legal voids, providing a fruitful landscape for malicious actors. In this regard, the features offered by blockchain technology, such as immutability, verifiability, and authentication, enhance the robustness of financial forensics. This paper provides a taxonomy of the prevalent financial investigation techniques and a thorough state-of-the-art of blockchain-based digital forensic approaches. Moreover, we design and implement a forensic investigation framework based on standardised procedures and document the corresponding methodology for embezzlement scheme investigations. The feasibility and adaptability of our approach can be extended and embrace all types of fraud investigations and regular internal audits. We provide a functional Ethereum-based implementation, and we integrate standardised forensic flows and chain of custody preservation mechanisms. Finally, we discuss the challenges of the symbiotic relationship between blockchain and financial investigations, along with the managerial implication and future research directions.

George Grispos,William Bradley Glisson,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.48550/arXiv.1708.05374

2017-08-17

Cryptography and Security

Abstract:The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.

Quentin Rossy,Olivier Ribaux

DOI: https://doi.org/10.1007/s10610-020-09438-3

2020-02-29

European Journal on Criminal Policy and Research

Abstract:A significant, and likely dominant, proportion of fraud is now conducted online. Police struggle to integrate this emerging reality into their processes, while expectations of this institution are high. These types of cybercrimes alter the volume and complexity of problems compared to how they previously manifested and require profound transformations of crime analysis methods to address them proactively. These developments face many difficulties, such as the quality of accessible data, the lack of existing analytical models and the need to increase police knowledge of fraud mechanisms within every level of organisations. We suggest methods to overcome these obstacles, which consist of implementing an approach integrating theories from various fields in criminology and forensic intelligence to examine the digital transformations of certain criminal processes. We take, as an example, how a generic script expressing the anatomy of an existing type of fraud can be used to interpret their new digital forms. This modelling activity both provides new insight into specific frauds and highlights relevant dimensions that are useful in orienting the development of crime analysis systems.

criminology & penology

Deepti Rani,Nasib Singh Gill,Preeti Gulia

DOI: https://doi.org/10.1016/j.jii.2024.100568

IF: 11.718

2024-02-03

Journal of Industrial Information Integration

Abstract:The extensive growth of Industrial Internet of Things (IIoT) has prompted cyber attackers to commence a variety of attacks which need to be identified to maintain the security of industrial data and services. Digital forensics is an extravagant need to detect cyber attacks and to identify cybercriminals. While conducting criminal investigation using digital forensics, there is high probability of leakage of collected digital evidence. Hence, the need for a secure and lightweight cryptosystem arises to protect it from cyber-attacks. In the present paper, authors aim to design a novel forensic framework for digital evidence administration using advanced encryption and preservation mechanisms. Authors focus to encrypt and preserve only digital image evidence but can be deployed on other types of multimedia data like video frames. Three types of Chaos-map algorithms namely 4D hyperchaotic map, 2D Arnold Cat map (ACM) and Henon Map have been utilized to encrypty and decrypt digital image evidence which enable high sensitivity and dependency on initial conditions, quasi-randomness, and ergodicity to digital content. The proposed approaches have been analyzed on different groups of images of different size and validated using various security parameters such as unified average changing intensity (UACI), correlation coefficient, and the number of pixels changing rate (NPCR). Image transformation and compression has been performed after encryption process using Fast Fourier Transformation (FFT). The proposed work has been analyzed using histogram and auto-correlation. Experimentations have provided the values of the correlation coefficient of plain images near 1 and the value of adjacent cipher images near zero which show a strong correlation. The evaluated results for UACI are more than 33 % for every considered images. The value for NPCR should be near 100 % and here the calculated results for each image are above 99 %. The complexity of the proposed encryption algorithm is O(n) due to key generation using a cryptographically secure pseudo-random number generator (CSPRNG). The compressed and transformed image evidence have been stored into decentralized blockchain to ensure the integrity and confidentiality. Decentralized blockchain has been used as a reliable and promising solution to preserve digital evidence due to its distinct features like secure peer to peer communication, improved trust and transparency among participants, integrity, confidentiality, immutability, without risk of single point-of-failure. The proposed digital forensic model is able to prevent various threats and security challenges which can contaminate or tamper off digital pieces of evidence and assures improved digital evidence administration and defensibility. In the proposed scheme, the encryption process takes only 2–3 s to perform the encryption of each size of image.

computer science, interdisciplinary applications,engineering, industrial

Ahmed MohanRaj Alenezi

DOI: https://doi.org/10.48550/arXiv.2305.03059

2023-05-03

Cryptography and Security

Abstract:Digital forensics and cloud forensics are increasingly important fields that face a range of challenges. This study aims to assess the general challenges faced in these fields. A literature review was conducted to identify the major challenges in digital and cloud forensics, including data acquisition, data analysis, data preservation, privacy concerns, and legal issues. The challenges were analyzed in detail, considering the reasons why they are challenges, the impact they have on digital and cloud forensics, and any potential solutions. The study concludes that the challenges faced in digital and cloud forensics are significant and varied, and that addressing these challenges is critical for the effective and efficient use of digital and cloud forensics in investigations. This study provides a valuable overview of the current state of digital and cloud forensic challenges and can help guide future research in this important field.

