Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 108

Search results for: browser forensics

108 Digital Forensics Analysis Focusing on the Onion Router Browser Artifacts in Windows 10

Authors: Zainurrasyid Abdullah, Mohamed Fadzlee Sulaiman, Muhammad Fadzlan Zainal, M. Zabri Adil Talib, Aswami Fadillah M. Ariffin

Abstract:

The Onion Router (Tor) browser is a well-known tool and widely used by people who seeking for web anonymity when browsing the internet. Criminals are taking this advantage to be anonymous over the internet. Accessing the dark web could be the significant reason for the criminal in order for them to perform illegal activities while maintaining their anonymity. For a digital forensic analyst, it is crucial to extract the trail of evidence in proving that the criminal’s computer has used Tor browser to conduct such illegal activities. By applying the digital forensic methodology, several techniques could be performed including application analysis, memory analysis, and registry analysis. Since Windows 10 is the latest operating system released by Microsoft Corporation, this study will use Windows 10 as the operating system platform that running Tor browser. From the analysis, significant artifacts left by Tor browser were discovered such as the execution date, application installation date and browsing history that can be used as an evidence. Although Tor browser was designed to achieved anonymity, there is still some trail of evidence can be found in Windows 10 platform that can be useful for investigation.

Keywords: artifacts analysis, digital forensics, forensic analysis, memory analysis, registry analysis, tor browser, Windows 10

Procedia PDF Downloads 135
107 A Novel Methodology for Browser Forensics to Retrieve Searched Keywords from Windows 10 Physical Memory Dump

Authors: Dija Sulekha

Abstract:

Nowadays, a good percentage of reported cybercrimes involve the usage of the Internet, directly or indirectly for committing the crime. Usually, Web Browsers leave traces of browsing activities on the host computer’s hard disk, which can be used by investigators to identify internet-based activities of the suspect. But criminals, who involve in some organized crimes, disable browser file generation feature to hide the evidence while doing illegal activities through the Internet. In such cases, even though browser files were not generated in the storage media of the system, traces of recent and ongoing activities were generated in the Physical Memory of the system. As a result, the analysis of Physical Memory Dump collected from the suspect's machine retrieves lots of forensically crucial information related to the browsing history of the Suspect. This information enables the cyber forensic investigators to concentrate on a few highly relevant selected artefacts while doing the Offline Forensics analysis of storage media. This paper addresses the reconstruction of web browsing activities by conducting live forensics to identify searched terms, downloaded files, visited sites, email headers, email ids, etc. from the physical memory dump collected from Windows 10 Systems. Well-known entry points are available for retrieving all the above artefacts except searched terms. The paper describes a novel methodology to retrieve the searched terms from Windows 10 Physical Memory. The searched terms retrieved in this way can be used for doing advanced file and keyword search in the storage media files reconstructed from the file system recovery in offline forensics.

Keywords: browser forensics, digital forensics, live Forensics, physical memory forensics

Procedia PDF Downloads 75
106 Establishing Digital Forensics Capability and Capacity among Malaysia's Law Enforcement Agencies: Issues, Challenges and Recommendations

Authors: Sarah Taylor, Nor Zarina Zainal Abidin, Mohd Zabri Adil Talib

Abstract:

Although cybercrime is on the rise, yet many Law Enforcement Agencies in Malaysia faces difficulty in establishing own digital forensics capability and capacity. The main reasons are undoubtedly because of the high cost and difficulty in convincing their management. A survey has been conducted among Malaysia’s Law Enforcement Agencies owning a digital forensics laboratory to understand their history of building digital forensics capacity and capability, the challenges and the impact of having own laboratory to their case investigation. The result of the study shall be used by other Law Enforcement Agencies in justifying to their management to establish own digital forensics capability and capacity.

Keywords: digital forensics, digital forensics capacity and capability, laboratory, law enforcement agency

Procedia PDF Downloads 190
105 Cryptocurrency Forensics: Analysis on Bitcoin E-Wallet from Computer Source Evidence

Authors: Muhammad Nooraiman bin Noorashid, Mohd Sharizuan bin Mohd Omar, Mohd Zabri Adil bin Talib, Aswami Fadillah bin Mohd Ariffin

Abstract:

Nowadays cryptocurrency has become a global phenomenon known to most people. People using this alternative digital money to do a transaction in many ways (e.g. Used for online shopping, wealth management, and fundraising). However, this digital asset also widely used in criminal activities since its use decentralized control as opposed to centralized electronic money and central banking systems and this makes a user, who used this currency invisible. The high-value exchange of these digital currencies also has been a target to criminal activities. The cryptocurrency crimes have become a challenge for the law enforcement to analyze and to proof the evidence as criminal devices. In this paper, our focus is more on bitcoin cryptocurrency and the possible artifacts that can be obtained from the different type of digital wallet, which is software and browser-based application. The process memory and physical hard disk are examined with the aims of identifying and recovering potential digital evidence. The stage of data acquisition divided by three states which are the initial creation of the wallet, transaction that consists transfer and receiving a coin and the last state is after the wallet is being deleted. Findings from this study suggest that both data from software and browser type of wallet process memory is a valuable source of evidence, and many of the artifacts found in process memory are also available from the application and wallet files on the client computer storage.

