Forensic Science International-Digital Investigation最新文献_第4页

WristSense framework: Exploring the forensic potential of wrist-wear devices through case studies

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-01-16 DOI: 10.1016/j.fsidi.2025.301862

Norah Ahmed Almubairik , Fakhri Alam Khan , Rami Mustafa Mohammad , Mubarak Alshahrani

{"title":"WristSense framework: Exploring the forensic potential of wrist-wear devices through case studies","authors":"Norah Ahmed Almubairik , Fakhri Alam Khan , Rami Mustafa Mohammad , Mubarak Alshahrani","doi":"10.1016/j.fsidi.2025.301862","DOIUrl":"10.1016/j.fsidi.2025.301862","url":null,"abstract":"<div><div>Wrist devices have revolutionized our interaction with technology, monitoring various aspects of our activities and making them valuable in digital forensic investigations. Previous research has explored specific wrist device operating systems, often concentrating on devices from particular manufacturers. However, the broader market of wrist-worn devices, which includes a wide range of manufacturers, remains less explored. This oversight presents challenges in retrieving and analyzing data from wrist devices with different operating systems. Additionally, there has been limited exploration of utilizing health data from wrist devices in digital investigations. To address these gaps, this study presents a framework called “WristSense,” which systematically extracts health-related data from heterogeneous sources of wrist devices. The framework has been evaluated through case studies involving Huawei, Amazfit, Xiaomi, and Samsung wrist devices. The WristSense ensures compatibility with devices from different vendors and analyzes health data such as sleep patterns, heart rate, blood oxygen saturation, activities, and stress levels. The research uncovers potential circumstantial evidence applicable to law enforcement and introduces a wrist-wear device artifact catalog, which also serves as a taxonomy, enabling practitioners to codify and leverage their forensic collective knowledge. The findings demonstrate the effectiveness of the WristSense framework in extracting and analyzing data from various vendors, providing valuable insights for forensic investigations. However, challenges such as encryption mechanisms on certain devices present areas that require further investigation. This research provides a comprehensive overview of suspect or victim health data, empowering digital forensic investigators to reconstruct detailed timelines and gather crucial evidence in criminal investigations involving wrist devices.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301862"},"PeriodicalIF":2.0,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143141117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Tool induced biases? Misleading data presentation as a biasing source in digital forensic analysis

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-01-16 DOI: 10.1016/j.fsidi.2025.301881

Daniel Bing Andersen , Nina Sunde , Kyle Porter

{"title":"Tool induced biases? Misleading data presentation as a biasing source in digital forensic analysis","authors":"Daniel Bing Andersen , Nina Sunde , Kyle Porter","doi":"10.1016/j.fsidi.2025.301881","DOIUrl":"10.1016/j.fsidi.2025.301881","url":null,"abstract":"<div><div>Pattern of life analysis has gained ground in the digital forensics field due to the widespread use of smart devices and systems. At the core of pattern of life analysis are the activity-level traces. These traces require expertise to draw valid inferences regarding coherent narratives of criminal events. Such complex tasks also increase the risks of bias and error. The contextual biases have been examined in a digital forensic context, however, the flaws and misinterpretations related to the interplay between the practitioner and the presented data from various software have not been examined through research.</div><div>This study advances this knowledge by examining the flaws or misinterpretations that may occur during such interactions in digital forensic casework. Our experiment conducted a mock murder scenario where pattern of life analysis is necessary to answer investigative questions. Six digital forensics investigators used two different pattern of life analysis tools, Cellebrite and APOLLO, to analyze the data extracted from the victim's iPhone and answer nine core investigative questions. We then evaluated their answers and identified any mistakes, wherein we further explored any errors that were likely caused by data misinterpretation. Both the output from Cellebrite and APOLLO enabled investigative errors due to poor naming conventions, but Cellebrite's lack of context and details of traces contributed to the largest amount of the investigators' errors. Further, the study examines how biases/misinterpretations may possibly be mitigated by combinations of traditional quality measures in digital forensics, such as the dual tool approach and peer review.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301881"},"PeriodicalIF":2.0,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143097418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The ghost in the building: Non-invasive spoofing and covert attacks on automated buildings

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-01-15 DOI: 10.1016/j.fsidi.2025.301880

