The Experts below are selected from a list of 24225 Experts worldwide ranked by ideXlab platform
Hein S. Venter - One of the best experts on this subject based on the ideXlab platform.
-
A Comprehensive and Harmonized Digital Forensic Investigation Process Model
Journal of Forensic Sciences, 2015Co-Authors: Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital Forensic Investigation (DFI) requires a standardized and formalized process. There is currently neither an international standard nor does a global, harmonized DFI process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of processes, the scope, the hierarchical levels, and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of processes proposed by the existing models, including those aimed at achieving digital Forensic readiness. The authors introduce a novel class of processes called concurrent processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.
-
Introduction of concurrent processes into the digital Forensic Investigation process
Australian Journal of Forensic Sciences, 2015Co-Authors: Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital Forensic Investigation requires a formalised process to be followed. It also requires that certain principles are applied, such as preserving of digital evidence and documenting actions. The need for a harmonised and standardised digital Forensic Investigation process has been recognised in the digital Forensics community and much scientific work has been undertaken to produce digital Forensic Investigation process models, albeit with many disparities within the different models. The problem is that these existing models do not include any processes dealing explicitly with concurrent digital Forensic principles. This leaves room for human error and omissions, as there is a lack of clear guidelines on the implementation of digital Forensic principles. This paper proposes the introduction of concurrent processes into the digital Forensic Investigation process model. The authors define concurrent processes as the actions that should be conducted in parallel with other processes within th...
-
Mobile Forensics using the harmonised digital Forensic Investigation process
2014 Information Security for South Africa, 2014Co-Authors: Emilio Raymond Mumba, Hein S. VenterAbstract:Mobile technology is among the fastest developing technologies that have changed the way we live our daily lives. Over the past few years, mobile devices have become the most popular form of communication around the world. However, bundled together with the good and advanced capabilities of the mobile technology, mobile devices can also be used to perform various activities that may be of malicious intent or criminal in nature. This makes mobile devices a valuable source of digital evidence. For this reason, the technological evolution of mobile devices has raised the need to develop standardised Investigation process models and procedures within the field of digital Forensics. This need further supports the fact that Forensic examiners and investigators face challenges when performing data acquisition in a Forensically sound manner from mobile devices. This paper, therefore, aims at testing the harmonised digital Forensic Investigation process through a case study of a mobile Forensic Investigation. More specifically, an experiment was conducted that aims at testing the performance of the harmonised digital Forensic Investigation process (HDFIP) as stipulated in the ISO/IEC 27043 draft international standard through the extraction of potential digital evidence from mobile devices.
-
digital Forensic readiness in the cloud
Information Security for South Africa, 2013Co-Authors: Philip M Trenwith, Hein S. VenterAbstract:The traditional digital Forensic Investigation process has always had a post-event driven focus. This process is perhaps too long for the cloud. This paper investigates how digital Forensic readiness can be used to quicken and update the traditional digital Forensic Investigation process to better suit cloud computing environments. John Tans states that centralized logging is the key to efficient Forensic strategies. The author proposes a model that considers centralised logging of all activities of all the participants within the cloud in preparation of an Investigation. This approach will quicken the acquisition of evidential data when an Investigation is required, allowing the investigator to start the analysis and examination almost immediately.
-
implementation guidelines for a harmonised digital Forensic Investigation readiness process model
Information Security for South Africa, 2013Co-Authors: Aleksandar Valjarevic, Hein S. VenterAbstract:Digital Forensic Investigation readiness enables an organisation to prepare itself in order to perform a digital Forensic Investigation in a more efficient and effective manner. Benefits of achieving a high level of digital Forensic Investigation readiness include, but are not limited to, higher admissibility of digital evidence in a court of law, better utilisation of resources (including time and financial resources) and higher awareness of Forensic Investigation readiness. The problem that this paper addresses is that there is no harmonised digital Forensic Investigation readiness process model with appropriate implementation guidelines and, thus, there is a lack of an effective and standardised implementation of digital Forensic Investigation readiness measures within organisations. Valjarevic and Venter have, in their previous work, proposed a harmonised digital Forensic Investigation readiness process model. This paper proposes implementation guidelines for such a harmonised digital Forensic Investigation process model in order to help practitioners and researchers to successfully implement the proposed model. The authors believe that these guidelines will significantly help to properly and consistently implement digital Forensic readiness measures in different organisations in a bid to achieve higher admissibility of digital evidence in a court of law, as well as more efficient and effective digital Forensic Investigations.