Keywords: cryptocurrency, bitcoin, digital wallet, digital forensics

Procedia PDF Downloads 292
104 Digital Image Forensics: Discovering the History of Digital Images

Authors: Gurinder Singh, Kulbir Singh

Abstract:

Digital multimedia contents such as image, video, and audio can be tampered easily due to the availability of powerful editing softwares. Multimedia forensics is devoted to analyze these contents by using various digital forensic techniques in order to validate their authenticity. Digital image forensics is dedicated to investigate the reliability of digital images by analyzing the integrity of data and by reconstructing the historical information of an image related to its acquisition phase. In this paper, a survey is carried out on the forgery detection by considering the most recent and promising digital image forensic techniques.

Keywords: Computer Forensics, Multimedia Forensics, Image Ballistics, Camera Source Identification, Forgery Detection

Procedia PDF Downloads 201
103 3D Remote Sensing Images Parallax Refining Based On HTML5

Authors: Qian Pei, Hengjian Tong, Weitao Chen, Hai Wang, Yanrong Feng

Abstract:

Horizontal parallax is the foundation of stereoscopic viewing. However, the human eye will feel uncomfortable and it will occur diplopia if horizontal parallax is larger than eye separation. Therefore, we need to do parallax refining before conducting stereoscopic observation. Although some scholars have been devoted to online remote sensing refining, the main work of image refining is completed on the server side. There will be a significant delay when multiple users access the server at the same time. The emergence of HTML5 technology in recent years makes it possible to develop rich browser web application. Authors complete the image parallax refining on the browser side based on HTML5, while server side only need to transfer image data and parallax file to browser side according to the browser’s request. In this way, we can greatly reduce the server CPU load and allow a large number of users to access server in parallel and respond the user’s request quickly.

Keywords: 3D remote sensing images, parallax, online refining, rich browser web application, HTML5

Procedia PDF Downloads 420
102 A Software Tool for Computer Forensic Investigation Using Client-Side Web History Visualization

Authors: Francisca Onaolapo Oladipo, Peter Afam Ugwu

Abstract:

Records of user activities which are valuable for forensic investigation purposes are provided by web browsers -these records in most cases are not in visual formats that are easily understood, thereby requiring some extra processes. This paper describes the implementation of a software tool for client-side web history visualization providing suitable forensic evidence for investigative purposes. Visual C#, Perl and gnuplot were deployed on Windows Operating System (OS) environment to implement the system and the resulting tool parses and transforms a web browser history into a visual format that enables an investigator to quickly and efficiently explore, understand, and interpret the user online activities in the context of a specific investigation. The system was tested using two forensic cases: the client-side web history files generated by Mozilla Firefox browser was extracted using MozillaHistoryView utility, then parsed and visualized using bar and stacked column charts. From the visual representation, results of user web activities across various productive and non-productive websites were obtained.

Keywords: history, forensics, visualization, web activities

Procedia PDF Downloads 259
101 The Forensic Swing of Things: The Current Legal and Technical Challenges of IoT Forensics

Authors: Pantaleon Lutta, Mohamed Sedky, Mohamed Hassan

Abstract:

The inability of organizations to put in place management control measures for Internet of Things (IoT) complexities persists to be a risk concern. Policy makers have been left to scamper in finding measures to combat these security and privacy concerns. IoT forensics is a cumbersome process as there is no standardization of the IoT products, no or limited historical data are stored on the devices. This paper highlights why IoT forensics is a unique adventure and brought out the legal challenges encountered in the investigation process. A quadrant model is presented to study the conflicting aspects in IoT forensics. The model analyses the effectiveness of forensic investigation process versus the admissibility of the evidence integrity; taking into account the user privacy and the providers’ compliance with the laws and regulations. Our analysis concludes that a semi-automated forensic process using machine learning, could eliminate the human factor from the profiling and surveillance processes, and hence resolves the issues of data protection (privacy and confidentiality).

