Forensic Science International-Digital Investigation最新文献_第5页

Editorial – Introducing the last Volume of 2025 社论-介绍2025年最后一卷

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-12-02 DOI: 10.1016/j.fsidi.2025.302033

Kim-Kwang Raymond Choo Senior Editor

引用次数: 0

Evaluating digital forensic findings in Trojan horse defense cases using Bayesian networks 利用贝叶斯网络评估特洛伊木马辩护案件中的数字取证结果

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-11-05 DOI: 10.1016/j.fsidi.2025.302023

Marouschka Vink , Ruud Schramp , Bas Kokshoorn , Marjan J. Sjerps

{"title":"Evaluating digital forensic findings in Trojan horse defense cases using Bayesian networks","authors":"Marouschka Vink , Ruud Schramp , Bas Kokshoorn , Marjan J. Sjerps","doi":"10.1016/j.fsidi.2025.302023","DOIUrl":"10.1016/j.fsidi.2025.302023","url":null,"abstract":"<div><div>Digital forensic scientists primarily rely on individual internal reasoning and categorical conclusions when evaluating evidence in casework. This can make it difficult to maintain structured reasoning that is logically sound, balanced, robust, and transparent. Trojan horse defense cases exemplify these challenges in evaluating digital forensic findings. The key challenge in such cases is combining multiple observations into a logically sound probabilistic evaluation while maintaining an understandable forensic report for court and other recipients. To address these challenges, we propose using the likelihood ratio framework to evaluate digital findings in Trojan horse defense cases, with Bayesian networks serving to visualize the evaluation and derive a likelihood ratio. We will illustrate this approach by demonstrating the construction of a Bayesian network through a case example. We show that these networks are very suitable to model the evaluation of digital evidence in Trojan horse defense cases and that they can be easily adapted for various case circumstances. Based on our findings, we strongly recommend broader exploration of Bayesian networks in digital forensic casework.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302023"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145473733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

AI-driven dataset creation in mobile forensics using LLM-based storyboards 使用基于法学硕士的故事板在移动取证中创建ai驱动的数据集

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-10-03 DOI: 10.1016/j.fsidi.2025.302002

Dirk Pawlaszczyk , Philipp Engler , Ronny Bodach , Christian Hummert , Margaux Michel , Ralf Zimmermann

引用次数: 0

An effective automotive forensic technique utilizing various logs of Android-based In-vehicle infotainment systems 一种有效的汽车取证技术，利用基于android的车载信息娱乐系统的各种日志

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-09-01 DOI: 10.1016/j.fsidi.2025.301990

Sunjae Kim , Jeehun Jung , Haein Kang , Yejin Yoon , Seong-je Cho , Minkyu Park , Sangchul Han

{"title":"An effective automotive forensic technique utilizing various logs of Android-based In-vehicle infotainment systems","authors":"Sunjae Kim , Jeehun Jung , Haein Kang , Yejin Yoon , Seong-je Cho , Minkyu Park , Sangchul Han","doi":"10.1016/j.fsidi.2025.301990","DOIUrl":"10.1016/j.fsidi.2025.301990","url":null,"abstract":"<div><div>Android-based In-vehicle infotainment (IVI) systems generate log message containing valuable forensic artifacts from interactions with internal or external devices. These log messages can help in vehicle accidents or criminal investigations; however, there is limited knowledge of the stored information and the methods of accessing them. In addition, digital forensic analysis of the Android-based IVI systems is not supported by the popular forensic tool, Berla's iVe. To address this, we first acquire multiple types of logs from three Jellybean-based systems (2017-2019) and two KitKat-based IVI systems (2022-2023) using a practical and non-invasive method, and then perform a comprehensive and comparative analysis of the logging mechanisms in the IVI systems. We then examine volatile and nonvolatile log data acquired from the IVI systems from the perspective of vehicle forensics. Jellybean-based systems maintain seven ring buffers for volatile logs, while KitKat-based systems use five. Volatile logs are erased when the system is powered off. Both versions of the Android systems store nonvolatile log files of seven different types, with data retained for up to a year. We conducted a thorough analysis of the acquired logs, uncovering artifacts related to navigation use, radio listening, engine start/stop, door access, seat belt use, and Bluetooth connections, including phone calls and SMS messages. In addition, we compare the artifacts identified within those IVI systems. Finally, our analysis creates a timeline to track driver behavior, and provides critical insights into driver actions and vehicle events.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 301990"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144922521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