Ben Hitchcock,Nhien-An Le-Khac,Mark Scanlon

DOI: https://doi.org/10.48550/arXiv.1604.03844

2016-04-13

Cryptography and Security

Abstract:Due to budgetary constraints and the high level of training required, digital forensic analysts are in short supply in police forces the world over. This inevitably leads to a prolonged time taken between an investigator sending the digital evidence for analysis and receiving the analytical report back. In an attempt to expedite this procedure, various process models have been created to place the forensic analyst in the field conducting a triage of the digital evidence. By conducting triage in the field, an investigator is able to act upon pertinent information quicker, while waiting on the full report. The work presented as part of this paper focuses on the training of front-line personnel in the field triage process, without the need of a forensic analyst attending the scene. The premise has been successfully implemented within regular/non-digital forensics, i.e., crime scene investigation. In that field, front-line members have been trained in specific tasks to supplement the trained specialists. The concept of front-line members conducting triage of digital evidence in the field is achieved through the development of a new process model providing guidance to these members. To prove the model's viability, an implementation of this new process model is presented and evaluated. The results outlined demonstrate how a tiered response involving digital evidence specialists and non-specialists can better deal with the increasing number of investigations involving digital evidence.

David Lillis,Brett Becker,Tadhg O'Sullivan,Mark Scanlon

DOI: https://doi.org/10.48550/arXiv.1604.03850

2016-04-13

Cryptography and Security

Abstract:Given the ever-increasing prevalence of technology in modern life, there is a corresponding increase in the likelihood of digital devices being pertinent to a criminal investigation or civil litigation. As a direct consequence, the number of investigations requiring digital forensic expertise is resulting in huge digital evidence backlogs being encountered by law enforcement agencies throughout the world. It can be anticipated that the number of cases requiring digital forensic analysis will greatly increase in the future. It is also likely that each case will require the analysis of an increasing number of devices including computers, smartphones, tablets, cloud-based services, Internet of Things devices, wearables, etc. The variety of new digital evidence sources pose new and challenging problems for the digital investigator from an identification, acquisition, storage and analysis perspective. This paper explores the current challenges contributing to the backlog in digital forensics from a technical standpoint and outlines a number of future research topics that could greatly contribute to a more efficient digital forensic process.

Xuefei Xu,Haifeng Zhong

DOI: https://doi.org/10.1109/ICEIB57887.2023.10170247

2023-04-14

Abstract:With the rapid development of the Internet, the number of crimes committed through the Internet is also increasing. In online gambling cases, pyramid schemes, and other cases, the leaders or associates behind them often get away with the law although the police can catch front-line suspects. The traditional approach of the police to find hidden suspects is collecting evidence through electronic devices such as the mobile phones of the suspect captured. By using MS Excel to perform data intersection processing, potential suspects can be identified. However, this method is inefficient and prone to errors when analyzing a large number of data tables. Thus, using C/S page queries and combining them with communication data obtained from electronic forensics and travel information, we analyzed most cases with the intersection of data tables, which can be deployed and used everywhere.

Computer Science,Law

Maria Bada,Jason R. C. Nurse

DOI: https://doi.org/10.48550/arXiv.2308.15948

2023-08-30

Cryptography and Security

Abstract:While modern society benefits from a range of technological advancements, it also is exposed to an ever-increasing set of cybersecurity threats. These affect all areas of life including business, government, and individuals. To complement technology solutions to this problem, it is crucial to understand more about cybercriminal perpetrators themselves, their use of technology, psychological aspects, and profiles. This is a topic that has received little socio-technical research emphasis in the technology community, has few concrete research findings, and is thus a prime area for development. The aim of this article is to explore cybercriminal activities and behavior from a psychology and human aspects perspective, through a series of notable case studies. We examine motivations, psychological and other interdisciplinary concepts as they may impact/influence cybercriminal activities. We expect this paper to be of value and particularly insightful for those studying technology, psychology, and criminology, with a focus on cybersecurity and cybercrime.