Keywords: cloud forensics, data protection Laws, GDPR, IoT forensics, machine Learning

Procedia PDF Downloads 105
100 Towards a Proof Acceptance by Overcoming Challenges in Collecting Digital Evidence

Authors: Lilian Noronha Nassif

Abstract:

Cybercrime investigation demands an appropriated evidence collection mechanism. If the investigator does not acquire digital proofs in a forensic sound, some important information can be lost, and judges can discard case evidence because the acquisition was inadequate. The correct digital forensic seizing involves preparation of professionals from fields of law, police, and computer science. This paper presents important challenges faced during evidence collection in different perspectives of places. The crime scene can be virtual or real, and technical obstacles and privacy concerns must be considered. All pointed challenges here highlight the precautions to be taken in the digital evidence collection and the suggested procedures contribute to the best practices in the digital forensics field.

Keywords: digital evidence, digital forensics process and procedures, mobile forensics, cloud forensics

Procedia PDF Downloads 366
99 Filling the Gap of Extraction of Digital Evidence from Emerging Platforms Without Forensics Tools

Authors: Yi Anson Lam, Siu Ming Yiu, Kam Pui Chow

Abstract:

Digital evidence has been tendering to courts at an exponential rate in recent years. As an industrial practice, most digital evidence is extracted and preserved using specialized and well-accepted forensics tools. On the other hand, the advancement in technologies enables the creation of quite a few emerging platforms such as Telegram, Signal etc. Existing (well-accepted) forensics tools were not designed to extract evidence from these emerging platforms. While new forensics tools require a significant amount of time and effort to be developed and verified, this paper tries to address how to fill this gap using quick-fix alternative methods for digital evidence collection (e.g., based on APIs provided by Apps) and discuss issues related to the admissibility of this evidence to courts with support from international courts’ stance and the circumstances of accepting digital evidence using these proposed alternatives.

Keywords: extraction, digital evidence, laws, investigation

Procedia PDF Downloads 26
98 Digital Forensics Compute Cluster: A High Speed Distributed Computing Capability for Digital Forensics

Authors: Daniel Gonzales, Zev Winkelman, Trung Tran, Ricardo Sanchez, Dulani Woods, John Hollywood

Abstract:

We have developed a distributed computing capability, Digital Forensics Compute Cluster (DFORC2) to speed up the ingestion and processing of digital evidence that is resident on computer hard drives. DFORC2 parallelizes evidence ingestion and file processing steps. It can be run on a standalone computer cluster or in the Amazon Web Services (AWS) cloud. When running in a virtualized computing environment, its cluster resources can be dynamically scaled up or down using Kubernetes. DFORC2 is an open source project that uses Autopsy, Apache Spark and Kafka, and other open source software packages. It extends the proven open source digital forensics capabilities of Autopsy to compute clusters and cloud architectures, so digital forensics tasks can be accomplished efficiently by a scalable array of cluster compute nodes. In this paper, we describe DFORC2 and compare it with a standalone version of Autopsy when both are used to process evidence from hard drives of different sizes.

Keywords: digital forensics, cloud computing, cyber security, spark, Kubernetes, Kafka

Procedia PDF Downloads 358
97 Organizational Decision to Adopt Digital Forensics: An Empirical Investigation in the Case of Malaysian Law Enforcement Agencies

Authors: Siti N. I. Mat Kamal, Othman Ibrahim, Mehrbakhsh Nilashi, Jafalizan M. Jali

Abstract:

The use of digital forensics (DF) is nowadays essential for law enforcement agencies to identify analysis and interpret the digital information derived from digital sources. In Malaysia, the engagement of Malaysian Law Enforcement Agencies (MLEA) with this new technology is not evenly distributed. To investigate the factors influencing the adoption of DF in Malaysia law enforcement agencies’ operational environment, this study proposed the initial theoretical framework based on the integration of technology organization environment (TOE), institutional theory, and human organization technology (HOT) fit model. A questionnaire survey was conducted on selected law enforcement agencies in Malaysia to verify the validity of the initial integrated framework. Relative advantage, compatibility, coercive pressure, normative pressure, vendor support and perceived technical competence of technical staff were found as the influential factors on digital forensics adoption. In addition to the only moderator of this study (agency size), any significant moderating effect on the perceived technical competence and the decision to adopt digital forensics by Malaysian law enforcement agencies was found insignificant. Thus, these results indicated that the developed integrated framework provides an effective prediction of the digital forensics adoption by Malaysian law enforcement agencies.

