首页 > 最新文献

Forensic Science International-Digital Investigation最新文献

英文 中文
An ontology for promoting controlled experimentation in digital forensics
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-12-06 DOI: 10.1016/j.fsidi.2024.301845
Thiago J. Silva , Ana H.B. Mazur , Edson OliveiraJr , Avelino F. Zorzo , Monalessa P. Barcellos
Experimentation is a crucial method in empirical inquiry and is widely applied in Computer Science. Controlled experimentation ensures reproducibility, transparency, and reliability of findings, making the process more formal. Digital forensics (DF) lacks formalization of controlled experimental processes, leading to inadequate and informal research, making findings less transparent, reproducible, and reliable. Furthermore, existing works in this area often lack detailed descriptions of the controlled experimental decision-making procedures. To address these issues, we developed an ontology to formalize the concepts and terms used in DF-controlled experiments. The ontology was constructed based on an existing conceptual model for DF-controlled experiments. The ontology's conceptual model is represented by UML class diagrams, and the OWL language was employed to code it. Moreover, the ontology underwent evaluation by researchers and experts in DF experimentation, with the results indicating the capability of the ontology to formalize DF experimental concepts. The contribution of this ontology is to assist DF researchers and practitioners in properly documenting their controlled experiments. This will enhance the formality of the experimental process and promote the findings' reproducibility, transparency, and reliability. For researchers, the ontology's main contribution lies in influencing how these experiments are conducted, potentially impacting their transfer to industry. Practitioners stand to benefit by adopting formal experimental procedures for testing, assessing, and acquiring DF-related technology.
{"title":"An ontology for promoting controlled experimentation in digital forensics","authors":"Thiago J. Silva ,&nbsp;Ana H.B. Mazur ,&nbsp;Edson OliveiraJr ,&nbsp;Avelino F. Zorzo ,&nbsp;Monalessa P. Barcellos","doi":"10.1016/j.fsidi.2024.301845","DOIUrl":"10.1016/j.fsidi.2024.301845","url":null,"abstract":"<div><div>Experimentation is a crucial method in empirical inquiry and is widely applied in Computer Science. Controlled experimentation ensures reproducibility, transparency, and reliability of findings, making the process more formal. Digital forensics (DF) lacks formalization of controlled experimental processes, leading to inadequate and informal research, making findings less transparent, reproducible, and reliable. Furthermore, existing works in this area often lack detailed descriptions of the controlled experimental decision-making procedures. To address these issues, we developed an ontology to formalize the concepts and terms used in DF-controlled experiments. The ontology was constructed based on an existing conceptual model for DF-controlled experiments. The ontology's conceptual model is represented by UML class diagrams, and the OWL language was employed to code it. Moreover, the ontology underwent evaluation by researchers and experts in DF experimentation, with the results indicating the capability of the ontology to formalize DF experimental concepts. The contribution of this ontology is to assist DF researchers and practitioners in properly documenting their controlled experiments. This will enhance the formality of the experimental process and promote the findings' reproducibility, transparency, and reliability. For researchers, the ontology's main contribution lies in influencing how these experiments are conducted, potentially impacting their transfer to industry. Practitioners stand to benefit by adopting formal experimental procedures for testing, assessing, and acquiring DF-related technology.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"52 ","pages":"Article 301845"},"PeriodicalIF":2.0,"publicationDate":"2024-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143141116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DFPulse: The 2024 digital forensic practitioner survey DFPulse: 2024年数字法医从业者调查
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-12-01 DOI: 10.1016/j.fsidi.2024.301844
Christopher Hargreaves , Frank Breitinger , Liz Dowthwaite , Helena Webb , Mark Scanlon
This paper reports on the largest survey of digital forensic practitioners to date (DFPulse) conducted from March to May 2024 resulting in 122 responses. The survey collected information about practitioners' operating environments, the technologies they encounter, investigative techniques they use, the challenges they face, the degree to which academic research is accessed and useful to the practitioner community, and their suggested future research directions. The paper includes quantitative and qualitative results from the survey and a discussion of the implications for academia, the improvements that can be made, and future research directions.