AKF: A modern synthesis framework for building datasets in digital forensics AKF：用于在数字取证中构建数据集的现代综合框架

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-10-03 DOI: 10.1016/j.fsidi.2025.302004

Lloyd Gonzales , Nancy LaTourrette, Bill Doherty

{"title":"AKF: A modern synthesis framework for building datasets in digital forensics","authors":"Lloyd Gonzales , Nancy LaTourrette, Bill Doherty","doi":"10.1016/j.fsidi.2025.302004","DOIUrl":"10.1016/j.fsidi.2025.302004","url":null,"abstract":"<div><div>The forensic community depends on datasets containing disk images, network captures, and other forensic artifacts for education and research. These datasets must be reflective of the artifacts that real-world analysts encounter, which can evolve rapidly as new software is released. Additionally, these datasets must be free of sensitive data that would limit their distribution. To address the issues of relevance and sensitivity, many researchers and educators develop datasets by hand. While this approach is viable, it is time-consuming and rarely produces datasets that are fully reflective of real-world conditions. As a result, there is ongoing research into forensic synthesizers, which simplify the process of creating complex datasets that are free of legal and logistical concerns.</div><div>This work introduces the automated kinetic framework (AKF), a modular synthesizer for creating and interacting with virtualized environments to simulate human activity. AKF makes significant improvements to the approaches and implementations of prior synthesizers used to generate forensic artifacts. AKF also improves the process of documenting these datasets by leveraging the CASE standard to provide human- and machine-readable reporting. Finally, AKF offers several options for using these features to build and document datasets, including a custom scripting language. These contributions aim to streamline the development of forensic datasets and ensure the long-term usefulness of AKF-generated datasets and the framework as a whole.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302004"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145220647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A comprehensive artifact analysis of Google applications on Android and iOS platforms Android和iOS平台上b谷歌应用程序的综合工件分析

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-11-11 DOI: 10.1016/j.fsidi.2025.302029

Jisu Park , Jincheol Park , Hyunjun Kim , Soojin Kang , Jongsung Kim

{"title":"A comprehensive artifact analysis of Google applications on Android and iOS platforms","authors":"Jisu Park , Jincheol Park , Hyunjun Kim , Soojin Kang , Jongsung Kim","doi":"10.1016/j.fsidi.2025.302029","DOIUrl":"10.1016/j.fsidi.2025.302029","url":null,"abstract":"<div><div>Google provides a diverse suite of applications (e.g., Gmail, Google Drive, Google Maps, and Google Docs Editor), which are interconnected to enhance user convenience. This study comparatively analyzes the artifacts generated by 25 Google applications on Android and iOS platforms. We start by describing an artifact acquisition method and the utility of artifacts in digital forensic investigations. Based on these investigations, we identify the differences between the two platforms in terms of their data storage patterns and demonstrate that the integrated analysis of both platforms provides a more comprehensive set of artifacts than single-platform analysis. Subsequently, we analyze the synchronization among Google applications. We demonstrate how various applications share and synchronize data, and present methods for utilizing the interactions among the corresponding artifacts. The results of this analysis, we develop a tool for effectively tracing and analyzing the collected artifacts. By comparing the artifact acquisition rates of Android and iOS, we highlight the distinct data provided by each platform. Compared with existing methods, our integrated approach is expected to provide richer and more accurate digital evidence.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302029"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145527963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Practitioner-driven framework for AI adoption in digital forensics 在数字取证中采用人工智能的从业者驱动框架

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-12-01 Epub Date: 2025-11-12 DOI: 10.1016/j.fsidi.2025.302030