Keywords: digital forensics, digital forensics adoption, digital information, law enforcement agency

Procedia PDF Downloads 107
96 Gender Identification Using Digital Forensics

Authors: Vinod C. Nayak

Abstract:

In day-to-day forensic practice, identification is always a difficult task. Availability of anti-mortem and postmortem records plays a major rule in facilitating this tough task. However, the advent of digital forensic is a boon for forensic experts. This study has made use of digital forensics to establish identity by radiological dimensions of maxillary sinus using workstation software. The findings suggest a significant association between maxillary sinus dimensions and human gender. The author will be discussing the methods and results of the study in this e-poster.

Keywords: digital forensics, identification, maxillary sinus, radiology

Procedia PDF Downloads 372
95 The Impact of Cryptocurrency on The Technology of Using Currencies Online

Authors: Felib Ayman Shawky Salem

Abstract:

Nowadays crypto currency has become a global phenomenon known to most people. People using this alternative digital money to do a transaction in many ways (e.g. Used for online shopping, wealth management, and fundraising). However, this digital asset also widely used in criminal activities since its use decentralized control as opposed to centralized electronic money and central banking systems and this makes a user, who used this currency invisible. The high-value exchange of these digital currencies also has been a target to criminal activities. The crypto currency crimes have become a challenge for the law enforcement to analyze and to proof the evidence as criminal devices. In this paper, our focus is more on bitcoin crypto currency and the possible artifacts that can be obtained from the different type of digital wallet, which is software and browser-based application. The process memory and physical hard disk are examined with the aims of identifying and recovering potential digital evidence. The stage of data acquisition divided by three states which are the initial creation of the wallet, transaction that consists transfer and receiving a coin and the last state is after the wallet is being deleted. Findings from this study suggest that both data from software and browser type of wallet process memory is a valuable source of evidence, and many of the artifacts found in process memory are also available from the application and wallet files on the client computer storage.

Keywords: cryptocurrency, bitcoin, payment methods, blockchain, appropriation, online retailers, TOE framework, disappropriation, non-appropriationBitCoin, financial protection, crypto currency, money laundering cryptocurrency, digital wallet, digital forensics

Procedia PDF Downloads 5
94 CSRFDtool: Automated Detection and Prevention of a Reflected Cross-Site Request Forgery

Authors: Alaa A. Almarzuki, Nora A. Farraj, Aisha M. Alshiky, Omar A. Batarfi

Abstract:

The number of internet users is dramatically increased every year. Most of these users are exposed to the dangers of attackers in one way or another. The reason for this lies in the presence of many weaknesses that are not known for native users. In addition, the lack of user awareness is considered as the main reason for falling into the attackers’ snares. Cross Site Request Forgery (CSRF) has placed in the list of the most dangerous threats to security in OWASP Top Ten for 2013. CSRF is an attack that forces the user’s browser to send or perform unwanted request or action without user awareness by exploiting a valid session between the browser and the server. When CSRF attack successes, it leads to many bad consequences. An attacker may reach private and personal information and modify it. This paper aims to detect and prevent a specific type of CSRF, called reflected CSRF. In a reflected CSRF, a malicious code could be injected by the attackers. This paper explores how CSRF Detection Extension prevents the reflected CSRF by checking browser specific information. Our evaluation shows that the proposed solution succeeds in preventing this type of attack.

Keywords: CSRF, CSRF detection extension, attackers, attacks

Procedia PDF Downloads 376
93 Analysis of Various Copy Move Image Forgery Techniques for Better Detection Accuracy

Authors: Grishma D. Solanki, Karshan Kandoriya

Abstract:

In modern era of information age, digitalization has revolutionized like never before. Powerful computers, advanced photo editing software packages and high resolution capturing devices have made manipulation of digital images incredibly easy. As per as image forensics concerns, one of the most actively researched area are detection of copy move forgeries. Higher computational complexity is one of the major component of existing techniques to detect such tampering. Moreover, copy move forgery is usually performed in three steps. First, copying of a region in an image then pasting the same one in the same respective image and finally doing some post-processing like rotation, scaling, shift, noise, etc. Consequently, pseudo Zernike moment is used as a features extraction method for matching image blocks and as a primary factor on which performance of detection algorithms depends.

Keywords: copy-move image forgery, digital forensics, image forensics, image forgery

Procedia PDF Downloads 247
92 WormHex: Evidence Retrieval Tool of Social Media from Volatile Memory

Authors: Norah Almubairik, Wadha Almattar, Amani Alqarni

Abstract:

Social media applications are increasingly being used in our everyday communications. These applications utilise end-to-end encryption mechanisms, which make them suitable tools for criminals to exchange messages. These messages are preserved in the volatile memory until the device is restarted. Therefore, volatile forensics has become an important branch of digital forensics. In this study, the WormHex tool was developed to inspect the memory dump files of Windows and Mac-based workstations. The tool supports digital investigators to extract valuable data written in Arabic and English through web-based WhatsApp and Twitter applications. The results verify that social media applications write their data into the memory regardless of the operating system running the application, with there being no major differences between Windows and Mac.