Mohammad Nasir Shahzad - One of the best experts on this subject based on the ideXlab platform.
-
a bitcoin transaction network analytic method for future blockchain Forensic Investigation
IEEE Transactions on Network Science and Engineering, 2021Co-Authors: Fang Tao, John Panneerselvam, Lu Liu, Rongbo Zhu, Mohammad Nasir ShahzadAbstract:Popular Blockchain-based cryptocurrencies, like Bitcoin, are increasingly being used maliciously for illegal trades. In order to trace and analyze suspected Bitcoin transactions and addresses, address clustering methods and Bitcoin flow analysis methods are gaining attention recently. However, existing methods only focus on Bitcoin addresses and flow, and neglect other important information, such as transaction structure and behavior features. In order to exploit all useful features of transactions, this paper proposes a Bitcoin transaction network analytic method for facilitating Blockchain Forensic Investigation based on an extended safe Petri Net. The structural features and dynamic semantics of Petri net are used in our proposed model to define the static and dynamic features of Bitcoin transactions. Nineteen features have been identified to define Bitcoin transaction patterns for analyzing and finding suspected addresses. Bitcoin gene has been embedded into the Petri net transitions to trace and analyze Bitcoin flow accurately. Finally, marginal distribution analysis of Bitcoin transaction features and data visualization techniques are used to eliminate some false positive samples further and to improve the accuracy of identifying suspected addresses. The proposed Bitcoin transaction network analytic method provides a reliable Forensic Investigation model along with a prototype platform which is beneficial for financial security. The efficiency of our proposed method is empirically verified based on a real-life case study analysis.
-
a bitcoin transaction network analytic method for future blockchain Forensic Investigation
IEEE Transactions on Network Science and Engineering, 2020Co-Authors: Yan Wu, Jiayan Gu, John Panneerselvam, Mohammad Nasir ShahzadAbstract:Popular Blockchain-based cryptocurrencies, like Bitcoin, are increasingly being used maliciously to launder money on the dark Web. In order to trace and analyze suspected Bitcoin transactions and addresses, address clustering methods and Bitcoin flow analysis methods are gaining attention recently. However, existing methods only focus on Bitcoin addresses and flow, and neglect other important information, such as transaction structure and behavior features. In order to exploit all useful features of transactions, this paper proposes a Bitcoin transaction network analytic method for facilitating Blockchain Forensic Investigation based on an extended safe Petri Net. The structural features and dynamic semantics of Petri net are used in our proposed model to define the static and dynamic features of Bitcoin transactions. Nineteen features have been identified to define Bitcoin transaction patterns for analyzing and finding suspected addresses. Bitcoin gene has been embedded into the Petri net transitions to trace and analyze Bitcoin flow accurately. Finally, marginal distribution analysis of Bitcoin transaction features and data visualization techniques are used to eliminate some false positive samples further and to improve the accuracy of identifying suspected addresses. The proposed Bitcoin transaction network analytic method provides a reliable Forensic Investigation model along with a prototype platform which is beneficial for financial security. The efficiency of our proposed method is empirically verified based on a real-life case study analysis.
Harvey, John T - One of the best experts on this subject based on the ideXlab platform.
