Forensic Science International-Digital Investigation最新文献_第9页

Adding transparency to uncertainty: An argument-based method for evaluative opinions 为不确定性增加透明度:一种基于论证的评估意见方法

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-19 DOI: 10.1016/j.fsidi.2023.301657

Nina Sunde , Virginia N.L. Franqueira

{"title":"Adding transparency to uncertainty: An argument-based method for evaluative opinions","authors":"Nina Sunde , Virginia N.L. Franqueira","doi":"10.1016/j.fsidi.2023.301657","DOIUrl":"https://doi.org/10.1016/j.fsidi.2023.301657","url":null,"abstract":"<div><p>Over the past 15 years, digital evidence has been identified as a leading cause, or contributing factor, in wrongful convictions in England and Wales. To prevent legal decision-makers from being misled about the relevance and credibility of digital evidence and to ensure a fair administration of justice, adopting a balanced, systematic and transparent approach to evaluating digital evidence and disseminating results is crucial. This paper draws on general concepts from argumentation theory, combined with key principles and concepts from probabilistic and narrative/scenario approaches to develop arguments and analyse evidence. We present the “Argument-Based Method for Evaluative Opinions”, which is a novel method for producing argument-based evaluative opinions in the context of criminal investigation. The method may be used stand-alone or in combination with other qualitative or quantitative/statistical methods to produce evaluative opinions, highlighting the logical relationships between the components making up the argument supporting a hypothesis. To facilitate a structured assessment of the credibility and relevance of the individual argument components, we introduce an Argument Evaluation Scale and, ultimately, an Argument Matrix for a holistic determination of the probative value of the evidence.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2023-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49874361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Forensic analysis of SQL server transaction log in unallocated area of file system 文件系统未分配区域中SQL server事务日志的取证分析

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301605

Hoyong Choi, Sangjin Lee

{"title":"Forensic analysis of SQL server transaction log in unallocated area of file system","authors":"Hoyong Choi, Sangjin Lee","doi":"10.1016/j.fsidi.2023.301605","DOIUrl":"https://doi.org/10.1016/j.fsidi.2023.301605","url":null,"abstract":"<div><p>The importance of database forensics is increasing day by day as the use of databases to store sensitive corporate and personal data increases. Database forensics is a field of digital forensics that deals with database-related incidents such as data corruption, breaches, and leaks. One of the key functions of database forensics is information reconstruction, which is the tracing of actions from the time of an event to the present based on various information stored in the database. This feature allows investigators to identify unauthorized user actions and data deletion or manipulation when an incident occurs. Database log data is primarily used to reconstruct information. Database logs include transaction logs, error logs, event logs, and trace logs. Among them, we focus on the transaction log of Microsoft SQL Server (MSSQL), one of the most popular database management systems in the world. Raw-level studies have been conducted on the transaction logs of Oracle and MySQL, other databases used at the enterprise level. However, there is very little research on MSSQL transaction logs. For this reason, we analyze the internal structure of the MSSQL transaction log. Based on these finding, we present an empirical method to identify and extract transaction log records in unallocated area.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49889155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Chracer: Memory analysis of Chromium-based browsers 基于chrome浏览器的内存分析

