Answer To: Digital Forensics Technical Report Paper Guidelines REPORT GUIDELINES The topic of this academic...
Neetha answered on Apr 13 2022
Report on Digital Forensics
Abstract
As more people depend on technology for both personal and professional endeavors, digital forensics has never been more important. Digital forensics is a branch of forensic science specifically focused on cybercrime, using computer evidence to support investigations. A.This report deals with an introduction to digital forensics and how can we use data available to us to help us prosecute crimials in the area crime , civil and cooperate. The reader by the end of the report will become aware of the kind of data that is available to the forensics team and how they can use it.
Introduction
Forensics is the science of putting together what we observe to reasonably deduct what could have likely occured. In the digital world we look for a digital foot print left by the person in question. What we mean by digital footprint is search history, the last seen location, chat history , mail history, instagram posts or facebook posts, ad’s clicked .... the list goes on. But this infromation can help us build an image of an individual psychological profile or even re-trace the movements of the person based on there GPS location also. But where does all this infromation lead us to?, in most of the cases it could mean your data is being used by companies to advertise their products or in some cases justice is served. In todays world it is nearly impossible to not leave behind a digital footprint even if you choose to go off grid you might get caught in your local store camera or by chance you ran a red light and your license plate is caught in the security camera [1].
Digital Forensics is the art of preservation, identification, extraction, and documentation of computer evidence which can be used in the court of law[1].
Now going through the defiition of digital forensics we are pointed to the following keywords
1. Acquisition
2. Preservation
3. Analysis
4. Presentation
Acquisition is the process of acquiring data , in our case electronic data. For example, seizing a computer at crime scene or acquiring a computer in a civil suit. Making a copy of the hard drive to acquire more information. Rather than using the term “copy” we use the word “acquiring” . Acquisition is the first point of contact with the evidence and it is more liklely to be destroyed or damaged. For example a simple action of switching on the computer could set of a chain of events that could internally damage the hadrive or erase cache memory. But yet it can be recovered which we discuss a bit later.
Preservation, is referred to the state of the evidence that can be produced and defended in court. The evidence will have a chain of custody log which is maintained as a record to show the change of hands invovled in reviewing the evidence and ultimately its destruction if required. At no time should there be break in the chain
Analysis is the process of extracting the necessary details from the evidence in a case. For example in case involving spousal infedility we look at the chat logs, social media sites and e-mails. In a fraud case financial records and transactions. Depending on the case the data you need will vary.
Presentation is the art of producing the acquired evidence choosing the when so that you can make the right impact in the court of law and also catch a person’s lie in some cases. This also includes the written findings or forensic report , affidavits if required, depositions and court testimony.
In general the forensics report should include
1. The experience of the examiner
2. Tools used for examination
3. Methods to verify data
4. Method used to recover data and extract the desired details
5. Statement of findings of the examiner
6. The real data recovered to support the findings
As computers have progressed the devices that come under electronic data have also expanded. The devices for example include networks, camera , mobile , hardrives, cloud, server logs and other data that can aid in prosecution of the assailant.
What data to collect and analyze?
The core of digital forensics is to collect and analyze data. But how do we decide what data to analyze and to collect, this mainly depends on the investigation. For example in case of kidnapping we would like to know the last known cellular location, the social media post or where was she/he seen in the security camera in a certain location. In this example we need to gather cellular location information, that is, nearest tower , then social media chats or posts done in that month or year and search for keywords like “can we meet” “ boyfriend” this again depends on the victim age and can be modified based on the persons age and lastly if we are sure of a person’s visit to certain areas then we can check the security camera footage available in that locality.
Also it could be possible the case could have been a cold case and new evidence has come to light which requires to be reviewed or even in an ongoing case based on the Attorneys request. This increases the time and resources needed to extract, analyze and present the evidence. The technical term given to this Scope creep.
There could be cases where an forensic investigator may face a privacy hurdle where access to ceratin data or information may not be available, in such cases it could be useful to look for data sources outside the case environment such as server logs or cloud data that could be publicly accessible.
Scope creep is more common now days, as keen investigation of the evdience is required to fend off defense attacks from the opposing attorney. For example in cases of fraud internally commited in a company we need check emails, trash , file transfers on network, browsing history and transactions. Also we have comapnies which delete emails within a period of 80 days how do we seek data on other devices and information on any external media devices being handled.
In case of new evidence , the evidence is often not revealed to prosecution. It is very important to analyze the evidence exhaustively before the trial beguns and no loop hole is left for the defense to point and bring down the case that has been built.
Can AI help in digital forensics is anothet question we need to ask ourselves. Usually AI models are probaility models and the prediction is based of the training set given to the model. For example face recognition, may be running a facial recognition on a live camera feed of a potential area where the suspect might be headed to could help catch the suspect or not this depends on the prediction percentage of the AI model. Training a neural network is based of the images that we provide meaning the training set and how good a prediction depends on the variety in our training data set. This again is just probability we can never really rely on it. May be we can get an idea as a probable guess but never an absolute guess.
Identifying deep fakes should also be another factor to consider when in Digital forensics. It is possible for that the offender can hide there identity behind a photo created by an AI program and use it to continue with illegal activitied such as child pornography, selling drugs online or human trafficking. It is important that the...