-
Reflective Cracking Study: HVS Test Section Forensic Investigation
eScholarship University of California, 2008Co-Authors: Jones David, Steven B., Harvey, John TAbstract:This report is one in a series of first-level analysis reports that describe the results of HVS testing on a full-scale experiment being performed at the Richmond Field Station (RFS) to validate Caltrans overlay strategies for the rehabilitation of cracked asphalt concrete. It describes the results of the Forensic Investigation on the HVS rutting sections (Sections 580RF through 581RF) and HVS reflective cracking testing sections (Sections 586RF through 591RF). The study forms part of Partnered Pavement Research Center Strategic Plan Element 4.10: “Development of Improved Rehabilitation Designs for Reflective Cracking.” Findings and observations based on the data collected during this Forensic Investigation include:• There was considerable variation in the thicknesses of the constructed layers of the test road.• In the rutting experiments, rutting occurred primarily in the underlying DGAC and not in the overlay. In the reflective cracking experiments, rutting occurred in both layers. Very little rutting occurred in the underlying layers.• Cracks were observed on some of the test pit profiles. In the underlying DGAC layer, cracks were generally clearly visible. However, in the overlays, heat generated from the saw cut operation appeared to seal any cracks and no conclusions could be drawn as to the depth that cracks had reflected into the overlays. Most cracks appeared to have initiated close to the bottom of the underlying DGAC. Some crack initiation was also observed at poorly bonded joints between lifts and overlays in the AR4000-D section.• Some post-construction cementation of the base material appeared to have occurred. This was substantiated with DCP tests, close inspection of the test pit profile, use of phenolphthalein to determine the pH of the base material, and examination of specimens under optical and scanning electron microscopes. This recementation appears to have contributed to the good performance of the sections.• Base material density was generally consistent over the section. Nuclear gauge determined wet densities averaged 2,176 kg/m3, which corresponds with the average of 2,200 kg/m3 recorded after construction.• Nuclear gauge-determined base moisture contents averaged 11.1 percent for the 18 test pits, with higher moisture contents in the top 50 mm compared to the remainder of the layer. This is higher than the predetermined optimum (8.9 percent) and the laboratory-determined gravimetric moisture contents (8.7 percent).• Subgrade densities were not measured. The average subgrade moisture content was 15 percent, considerably higher than the base moisture content. The presence of mottling in the subgrade material indicates that the moisture content probably fluctuated seasonally.• Air-void contents were lower in the wheelpath after HVS testing compared to before HVS testing, as expected. The findings of this Investigation confirm the conclusions of the other first-level analysis reports on HVS testing. No recommendations as to the use of modified binders in overlay mixes are made at this time
-
Reflective Cracking Study: HVS Test Section Forensic Investigation
2024Co-Authors: Jones David, Steven B., Harvey, John TAbstract:This report is one in a series of first-level analysis reports that describe the results of HVS testing on a full-scale experiment being performed at the Richmond Field Station (RFS) to validate Caltrans overlay strategies for the rehabilitation of cracked asphalt concrete. It describes the results of the Forensic Investigation on the HVS rutting sections (Sections 580RF through 581RF) and HVS reflective cracking testing sections (Sections 586RF through 591RF). The study forms part of Partnered Pavement Research Center Strategic Plan Element 4.10: “Development of Improved Rehabilitation Designs for Reflective Cracking.†Findings and observations based on the data collected during this Forensic Investigation include: • There was considerable variation in the thicknesses of the constructed layers of the test road. • In the rutting experiments, rutting occurred primarily in the underlying DGAC and not in the overlay. In the reflective cracking experiments, rutting occurred in both layers. Very little rutting occurred in the underlying layers. • Cracks were observed on some of the test pit profiles. In the underlying DGAC layer, cracks were generally clearly visible. However, in the overlays, heat generated from the saw cut operation appeared to seal any cracks and no conclusions could be drawn as to the depth that cracks had reflected into the overlays. Most cracks appeared to have initiated close to the bottom of the underlying DGAC. Some crack initiation was also observed at poorly bonded joints between lifts and overlays in the AR4000-D section. • Some post-construction cementation of the base material appeared to have occurred. This was substantiated with DCP tests, close inspection of the test pit profile, use of phenolphthalein to determine the pH of the base material, and examination of specimens under optical and scanning electron microscopes. This recementation appears to have contributed to the good performance of the sections. • Base material density was generally consistent over the section. Nuclear gauge determined wet densities averaged 2,176 kg/m3, which corresponds with the average of 2,200 kg/m3 recorded after construction. • Nuclear gauge-determined base moisture contents averaged 11.1 percent for the 18 test pits, with higher moisture contents in the top 50 mm compared to the remainder of the layer. This is higher than the predetermined optimum (8.9 percent) and the laboratory-determined gravimetric moisture contents (8.7 percent). • Subgrade densities were not measured. The average subgrade moisture content was 15 percent, considerably higher than the base moisture content. The presence of mottling in the subgrade material indicates that the moisture content probably fluctuated seasonally. • Air-void contents were lower in the wheelpath after HVS testing compared to before HVS testing, as expected. The findings of this Investigation confirm the conclusions of the other first-level analysis reports on HVS testing. No recommendations as to the use of modified binders in overlay mixes are made at this time.UCPRC-RR-2007-05, Civil Engineering
Arafat Al-dhaqm - One of the best experts on this subject based on the ideXlab platform.
