Forensic Science International-Digital Investigation最新文献_第9页

SFormer: An end-to-end spatio-temporal transformer architecture for deepfake detection SFormer：用于深度伪造检测的端到端时空变换器架构

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-08-27 DOI: 10.1016/j.fsidi.2024.301817

Staffy Kingra , Naveen Aggarwal , Nirmal Kaur

{"title":"SFormer: An end-to-end spatio-temporal transformer architecture for deepfake detection","authors":"Staffy Kingra , Naveen Aggarwal , Nirmal Kaur","doi":"10.1016/j.fsidi.2024.301817","DOIUrl":"10.1016/j.fsidi.2024.301817","url":null,"abstract":"<div><p>Growing AI advancements are continuously pacing GAN enhancement that eventually facilitates the generation of deepfake media. Manipulated media poses serious risks pertaining court proceedings, journalism, politics, and many more where digital media have a substantial impact on society. State-of-the-art techniques for deepfake detection rely on convolutional networks for spatial analysis, and recurrent networks for temporal analysis. Since transformers are capable of recognizing wide-range dependencies with a global spatial view and along temporal sequence too, a novel approach called “SFormer” is proposed in this paper, utilizing a transformer architecture for both spatial and temporal analysis to detect deepfakes. Further, state-of-the-art techniques suffer from high computational complexity and overfitting which causes loss in generalizability. The proposed model utilized a Swin Transformer for spatial analysis that resulted in low complexity, thereby enhancing its generalization ability and robustness against the different manipulation types. Proposed end-to-end transformer based model, SFormer, is proven to be effective for numerous deepfake datasets, including FF++, DFD, Celeb-DF, DFDC and Deeper-Forensics, and achieved an accuracy of 100%, 97.81%, 99.1%, 93.67% and 100% respectively. Moreover, SFormer has demonstrated superior performance compared to existing spatio-temporal and transformer-based approaches for deepfake detection.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301817"},"PeriodicalIF":2.0,"publicationDate":"2024-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142083968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Response from author 提交人的答复

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-16 DOI: 10.1016/j.fsidi.2024.301803

Simon Ebbers

引用次数: 0

Towards a practical usage for the Sleuth Kit supporting file system add-ons 实现支持文件系统附加组件的 Sleuth Kit 的实际用途

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-13 DOI: 10.1016/j.fsidi.2024.301799

Yeonghun Shin , Taeshik Shon

{"title":"Towards a practical usage for the Sleuth Kit supporting file system add-ons","authors":"Yeonghun Shin , Taeshik Shon","doi":"10.1016/j.fsidi.2024.301799","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301799","url":null,"abstract":"<div><p>Most modern digital devices with storage utilize a file system to manage files and directories. Consequently, when digital forensic investigators derive evidence from such devices, they collect and analyze data stored on them through file system analysis. However, there are numerous types of file systems, with new ones continually being developed. Each file system possesses a distinct metadata structure and file management system. Therefore, investigators must possess prior knowledge of the specific file system being examined. Nevertheless, it is challenging for practitioners to be knowledgeable about all existing file systems. To address this issue, forensic software such as The Sleuth Kit (TSK), an open-source forensic tool, is employed for investigations. However, even these tools may not offer complete support for relatively recent file systems.</p><p>Hence, we propose a structure for integrating a new file system into the open-source forensic tool TSK. Additionally, to validate this proposed structure, we demonstrate that support for five file systems (Ext4, XFS, Btrfs, F2FS, and Hikvision) can be added following this framework. To achieve this, we conducted an analysis of the metadata and file management scheme for these five file systems. Furthermore, we examined the operational procedures of the TSK framework. Based on these analyses, investigation capabilities for the five file systems have been incorporated into TSK. Moreover, reliability verification experiments were conducted on the developed tools; and performance evaluation was carried out in comparison with other commercial digital forensic tools. The findings of this study can serve as a foundation for future forensic studies based on file systems. Additionally, the TSK developed based on the proposed structure can assist investigators in conducting digital forensics effectively.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"50 ","pages":"Article 301799"},"PeriodicalIF":2.0,"publicationDate":"2024-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141606950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Money laundering through video games, a criminals' playground 通过电子游戏洗钱，犯罪分子的乐园

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-13 DOI: 10.1016/j.fsidi.2024.301802

