Forensic Science International-Digital Investigation最新文献_第6页

GenAI mirage: The impostor bias and the deepfake detection challenge in the era of artificial illusions GenAI 海市蜃楼：人工幻觉时代的 "冒名顶替者 "偏差和深度防伪检测挑战

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-06-19 DOI: 10.1016/j.fsidi.2024.301795

Mirko Casu , Luca Guarnera , Pasquale Caponnetto , Sebastiano Battiato

{"title":"GenAI mirage: The impostor bias and the deepfake detection challenge in the era of artificial illusions","authors":"Mirko Casu , Luca Guarnera , Pasquale Caponnetto , Sebastiano Battiato","doi":"10.1016/j.fsidi.2024.301795","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301795","url":null,"abstract":"<div><p>This paper examines the impact of cognitive biases on decision-making in forensics and digital forensics, exploring biases such as confirmation bias, anchoring bias, and hindsight bias. It assesses existing methods to mitigate biases and improve decision-making, introducing the novel “Impostor Bias”, which arises as a systematic tendency to question the authenticity of multimedia content, such as audio, images, and videos, often assuming they are generated by AI tools. This bias goes beyond evaluators' knowledge levels, as it can lead to erroneous judgments and false accusations, undermining the reliability and credibility of forensic evidence. Impostor Bias stems from an a priori assumption rather than an objective content assessment, and its impact is expected to grow with the increasing realism of AI-generated multimedia products. The paper discusses the potential causes and consequences of Impostor Bias, suggesting strategies for prevention and counteraction. By addressing these topics, this paper aims to provide valuable insights, enhance the objectivity and validity of forensic investigations, and offer recommendations for future research and practical applications to ensure the integrity and reliability of forensic practices.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724001197/pdfft?md5=075f46e013a9e23ee24722c1470c6e5d&pid=1-s2.0-S2666281724001197-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141429084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Unveiling the hidden dangers: Security risks and forensic analysis of smart bulbs 揭开隐藏的危险：智能灯泡的安全风险和取证分析

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-06-15 DOI: 10.1016/j.fsidi.2024.301794

Pankaj Sharma , Lalit Kumar Awasthi

{"title":"Unveiling the hidden dangers: Security risks and forensic analysis of smart bulbs","authors":"Pankaj Sharma , Lalit Kumar Awasthi","doi":"10.1016/j.fsidi.2024.301794","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301794","url":null,"abstract":"<div><p>People often dispose of their useless smart digital gadgets without realizing the potential presence of useful information inside these devices. This is also true for faulty smart bulbs, which cybercriminals might exploit to gain unauthorized access to a smart home and manipulate or steal private information. This research delves into the potential security risks associated with smart bulbs and provides recommendations for mitigating such risks. Through a comprehensive analysis of the functionality of smart bulbs, this study introduced the data extraction framework DEF-IoTF for collecting both hardware and application-level digital artifacts from smart bulbs. This paper presents the FIvM-IoT model for collecting and analyzing evidence from companion app data on mobile phones and Wifi modules at the hardware level. We conduct examinations on the smart bulb's Wifi module and extract its firmware using the developed Wifi_Cred tool. These include evidence related to user credentials, log time stamps, Wifi details, potential forensic information, and investigation procedures for IoT devices. Finally, this study provides prominent IoT forensic use cases along with the key requirements for hardware-level forensic investigation of Wifi modules.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141328313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Sentiment and time-series analysis of direct-message conversations 直接信息对话的情感和时间序列分析

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-05-20 DOI: 10.1016/j.fsidi.2024.301753

Martyn Harris, Jessica Jacobson, Alessandro Provetti

引用次数: 0

Forensic analysis of hook Android malware 对挂钩式安卓恶意软件的取证分析

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-05-14 DOI: 10.1016/j.fsidi.2024.301769

Dominic Schmutz, Robin Rapp, Benjamin Fehrensen

引用次数: 0

IoT Forensics Readiness - influencing factors 物联网取证准备--影响因素

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-05-14 DOI: 10.1016/j.fsidi.2024.301768