-
Database Forensic Investigation Process Models: A Review
IEEE Access, 2020Co-Authors: Arafat Al-dhaqm, Fuad A. Ghaleb, Siti Hajar Othman, Arieff Salleh Rosman, Shukor Abd Razak, Nurazmallail MarniAbstract:Database Forensic Investigation (DBFI) involves the identification, collection, preservation, reconstruction, analysis, and reporting of database incidents. However, it is a heterogeneous, complex, and ambiguous field due to the variety and multidimensional nature of database systems. A small number of DBFI process models have been proposed to solve specific database scenarios using different Investigation processes, concepts, activities, and tasks as surveyed in this paper. Specifically, we reviewed 40 proposed DBFI process models for RDBMS in the literature to offer up-to-date and comprehensive background knowledge on existing DBFI process model research, their associated challenges, issues for newcomers, and potential solutions for addressing such issues. This paper highlights three common limitations of the DBFI domain, which are: 1) redundant and irrelevant Investigation processes; 2) redundant and irrelevant Investigation concepts and terminologies; and 3) a lack of unified models to manage, share, and reuse DBFI knowledge. Also, this paper suggests three solutions for the discovered limitations, which are: 1) propose generic DBFI process/model for the DBFI field; 2) develop a semantic metamodeling language to structure, manage, organize, share, and reuse DBFI knowledge; and 3) develop a repository to store and retrieve DBFI field knowledge.
-
A Review of Mobile Forensic Investigation Process Models
IEEE Access, 2020Co-Authors: Arafat Al-dhaqm, Victor R. Kebande, Shukor Abd Razak, Richard Adeyemi Ikuesan, Kamran SiddiqueAbstract:Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging Forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, Investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant Investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile Forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to Forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for Investigation.
-
CDBFIP: Common Database Forensic Investigation Processes for Internet of Things
IEEE Access, 2017Co-Authors: Arafat Al-dhaqm, Siti Hajar Othman, Shukor Abd Razak, Kim-kwang Raymond Choo, William Bradley Glisson, Mohammad AbrarAbstract:Database Forensics is a domain that uses database content and metadata to reveal malicious activities on database systems in an Internet of Things environment. Although the concept of database Forensics has been around for a while, the Investigation of cybercrime activities and cyber breaches in an Internet of Things environment would benefit from the development of a common investigative standard that unifies the knowledge in the domain. Therefore, this paper proposes common database Forensic Investigation processes using a design science research approach. The proposed process comprises four phases, namely: 1) identification; 2) artefact collection; 3) artefact analysis; and 4) the documentation and presentation process. It allows the reconciliation of the concepts and terminologies of all common database Forensic Investigation processes; hence, it facilitates the sharing of knowledge on database Forensic Investigation among domain newcomers, users, and practitioners.
Sangjin Lee - One of the best experts on this subject based on the ideXlab platform.
-
Digital Forensic Investigation of Cloud Storage Services
arXiv: Cryptography and Security, 2017Co-Authors: Hyunji Chung, Sangjin Lee, Jungheum Park, Cheulhoon KangAbstract:The demand for cloud computing is increasing because of the popularity of digital devices and the wide use of the Internet. Among cloud computing services, most consumers use cloud storage services that provide mass storage. This is because these services give them various additional functions as well as storage. It is easy to access cloud storage services using smartphones. With increasing utilization, it is possible for malicious users to abuse cloud storage services. Therefore, a study on digital Forensic Investigation of cloud storage services is necessary. This paper proposes new procedure for investigating and analyzing the artifacts of all accessible devices, such as Windows, Mac, iPhone, and Android smartphone.