Keywords: volatile memory, REGEX, digital forensics, memory acquisition

Procedia PDF Downloads 142
91 Method Comprising One to One Web Based Real Time Communications

Authors: Lata Kiran Dey, Rajendra Kumar, Biren Karmakar

Abstract:

Web Real Time Communications is a collection of standards, protocols, which provides real-time communications capabilities between web browsers and devices. This paper outlines the design and further implementation of web real-time communications on secure web applications having audio and video call capabilities. This proposed application may put up a system that will be able to work over both desktops as well as the mobile browser. Though, WebRTC also gives a set of JavaScript standard RTC APIs, which primarily works over the real-time communication framework. This helps to build a suitable communication application, which enables the audio, video, and message transfer in between the today’s modern browsers having WebRTC support.

Keywords: WebRTC, SIP, RTC, JavaScript, SRTP, secure web sockets, browser

Procedia PDF Downloads 94
90 A Method to Enhance the Accuracy of Digital Forensic in the Absence of Sufficient Evidence in Saudi Arabia

Authors: Fahad Alanazi, Andrew Jones

Abstract:

Digital forensics seeks to achieve the successful investigation of digital crimes through obtaining acceptable evidence from digital devices that can be presented in a court of law. Thus, the digital forensics investigation is normally performed through a number of phases in order to achieve the required level of accuracy in the investigation processes. Since 1984 there have been a number of models and frameworks developed to support the digital investigation processes. In this paper, we review a number of the investigation processes that have been produced throughout the years and introduce a proposed digital forensic model which is based on the scope of the Saudi Arabia investigation process. The proposed model has been integrated with existing models for the investigation processes and produced a new phase to deal with a situation where there is initially insufficient evidence.

Keywords: digital forensics, process, metadata, Traceback, Sauid Arabia

Procedia PDF Downloads 306
89 Tracy: A Java Library to Render a 3D Graphical Human Model

Authors: Sina Saadati, Mohammadreza Razzazi

Abstract:

Since Java is an object-oriented language, It can be used to solve a wide range of problems. One of the considerable usages of this language can be found in Agent-based modeling and simulation. Despite the significant power of Java, There is not an easy method to render a 3-dimensional human model. In this article, we are about to develop a library which helps modelers present a 3D human model and control it with Java. The library runs two server programs. The first one is a web page server that can connect to any browser and present an HTML code. The second server connects to the browser and controls the movement of the model. So, the modeler will be able to develop a simulation and display a good-looking human model without any knowledge of any graphical tools.

Keywords: agent-based modeling and simulation, human model, graphics, Java, distributed systems

Procedia PDF Downloads 67
88 Strategies and Approaches for Curriculum Development and Training of Faculty in Cybersecurity Education

Authors: Lucy Tsado

Abstract:

As cybercrime and cyberattacks continue to increase, the need to respond will follow suit. When cybercrimes occur, the duty to respond sometimes falls on law enforcement. However, criminal justice students are not taught concepts in cybersecurity and digital forensics. There is, therefore, an urgent need for many more institutions to begin teaching cybersecurity and related courses to social science students especially criminal justice students. However, many faculty in universities, colleges, and high schools are not equipped to teach these courses or do not have the knowledge and resources to teach important concepts in cybersecurity or digital forensics to criminal justice students. This research intends to develop curricula and training programs to equip faculty with the skills to meet this need. There is a current call to involve non-technical fields to fill the cybersecurity skills gap, according to experts. There is a general belief among non-technical fields that cybersecurity education is only attainable within computer science and technologically oriented fields. As seen from current calls, this is not entirely the case. Transitioning into the field is possible through curriculum development, training, certifications, internships and apprenticeships, and competitions. There is a need to identify how a cybersecurity eco-system can be created at a university to encourage/start programs that will lead to an interest in cybersecurity education as well as attract potential students. A short-term strategy can address this problem through curricula development, while a long-term strategy will address developing training faculty to teach cybersecurity and digital forensics. Therefore this research project addresses this overall problem in two parts, through curricula development for the criminal justice discipline; and training of faculty in criminal justice to teaching the important concepts of cybersecurity and digital forensics.