Sabrina Friedl, Günther Pernul

{"title":"IoT Forensics Readiness - influencing factors","authors":"Sabrina Friedl, Günther Pernul","doi":"10.1016/j.fsidi.2024.301768","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301768","url":null,"abstract":"<div><p>The Internet of Things (IoT) is increasingly becoming a part of people's lives and is progressively revolutionizing our lives and businesses. From a Digital Forensics (DF) point of view, this connection turns an IoT environment into a valuable source of evidence containing diverse artifacts that could significantly aid DF investigations. Therefore, DF must adapt to the characteristics of IoT Forensics (IoTF). With the increasing deployment of IoT, organizations are compelled to revise their approaches to planning, developing, and implementing Information Technology (IT) security strategies. The IoT presents new business opportunities but also simultaneously creates various challenges related to cyber-attacks and their resolution. For optimal preparedness in the face of future incidents, companies should consider implementing Forensics Readiness (FR). This paper thus examines the factors that influence IoT-FR within organizations. By systematically analyzing research efforts from 2010 to 2023, we identified the following factors influencing IoT-FR: (1) Legal Aspect, (2) Standardization Approach, (3) Technological Resource and Technique, (4) Management Process and (5) Human Factor. Furthermore, these influencing factors are not only considered individually but also in terms of the dependencies between them. This results in the creation of a holistic model including the interdependencies and influences of the factors to provide a novel overview and enhance the integrated perspective on IoT-FR. The knowledge of factors influencing the integration of IoT-FR into organizations is valuable. It thus can be of enormous importance, as it can save time and money in the event of a subsequent incident. Additionally, alongside these factors, various challenges, techniques, models, and frameworks are highlighted to offer profound insights into the relatively novel subject of IoT-FR and to inspire future research.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724000878/pdfft?md5=012b90db92b8d36ae8ae211993009d99&pid=1-s2.0-S2666281724000878-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140947006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A temporal analysis and evaluation of fuzzy hashing algorithms for Android malware analysis 用于 Android 恶意软件分析的模糊哈希算法的时间分析和评估

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-05-13 DOI: 10.1016/j.fsidi.2024.301770

Murray Fleming, Oluwafemi Olukoya

{"title":"A temporal analysis and evaluation of fuzzy hashing algorithms for Android malware analysis","authors":"Murray Fleming, Oluwafemi Olukoya","doi":"10.1016/j.fsidi.2024.301770","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301770","url":null,"abstract":"<div><p>Fuzzy hashing has been utilised in digital forensics and malware analysis for malware detection, malware variant classification, file clustering, document similarity detection, embedded object detection and fragment detection. Previous research considered the efficacy of fuzzy hashing at a point in time for malware classification and did not specifically address the problem of malware evolution. Android malware presents a significant cybersecurity threat, and since malware is constantly mutating, a temporal analysis of the effectiveness of fuzzy hashing techniques for Android malware detection and classification contributes to understanding the value of fuzzy hashes in the evolution of malware. Through experimental examination, this study sought to determine whether or not fuzzy hashes are always effective, how quickly malware is evolving, and how malware evolution affects fuzzy hashing. Comparisons are made between the performance of different fuzzy hashing algorithms and the distinction between hashes at the file and class levels. Experiments with known malware family and analysis with over 4500 APK files, including 100 benign samples collected from 2012 - 2022 were conducted using various fuzzy hashing algorithms, file-level and section-level similarity hashing, symbolic and raw opcode hashing, and optimisations for improving fuzzy hashing comparisons. The performance of the methods was evaluated using detection and false positive rates. The results show that fuzzy hashing algorithms remain a valuable technique that demonstrates robustness to malware evolution with 10-year detection rates of over 80%.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724000891/pdfft?md5=45e25e15294ae9f8fbf35e580e62dc65&pid=1-s2.0-S2666281724000891-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140914299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Corrigendum to “So fresh, so clean: Cloud forensic analysis of the Amazon iRobot Roomba vacuum” [FSIDI 48 (2024) 301686] 对 "如此清新，如此干净：亚马逊 iRobot Roomba 真空吸尘器的云取证分析" [FSIDI 48 (2024) 301686] 的更正

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-05-04 DOI: 10.1016/j.fsidi.2024.301767

Abdur Rahman Onik , Ruba Alsmadi , Ibrahim Baggili , Andrew M. Webb

引用次数: 0

Automotive digital forensics through data and log analysis of vehicle diagnosis Android apps 通过对车辆诊断 Android 应用程序的数据和日志分析进行汽车数字取证

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-05-03 DOI: 10.1016/j.fsidi.2024.301752