-
Forensic Investigation framework for the document store nosql dbms
Digital Investigation, 2016Co-Authors: Jongseong Yoon, Doowon Jeong, Chulhoon Kang, Sangjin LeeAbstract:The NoSQL DBMS provides an efficient means of storing and accessing big data because its servers are more easily horizontally scalable and replicable than relational DBMSs. Its data model lacks a fixed schema, so that users can easily dynamically change the data model of applications. These characteristics of the NoSQL DBMS mean that it is increasingly used in real-time analysis, web services such as SNS, mobile apps and the storage of machine generated data such as logs and IoT (Internet of Things) data. Although the increased usage of the NoSQL DBMS increases the possibility of it becoming a target of crime, there are few papers about Forensic Investigation of NoSQL DBMS.In this paper, we propose a Forensic Investigation framework for the document store NoSQL DBMS. It is difficult to cover all of the NoSQL DBMS, as 'NoSQL' includes several distinct architectures; our Forensic Investigation framework, however, is focused on the document store NoSQL DBMS. In order to conduct an evaluative case study, we need to apply it to MongoDB, which is, a widely used document store NoSQL DBMS. For this case study, a crime scenario is created in an experimental environment, and then we propose in detail a Forensic procedure and technical methods for MongoDB. We suggested many substantial technical Investigation methods for MongoDB, including identifying real servers storing evidences in a distributed environment and transaction reconstruction method, using log analysis and recovering deleted data from the MongoDB data file structure.
-
study on advanced analysis method based on timeline chart for digital Forensic Investigation
The Journal of Advanced Navigation Technology, 2014Co-Authors: Keungi Lee, Changhoon Lee, Seongjin Hwang, Sangjin LeeAbstract:Recently, importance of digital Forensics has increased and using analysis methods of digital evidence in the analysis of evidence of various types. However, analysis time and effort is steadily increasing because personal disk capacity is too big and it has many number of files. Most digital evidence has time property, such as access time, creation time, and modification time. These time information of digital evidence is one of most important factors in the digital Forensic area. But if digital examiner simply analyze based on binary source only, it is possible to have wrong result because time has various types. In this paper, we classify various type of time in the digital evidence and describe advanced analysis method based on timeline chart for digital Forensic Investigation.
-
record file carving technique for efficient file recovery in digital Forensic Investigation
KIPS Transactions on Computer and Communication Systems, 2013Co-Authors: Min Su Park, Jungheum Park, Sangjin LeeAbstract:These days digital data have become essential for digital Investigation because most of the crime was occurred by using the digital devices. However, digital data is very easier to falsify or delete. If digital data was deleted, it is necessary to recover the deleted data for obtain digital evidence. Even though file carving is the most important thing to gather. digital evidence in digital Forensic Investigation, most of popular carving tools don`t contemplate methods of selection or restoration for digital Forensic Investigation. The goal of this research is suggested files which can obtain useful information for digital Forensic Investigation and proposed new record file carving technique to be able to recover data effectively than before it.
-
Digital Forensic Investigation of cloud storage services
Digital Investigation, 2012Co-Authors: Hyunji Chung, Sangjin Lee, Jungheum Park, Cheulhoon KangAbstract:Abstract The demand for cloud computing is increasing because of the popularity of digital devices and the wide use of the Internet. Among cloud computing services, most consumers use cloud storage services that provide mass storage. This is because these services give them various additional functions as well as storage. It is easy to access cloud storage services using smartphones. With increasing utilization, it is possible for malicious users to abuse cloud storage services. Therefore, a study on digital Forensic Investigation of cloud storage services is necessary. This paper proposes new procedure for investigating and analyzing the artifacts of all accessible devices, such as Windows system, Mac system, iPhone, and Android smartphone.
