发布求助
文献互助 智能选刊 最新文献

2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)最新文献

筛选
英文 中文
UniTIME: Timestamp interpretation engine for developing unified timelines UniTIME:时间戳解释引擎,用于开发统一的时间线
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911546
S. Raghavan, H. Saran
{"title":"UniTIME: Timestamp interpretation engine for developing unified timelines","authors":"S. Raghavan, H. Saran","doi":"10.1109/SADFE.2013.6911546","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911546","url":null,"abstract":"A critical part of many computer forensic investigations requires developing a unified timeline of activity from the timestamps of the artifacts involved, often involving digital artifacts from across multiple heterogeneous sources of evidence. However, generating such a timeline comes with its own set of challenges, especially if the provenance of the timestamps is not accurately recorded and tracked during an investigation. When sufficient provenance information is not recorded, it can result in inconsistent or ambiguous timelines. In this paper, we propose the Provenance Information Model to address challenges related to timestamp interpretation across multiple time zones and present a provenance structure to accurately capture time zone information and validate time related assertions during analysis. We have developed a prototype implementation of the model, the UniTIME digital time-lining tool, which generates a unified timeline of events derived from across multiple sources. Our tool adjusts the timestamps obtained from multiple heterogeneous evidence sources using the provenance information to generate a unified timeline. We have validated our model and its prototype implementation using the dataset associated with the DFRWS 2008 challenge which included multiple heterogeneous sources of digital evidence with inherent timestamp interpretation challenges. Results have shown that the model is robust with respect to different time zones and varied timestamp representations. Additionally, the assertions recorded when using our PIM can be useful in identifying inconsistencies across artifacts during forensic analysis and digital time-lining.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115510816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Quantification of digital forensic hypotheses using probability theory 利用概率论量化数字法医假设
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911547
R. Overill, Jantje A. M. Silomon, K. Chow, Hayson Tse
{"title":"Quantification of digital forensic hypotheses using probability theory","authors":"R. Overill, Jantje A. M. Silomon, K. Chow, Hayson Tse","doi":"10.1109/SADFE.2013.6911547","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911547","url":null,"abstract":"The issue of downloading illegal material from a website onto a personal digital device is considered from the perspective of conventional (Pascalian) probability theory. We present quantitative results for a simple model system by which we analyse and counter the putative defence case that the forensically recovered illegal material was downloaded accidentally by the defendant. The model is applied to two actual prosecutions involving possession of child pornography.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122630957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Forensic artifacts of the ChatON Instant Messaging application ChatON即时消息应用程序的取证工件
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911538
Asif Iqbal, A. Marrington, I. Baggili
{"title":"Forensic artifacts of the ChatON Instant Messaging application","authors":"Asif Iqbal, A. Marrington, I. Baggili","doi":"10.1109/SADFE.2013.6911538","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911538","url":null,"abstract":"Instant Messaging (IM) is one of the most used types of applications across all digital devices, and is an especially popular feature on smartphones. This research is about the artifacts left by Samsung's ChatON IM application, which is a multi-platform IM application. In this work, we acquired forensic images of a Samsung Galaxy Note device running Android 4.1 and an iPhone running iOS 6. The acquired images were analyzed and the data relevant to the ChatON application were identified. This research resulted is a map of the digital evidence left by ChatON on these mobile devices which assists digital forensics practitioners and researchers in the process of locating and recovering digital evidence from ChatON.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123565530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Seizure of digital data and “selective suppression” of digital evidence 扣押数字数据和“选择性压制”数字证据
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911545
N. Kuntze, C. Rudolph, Hellen Schilling, Aaron Alva, Brooke R. Brisbois, B. Endicott-Popovsky
{"title":"Seizure of digital data and “selective suppression” of digital evidence","authors":"N. Kuntze, C. Rudolph, Hellen Schilling, Aaron Alva, Brooke R. Brisbois, B. Endicott-Popovsky","doi":"10.1109/SADFE.2013.6911545","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911545","url":null,"abstract":"The search and gathering of potential digital evidence often includes taking images of hard-drives and other storage media. Instead of actually taking the physical hard-drive, only the data contained on the drive is mirrored, stored and then used for investigations. This article discusses the legal context in Germany and in the U.S. and compares the actual legal situation with the current practice based on the available software products for forensic evaluations. In spite of large differences between both countries, the investigation shows that in both cases current technology needs to be improved or even is in contradiction with basic laws. The proposed solution can provide a suitable implementation without changing the actual process of evaluating the digital evidence. For investigations in Germany, the new process proposes a selective partial deletion of images, thus removing all inadmissible data. For the U.S. the process proposes a selective suppression of data so that it can be recovered if a case is appealed.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125961329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
AssocGEN: Engine for analyzing metadata based associations in digital evidence AssocGEN:用于分析数字证据中基于关联的元数据的引擎
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911541
S. Raghavan, S. Raghavan
{"title":"AssocGEN: Engine for analyzing metadata based associations in digital evidence","authors":"S. Raghavan, S. Raghavan","doi":"10.1109/SADFE.2013.6911541","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911541","url":null,"abstract":"Traditionally, sources of digital evidence are analyzed by individually examining the various artifacts contained therein and using the artifact metadata to validate authenticity and sequence them. However, when artifacts from forensic images, folders, log files, and network packet dumps have to be analyzed, the examination of the artifacts and the metadata in isolation presents a significant challenge. Ideally, when a source is examined, it is a valuable task to determine correlations between the artifacts and group the related artifacts. Such a grouping can simplify the task of analysis by minimizing the need for human intervention. By virtue of the value that metadata bring to an investigation and its ubiquitous nature, metadata based associations is the first step in realizing such correlations automatically during analysis. In this paper, we present the AssocGEN analysis engine which uses the metadata to determine associations between artifacts that belong to files, logs and network packet dumps, and identifies metadata associations to group the related artifacts. A metadata association can represent any type of value match1 or relationship that is deemed relevant in the context of an investigation. We have conducted preliminary evaluation of AssocGEN on the classical ownership problem to highlight the benefits of incorporating this approach in existing forensic tools.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134295549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
