ABSTRACT
In this paper, we present the technique for investigating attacks on a company's reputation on a social media platform as a part of an arsenal of digital forensics investigators. The technique consists of several methods, including (1) identifying the attack based on sentiment analysis, (2) identifying the actors of the attack, (3) determining the attack's impact, and (4) determining core actors to identify the strategy of the attacker, including (4a) usage of bots, (4b) attempts to conflict initiation, (4c) competitor promotion, (4d) uncoordinated user attack. In the paper we also present the evaluation of this technique using the real investigation of use-case, where we investigate the attack on a retail company X, that occurs after the company changed its policy dedicated to COVID-19 QR codes for their visitors. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
Currently, the volume of sensitive content on the Internet, such as pornography and child pornography, and the amount of time that people spend online (especially children) have led to an increase in the distribution of such content (e.g., images of children being sexually abused, real-time videos of such abuse, grooming activities, etc.). It is therefore essential to have effective IT tools that automate the detection and blocking of this type of material, as manual filtering of huge volumes of data is practically impossible. The goal of this study is to carry out a comprehensive review of different learning strategies for the detection of sensitive content available in the literature, from the most conventional techniques to the most cutting-edge deep learning algorithms, highlighting the strengths and weaknesses of each, as well as the datasets used. The performance and scalability of the different strategies proposed in this work depend on the heterogeneity of the dataset, the feature extraction techniques (hashes, visual, audio, etc.) and the learning algorithms. Finally, new lines of research in sensitive-content detection are presented.
ABSTRACT
The COVID19 pandemic has led to the proliferation of the use of online shopping applications among millions of customers worldwide. The enormous potential in technological advancements, particularly mobile technology, has directly impacted mobile commerce, where the shopping process has become so convenient. While the benefits of mobile commerce are multi-fold, the current privacy practices and the extent of user data residue in shopping apps have been less explored. In this paper, we conducted an in-depth, systematic analysis of two of the most popular mobile shopping apps - Amazon and Etsy. Our analysis led to the recovery of user data and shopping activity artifacts from Amazon and Etsy buyer and seller apps on Android/iOS devices. Based on the user data and artifacts found, we have also discussed the implications of default privacy settings, the importance of online safety policies prior to product listings, and implications for research and practice. © 2023 IEEE Computer Society. All rights reserved.
ABSTRACT
Electronic mail is the primary source of different cyber scams. Identifying the author of electronic mail is essential. It forms significant documentary evidence in the field of digital forensics. This paper presents a model for email author identification (or) attribution by utilizing deep neural networks and model-based clustering techniques. It is perceived that stylometry features in the authorship identification have gained a lot of importance as it enhances the author attribution task's accuracy. The experiments were performed on a publicly available benchmark Enron dataset, considering many authors. The proposed model achieves an accuracy of 94% on five authors, 90% on ten authors, 86% on 25 authors and 75% on the entire dataset for the Deep Neural Network technique, which is a good measure of accuracy on a highly imbalanced data. The second cluster-based technique yielded an excellent 86% accuracy on the entire dataset, considering the authors' number based on their contribution to the aggregate data.
ABSTRACT
Web applications have experienced a widespread adaptation owing to the agile Service Oriented Architecture (SOA) reflecting the ever-changing software needs of users. Google Meet is one of the top video conferencing applications, especially in the post-COVID19 era. Security and privacy concerns are therefore critical. This paper presents an extensive digital forensic analysis of Google Meet running on multiple browsers and software platforms including Google Chrome, Mozilla Firefox, and Microsoft Edge browsers in Windows 10 and Linux. Artifacts, traces of potential evidence, are extracted from different locations on a client's desktop, including the memory and browser. These include meeting records, communication records, email addresses, profile pictures, history, downloads, bookmarks, cache, cookies, etc. We explore how different Random Access Memory (RAM) sizes of client devices impact the persistence and format of extracted memory artifacts. A memory artifact extraction tool is developed to automate the extraction of artifacts identified via unstructured string analysis. Google Meet forensic artifacts are critical in that they are potential digital evidence in relevant criminal investigations. Additionally, they highlight that user data can be extracted despite implementing multiple privacy and security mechanisms. © 2022 The Author(s)
ABSTRACT
The COVID-19 pandemic has changed many aspects of human life during last three years. One of these aspects is the adaption of new trends and technologies for everyday activities such as delivery and transportation. People now prefer to shop online and get their products delivered at home without wasting any time. Therefore, the security and importance of online and delivery applications is the main concern these days. The payment mode of these applications is online which involves personal data like bank information and user details. This problem led to the research contribution of our work. The main objective and implication of this study is to find personally identifiable information (PII) of users which uniquely identifies a person at personal and organizational scopes. In this paper, we present the forensics analysis of eight popular Android delivery and transport applications i.e. Daraz.pk, Foodpanda, Grocer app, Airlift express, Bykea, Indriver, Uber and Clicky shopping app. These applications have not been previously studied and investigated by other researchers. Furthermore, these applications are among the top android apps used by customers. It is expected that such an analysis can guide investigators towards obtaining useful information about a suspect who has used such an application on their device. The analysis process started with the installation of each application on a rooted Samsung S7 Edge smartphone. Then various activities were performed such as setting up an account, booking a ride, or ordering a delivery. After this, a physical image of the device was acquired. A detailed analysis of the image was carried out using Autopsy and all relevant artifacts were collected. A comparison of the results showed largest number of artifacts have been gathered from installation activity and the most number of unique artifacts have been collected from order and booking activity. A tabular form of analysis has also been shown with all of the source and path files from which the data has been gathered. © 2022 IEEE.