本文报告了迄今为止对数字法医从业者进行的最大调查(DFPulse),该调查于2024年3月至5月进行,共有122份回应。调查收集了从业人员的工作环境、他们遇到的技术、他们使用的调查技术、他们面临的挑战、学术研究的可访问程度和对从业人员社区的有用程度,以及他们建议的未来研究方向。本文包括定量和定性的调查结果,并讨论了对学术界的影响,可以做的改进和未来的研究方向。
{"title":"DFPulse: The 2024 digital forensic practitioner survey","authors":"Christopher Hargreaves ,&nbsp;Frank Breitinger ,&nbsp;Liz Dowthwaite ,&nbsp;Helena Webb ,&nbsp;Mark Scanlon","doi":"10.1016/j.fsidi.2024.301844","DOIUrl":"10.1016/j.fsidi.2024.301844","url":null,"abstract":"<div><div>This paper reports on the largest survey of digital forensic practitioners to date (DFPulse) conducted from March to May 2024 resulting in 122 responses. The survey collected information about practitioners' operating environments, the technologies they encounter, investigative techniques they use, the challenges they face, the degree to which academic research is accessed and useful to the practitioner community, and their suggested future research directions. The paper includes quantitative and qualitative results from the survey and a discussion of the implications for academia, the improvements that can be made, and future research directions.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301844"},"PeriodicalIF":2.0,"publicationDate":"2024-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142745261","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Commentary:- Can I use that tool? 评论:- 我能使用那个工具吗?
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-11-17 DOI: 10.1016/j.fsidi.2024.301843
Graeme Horsman
The decision as to whether a given tool can be used for the purposes of conducting a digital forensic examination of a device and its data may seem straightforward, but it is not. As part of their work, practitioners must always seek to identify and use tools that are appropriate for their investigative tasks, deploy them reliably within an applicable scenario, and be able to trust and understand the results that they provide. Before they can begin to do this, they must first ask themselves the question - ‘can I use that tool?‘, where this work considers how a practitioner may begin to formulate an answer. By unpacking the hidden complexity of this question, it is suggested that five sub-questions must be explored by any practitioner when seeking to use a tool, namely - (1) ‘what does that tool do?‘; (2) ‘how do I use that tool?‘; (3) ‘how does the tool do it?‘; (4) ‘does the tool do it properly?’ and (5) ‘should I use the tool?‘. This work discusses each in turn and the risks they pose to a practitioner.
决定某一工具是否可用于对设备及其数据进行数字取证检查的目的看似简单,实则不然。作为工作的一部分,从业人员必须始终努力识别和使用适合其调查任务的工具,在适用场景中可靠地部署这些工具,并能够信任和理解这些工具提供的结果。在开始这样做之前,他们必须先问自己一个问题--"我能使用这种工具吗?通过揭开这个问题隐藏的复杂性,我们认为,任何从业人员在寻求使用一种工具时,都必须探讨五个子问题,即:(1)"该工具有什么作用?";(2)"我该如何使用该工具?";(3)"该工具如何做到这一点?";(4)"该工具是否能正确做到这一点?";以及(5)"我是否应该使用该工具?本作品将依次讨论这些问题以及它们给从业人员带来的风险。
{"title":"Commentary:- Can I use that tool?","authors":"Graeme Horsman","doi":"10.1016/j.fsidi.2024.301843","DOIUrl":"10.1016/j.fsidi.2024.301843","url":null,"abstract":"<div><div>The decision as to whether a given tool can be used for the purposes of conducting a digital forensic examination of a device and its data may seem straightforward, but it is not. As part of their work, practitioners must always seek to identify and use tools that are appropriate for their investigative tasks, deploy them reliably within an applicable scenario, and be able to trust and understand the results that they provide. Before they can begin to do this, they must first ask themselves the question - ‘<em>can I use that tool?</em>‘, where this work considers how a practitioner may begin to formulate an answer. By unpacking the hidden complexity of this question, it is suggested that five sub-questions must be explored by any practitioner when seeking to use a tool, namely - (1) ‘<em>what does that tool do?</em>‘; (2) ‘<em>how do I use that tool?</em>‘; (3) ‘<em>how does the tool do it?</em>‘; (4) ‘<em>does the tool do it properly?</em>’ and (5) ‘<em>should I use the tool?</em>‘. This work discusses each in turn and the risks they pose to a practitioner.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301843"},"PeriodicalIF":2.0,"publicationDate":"2024-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142661146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Temporal metadata analysis: A learning classifier system approach 时态元数据分析:学习分类系统方法
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-10-30 DOI: 10.1016/j.fsidi.2024.301842
Michael C. Todd, Gilbert L. Peterson
Digital forensics is a complex field that requires expert knowledge (EK) and specialized tools to collect, analyze, and report on digital evidence. Temporal metadata analysis is particularly challenging, requiring expert knowledge to understand and interpret underlying traces and associate them with their source. This paper introduces Digital Trace Inspector (DTI), a Learning Classifier System (LCS)-based decision support tool for temporal metadata analysis. DTI leverages a binary Michigan-style LCS to locate and group corroborating temporal digital traces of targeted user activity. Rules are built from expert-created atomics encoded as feature vectors using patterns defined in a structured EK rule framework. The system is evaluated on 10 scenarios of typical user behavior on a Windows 10 workstation. Results show that all models achieved perfect recall, had an average F1 score of 0.98, and required little training data.