Keywords: cybersecurity education, criminal justice, curricula development, nontechnical cybersecurity, cybersecurity, digital forensics

Procedia PDF Downloads 57
87 Applications of Forensics/DNA Tools in Combating Gender-Based Violence: A Case Study in Nigeria

Authors: Edeaghe Ehikhamenor, Jennifer Nnamdi

Abstract:

Introduction: Gender-based violence (GBV) was a well-known global crisis before the COVID-19 pandemic. The pandemic burden only intensified the crisis. With prevailing lockdowns, increased poverty due to high unemployment, especially affecting females, and other mobility restrictions that have left many women trapped with their abusers, plus isolation from social contact and support networks, GBV cases spiraled out of control. Prevalence of economic with cultural disparity, which is greatly manifested in Nigeria, is a major contributory factor to GBV. This is made worst by religious adherents where the females are virtually relegated to the background. Our societal approaches to investigations and sanctions to culprits have not sufficiently applied forensic/DNA tools in combating these major vices. Violence against women or some rare cases against men can prevent them from carrying out their duties regardless of the position they hold. Objective: The main objective of this research is to highlight the origin of GBV, the victims, types, contributing factors, and the applications of forensics/DNA tools and remedies so as to minimize GBV in our society. Methods: Descriptive information was obtained through the search on our daily newspapers, electronic media, google scholar websites, other authors' observations and personal experiences, plus anecdotal reports. Results: Findings from our exploratory searches revealed a high incidence of GBV with very limited or no applications of Forensics/DNA tools as an intervening mechanism to reduce GBV in Nigeria. Conclusion: Nigeria needs to develop clear-cut policies on forensics/DNA tools in terms of institutional framework to develop a curriculum for the training of all stakeholders to fast-track justice for victims of GBV so as to serve as a deterrent to other culprits.

Keywords: gender-based violence, forensics, DNA, justice

Procedia PDF Downloads 41
86 Anomaly Detection of Log Analysis using Data Visualization Techniques for Digital Forensics Audit and Investigation

Authors: Mohamed Fadzlee Sulaiman, Zainurrasyid Abdullah, Mohd Zabri Adil Talib, Aswami Fadillah Mohd Ariffin

Abstract:

In common digital forensics cases, investigation may rely on the analysis conducted on specific and relevant exhibits involved. Usually the investigation officer may define and advise digital forensic analyst about the goals and objectives to be achieved in reconstructing the trail of evidence while maintaining the specific scope of investigation. With the technology growth, people are starting to realize the importance of cyber security to their organization and this new perspective creates awareness that digital forensics auditing must come in place in order to measure possible threat or attack to their cyber-infrastructure. Instead of performing investigation on incident basis, auditing may broaden the scope of investigation to the level of anomaly detection in daily operation of organization’s cyber space. While handling a huge amount of data such as log files, performing digital forensics audit for large organization proven to be onerous task for the analyst either to analyze the huge files or to translate the findings in a way where the stakeholder can clearly understand. Data visualization can be emphasized in conducting digital forensic audit and investigation to resolve both needs. This study will identify the important factors that should be considered to perform data visualization techniques in order to detect anomaly that meet the digital forensic audit and investigation objectives.

Keywords: digital forensic, data visualization, anomaly detection , log analysis, forensic audit, visualization techniques

Procedia PDF Downloads 244
85 Efficient Manageability and Intelligent Classification of Web Browsing History Using Machine Learning

Authors: Suraj Gururaj, Sumantha Udupa U.

Abstract:

Browsing the Web has emerged as the de facto activity performed on the Internet. Although browsing gets tracked, the manageability aspect of Web browsing history is very poor. In this paper, we have a workable solution implemented by using machine learning and natural language processing techniques for efficient manageability of user’s browsing history. The significance of adding such a capability to a Web browser is that it ensures efficient and quick information retrieval from browsing history, which currently is very challenging. Our solution guarantees that any important websites visited in the past can be easily accessible because of the intelligent and automatic classification. In a nutshell, our solution-based paper provides an implementation as a browser extension by intelligently classifying the browsing history into most relevant category automatically without any user’s intervention. This guarantees no information is lost and increases productivity by saving time spent revisiting websites that were of much importance.

Keywords: adhoc retrieval, Chrome extension, supervised learning, tile, Web personalization

Procedia PDF Downloads 327
84 Real Time Acquisition and Psychoacoustic Analysis of Brain Wave

Authors: Shweta Singh, Dipali Bansal, Rashima Mahajan

Abstract:

Psychoacoustics has become a potential area of research due to the growing interest of both laypersons and medical and mental health professionals. Non-invasive brain computer interface like Electroencephalography (EEG) is widely being used in this field. An attempt has been made in this paper to examine the response of EEG signals to acoustic stimuli further analysing the brain electrical activity. The real time EEG is acquired for 6 participants using a cost effective and portable EMOTIV EEG neuron headset. EEG data analysis is further done using EMOTIV test bench, EDF browser and EEGLAB (MATLAB Tool) application software platforms. Spectral analysis of acquired neural signals (AF3 channel) using these software platforms are clearly indicative of increased brain activity in various bands. The inferences drawn from such an analysis have significant correlation with subject’s subjective reporting of the experiences. The results suggest that the methodology adopted can further be used to assist patients with sleeping and depressive disorders.