Dan Cooke , Angus Marshall

{"title":"Money laundering through video games, a criminals' playground","authors":"Dan Cooke , Angus Marshall","doi":"10.1016/j.fsidi.2024.301802","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301802","url":null,"abstract":"<div><p>Money laundering and video games provide opportunities to criminals for easier and less detectable methods of performing money laundering. These actions may be used as part of a system of transactions, by these criminals, to further disguise the origins of their funds. The use of videogames as a tool to launder money is something that has been only briefly explored. This work identifies the ways that money laundering through video game secondary marketplaces can offer benefits to criminals looking to launder money, versus the use of traditional money laundering methods.</p><p>We explore the potential for using publicly accessible data, such as that available from the Steam Marketplace, to identify suspicious transactions that may indicate the existence of money laundering within these platforms. This research focused on identifying irregularities in the frequency and quantity of trades on the Steam Marketplace.</p><p>The results of this investigation show that identifying, using very simple money laundering detection methods, possible cases of money laundering within transactional data from the Steam Marketplace is possible. The data used shows that there were several suspicious transactions and accounts which could warrant further investigation, and may be involved in activity which represents money laundering. As a result of this, there is scope for further investigations using larger data sets and examination of other publicly accessible data using a greater range of methods to identify suspicious transactions including, but not limited to, value of transactions and location.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"50 ","pages":"Article 301802"},"PeriodicalIF":2.0,"publicationDate":"2024-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724001264/pdfft?md5=843f79ae7978a79c885020e2a44ce53d&pid=1-s2.0-S2666281724001264-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141606951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Forensic analysis of OpenAI's ChatGPT mobile application 对 OpenAI 的 ChatGPT 移动应用程序的取证分析

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-10 DOI: 10.1016/j.fsidi.2024.301801

Evangelos Dragonas , Costas Lambrinoudakis , Panagiotis Nakoutis

{"title":"Forensic analysis of OpenAI's ChatGPT mobile application","authors":"Evangelos Dragonas , Costas Lambrinoudakis , Panagiotis Nakoutis","doi":"10.1016/j.fsidi.2024.301801","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301801","url":null,"abstract":"<div><p>Since its public launch, OpenAI's ChatGPT has achieved significant success, attracting millions of users within the first few months of its release. Although numerous similar applications have emerged, none have yet matched the success of OpenAI's ChatGPT. Last year, OpenAI released the ChatGPT mobile app. This application serves a broad range of uses, some of which may be malicious and, unfortunately, it has not yet been parsed by either commercial or open-source tools. Nevertheless, the data stored by this application, such as JSON files that store a user's conversations with ChatGPT, can be instrumental in attributing user actions, discerning perpetrators' knowledge and motivations, and resolving practical investigations. In this paper, OpenAI's ChatGPT mobile application is examined on both Android and iOS operating systems, focusing on potential evidentiary data within. The cloud-native data associated with the app, which can be retrieved through user data export requests are also investigated. The primary objective of this study is to discover artifacts that investigators can use in real-world cases involving this mobile app. Additionally, the authors have contributed to FOSS to support professionals in this field.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"50 ","pages":"Article 301801"},"PeriodicalIF":2.0,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141596810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Leveraging metadata in social media forensic investigations: Unravelling digital clues- A survey study 在社交媒体取证调查中利用元数据：揭开数字线索--一项调查研究

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-08 DOI: 10.1016/j.fsidi.2024.301798

Akarshan Suryal

引用次数: 0

Letter to Editor regarding article, “Grand theft API: A forensic analysis of vehicle cloud data” 致编辑的信，内容涉及文章 "Grand theft API：车辆云数据的法证分析"

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-06 DOI: 10.1016/j.fsidi.2024.301800

Nishchal Soni

引用次数: 0

Key extraction-based lawful access to encrypted data: Taxonomy and survey 基于密钥提取的加密数据合法访问：分类与调查

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-05 DOI: 10.1016/j.fsidi.2024.301796