数字取证是一个复杂的领域,需要专家知识(EK)和专业工具来收集、分析和报告数字证据。时间元数据分析尤其具有挑战性,需要专家知识来理解和解释底层痕迹,并将它们与来源联系起来。本文介绍了数字痕迹检查器(DTI),这是一种基于学习分类系统(LCS)的决策支持工具,用于时态元数据分析。DTI 利用二进制密歇根式 LCS 来定位和分组目标用户活动的时间数字痕迹。规则由专家创建,并使用结构化 EK 规则框架中定义的模式编码为特征向量。该系统在 Windows 10 工作站上的 10 个典型用户行为场景中进行了评估。结果表明,所有模型都达到了完美的召回率,平均 F1 得分为 0.98,并且几乎不需要训练数据。
{"title":"Temporal metadata analysis: A learning classifier system approach","authors":"Michael C. Todd,&nbsp;Gilbert L. Peterson","doi":"10.1016/j.fsidi.2024.301842","DOIUrl":"10.1016/j.fsidi.2024.301842","url":null,"abstract":"<div><div>Digital forensics is a complex field that requires expert knowledge (EK) and specialized tools to collect, analyze, and report on digital evidence. Temporal metadata analysis is particularly challenging, requiring expert knowledge to understand and interpret underlying traces and associate them with their source. This paper introduces Digital Trace Inspector (DTI), a Learning Classifier System (LCS)-based decision support tool for temporal metadata analysis. DTI leverages a binary Michigan-style LCS to locate and group corroborating temporal digital traces of targeted user activity. Rules are built from expert-created atomics encoded as feature vectors using patterns defined in a structured EK rule framework. The system is evaluated on 10 scenarios of typical user behavior on a Windows 10 workstation. Results show that all models achieved perfect recall, had an average F1 score of 0.98, and required little training data.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301842"},"PeriodicalIF":2.0,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142539540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Uncertainty and error in location traces 定位跟踪的不确定性和误差
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-10-16 DOI: 10.1016/j.fsidi.2024.301841
Cléo Berger, Benoît Meylan, Thomas R. Souvignet
Location traces are highly informative because of their potential to infer physical activity or presence. Their prevalence has increased largely due to the rise of digital devices, their encompassed location-based services and other positioning technologies (Raubal et al., 2004). However, there is little research that explores and supports their exploitation, which hampers the confidence that can be placed in it. Location traces are indeed subject to uncertainty and errors, notably in their production and exploitation processes. This article aims to shed some light on the uncertainty and errors associated with smartphone location traces and calls for research to be developed on that topic. Several empirical examples are developed throughout the article to better illustrate these issues.