Keywords: OM chant, spectral analysis, EDF browser, EEGLAB, EMOTIV, real time acquisition

Procedia PDF Downloads 240
83 An Analysis of Digital Forensic Laboratory Development among Malaysia’s Law Enforcement Agencies

Authors: Sarah K. Taylor, Miratun M. Saharuddin, Zabri A. Talib

Abstract:

Cybercrime is on the rise, and yet many Law Enforcement Agencies (LEAs) in Malaysia have no Digital Forensics Laboratory (DFL) to assist them in the attrition and analysis of digital evidence. From the estimated number of 30 LEAs in Malaysia, sadly, only eight of them owned a DFL. All of the DFLs are concentrated in the capital of Malaysia and none at the state level. LEAs are still depending on the national DFL (CyberSecurity Malaysia) even for simple and straightforward cases. A survey was conducted among LEAs in Malaysia owning a DFL to understand their history of establishing the DFL, the challenges that they faced and the significance of the DFL to their case investigation. The results showed that the while some LEAs faced no challenge in establishing a DFL, some of them took seven to 10 years to do so. The reason was due to the difficulty in convincing their management because of the high costs involved. The results also revealed that with the establishment of a DFL, LEAs were better able to get faster forensic result and to meet agency’s timeline expectation. It is also found that LEAs were also able to get more meaningful forensic results on cases that require niche expertise, compared to sending off cases to the national DFL. Other than that, cases are getting more complex, and hence, a continuous stream of budget for equipment and training is inevitable. The result derived from the study is hoped to be used by other LEAs in justifying to their management the benefits of establishing an in-house DFL.

Keywords: digital evidence, digital forensics, digital forensics laboratory, law enforcement agency

Procedia PDF Downloads 131
82 An Integrated Lightweight Naïve Bayes Based Webpage Classification Service for Smartphone Browsers

Authors: Mayank Gupta, Siba Prasad Samal, Vasu Kakkirala

Abstract:

The internet world and its priorities have changed considerably in the last decade. Browsing on smart phones has increased manifold and is set to explode much more. Users spent considerable time browsing different websites, that gives a great deal of insight into user’s preferences. Instead of plain information classifying different aspects of browsing like Bookmarks, History, and Download Manager into useful categories would improve and enhance the user’s experience. Most of the classification solutions are server side that involves maintaining server and other heavy resources. It has security constraints and maybe misses on contextual data during classification. On device, classification solves many such problems, but the challenge is to achieve accuracy on classification with resource constraints. This on device classification can be much more useful in personalization, reducing dependency on cloud connectivity and better privacy/security. This approach provides more relevant results as compared to current standalone solutions because it uses content rendered by browser which is customized by the content provider based on user’s profile. This paper proposes a Naive Bayes based lightweight classification engine targeted for a resource constraint devices. Our solution integrates with Web Browser that in turn triggers classification algorithm. Whenever a user browses a webpage, this solution extracts DOM Tree data from the browser’s rendering engine. This DOM data is a dynamic, contextual and secure data that can’t be replicated. This proposal extracts different features of the webpage that runs on an algorithm to classify into multiple categories. Naive Bayes based engine is chosen in this solution for its inherent advantages in using limited resources compared to other classification algorithms like Support Vector Machine, Neural Networks, etc. Naive Bayes classification requires small memory footprint and less computation suitable for smartphone environment. This solution has a feature to partition the model into multiple chunks that in turn will facilitate less usage of memory instead of loading a complete model. Classification of the webpages done through integrated engine is faster, more relevant and energy efficient than other standalone on device solution. This classification engine has been tested on Samsung Z3 Tizen hardware. The Engine is integrated into Tizen Browser that uses Chromium Rendering Engine. For this solution, extensive dataset is sourced from dmoztools.net and cleaned. This cleaned dataset has 227.5K webpages which are divided into 8 generic categories ('education', 'games', 'health', 'entertainment', 'news', 'shopping', 'sports', 'travel'). Our browser integrated solution has resulted in 15% less memory usage (due to partition method) and 24% less power consumption in comparison with standalone solution. This solution considered 70% of the dataset for training the data model and the rest 30% dataset for testing. An average accuracy of ~96.3% is achieved across the above mentioned 8 categories. This engine can be further extended for suggesting Dynamic tags and using the classification for differential uses cases to enhance browsing experience.