ABSTRACT
The COVID-19 Pandemic has accelerated the digital transformation of organisations and services across the United Kingdom (UK) providing numerous opportunities for economic and social development in the UK. However, these opportunities also bring about unprecedented challenges for law enforcement agencies (LEAs), and has led to the progression of serious and advanced cyber threats. This chapter aims to analyse different types of cyber threats, identify the risk they pose to national security, and provide a critical evaluation of cybersecurity policy in the UK. The chapter will examine how current UK Government policies and practices effectively mitigate the cyber threats to national security, and will explore how these responses can be further developed, with reference to the National Cyber Security Centre, the Active Cyber Defence programme, and the National Cyber Security Strategy 2022–2030. The methodological approach for this chapter utilises a literature-based review to further develop research on the criminological issue of cyber threats, cybersecurity and national security in the UK. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
This commentary draws attention to the introduction of data collected by COVID-19 tracing apps as evidence in criminal proceedings and the novel considerations this evidence presents for criminal justice agents and digital forensics professionals.
Subject(s)
COVID-19 , Criminals , Mobile Applications , Humans , Contact Tracing , CrimeABSTRACT
Coronavirus disease 2019 (COVID-19) has led to countless deaths and widespread global disruptions. Acoustic-based artificial intelligence (AI) tools could provide a simple, scalable, and prompt method to screen for COVID-19 using easily acquirable physiological sounds. These systems have been demonstrated previously and have shown promise but lack robust analysis of their deployment in real-world settings when faced with diverse recording equipment, noise environments, and test subjects. The primary aim of this work is to begin to understand the impacts of these real-world deployment challenges on the system performance. Using Mel-Frequency Cepstral Coefficients (MFCC) and RelAtive SpecTrAl-Perceptual Linear Prediction (RASTA-PLP) features extracted from cough, speech, and breathing sounds in a crowdsourced dataset, we present a baseline classification system that obtains an average receiver operating characteristic area under the curve (AUC-ROC) of 0.77 when discriminating between COVID-19 and non-COVID subjects. The classifier performance is then evaluated on four additional datasets, resulting in performance variations between 0.64 and 0.87 AUC-ROC, depending on the sound type. By analyzing subsets of the available recordings, it is noted that the system performance degrades with certain recording devices, noise contamination, and with symptom status. Furthermore, performance degrades when a uniform classification threshold from the training data is subsequently used across all datasets. However, the system performance is robust to confounding factors, such as gender, age group, and the presence of other respiratory conditions. Finally, when analyzing multiple speech recordings from the same subjects, the system achieves promising performance with an AUC-ROC of 0.78, though the classification does appear to be impacted by natural speech variations. Overall, the proposed system, and by extension other acoustic-based diagnostic aids in the literature, could provide comparable accuracy to rapid antigen testing but significant deployment challenges need to be understood and addressed prior to clinical use.
Subject(s)
Artificial Intelligence , COVID-19 , Humans , COVID-19/diagnosis , Acoustics , Sound , Respiratory SoundsABSTRACT
Virtual cybersecurity training platforms play an important role in developing the knowledge and practice skills of students in educational institutions and universities. It helps learners can access virtual laboratories through web interfaces without any geolocation restriction, especially in the Covid-19 pandemic. Furthermore, instructors can monitor and understand learners' behaviors in practice sessions by analyzing actions and logs from the virtual platform. But, to realize this feature, such a platform must gather data during cybersecurity training for data mining tasks. In this paper, we introduce a virtual laboratory platform to facilitate cybersecurity training courses, namely vLab. In addition, we apply clustering analysis to the actions of learners to better understand the capabilities of trainees in resolving given challenges in digital forensics subject. With the built-in behavior analyzer in vLab, instructors can find out the common mistakes, and the reasons for learners' failure results, or identify whether they actually conduct experiments to get answers for digital forensics challenges or not. © 2022 IEEE.