Johnny Bengtsson

{"title":"The ghost in the building: Non-invasive spoofing and covert attacks on automated buildings","authors":"Johnny Bengtsson","doi":"10.1016/j.fsidi.2025.301880","DOIUrl":"10.1016/j.fsidi.2025.301880","url":null,"abstract":"<div><div>Sensor and actuator event log analyses within the context of digital forensics are crucial for understanding events in automated buildings, such as in a building automation and control system (BACS) or a home automation system (HAS). Conclusions drawn from erroneous, misleading, or corrupted log data may adversely affect crime scene investigations and reconstructions. This work aims to raise awareness of the potential risk of misinterpretation due to corrupted or tampered data from BACS or HAS event log systems.</div><div>A series of non-invasive sensor and actuator attacks on such systems was designed and conducted to determine the feasibility of: 1) injecting spoofed pyroelectric infrared (PIR) and carbon dioxide (CO<sub>2</sub>) sensor event log records, 2) becoming invisible to PIR sensor and CO<sub>2</sub> sensors, and 3) mimicking the behaviour of an actuator with the aim of injecting spoofed event log records. The study also concludes that sensor fusion can reveal activities that were concealed from CO<sub>2</sub> sensors. Furthermore, this work discusses the adversarial perspectives in the cyber-physical (CPS) domain in relation to these findings.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301880"},"PeriodicalIF":2.0,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143141113","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Analyzing the Web and UWP versions of WhatsApp for digital forensics

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-01-08 DOI: 10.1016/j.fsidi.2024.301861

Giyoon Kim , Uk Hur , Soojin Kang , Jongsung Kim

{"title":"Analyzing the Web and UWP versions of WhatsApp for digital forensics","authors":"Giyoon Kim , Uk Hur , Soojin Kang , Jongsung Kim","doi":"10.1016/j.fsidi.2024.301861","DOIUrl":"10.1016/j.fsidi.2024.301861","url":null,"abstract":"<div><div>WhatsApp is a global secure instant messenger with approximately two billion users. Secure instant messengers use various cryptographic techniques to ensure secure communication. WhatsApp utilizes end-to-end encryption, so even the server owner cannot view internal data. Although this provides strong privacy protection, it can act as a barrier to data collection during digital forensics investigations. We analyze in detail the Web and Universal Windows Platform (UWP) versions of WhatsApp to overcome the collection obstacles that hinder digital forensic investigations. Our analysis showed that for the Web version of WhatsApp, most of the elements needed to decrypt messages are stored in the browser's storage, except for Salt, which is exchanged through communication with the server. We propose a method to obtain Salt by revealing the communication process and the data exchanged, based on which we successfully decrypt the message. For the UWP version of WhatsApp, the database where messages are stored is protected using the identifier value of the application. The identifier value, a unique value assigned to the UWP application, cannot be accessed outside the application. Following a detailed analysis of the UWP API, we developed a method for reproducing the identifier value without calling the API. We also propose a way to decrypt encrypted messages of the UWP version of WhatsApp. Our findings provide a practical solution for forensic investigators analyzing encrypted WhatsApp messages and also provide insights that can be extended to other secure instant messengers.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301861"},"PeriodicalIF":2.0,"publicationDate":"2025-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143141194","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Retraction notice to “Leveraging metadata in social media forensic investigations: Unravelling digital clues- A survey study” [Forensic Sci. Int.: Digit. Invest. 50 (2024) 301798]

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-12-27 DOI: 10.1016/j.fsidi.2024.301860

Akarshan Suryal

引用次数: 0

Conversational AI forensics: A case study on ChatGPT, Gemini, Copilot, and Claude

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-12-17 DOI: 10.1016/j.fsidi.2024.301855

Kyungsuk Cho, Yunji Park, Jiyun Kim, Byeongjun Kim, Doowon Jeong

{"title":"Conversational AI forensics: A case study on ChatGPT, Gemini, Copilot, and Claude","authors":"Kyungsuk Cho, Yunji Park, Jiyun Kim, Byeongjun Kim, Doowon Jeong","doi":"10.1016/j.fsidi.2024.301855","DOIUrl":"10.1016/j.fsidi.2024.301855","url":null,"abstract":"<div><div>Recent advances in conversational AI services have attracted interest from both specialized technical communities and the general public. Major IT companies such as OpenAI, Microsoft, and Google are actively developing and enhancing conversational AI technologies. The widespread public interest and usage of these services are rapidly increasing due to their interactive chat interfaces, which are easily accessible to anyone with basic digital literacy. However, with the growing utilization of these services, there is a risk that some users may exploit them for malicious purposes, such as technology leaks, phishing, and malware creation. This paper proposes a method for forensically investigating conversational AI services. It examines the characteristics of these services across various environments from the perspective of a digital forensic investigator and outlines a method for collecting forensic artifacts. Based on the analysis, we present a forensic investigation framework for conversational AI services, including case studies of representative services such as ChatGPT, Copilot, Gemini, and Claude.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301855"},"PeriodicalIF":2.0,"publicationDate":"2024-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143141115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Source Camera Identification - Do we have a gold standard?