位置追踪具有很高的信息量,因为它们有可能推断出物理活动或物理存在。位置追踪的普及主要得益于数字设备的兴起、基于位置的服务和其他定位技术(Raubal 等人,2004 年)。然而,很少有研究对其利用进行探讨和支持,这影响了人们对其的信心。位置痕迹确实存在不确定性和误差,尤其是在其生产和利用过程中。本文旨在阐明与智能手机位置追踪相关的不确定性和误差,并呼吁开展相关研究。为了更好地说明这些问题,文章中列举了几个经验实例。
{"title":"Uncertainty and error in location traces","authors":"Cléo Berger,&nbsp;Benoît Meylan,&nbsp;Thomas R. Souvignet","doi":"10.1016/j.fsidi.2024.301841","DOIUrl":"10.1016/j.fsidi.2024.301841","url":null,"abstract":"<div><div>Location traces are highly informative because of their potential to infer physical activity or presence. Their prevalence has increased largely due to the rise of digital devices, their encompassed location-based services and other positioning technologies (<span><span>Raubal et al., 2004</span></span>). However, there is little research that explores and supports their exploitation, which hampers the confidence that can be placed in it. Location traces are indeed subject to uncertainty and errors, notably in their production and exploitation processes. This article aims to shed some light on the uncertainty and errors associated with smartphone location traces and calls for research to be developed on that topic. Several empirical examples are developed throughout the article to better illustrate these issues.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301841"},"PeriodicalIF":2.0,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Competence in digital forensics 数字取证能力
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-10-11 DOI: 10.1016/j.fsidi.2024.301840
Graeme Horsman , Andrew Dodd
Those practising in the field of digital forensics must be competent to conduct the work they carry out, and such competence must also be evidenced and assessed. Those seeking to demonstrate staff competence must consider what tasks and roles it is being sought for, how it is achieved, what is an acceptable level of performance for a task, and how to evidence and assess any claimed competence. This work intends to explore the multifaceted nature of competence within the field of digital forensics, examining how it is developed, assessed, and maintained in an era characterised by continuous technological advancement. Discussions are also linked to the requirements defined in the accreditation framework ISO/IEC 17025:2017 which governs the digital forensic landscape in England and Wales. We hope to contribute to the ongoing discourse on elevating standards and fostering excellence in the science of digital forensics.
数字取证领域的从业人员必须有能力开展所从事的工作,而且这种能力还必须得到证明和评估。想要证明工作人员能力的人必须考虑,他们要证明的是什么任务和角色的能力,如何实现这种能力,什么是可接受的任务绩效水平,以及如何证明和评估所声称的能力。这项工作旨在探索数字取证领域能力的多面性,研究在技术不断进步的时代如何发展、评估和保持这种能力。讨论还与管理英格兰和威尔士数字取证领域的认证框架 ISO/IEC 17025:2017 中定义的要求相关联。我们希望能为正在进行的关于提升标准和促进数字取证科学卓越性的讨论做出贡献。
{"title":"Competence in digital forensics","authors":"Graeme Horsman ,&nbsp;Andrew Dodd","doi":"10.1016/j.fsidi.2024.301840","DOIUrl":"10.1016/j.fsidi.2024.301840","url":null,"abstract":"<div><div>Those practising in the field of digital forensics must be competent to conduct the work they carry out, and such competence must also be evidenced and assessed. Those seeking to demonstrate staff competence must consider what tasks and roles it is being sought for, how it is achieved, what is an acceptable level of performance for a task, and how to evidence and assess any claimed competence. This work intends to explore the multifaceted nature of competence within the field of digital forensics, examining how it is developed, assessed, and maintained in an era characterised by continuous technological advancement. Discussions are also linked to the requirements defined in the accreditation framework ISO/IEC 17025:2017 which governs the digital forensic landscape in England and Wales. We hope to contribute to the ongoing discourse on elevating standards and fostering excellence in the science of digital forensics.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301840"},"PeriodicalIF":2.0,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142419961","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
“What you say in the lab, stays in the lab”: A reflexive thematic analysis of current challenges and future directions of digital forensic investigations in the UK "实验室里说的话,就留在实验室里":对英国数字取证调查当前挑战和未来方向的反思性专题分析
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-10-09 DOI: 10.1016/j.fsidi.2024.301839
Magdalene Ng , Jade James , Ray Bull
Despite digital evidence nowadays playing a major role in criminal investigations and being intrinsic to almost every criminal trial, research in digital forensics (DF) and national approaches to digital evidence in relation to investigating officers and court personnel remain almost non-existent. This research seeks to remedy this issue by qualitatively examining the accounts and experiences of 16 digital forensic investigators (DFIs) in England and Wales who took part in semi-structured interviews. We analyzed the data using a reflexive thematic analysis and identified four overarching themes: (i) Navigating tensions with investigating officers (that has a subtheme of ‘Tensions with legal professionals and challenges navigating court theatrics’) (ii) The psychological, emotional, and existential challenges confronted by DFIs; (iii) Identifying the potential and pitfalls of automation and AI in DF and (iv) The centrality of academia in the advancement of DF (that has a subtheme of ‘Validation of tools as a crucial step in digital forensics’). These new findings reveal that DFIs encounter significant demands to perform well and are continuously overburdened while juggling many roles. This research serves as a pivotal starting point for broader discussions.