Christian Lindenmeier, Andreas Hammer, Jan Gruber, Jonas Röckl, Felix Freiling

{"title":"Key extraction-based lawful access to encrypted data: Taxonomy and survey","authors":"Christian Lindenmeier, Andreas Hammer, Jan Gruber, Jonas Röckl, Felix Freiling","doi":"10.1016/j.fsidi.2024.301796","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301796","url":null,"abstract":"<div><p>The rise of end-to-end encryption has enabled end-users to protect their data to a point that classical techniques of lawful access (seizure of devices, wiretaps) are futile. While there is a heated discussion about regulating the access primitive to end-user devices for law enforcement, little attention is given to the technical design of <em>how</em> evidence should be collected. This is especially critical during remote surveillance, as law enforcement may have unrestricted access to end-user devices over longer periods of time. In this paper, we propose the novel category of <em>key extraction-based lawful interception</em> (KEX-LI), meaning that instead of directly accessing plaintext data, law enforcement only extracts the necessary key material from end-user devices, thus minimizing the requirements of data extraction on end-user devices. When subsequently collecting <em>encrypted</em> data (e.g., via wiretapping), law enforcement can use these keys for decryption. We structure and survey the state-of-the-art of key extraction techniques, thus embedding KEX-LI in the broader context of device forensics. Furthermore, we describe specific requirements for a practical solution to conduct KEX-LI and evaluate currently available technical implementations. Our results are intended to help practitioners select the most suitable techniques as well as to identify research gaps.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"50 ","pages":"Article 301796"},"PeriodicalIF":2.0,"publicationDate":"2024-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724001203/pdfft?md5=77c3dcb49bff2636a03dd9fc94b62337&pid=1-s2.0-S2666281724001203-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141543701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Formal Concept Analysis approach to hierarchical description of malware threats 对恶意软件威胁进行分级描述的形式概念分析方法

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-04 DOI: 10.1016/j.fsidi.2024.301797

Manuel Ojeda-Hernández, Domingo López-Rodríguez, Ángel Mora

{"title":"A Formal Concept Analysis approach to hierarchical description of malware threats","authors":"Manuel Ojeda-Hernández, Domingo López-Rodríguez, Ángel Mora","doi":"10.1016/j.fsidi.2024.301797","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301797","url":null,"abstract":"<div><p>The problem of intelligent malware detection has become increasingly relevant in the industry, as there has been an explosion in the diversity of threats and attacks that affect not only small users, but also large organisations and governments. One of the problems in this field is the lack of homogenisation or standardisation in the nomenclature used by different antivirus programs for different malware threats. The lack of a clear definition of what a category is and how it relates to individual threats makes it difficult to share data and extract common information from multiple antivirus programs. Therefore, efforts to create a common naming convention and hierarchy for malware are important to improve collaboration and information sharing in this field.</p><p>Our approach uses as a tool the methods of Formal Concept Analysis (FCA) to model and attempt to solve this problem. FCA is an algebraic framework able to discover useful knowledge in the form of a concept lattice and implications relating to the detection and diagnosis of suspicious files and threats. The knowledge extracted using this mathematical tool illustrates how formal methods can help prevent new threats and attacks. We will show the results of applying the proposed methodology to the identification of hierarchical relationships between malware.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"50 ","pages":"Article 301797"},"PeriodicalIF":2.0,"publicationDate":"2024-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724001215/pdfft?md5=697d14b6aecc4eca8d00c3562237fedd&pid=1-s2.0-S2666281724001215-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141543693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On enhancing memory forensics with FAME: Framework for advanced monitoring and execution 利用 FAME 加强内存取证：高级监控和执行框架

IF 2 4区医学

Forensic Science International-Digital Investigation Pub Date : 2024-07-01 DOI: 10.1016/j.fsidi.2024.301757

Taha Gharaibeh , Ibrahim Baggili , Anas Mahmoud

{"title":"On enhancing memory forensics with FAME: Framework for advanced monitoring and execution","authors":"Taha Gharaibeh , Ibrahim Baggili , Anas Mahmoud","doi":"10.1016/j.fsidi.2024.301757","DOIUrl":"https://doi.org/10.1016/j.fsidi.2024.301757","url":null,"abstract":"<div><p>Memory Forensics (MF) is an essential aspect of digital investigations, but practitioners often face time-consuming challenges when using popular tools like the Volatility Framework (VF). VF, a widely-adopted Python-based memory forensics tool, presents difficulties for practitioners due to its slow performance. Thus, in this study, we evaluated methods to accelerate VF without modifying its code by testing four alternative Python Just In Time (JIT) interpreters - CPython, Pyston, PyPy, and Pyjion - using CPython as our baseline. Tests were conducted on 14 memory samples, totaling 173 GB, using a search-intensive VF plugin for Windows hosts. Employing our custom Framework for Advanced Monitoring and Execution (FAME), we deployed interpreters in Docker containers and monitored their real-time performance. A statistically significant difference was observed between the Python JIT interpreters and the standard interpreter. With PyPy emerging as the best interpreter, yielding a 15–20 % performance increase compared to the standard interpreter. Implementing PyPy has the potential to save significant time (many hours) when processing substantial memory samples. FAME enhances the efficiency of deploying and monitoring robust forensic tool testing, fostering reproducible research and yielding reliable results in both MF and the broader field of digital forensics.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"49 ","pages":"Article 301757"},"PeriodicalIF":2.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724000763/pdfft?md5=1f7f0db390ef407e9290e4cf098b3028&pid=1-s2.0-S2666281724000763-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141542373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0