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-12-17 DOI: 10.1016/j.fsidi.2024.301858

Samantha Klier, Harald Baier

引用次数: 0

Towards a joint semantic analysis in mobile forensics environments

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-12-12 DOI: 10.1016/j.fsidi.2024.301846

Jian Xi , Melanie Siegel , Dirk Labudde , Michael Spranger

{"title":"Towards a joint semantic analysis in mobile forensics environments","authors":"Jian Xi , Melanie Siegel , Dirk Labudde , Michael Spranger","doi":"10.1016/j.fsidi.2024.301846","DOIUrl":"10.1016/j.fsidi.2024.301846","url":null,"abstract":"<div><div>In recent years, mobile devices have become the dominant communication medium in our daily lives. This trend is also evident in the planning, arranging, and committing of criminal activities, particularly in organized crime. Accordingly, mobile devices have become an essential source of evidence for data analysts or investigators, especially in Law Enforcement Agencies (LEAs). However, communication via mobile devices generates vast amounts of data, rendering manual analysis impractical and resulting in growing backlogs of evidence awaiting analysis process, which can take months to years, thereby hindering investigations and trials. The automatic analysis of textual chat messages falls short because communication is not limited to the single modality, such as text, but instead spans multiple modalities, including voice messages, pictures, videos, and sometimes various messengers (channels). These modalities frequently overlap or interchange within the same communication, further complicating the analysis process. To achieve a correct and comprehensive understanding of such communication, it is essential to consider all modalities and channels through a consistent joint semantic analysis. This paper introduces a novel mobile forensics approach that enables efficient assessment of mobile data without losing semantic consistency by unifying <em>semantic concepts</em> across different modalities and channels. Additionally, a <em>knowledge-guided</em> topic modeling approach is proposed, integrating expertise into the investigation process to effectively examine large volumes of noisy mobile data. In this way, investigators can quickly identify evidentiary parts of the communication and completely facilitate reconstructing the course of events.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301846"},"PeriodicalIF":2.0,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143141114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An ontology for promoting controlled experimentation in digital forensics

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-12-06 DOI: 10.1016/j.fsidi.2024.301845

Thiago J. Silva , Ana H.B. Mazur , Edson OliveiraJr , Avelino F. Zorzo , Monalessa P. Barcellos

{"title":"An ontology for promoting controlled experimentation in digital forensics","authors":"Thiago J. Silva , Ana H.B. Mazur , Edson OliveiraJr , Avelino F. Zorzo , Monalessa P. Barcellos","doi":"10.1016/j.fsidi.2024.301845","DOIUrl":"10.1016/j.fsidi.2024.301845","url":null,"abstract":"<div><div>Experimentation is a crucial method in empirical inquiry and is widely applied in Computer Science. Controlled experimentation ensures reproducibility, transparency, and reliability of findings, making the process more formal. Digital forensics (DF) lacks formalization of controlled experimental processes, leading to inadequate and informal research, making findings less transparent, reproducible, and reliable. Furthermore, existing works in this area often lack detailed descriptions of the controlled experimental decision-making procedures. To address these issues, we developed an ontology to formalize the concepts and terms used in DF-controlled experiments. The ontology was constructed based on an existing conceptual model for DF-controlled experiments. The ontology's conceptual model is represented by UML class diagrams, and the OWL language was employed to code it. Moreover, the ontology underwent evaluation by researchers and experts in DF experimentation, with the results indicating the capability of the ontology to formalize DF experimental concepts. The contribution of this ontology is to assist DF researchers and practitioners in properly documenting their controlled experiments. This will enhance the formality of the experimental process and promote the findings' reproducibility, transparency, and reliability. For researchers, the ontology's main contribution lies in influencing how these experiments are conducted, potentially impacting their transfer to industry. Practitioners stand to benefit by adopting formal experimental procedures for testing, assessing, and acquiring DF-related technology.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301845"},"PeriodicalIF":2.0,"publicationDate":"2024-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143141116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DFPulse: The 2024 digital forensic practitioner survey DFPulse: 2024年数字法医从业者调查

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-12-01 DOI: 10.1016/j.fsidi.2024.301844

Christopher Hargreaves , Frank Breitinger , Liz Dowthwaite , Helena Webb , Mark Scanlon

引用次数: 0