Keywords: chromium, lightweight engine, mobile computing, Naive Bayes, Tizen, web browser, webpage classification

Procedia PDF Downloads 122
81 Three Tier Indoor Localization System for Digital Forensics

Authors: Dennis L. Owuor, Okuthe P. Kogeda, Johnson I. Agbinya

Abstract:

Mobile localization has attracted a great deal of attention recently due to the introduction of wireless networks. Although several localization algorithms and systems have been implemented and discussed in the literature, very few researchers have exploited the gap that exists between indoor localization, tracking, external storage of location information and outdoor localization for the purpose of digital forensics during and after a disaster. The contribution of this paper lies in the implementation of a robust system that is capable of locating, tracking mobile device users and store location information for both indoor and partially outdoor the cloud. The system can be used during disaster to track and locate mobile phone users. The developed system is a mobile application built based on Android, Hypertext Preprocessor (PHP), Cascading Style Sheets (CSS), JavaScript and MATLAB for the Android mobile users. Using Waterfall model of software development, we have implemented a three level system that is able to track, locate and store mobile device information in secure database (cloud) on almost a real time basis. The outcome of the study showed that the developed system is efficient with regard to the tracking and locating mobile devices. The system is also flexible, i.e. can be used in any building with fewer adjustments. Finally, the system is accurate for both indoor and outdoor in terms of locating and tracking mobile devices.

Keywords: indoor localization, digital forensics, fingerprinting, tracking and cloud

Procedia PDF Downloads 291
80 Texture-Based Image Forensics from Video Frame

Authors: Li Zhou, Yanmei Fang

Abstract:

With current technology, images and videos can be obtained more easily than ever. It is so easy to manipulate these digital multimedia information when obtained, and that the content or source of the image and video could be easily tampered. In this paper, we propose to identify the image and video frame by the texture-based approach, e.g. Markov Transition Probability (MTP), which is in space domain, DCT domain and DWT domain, respectively. In the experiment, image and video frame database is constructed, and is used to train and test the classifier Support Vector Machine (SVM). Experiment results show that the texture-based approach has good performance. In order to verify the experiment result, and testify the universality and robustness of algorithm, we build a random testing dataset, the random testing result is in keeping with above experiment.

Keywords: multimedia forensics, video frame, LBP, MTP, SVM

Procedia PDF Downloads 386
79 A Unified Approach for Digital Forensics Analysis

Authors: Ali Alshumrani, Nathan Clarke, Bogdan Ghite, Stavros Shiaeles

Abstract:

Digital forensics has become an essential tool in the investigation of cyber and computer-assisted crime. Arguably, given the prevalence of technology and the subsequent digital footprints that exist, it could have a significant role across almost all crimes. However, the variety of technology platforms (such as computers, mobiles, Closed-Circuit Television (CCTV), Internet of Things (IoT), databases, drones, cloud computing services), heterogeneity and volume of data, forensic tool capability, and the investigative cost make investigations both technically challenging and prohibitively expensive. Forensic tools also tend to be siloed into specific technologies, e.g., File System Forensic Analysis Tools (FS-FAT) and Network Forensic Analysis Tools (N-FAT), and a good deal of data sources has little to no specialist forensic tools. Increasingly it also becomes essential to compare and correlate evidence across data sources and to do so in an efficient and effective manner enabling an investigator to answer high-level questions of the data in a timely manner without having to trawl through data and perform the correlation manually. This paper proposes a Unified Forensic Analysis Tool (U-FAT), which aims to establish a common language for electronic information and permit multi-source forensic analysis. Core to this approach is the identification and development of forensic analyses that automate complex data correlations, enabling investigators to investigate cases more efficiently. The paper presents a systematic analysis of major crime categories and identifies what forensic analyses could be used. For example, in a child abduction, an investigation team might have evidence from a range of sources including computing devices (mobile phone, PC), CCTV (potentially a large number), ISP records, and mobile network cell tower data, in addition to third party databases such as the National Sex Offender registry and tax records, with the desire to auto-correlate and across sources and visualize in a cognitively effective manner. U-FAT provides a holistic, flexible, and extensible approach to providing digital forensics in technology, application, and data-agnostic manner, providing powerful and automated forensic analysis.

Keywords: digital forensics, evidence correlation, heterogeneous data, forensics tool

Procedia PDF Downloads 139