On the application of digital forensics in different scenarios 浅谈数字取证在不同场景中的应用
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911550
Jingsha He, Xuejiao Wan, Gongzheng Liu, Na Huang, Bin Zhao
{"title":"On the application of digital forensics in different scenarios","authors":"Jingsha He, Xuejiao Wan, Gongzheng Liu, Na Huang, Bin Zhao","doi":"10.1109/SADFE.2013.6911550","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911550","url":null,"abstract":"In this paper, we propose some specific methods in popular network scenarios and show that these generic methods can be combined together when it is necessary to adapt to different requirements of digital forensics in various scenarios. We also perform some analysis of digital forensics in different contexts and provide solutions to solve the problems that come along.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"17 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125757518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
FishEYE: A Forensic Tool for the visualization of change-over-time in Windows VSS 用于可视化Windows VSS中随时间变化的取证工具
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911544
Jin-Ning Tioh, Y. Guan
{"title":"FishEYE: A Forensic Tool for the visualization of change-over-time in Windows VSS","authors":"Jin-Ning Tioh, Y. Guan","doi":"10.1109/SADFE.2013.6911544","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911544","url":null,"abstract":"For the digital forensic examiner, being able to perceive change-over-time supports the goal of being able to explain “what happened.” In this paper, we focus on the improvements brought to digital forensic analysis by the visualization of forensic data and its application to digital forensic data that records change-over-time, specifically for a directory-tree structure and its content. By perceiving digital evidence visually, investigators are able to speed up the forensic analysis process, and at the same time better comprehend new unique relationships between data as well as more easily comprehend it in terms of its global context. In addition, we propose applying the fisheye focus+context visualization approach to the directory tree structure, with a series of segmented boxes for each to represent change-over-time for each directory/file.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127962549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
MapReduce-based frequent itemset mining for analysis of electronic evidence 基于mapreduce的频繁项集挖掘用于电子证据分析
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911549
Xueqing Jiang, Guozi Sun
{"title":"MapReduce-based frequent itemset mining for analysis of electronic evidence","authors":"Xueqing Jiang, Guozi Sun","doi":"10.1109/SADFE.2013.6911549","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911549","url":null,"abstract":"Association rules can mine the relevant evidence of computer crime from the massive data and association rules among data itemset, and further mine crime trends and connections among different crimes. They can help polices detect case and prevent crime with clues and criterions. Frequent itemset mining (FIM) plays a fundamental role in mining associations, correlations and many real-world data mining fields such as electronic evidence analysis area. FP-growth is the most famous FIM algorithm for discovering frequent patterns. As the data incrementing, the cost of time and space will be the bottleneck of FP-growth mining algorithms. One of the existing incremental frequent pattern mining algorithms called SPO-tree can perform incremental mining by a single scan for incremental mining. But how to apply this algorithm to the analysis of electronic evidence more effectively will become the focus of this paper. In the past research, little people take care of the item mined to the frequent item needing to update or inserted a little data. The past algorithms are not suit for this problem especially in forensic area. So, in this paper, we propose a novel parallelized algorithm called PISPO based on the cloud-computing framework MapReduce, which is widely used to cope with large-scale data and captures both the content and state to be distributed to the changed and original of the transactions dataset to SPO-tree.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124980803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
The next generation for the forensic extraction of electronic evidence from mobile telephones 从移动电话中提取电子证据的下一代法医
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911548
Hayson Tse, Kam-pui Chow, M. Kwan
{"title":"The next generation for the forensic extraction of electronic evidence from mobile telephones","authors":"Hayson Tse, Kam-pui Chow, M. Kwan","doi":"10.1109/SADFE.2013.6911548","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911548","url":null,"abstract":"Electronic evidence extracted from a mobile telephone provide a wealth of information about the user. Before a court allows the trier of fact to consider the electronic evidence, the court must ensure that the subject matter, testimony of which is to be given, is scientific. Therefore, regard must, at the investigation stage, be given to fulfill the requirements of science and law, including international standards. Such compliance also moves the extraction of electronic evidence from mobile telephones into the next generation, a more rigorous position as a forensic science, by being able to give in court well- reasoned and concrete claims about the accuracy and validity of conclusions.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128416656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Legal/forensic concerns in the analysis of digital device hardcopy output 数字设备硬拷贝输出分析中的法律/法医问题
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911543
M. Losavio, D. Keeling
{"title":"Legal/forensic concerns in the analysis of digital device hardcopy output","authors":"M. Losavio, D. Keeling","doi":"10.1109/SADFE.2013.6911543","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911543","url":null,"abstract":"The digital computer as the tool for crime has expanded the ability of miscreants to commit “informational” offenses that once required significant skill and expertise. The misuse of such devices may produce a variety of nefarious outputs in both electronic and hardcopy form. We examine forensic issues as to the hardcopy output of digital devices used in counterfeiting obligations and securities and the importance of a proffer of indicia of reliability of forensic analysis. This includes evidence of reliability of expert testimony. The forensic impact of this extends from criminal investigations into general forensic concerns and archival and historical work seeking to document the attribution, authenticity and provenance of our social and cultural heritage.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"42 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127049513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信