ABSTRACT
Owing to the spread of the COVID-19 virus, the online meeting system has become popular. From the security point of view, the protection against information leakage is important, as confidential documents are often displayed on a screen to share the information with all participants through the screen sharing function. Some participants may capture their screen to store the displayed documents in their local devices. In this study, we focus on the filtering process and lossy compression applied to the video delivered over an online meeting system, and investigate the identification of screenshot images using deep learning techniques to analyze the distortion caused by such operations. In our experimental results for Zoom applications, we can obtain more than 92.5% classification accuracy even if the captured image is intentionally edited to remove the traces of screen capture. © 2022, IFIP International Federation for Information Processing.
ABSTRACT
The researchers participated in a Mobile Device Forensics Detectives Summer Camp with intermediate students from the surrounding areas of Jackson, MS, who debated on critical thinking, deductive reasoning, problem-solving skills, defined the meaning of Mobile Device Forensics and what it entails in order for the students to achieve proficient or advanced levels on the students' state exams. The researchers had to overcome some barriers for the middle school students that subsequently had not occurred previously due to Covid-19, measure how effective this process progressed moving forward by the external evaluator, and discuss the challenges faced by the Leadership Team of the Mobile Device Forensics Group and how the researchers alleviated some of those issues. © 2021 IEEE.
ABSTRACT
Videoconferencing applications have seen a jump in their userbase owing to the COVID-19 pandemic. The security of these applications has certainly been a hot topic since millions of VoIP users’ data is involved. However, research pertaining to VoIP forensics is still limited to Skype and Zoom. This paper presents a detailed forensic analysis of Microsoft Teams, one of the top 3 videoconferencing applications, in the areas of memory, disk-space and network forensics. Extracted artifacts include critical user data, such as emails, user account information, profile photos, exchanged (including deleted) messages, exchanged text/media files, timestamps and Advanced Encryption Standard encryption keys. The encrypted network traffic is investigated to reconstruct client-server connections involved in a Microsoft Teams meeting with IP addresses, timestamps and digital certificates. The conducted analysis demonstrates that, with strong security mechanisms in place, user data can still be extracted from a client’s desktop. The artifacts also serve as digital evidence in the court of Law, in addition to providing forensic analysts a reference for cases involving Microsoft Teams. © 2022, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
ABSTRACT
The Covid-19 pandemic has created unprecedented challenges in the technology age. Previous infrequently used applications were pushed into the spotlight and had to be considered reliable by their users. Applications had to evolve to accommodate the shift in normality to an online world quickly, predominantly for businesses and educational purposes. Video conferencing tools like Zoom, Google Hangouts, Microsoft Teams, and WebEx Meetings can make communication easy, but ease of online communications could also make information easier for cybercriminals to access and to use these tools for malicious purposes. Forensic evaluation of these programs is important, as being able to easily collect evidences against the threat actors will aid investigations considerably. This paper reports how artefacts from two popular video conferencing tools, Microsoft Teams and Google Meet, could be collected and analysed in forensically sound manners. Industry standard cyber forensics tools have been reported to extract artefacts from range of sources, such as memory, network, browsers and registry. The results are intended to verify security and trustworthiness of both applications as an online conferencing tool. © 2022, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
ABSTRACT
The recent wave of the global Covid-19 pandemic has led to a surge in text-based non-technical cybercrime attacks within the cyber ecosystem. Information about such cyber-attacks is often in unstructured text data and metadata, a rich source of evidence in a digital forensic investigation. However, such information is usually unavailable during a digital forensic investigation when dealing with the public cloud post-incident. Furthermore, digital investigators are challenged with extracting meaningful semantic content from the raw syntactic and unstructured data. It is partly due to the lack of a structured process for forensic data pre-processing when or if such information is identified. Thus, this study seeks to address the lack of a procedure or technique to extract semantic meaning from text data of a cybercrime attack that could be used as a digital forensic readiness semantics trigger in a cybercrime detection process. For the methodology to address the proposed approach, data science modelling and unsupervised machine learning are used to design a strategy. This method process extracts tokens of cybercrime text data, which are further used to develop an intelligent DFR semantic tool extractor based on natural language patterns from cybercrime text data. The proposed DFR cybercrime semantic trigger process when implemented could be used to create a digital forensic cybercrime language API for all digital forensic investigation systems or tools. © 2022, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
ABSTRACT
E-commerce is the branch of digital life that contains all economic and trade businesses conducted via the internet and commercial procedures connected to these businesses. It is considered the major and fastest-growing area in the world. It is the greatest way of purchasing goods and services done net. The old buying was changed by e-commerce only through this Covid pandemic. However, the enormous challenge of e-commerce is insider and outsider cyber-attacks, which threats the confidentiality, integrity, and availability of e-commerce. The researchers have proposed several security models and frameworks for the e-commerce field;however, there is a lack of an integrated model to secure the purchasing and selling of websites. Thus, this study presents a survey of cyberattacks that may damage e-commerce and proposes an integrated security model for e-commerce using a design science approach. The proposed model comprises three main parts: Client, ecommerce, and security. The results show that the proposed model can ensure purchasing and selling on the website and instantiate their solution models using a modeling approach. © 2022 The Authors.