尽管数字证据如今在刑事调查中发挥着重要作用,而且几乎是每项刑事审判的固有组成部分,但有关数字取证(DF)的研究以及调查人员和法庭人员处理数字证据的国家方法几乎仍然不存在。本研究通过对英格兰和威尔士的 16 名数字取证调查员(DFIs)进行半结构化访谈,对他们的陈述和经验进行定性研究,试图纠正这一问题。我们采用反思性主题分析法对数据进行了分析,并确定了四个首要主题:(i) 应对与调查人员之间的紧张关系(副主题为 "与法律专业人士之间的紧张关系以及应对法庭戏剧的挑战");(ii) DFIs 面临的心理、情感和生存挑战;(iii) 识别自动化和人工智能在 DF 中的潜力和陷阱;以及 (iv) 学术界在 DF 发展中的核心地位(副主题为 "工具验证是数字取证的关键步骤")。这些新发现揭示了数字取证机构在履行职责时遇到的巨大需求,以及在兼顾多种角色的同时持续承受的过重负担。这项研究为更广泛的讨论提供了一个关键的起点。
{"title":"“What you say in the lab, stays in the lab”: A reflexive thematic analysis of current challenges and future directions of digital forensic investigations in the UK","authors":"Magdalene Ng ,&nbsp;Jade James ,&nbsp;Ray Bull","doi":"10.1016/j.fsidi.2024.301839","DOIUrl":"10.1016/j.fsidi.2024.301839","url":null,"abstract":"<div><div>Despite digital evidence nowadays playing a major role in criminal investigations and being intrinsic to almost every criminal trial, research in digital forensics (DF) and national approaches to digital evidence in relation to investigating officers and court personnel remain almost non-existent. This research seeks to remedy this issue by qualitatively examining the accounts and experiences of 16 digital forensic investigators (DFIs) in England and Wales who took part in semi-structured interviews. We analyzed the data using a reflexive thematic analysis and identified four overarching themes: (i) Navigating tensions with investigating officers (that has a subtheme of ‘Tensions with legal professionals and challenges navigating court theatrics’) (ii) The psychological, emotional, and existential challenges confronted by DFIs; (iii) Identifying the potential and pitfalls of automation and AI in DF and (iv) The centrality of academia in the advancement of DF (that has a subtheme of ‘Validation of tools as a crucial step in digital forensics’). These new findings reveal that DFIs encounter significant demands to perform well and are continuously overburdened while juggling many roles. This research serves as a pivotal starting point for broader discussions.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301839"},"PeriodicalIF":2.0,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142419960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Decoding digital interactions: An extensive study of TeamViewer's Forensic Artifacts across Windows and android platforms 解码数字互动:跨 Windows 和安卓平台的 TeamViewer 取证工件的广泛研究
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-10-04 DOI: 10.1016/j.fsidi.2024.301838
Nishchal Soni , Manpreet Kaur , Khalid Aziz
The pervasive influence of digital technology has ushered in a new era of connectivity, reshaping the landscape of forensic science and challenging investigators to adapt to evolving methods of digital interaction. Remote access applications (RAAs) like TeamViewer have become integral tools for facilitating remote collaboration and support across various platforms. However, the widespread adoption of such applications has also led to an increase in cybercrimes, underscoring the critical need for meticulous forensic analysis. This study presents a comprehensive examination of TeamViewer's forensic artifacts across Windows and Android platforms, employing advanced forensic techniques such as registry analysis, disk forensics, memory forensics, and Android forensics. By meticulously dissecting digital evidence and uncovering valuable insights into user interactions, configuration settings, and session dynamics, this research aims to enhance understanding of remote access activities and empower forensic investigators with the tools needed to combat cybercrimes effectively. The findings highlight the forensic significance of each investigative approach and underscore the importance of continuous innovation in the field of digital forensics.