Jiheon Jung , Sangchul Han , Minkyu Park , Seong-je Cho

{"title":"Automotive digital forensics through data and log analysis of vehicle diagnosis Android apps","authors":"Jiheon Jung , Sangchul Han , Minkyu Park , Seong-je Cho","doi":"10.1016/j.fsidi.2024.301752","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301752","url":null,"abstract":"<div><p>Modern vehicles including smart cars have been equipped with many electronic devices such as electronic control units (ECUs), on-board diagnostics (OBD) systems, telematics and infotainment systems, gateways, sensors, etc. Because these devices create, transmit, and store a lot of digital data, modern vehicles are becoming key source of digital evidence in vehicular forensics. In addition, some dedicated mobile apps can capture driving and diagnostic data from a vehicle via a Bluetooth-enabled OBD-II scanner. In this paper, we propose a new process for effective automotive forensics. It collects and analyzes three different types of data left on an Android phone which has been connected to the OBD-II port of a vehicle via Bluetooth communication. The three types of data are OBD-II Android apps' data, Bluetooth HCI snoop log, and the <em>main</em> log buffer of the Android logging system. By analyzing them individually and integratedly, we find Bluetooth connection time, vehicle information, MAC address of the OBD-II scanner, vehicle velocity, sharp speeding event, sudden braking event, refueling event, and so on. We also construct a timeline of Bluetooth traffic and driving events through the timeline analysis, which can be used to determine the driver's behaviors in terms of vehicle forensics.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140823486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A hybrid artificial intelligence framework for enhancing digital forensic investigations of infotainment systems 加强信息娱乐系统数字取证调查的混合人工智能框架

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-04-29 DOI: 10.1016/j.fsidi.2024.301751

Yasamin Fayyaz , Abdulaziz Almehmadi , Khalil El-Khatib

{"title":"A hybrid artificial intelligence framework for enhancing digital forensic investigations of infotainment systems","authors":"Yasamin Fayyaz , Abdulaziz Almehmadi , Khalil El-Khatib","doi":"10.1016/j.fsidi.2024.301751","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301751","url":null,"abstract":"<div><p>Infotainment systems in vehicles have become important sources of digital evidence in forensic investigations. Analyzing data from these systems can provide valuable insights into a suspect's activities and interactions. In this paper, we propose a hybrid artificial intelligence (AI) framework that combines unsupervised learning using K-means clustering and language model analysis to enhance the forensic analysis process. The proposed methodology was applied to two distinct datasets from Hyundai and Mitsubishi infotainment systems. In the Hyundai dataset, the recall for contact names and phone numbers improved by 18% and 3% respectively when compared to clustering alone. Similarly, in the Mitsubishi dataset, the recall of song names improved by 2%. In addition, this hybrid approach enabled the discovery of more forms of forensically-relevant data stored in the infotainment systems, such as geographical locations and connected devices, that would have been infeasible to find with either manual analysis or clustering alone. Despite the presence of some hallucinations, the combination of these techniques resulted in improved ease of analysis and increased recall, demonstrating the potential of this hybrid approach in forensic investigations.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140807450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On the inadequacy of open-source application logs for digital forensics 论开源应用程序日志在数字取证方面的不足

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-04-25 DOI: 10.1016/j.fsidi.2024.301750

Afiqah Azahari, Davide Balzarotti

{"title":"On the inadequacy of open-source application logs for digital forensics","authors":"Afiqah Azahari, Davide Balzarotti","doi":"10.1016/j.fsidi.2024.301750","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301750","url":null,"abstract":"<div><p>This study explores the challenges with utilizing application logs for incident response or forensic analysis. Application logs have the potential to significantly enhance security analysis as sometimes they provide information regarding user actions, error messages, and performance metrics of the application. Although these logs can offer vital information about user activities, errors, and application performance, their use for security needs better understanding. We looked at the current logging implementation of 60 open-source applications. We checked the logs to see if they could help with five key security tasks: making timelines, linking events, separating different actions, spotting misuse, and detecting attacks. By examining source code, extracting log statements, and evaluating them for security relevance, we found many logs lacked essential elements. Specifically, 29 applications omitted timestamps, crucial for identifying the timing of actions. Furthermore, logs frequently missed unique identifiers (UIDs) for event correlation, with 23 not noting UIDs for new activities. Inconsistent logging of user activities and an absence of logs detailing successful attacks indicate current application logs need significant enhancements to be effective for security checks. The findings of our research suggest that current application logs are inadequately equipped for in-depth security analysis. Enhancements are imperative for their optimal utility. This investigation underscores the inherent challenges in leveraging logs for security and emphasizes the pressing need for refining logging methodologies.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2024-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140644366","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0