Forensic Science International-Digital Investigation最新文献

This paper introduces an approach that supports speaker identification in criminal investigations, specifically addressing challenges associated with large volumes of audio recordings featuring unknown speaker identities. Our approach clusters related recordings – potentially from the same person – based on representative voice embeddings extracted using the ECAPA-TDNN speaker recognition model. Grouping audio recordings from the same person enhances variability and richness in voice patterns, thereby improving confidence in automatic speaker recognition. We propose a combination of cosine similarity and a rank-based adjustment function to determine matches of audio clusters with individuals in an enrollment database. Our approach was validated through experiments on a Common Voice-based synthesized dataset and a real-life application involving cell phones seized in prisons, which contained thousands of conversational audio recordings. Results demonstrated satisfactory performance and stability, consistently reducing the pool of candidate speakers for subsequent analysis by a human investigator.

The proliferation of Internet of Things (IoT) devices across homes, businesses, and industrial landscapes has significantly increased our capability to gather data and automate tasks. Despite their ubiquity, these devices are notably resource-constrained and frequently lack robust security defenses, presenting a substantial risk of intrusion and cyber threats. To address these concerns, we propose a novel anomaly-based host intrusion detection system specifically designed for IoT devices, titled MARS (Memory Anomaly Recognition System). MARS is designed to function as a crucial component in the incident response framework, acting as an early detection system for potential security breaches within an organization’s network or systems. The fundamental architecture of MARS leverages the device’s memory as a key indicator for monitoring system-level events. To enhance its security and integrity, MARS is embedded within a Trusted Execution Environment—a secure, hardware-isolated region of a microcontroller protected from untrusted software. This design choice not only makes MARS tamper-proof but also ensures reliable monitoring of the device’s memory. Deviations from established memory baselines, indicative of a security compromise, are detected through an anomaly detection algorithm hosted on a remote server. Our evaluation of the MARS prototype on STM32L562QEI6QU showed our proposed architecture can achieve decent scalability while maintaining trust, accuracy, and robustness of memory changes.

This paper examines the impact of cognitive biases on decision-making in forensics and digital forensics, exploring biases such as confirmation bias, anchoring bias, and hindsight bias. It assesses existing methods to mitigate biases and improve decision-making, introducing the novel “Impostor Bias”, which arises as a systematic tendency to question the authenticity of multimedia content, such as audio, images, and videos, often assuming they are generated by AI tools. This bias goes beyond evaluators' knowledge levels, as it can lead to erroneous judgments and false accusations, undermining the reliability and credibility of forensic evidence. Impostor Bias stems from an a priori assumption rather than an objective content assessment, and its impact is expected to grow with the increasing realism of AI-generated multimedia products. The paper discusses the potential causes and consequences of Impostor Bias, suggesting strategies for prevention and counteraction. By addressing these topics, this paper aims to provide valuable insights, enhance the objectivity and validity of forensic investigations, and offer recommendations for future research and practical applications to ensure the integrity and reliability of forensic practices.

People often dispose of their useless smart digital gadgets without realizing the potential presence of useful information inside these devices. This is also true for faulty smart bulbs, which cybercriminals might exploit to gain unauthorized access to a smart home and manipulate or steal private information. This research delves into the potential security risks associated with smart bulbs and provides recommendations for mitigating such risks. Through a comprehensive analysis of the functionality of smart bulbs, this study introduced the data extraction framework DEF-IoTF for collecting both hardware and application-level digital artifacts from smart bulbs. This paper presents the FIvM-IoT model for collecting and analyzing evidence from companion app data on mobile phones and Wifi modules at the hardware level. We conduct examinations on the smart bulb's Wifi module and extract its firmware using the developed Wifi_Cred tool. These include evidence related to user credentials, log time stamps, Wifi details, potential forensic information, and investigation procedures for IoT devices. Finally, this study provides prominent IoT forensic use cases along with the key requirements for hardware-level forensic investigation of Wifi modules.

Social media and mobile communications in general are an extremely rich source of digital forensic information. We present our new framework for analysing this resource with an innovative combination of time series and text mining methods. The framework is intended to create a tool to analyse and operationally summarise extended trails of social media messages, thus enabling investigators for the first time to drill down into specific moments at which sentiment analysis has detected a change of tone indicative of a particularly strong and significant response. Crucially, the method will give investigators an opportunity to reduce the time and resource commitment required for ongoing and hands-on analysis of digital communications on media such as Texts/SMS, WhatsApp and Messenger.

This publication presents a thorough forensic investigation of the banking malware known as Hook, shedding light on its intricate functionalities and providing valuable insights into the broader realm of banking malware. Given the persistent evolution of Android malware, particularly in the context of banking threats, this research explores the ongoing development of these malicious entities. In particular, it emphasizes the prevalent “malware as a service” (MaaS) model, which engenders a competitive environment where malware developers continually strive to enhance their capabilities. Consequently, this investigation serves as a vital benchmark for evaluating the current state of banking MaaS capabilities in July 2023, enabling researchers and practitioners to gauge the advancements and trends within the field.

The Internet of Things (IoT) is increasingly becoming a part of people's lives and is progressively revolutionizing our lives and businesses. From a Digital Forensics (DF) point of view, this connection turns an IoT environment into a valuable source of evidence containing diverse artifacts that could significantly aid DF investigations. Therefore, DF must adapt to the characteristics of IoT Forensics (IoTF). With the increasing deployment of IoT, organizations are compelled to revise their approaches to planning, developing, and implementing Information Technology (IT) security strategies. The IoT presents new business opportunities but also simultaneously creates various challenges related to cyber-attacks and their resolution. For optimal preparedness in the face of future incidents, companies should consider implementing Forensics Readiness (FR). This paper thus examines the factors that influence IoT-FR within organizations. By systematically analyzing research efforts from 2010 to 2023, we identified the following factors influencing IoT-FR: (1) Legal Aspect, (2) Standardization Approach, (3) Technological Resource and Technique, (4) Management Process and (5) Human Factor. Furthermore, these influencing factors are not only considered individually but also in terms of the dependencies between them. This results in the creation of a holistic model including the interdependencies and influences of the factors to provide a novel overview and enhance the integrated perspective on IoT-FR. The knowledge of factors influencing the integration of IoT-FR into organizations is valuable. It thus can be of enormous importance, as it can save time and money in the event of a subsequent incident. Additionally, alongside these factors, various challenges, techniques, models, and frameworks are highlighted to offer profound insights into the relatively novel subject of IoT-FR and to inspire future research.