ABSTRACT
The COVID-19 pandemic has impacted many lives around the world and many business processes including the digital forensics investigation processes and how investigations should be conducted from here on out. As early as 1984 a general computer forensics investigation process was developed and continues to evolve with the need of the everchanging environment. The environment has changed once more due to the COVID-19 pandemic that was first detected in December 2019 and is with us up to date. This report reviews existing digital forensics processes throughout the years and adapts new steps to be followed in digital forensics investigations to accommodate the effects of the pandemic. We propose a Pandemic Digital Forensics Model (PDFM) based on the general digital forensics investigation processes that can be utilised in the COVID-19 era or in any other pandemic crisis that may occur. © 2021 IEEE.
ABSTRACT
COVID-19 scourge has made it challenging to combat digital crimes due to the complexity of attributing potential security incidents to perpetrators. Existing literature does not accurately pinpoint relevant models/frameworks that can be leveraged for crowd-sourcing digital forensic evidence. This paper suggests using feature engineering approaches for crowd-sourcing digital evidence to profile potential security incidents, for example, in a COVID-19 scenario. The authors have proposed a conceptual Crowd-sourcing (CRWD) model with three main components: Forensic data collection, feature engineering and the application of machine learning approaches, and also assessment with standardized reporting. This contribution is significantly poised to solve future investigative capabilities for forensic practitioners and computer security researchers. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
While the COVID-19 virus remolded the routines of the establishments, remote collaboration and distant communication gained more popularity. As the way electronic communications are handled changes drastically, new applications and storage mechanisms are introduced. Microsoft Teams is an application offered within the scope of Microsoft Office 365 that offers services for hosting virtual meetings, team communication, and comprehensive team resource management. It is prevalently used by organizations and indicates a great potential to be a source of digital forensic investigations. This paper scrutinizes the artifacts created by Microsoft Teams in IndexedDB persistent storage. IndexedDB is a fast-growing client-side storage technology that is relatively new as a source for digital forensic investigations. A single-case pretest-posttest quasi experiment was conducted to produce artifacts in Microsoft Teams IndexedDB storage. The artifacts were extracted without user credentials indicating security flaws in the application. Extracted artifacts were processed based on signature patterns and evaluated for their significance. Traditional database queries were utilized to link and present the information clustered according to their relevancy. A time-frame analysis was constructed to display information in a suitable format for investigators. The results indicate that Microsoft Teams IndexedDB storage artifacts contain significant potential for digital investigations with extraction of complete contents of private chat messages, voice mails, and team extensions with efficient time-frame analysis.
Subject(s)
COVID-19 , Communication , Databases, Factual , HumansABSTRACT
Most of the people nowadays use internet connection in their home, especially nowadays that most of the companies are forced to adapt to a Work from Home Basis due to the pandemic (Covid 19) to continue their business activities. This study assesses how vulnerable the default setting of SOHO Routers that the public/private telecommunication companies provide to their consumer. Furthermore, the study assesses how limited/outdated the protection of the router that is provided. This study uses a Kali Linux, a Debian-Based Linux used for Digital Forensics and Penetration Testing to test the vulnerability of the routers to network attacks. Network Attacks such as Deauthentication, Dictionary and Bruteforcing Attack, ARP Poisoning, etc. are performed to help identify threats that could compromise the network of the user and provide secure practices and solutions to help mitigate those kinds of attack. © 2021 ACM.