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301613

Geunyeong Choi , Jewan Bang , Sangjin Lee , Jungheum Park

{"title":"Chracer: Memory analysis of Chromium-based browsers","authors":"Geunyeong Choi , Jewan Bang , Sangjin Lee , Jungheum Park","doi":"10.1016/j.fsidi.2023.301613","DOIUrl":"https://doi.org/10.1016/j.fsidi.2023.301613","url":null,"abstract":"<div><p>The web browsing activities of a user provide useful evidence for digital forensic investigations. However, existing analysis techniques that aim to analyze local artifacts (e.g., history and cache) cannot find useful data (e.g., visited URLs) if a user accesses the web using private or secret mode. Hence, string-searching and pattern-matching techniques have been proposed and used to examine user activities from a memory dump. These simple techniques are useful for identifying individual URLs visited in both normal and private modes. However, since a piece of individually detected data does not have context on how it is created, additional analysis efforts are required to properly interpret the meaning of the data. This paper proposes <em>Chracer</em>, a practical methodology for extracting forensically meaningful information from the virtual memory of a Chromium-based browser by systematically discovering objects of web browsing-related classes. Moreover, a proof-of-concept tool developed based on the proposed methodology demonstrates that users’ web browsing-related artifacts can be extracted effectively from the virtual memory of any Chromium-based browser, such as Google Chrome, Microsoft Edge and Brave.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49889156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ChatGPT for digital forensic investigation: The good, the bad, and the unknown ChatGPT数字取证调查:好的、坏的和未知的

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301609

Mark Scanlon , Frank Breitinger , Christopher Hargreaves , Jan-Niclas Hilgert , John Sheppard

{"title":"ChatGPT for digital forensic investigation: The good, the bad, and the unknown","authors":"Mark Scanlon , Frank Breitinger , Christopher Hargreaves , Jan-Niclas Hilgert , John Sheppard","doi":"10.1016/j.fsidi.2023.301609","DOIUrl":"https://doi.org/10.1016/j.fsidi.2023.301609","url":null,"abstract":"<div><p>The disruptive application of ChatGPT (GPT-3.5, GPT-4) to a variety of domains has become a topic of much discussion in the scientific community and society at large. Large Language Models (LLMs), e.g., BERT, Bard, Generative Pre-trained Transformers (GPTs), LLaMA, etc., have the ability to take instructions, or prompts, from users and generate answers and solutions based on very large volumes of text-based training data. This paper assesses the impact and potential impact of ChatGPT on the field of digital forensics, specifically looking at its latest pre-trained LLM, GPT-4. A series of experiments are conducted to assess its capability across several digital forensic use cases including artefact understanding, evidence searching, code generation, anomaly detection, incident response, and education. Across these topics, its strengths and risks are outlined and a number of general conclusions are drawn. Overall this paper concludes that while there are some potential low-risk applications of ChatGPT within digital forensics, many are either unsuitable at present, since the evidence would need to be uploaded to the service, or they require sufficient knowledge of the topic being asked of the tool to identify incorrect assumptions, inaccuracies, and mistakes. However, to an appropriately knowledgeable user, it could act as a useful supporting tool in some circumstances.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49889161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Digital forensic approaches for metaverse ecosystems 虚拟生态系统的数字取证方法

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301608

Donghyun Kim , Subin Oh , Taeshik Shon

{"title":"Digital forensic approaches for metaverse ecosystems","authors":"Donghyun Kim , Subin Oh , Taeshik Shon","doi":"10.1016/j.fsidi.2023.301608","DOIUrl":"https://doi.org/10.1016/j.fsidi.2023.301608","url":null,"abstract":"<div><p>The accelerating pace of digital transformation has given rise to metaverses that can participate freely in contactless environments. More than just game content, metaverses are driving everyday innovation across industries. However, threats are also prevalent, with crimes such as child sexual exploitation and privacy violations occurring in metaverses that mimic reality, making digital forensics for metaverse threats essential. Nevertheless, technical standards for different types of metaverses have yet to be defined, making investigation difficult. Furthermore, even though metaverses are complex forms that combine multiple hardware devices and software applications, existing studies have either focused on a single component or not analyzed the real-world environment. In this study, we derived a metaverse ecosystem with common components that comprise a metaverse and analyzed the hardware and software used throughout the user's metaverse lifecycle from a digital forensics perspective. In particular, we applied real-case-based scenario to the metaverse environment of the most popular <em>Meta</em>'s currently in use to identify various artifacts that can be used across the ecosystem and validate the effectiveness of the process. We also developed a metaverse digital forensics tool for the first time in the current situation where open-source and commercial tools do not support metaverse investigations.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49889162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Analyzing the peeling chain patterns on the Bitcoin blockchain 分析比特币区块链上的剥链模式