数字技术无处不在的影响开创了一个新的互联时代,重塑了法医学的格局,并对调查人员适应不断发展的数字互动方法提出了挑战。像 TeamViewer 这样的远程访问应用程序(RAA)已成为促进跨平台远程协作和支持不可或缺的工具。然而,此类应用程序的广泛应用也导致了网络犯罪的增加,突出了对细致取证分析的迫切需要。本研究采用注册表分析、磁盘取证、内存取证和 Android 取证等先进取证技术,全面检查了 TeamViewer 在 Windows 和 Android 平台上的取证工件。通过对数字证据进行细致的剖析,揭示用户交互、配置设置和会话动态的宝贵见解,本研究旨在加深对远程访问活动的理解,并为取证调查人员提供有效打击网络犯罪所需的工具。研究结果突出了每种调查方法的取证意义,并强调了在数字取证领域不断创新的重要性。
{"title":"Decoding digital interactions: An extensive study of TeamViewer's Forensic Artifacts across Windows and android platforms","authors":"Nishchal Soni ,&nbsp;Manpreet Kaur ,&nbsp;Khalid Aziz","doi":"10.1016/j.fsidi.2024.301838","DOIUrl":"10.1016/j.fsidi.2024.301838","url":null,"abstract":"<div><div>The pervasive influence of digital technology has ushered in a new era of connectivity, reshaping the landscape of forensic science and challenging investigators to adapt to evolving methods of digital interaction. Remote access applications (RAAs) like TeamViewer have become integral tools for facilitating remote collaboration and support across various platforms. However, the widespread adoption of such applications has also led to an increase in cybercrimes, underscoring the critical need for meticulous forensic analysis. This study presents a comprehensive examination of TeamViewer's forensic artifacts across Windows and Android platforms, employing advanced forensic techniques such as registry analysis, disk forensics, memory forensics, and Android forensics. By meticulously dissecting digital evidence and uncovering valuable insights into user interactions, configuration settings, and session dynamics, this research aims to enhance understanding of remote access activities and empower forensic investigators with the tools needed to combat cybercrimes effectively. The findings highlight the forensic significance of each investigative approach and underscore the importance of continuous innovation in the field of digital forensics.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301838"},"PeriodicalIF":2.0,"publicationDate":"2024-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142419962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Exploring the potential of large language models for author profiling tasks in digital text forensics 探索大型语言模型在数字文本取证中用于作者特征描述任务的潜力
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-10-01 DOI: 10.1016/j.fsidi.2024.301814
Sang-Hyun Cho , Dohyun Kim , Hyuk-Chul Kwon , Minho Kim
The rapid advancement of large language models (LLMs) has opened up new possibilities for various natural language processing tasks. This study explores the potential of LLMs for author profiling in digital text forensics, which involves identifying characteristics such as age and gender from writing style—a crucial task in forensic investigations of anonymous or pseudonymous communications. Experiments were conducted using state-of-the-art LLMs, including Polyglot, EEVE, and Bllossom, to evaluate their performance in author profiling. Different fine-tuning strategies, such as full fine-tuning, Low-Rank Adaptation (LoRA), and Quantized LoRA (QLoRA), were compared to determine the most effective methods for adapting LLMs to the specific needs of this task. The results show that fine-tuned LLMs can effectively predict authors’ age and gender based on their writing styles, with Polyglot-based models generally outperforming EEVE and Bllossom models. Additionally, LoRA and QLoRA strategies significantly reduce computational costs and memory requirements while maintaining performance comparable to full fine-tuning. However, error analysis reveals limitations in the current LLM-based approach, including difficulty in capturing subtle linguistic variations across age groups and potential biases from pre-training data. These challenges are discussed and future research directions to address them are proposed. This study underscores the potential of LLMs in author profiling for digital text forensics, suggesting promising avenues for further exploration and refinement.
