Internet’s pervasiveness and the large availability of multimedia devices with networking capability have contributed to the global diffusion of cyber threats and cybercrimes, causing serious challenges from the digital forensic perspective. As a consequence, the potential amount of data which requires analysis is increasing, causing an urgent need for new forensic techniques and tools. Those currently in use, indeed, being more focused on full device extraction for some basic statistics than reducing and correlating data for case-relevant device identification, tend to be outdated. In this situation, which may be referred to as data rich but information poor, a practical solution is represented by Digital Forensics Triage, a promising new branch of the Digital Forensics science whose aim is to extract evidence and provide vital intelligence in a timely manner. Digital Forensics Triage, or simply Digital Triage, is generally referred to as a framework that could be adopted in time-critical situations to assign a higher priority to certain digital devices with regards to others, according to their relevance to the criminal case. Digital Triage has been characterized by the development of rapid data extraction techniques and tools whereas, despite some categorisation functions, determining the relevance of a digital device to a criminal case, also known as classification, tend to be a mostly manual process. Based on substantial research carried out to establish current methodologies in the field of Digital Triage and their potential use, this thesis describes an original methodology for digital device pre-examination and classification either on the crime scene or at Digital Forensic Laboratories (DFLs). The intended aim of the methodology is to automate the identification of relevant devices in criminal cases where time, huge backlogs, and suspect’s privacy protection are deemed critical factors. As a result of the merge of Digital Forensics best practices and Machine Learning supervised classification, the novel approach described hereafter presents several advantages with respect to other techniques currently in use. Selective device pre-examination on the crime scene or at DFLs, indeed, allows the timely identification of case-relevant devices while reducing the volume of data that need to be exhaustively examined. Experimental results of the criminal case studies of child pornography exchange and copyright infringement, suggest that the methodology described in this thesis is effective and viable, and can provide a basis for an automated digital devices classification tool for use in real-life criminal cases
(2014). Device classification in digital forensics triage.
Device classification in digital forensics triage
MARTURANA, FABIO
2014-01-01
Abstract
Internet’s pervasiveness and the large availability of multimedia devices with networking capability have contributed to the global diffusion of cyber threats and cybercrimes, causing serious challenges from the digital forensic perspective. As a consequence, the potential amount of data which requires analysis is increasing, causing an urgent need for new forensic techniques and tools. Those currently in use, indeed, being more focused on full device extraction for some basic statistics than reducing and correlating data for case-relevant device identification, tend to be outdated. In this situation, which may be referred to as data rich but information poor, a practical solution is represented by Digital Forensics Triage, a promising new branch of the Digital Forensics science whose aim is to extract evidence and provide vital intelligence in a timely manner. Digital Forensics Triage, or simply Digital Triage, is generally referred to as a framework that could be adopted in time-critical situations to assign a higher priority to certain digital devices with regards to others, according to their relevance to the criminal case. Digital Triage has been characterized by the development of rapid data extraction techniques and tools whereas, despite some categorisation functions, determining the relevance of a digital device to a criminal case, also known as classification, tend to be a mostly manual process. Based on substantial research carried out to establish current methodologies in the field of Digital Triage and their potential use, this thesis describes an original methodology for digital device pre-examination and classification either on the crime scene or at Digital Forensic Laboratories (DFLs). The intended aim of the methodology is to automate the identification of relevant devices in criminal cases where time, huge backlogs, and suspect’s privacy protection are deemed critical factors. As a result of the merge of Digital Forensics best practices and Machine Learning supervised classification, the novel approach described hereafter presents several advantages with respect to other techniques currently in use. Selective device pre-examination on the crime scene or at DFLs, indeed, allows the timely identification of case-relevant devices while reducing the volume of data that need to be exhaustively examined. Experimental results of the criminal case studies of child pornography exchange and copyright infringement, suggest that the methodology described in this thesis is effective and viable, and can provide a basis for an automated digital devices classification tool for use in real-life criminal casesFile | Dimensione | Formato | |
---|---|---|---|
phd_thesis_Marturana.pdf
solo utenti autorizzati
Licenza:
Non specificato
Dimensione
5.54 MB
Formato
Adobe PDF
|
5.54 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.