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301614

Yanan Gong, Kam Pui Chow, Siu Ming Yiu, Hing Fung Ting

引用次数: 0

Prelim i - Editorial Board 初稿编辑委员会

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/S2666-2817(23)00164-6

引用次数: 0

Welcome to the proceedings of the Third Annual DFRWS APAC Conference 2023 欢迎参加2023年第三届亚太地区DFRWS年会

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301627

引用次数: 0

Busting up Monopoly: Methods for modern darknet marketplace forensics 打破垄断:现代暗网市场取证方法

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301604

Daniel Dolejška, Michal Koutenský, Vladimír Veselý, Jan Pluskal

{"title":"Busting up Monopoly: Methods for modern darknet marketplace forensics","authors":"Daniel Dolejška, Michal Koutenský, Vladimír Veselý, Jan Pluskal","doi":"10.1016/j.fsidi.2023.301604","DOIUrl":"https://doi.org/10.1016/j.fsidi.2023.301604","url":null,"abstract":"<div><p>Darknet marketplaces represent the most delinquent evolution step in distributing illicit goods such as drugs, steroids, firearms, warez, or leaked personal information. On the one hand, law enforcement agencies try to catch vendors, buyers, and operators of darknet marketplaces. On the other hand, the criminals mentioned above constantly stretch the limits of overlay networks, applied cryptography, and cryptocurrency pseudonymity. This paper intends to provide relevant and up-to-date (for the year 2022) information about potential ways to deal with darknet marketplaces from the perspective of investigators. The paper outlines methods (based on periodic web scraping) that may help sworn officers to gather evidence about darknet marketplace (ab)users. The potential is demonstrated in a real-life case study of the Monopoly Market. For instance, suggested approaches seem capable: monitoring the demography and activities of darknet marketplace users, estimating the number of procurements and their value, and correlating user identities with their cryptocurrency addresses. The paper also provides an applicability analysis of proposed methods on the subset of currently trending darknet marketplaces.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49889154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

About the applicability of Apache2 web server memory forensics 关于Apache2 web服务器内存取证的适用性

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2023-10-01 DOI: 10.1016/j.fsidi.2023.301610

Jan-Niclas Hilgert, Roman Schell, Carlo Jakobs, Martin Lambertz

{"title":"About the applicability of Apache2 web server memory forensics","authors":"Jan-Niclas Hilgert, Roman Schell, Carlo Jakobs, Martin Lambertz","doi":"10.1016/j.fsidi.2023.301610","DOIUrl":"https://doi.org/10.1016/j.fsidi.2023.301610","url":null,"abstract":"<div><p>With the increasing use of the Internet for criminal activities, web servers have become more and more important during forensic investigations. In many cases, web servers are used to host leaked data, as a management interface for Command and Control servers, or as a platform for illicit content. As a result, extracting information from web servers has become a critical aspect of digital forensics. By default, a lot of information can already be extracted by performing traditional storage forensics including the analysis of logs. However this approach quickly reaches its limits as soon as anti-forensic techniques such as the deletion of configuration files or the deactivation of logging capabilities are implemented. This paper evaluates the feasibility of memory forensics as a complement to traditional storage forensics for cases involving web servers. For this purpose, we present a methodology for extracting forensically relevant artefacts from the memory of Apache web servers, which are among the most commonly used on the Internet. Through various experiments, we evaluate the applicability of our approach in different scenarios. In the process, we also take a closer look at the overall existence of digital traces, which cannot easily be found by following a structured approach. Our findings demonstrate that certain Apache web server structures contain important information that can be retrieved from memory even after the originating event has passed. Additionally, traces such as IP addresses were still found in memory even after complete structures were already overwritten by further interaction. These results highlight the benefits and the potential of memory analysis for web servers in digital investigations.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49889159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0