大型语言模型(LLM)的快速发展为各种自然语言处理任务提供了新的可能性。本研究探讨了 LLMs 在数字文本取证中进行作者特征描述的潜力,这涉及从写作风格中识别年龄和性别等特征--这是匿名或假名通信取证调查中的一项重要任务。我们使用最先进的 LLM(包括 Polyglot、EEVE 和 Bllossom)进行了实验,以评估它们在作者特征分析中的性能。比较了不同的微调策略,如完全微调、Low-Rank Adaptation (LoRA) 和 Quantized LoRA (QLoRA),以确定最有效的方法,使 LLM 适应这项任务的特定需求。结果表明,经过微调的 LLM 可以根据写作风格有效预测作者的年龄和性别,其中基于 Polyglot 的模型普遍优于 EEVE 和 Bllossom 模型。此外,LoRA 和 QLoRA 策略大大降低了计算成本和内存需求,同时保持了与完全微调相当的性能。然而,误差分析揭示了当前基于 LLM 方法的局限性,包括难以捕捉不同年龄组的微妙语言变化以及预训练数据可能带来的偏差。本研究讨论了这些挑战,并提出了解决这些问题的未来研究方向。这项研究强调了 LLM 在数字文本取证的作者特征描述方面的潜力,并提出了进一步探索和完善的前景广阔的途径。
{"title":"Exploring the potential of large language models for author profiling tasks in digital text forensics","authors":"Sang-Hyun Cho ,&nbsp;Dohyun Kim ,&nbsp;Hyuk-Chul Kwon ,&nbsp;Minho Kim","doi":"10.1016/j.fsidi.2024.301814","DOIUrl":"10.1016/j.fsidi.2024.301814","url":null,"abstract":"<div><div>The rapid advancement of large language models (LLMs) has opened up new possibilities for various natural language processing tasks. This study explores the potential of LLMs for author profiling in digital text forensics, which involves identifying characteristics such as age and gender from writing style—a crucial task in forensic investigations of anonymous or pseudonymous communications. Experiments were conducted using state-of-the-art LLMs, including Polyglot, EEVE, and Bllossom, to evaluate their performance in author profiling. Different fine-tuning strategies, such as full fine-tuning, Low-Rank Adaptation (LoRA), and Quantized LoRA (QLoRA), were compared to determine the most effective methods for adapting LLMs to the specific needs of this task. The results show that fine-tuned LLMs can effectively predict authors’ age and gender based on their writing styles, with Polyglot-based models generally outperforming EEVE and Bllossom models. Additionally, LoRA and QLoRA strategies significantly reduce computational costs and memory requirements while maintaining performance comparable to full fine-tuning. However, error analysis reveals limitations in the current LLM-based approach, including difficulty in capturing subtle linguistic variations across age groups and potential biases from pre-training data. These challenges are discussed and future research directions to address them are proposed. This study underscores the potential of LLMs in author profiling for digital text forensics, suggesting promising avenues for further exploration and refinement.</div></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"50 ","pages":"Article 301814"},"PeriodicalIF":2.0,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142530440","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DFRWS EURO 2025 Brno DFRWS 2025 年布尔诺欧洲杯
IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Forensic Science International-Digital Investigation
Pub Date : 2024-10-01 DOI: 10.1016/S2666-2817(24)00160-4
{"title":"DFRWS EURO 2025 Brno","authors":"","doi":"10.1016/S2666-2817(24)00160-4","DOIUrl":"10.1016/S2666-2817(24)00160-4","url":null,"abstract":"","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"50 ","pages":"Article 301834"},"PeriodicalIF":2.0,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142530443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
类型
全部 化学•材料 生命科学 医学 物理 工程技术 环境•农林 材料科学 地球科学 法学 管理学 化学 环境科学与生态学 计算机科学 教育学 经济学 农林科学 人文科学 生物学 数学 物理与天体物理 心理学 综合性期刊 其他 工业工程 理学 历史学 农学 文学 信息工程
数据库
全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley
期刊
Forensic Science International-Digital Investigation
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1