Maryna Veksler , Kemal Akkaya , Selcuk Uluagac

{"title":"Practitioner-driven framework for AI adoption in digital forensics","authors":"Maryna Veksler , Kemal Akkaya , Selcuk Uluagac","doi":"10.1016/j.fsidi.2025.302030","DOIUrl":"10.1016/j.fsidi.2025.302030","url":null,"abstract":"<div><div>The impact of AI has not bypassed the field of digital forensics. However, despite the emergence of AI-based digital forensic methods and tools, their widespread adoption remains limited due to ethical, legal, and practical concerns. While existing research has proposed various solutions to support AI integration in digital forensics, many reiterate challenges already present in traditional digital forensics, focusing heavily on explainable AI, and often overlooking real-world feasibility. Thus, this study investigates the practical challenges affecting the adoption of AI in digital forensics by directly engaging with practitioners.</div><div>To this end, we conducted a survey and interview study involving 28 digital forensic experts to explore their experiences with AI-based tools, their perceptions of AI in digital forensics, and the practical challenges they encounter. Our findings highlight key concerns related to validation, transparency, and the explanation and presentation of AI-generated evidence in court. We also find that practical challenges are often broader than those discussed in theory, warranting deeper, practice-oriented analysis and perspectives.</div><div>Based on these findings, we propose a practitioner-focused framework to support stakeholders, including forensic professionals, developers, law enforcement, regulators, and researchers, in fostering standardized, responsible, and effective adoption of AI-based digital forensics. Rather than replacing existing procedures, our framework builds on traditional digital forensic processes, extending them to address AI-specific requirements. Finally, as part of this proposed framework, we provide practical recommendations for the development and deployment of AI-based digital forensic tools that are better aligned with real-world investigative needs.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"55 ","pages":"Article 302030"},"PeriodicalIF":2.2,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145527964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Dial M for Mixer: A methodological approach to forensic analysis of unknown devices using the thermomix TM6 Dial M for Mixer：使用thermomix TM6对未知设备进行法医分析的方法学方法

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-10-01 Epub Date: 2025-11-03 DOI: 10.1016/j.fsidi.2025.301983

Maximilian Eichhorn, Felix Freiling

引用次数: 0

Welcome to the Proceedings of the Fifth Annual DFRWS APAC Conference 2025! 欢迎参加2025年第五届亚太地区DFRWS年会论文集！

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-10-01 Epub Date: 2025-11-03 DOI: 10.1016/j.fsidi.2025.301989

Mariya Shafat Kirmani

引用次数: 0

Creating a standardized corpus for digital stratigraphic methods with fsstratify 使用fsstratify为数字地层学方法创建标准化语料库

IF 2.2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2025-10-01 Epub Date: 2025-11-03 DOI: 10.1016/j.fsidi.2025.301986

Julian Uthoff , Lisa Marie Dreier , Martin Lambertz , Mariia Rybalka , Felix Freiling

{"title":"Creating a standardized corpus for digital stratigraphic methods with fsstratify","authors":"Julian Uthoff , Lisa Marie Dreier , Martin Lambertz , Mariia Rybalka , Felix Freiling","doi":"10.1016/j.fsidi.2025.301986","DOIUrl":"10.1016/j.fsidi.2025.301986","url":null,"abstract":"<div><div>Digital stratigraphic methods aim to infer new information about digital objects using their depositional context. Many such methods have been developed, for example, to interpret file allocation traces and thereby estimate timestamps of file fragments based on their position on disk. Such methods are difficult to compare. We therefore present a corpus of NTFS file system images that can be used to evaluate these methods. The corpus comprises different categories, each extensively employing a small subset of file system operations to display their effect on file allocation traces. We demonstrate the usefulness of this corpus by evaluating the method of Bahjat and Jones (2019) that derives the timestamp of a file fragment from the timestamps of neighboring files. The corpus was generated using a revised version of <span>fsstratify</span>, a software framework to simulate file system usage. The tool is able to log the position of content data during file creation, greatly facilitating research in the realm of digital stratigraphy.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"54 ","pages":"Article 301986"},"PeriodicalIF":2.2,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145424404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0