Visible to the public Biblio

Filters: Keyword is digital forensics  [Clear All Filters]
2021-08-11
McKeown, Sean, Russell, Gordon.  2020.  Forensic Considerations for the High Efficiency Image File Format (HEIF). 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1—8.
The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as their favoured means of capturing images from their camera application, with Android devices such as the Galaxy S10 providing support more recently. The format is positioned to replace JPEG as the de facto image compression file type, touting many modern features and better compression ratios over the aging standard. However, while millions of devices across the world are already able to produce HEIF files, digital forensics research has not given the format much attention. As HEIF is a complex container format, much different from traditional still picture formats, this leaves forensics practitioners exposed to risks of potentially mishandling evidence. This paper describes the forensically relevant features of the HEIF format, including those which could be used to hide data, or cause issues in an investigation, while also providing commentary on the state of software support for the format. Finally, suggestions for current best-practice are provided, before discussing the requirements of a forensically robust HEIF analysis tool.
2021-07-02
Haque, Shaheryar Ehsan I, Saleem, Shahzad.  2020.  Augmented reality based criminal investigation system (ARCRIME). 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1—6.
Crime scene investigation and preservation are fundamentally the pillars of forensics. Numerous cases have been discussed in this paper where mishandling of evidence or improper investigation leads to lengthy trials and even worse incorrect verdicts. Whether the problem is lack of training of first responders or any other scenario, it is essential for police officers to properly preserve the evidence. Second problem is the criminal profiling where each district department has its own method of storing information about criminals. ARCRIME intends to digitally transform the way police combat crime. It will allow police officers to create a copy of the scene of crime so that it can be presented in courts or in forensics labs. It will be in the form of wearable glasses for officers on site whereas officers during training will be wearing a headset. The trainee officers will be provided with simulations of cases which have already been resolved. Officers on scene would be provided with intelligence about the crime and the suspect they are interviewing. They would be able to create a case file with audio recording and images which can be digitally sent to a prosecution lawyer. This paper also explores the risks involved with ARCRIME and also weighs in their impact and likelihood of happening. Certain contingency plans have been highlighted in the same section as well to respond to emergency situations.
2021-06-01
Saigopal, Venkata Venugopal Rao Gudlur, Raju, Valliappan.  2020.  IIoT Digital Forensics and Major Security issues. 2020 International Conference on Computational Intelligence (ICCI). :233–236.
the significant area in the growing field of internet security and IIoT connectivity is the way that forensic investigators will conduct investigation process with devices connected to industrial sensors. This part of process is known as IIoT digital forensics and investigation. The main research on IIoT digital forensic investigation has been done, but the current investigation process has revealed and identified major security issues need to be addressed. In parallel, major security issues faced by traditional forensic investigators dealing with IIoT connectivity and data security. This paper address the issues of the challenges and major security issues identified by review conducted in the prospective and emphasizes on the aforementioned security and challenges.
2021-05-20
Almogbil, Atheer, Alghofaili, Abdullah, Deane, Chelsea, Leschke, Timothy, Almogbil, Atheer, Alghofaili, Abdullah.  2020.  The Accuracy of GPS-Enabled Fitbit Activities as Evidence: A Digital Forensics Study. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :186—189.

Technology is advancing rapidly and with this advancement, it has become apparent that it is nearly impossible to not leave a digital trace when committing a crime. As evidenced by multiple cases handled by law enforcement, Fitbit data has proved to be useful when determining the validity of alibis and in piecing together the timeline of a crime scene. In our paper, experiments testing the accuracy and reliability of GPS-tracked activities logged by the Fitbit Alta tracker and Ionic smartwatch are conducted. Potential indicators of manipulated or altered GPS-tracked activities are identified to help guide digital forensic investigators when handling such Fitbit data as evidence.

Almogbil, Atheer, Alghofaili, Abdullah, Deane, Chelsea, Leschke, Timothy, Almogbil, Atheer, Alghofaili, Abdullah.  2020.  Digital Forensic Analysis of Fitbit Wearable Technology: An Investigator’s Guide. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :44—49.
Wearable technology, such as Fitbit devices, log a user's daily activities, heart rate, calories burned, step count, and sleep activity. This information is valuable to digital forensic investigators as it may serve as evidence to a crime, to either support a suspect's innocence or guilt. It is important for an investigator to find and analyze every piece of data for accuracy and integrity; however, there is no standard for conducting a forensic investigation for wearable technology. In this paper, we conduct a forensic analysis of two different Fitbit devices using open-source tools. It is the responsibility of the investigator to show how the data was obtained and to ensure that the data was not modified during the analysis. This paper will guide investigators in understanding what data is collected by a Fitbit device (specifically the Ionic smartwatch and Alta tracker), how to handle Fitbit devices, and how to extract and forensically analyze said devices using open-source tools, Autopsy Sleuth Kit and Bulk Extractor Viewer.
2021-05-05
Đuranec, A., Gruičić, S., Žagar, M..  2020.  Forensic analysis of Windows 10 Sandbox. 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO). :1224—1229.

With each Windows operating system Microsoft introduces new features to its users. Newly added features present a challenge to digital forensics examiners as they are not analyzed or tested enough. One of the latest features, introduced in Windows 10 version 1909 is Windows Sandbox; a lightweight, temporary, environment for running untrusted applications. Because of the temporary nature of the Sandbox and insufficient documentation, digital forensic examiners are facing new challenges when examining this newly added feature which can be used to hide different illegal activities. Throughout this paper, the focus will be on analyzing different Windows artifacts and event logs, with various tools, left behind as a result of the user interaction with the Sandbox feature on a clear virtual environment. Additionally, the setup of testing environment will be explained, the results of testing and interpretation of the findings will be presented, as well as open-source tools used for the analysis.

2021-04-08
Zheng, Y., Cao, Y., Chang, C..  2020.  A PUF-Based Data-Device Hash for Tampered Image Detection and Source Camera Identification. IEEE Transactions on Information Forensics and Security. 15:620—634.
With the increasing prevalent of digital devices and their abuse for digital content creation, forgeries of digital images and video footage are more rampant than ever. Digital forensics is challenged into seeking advanced technologies for forgery content detection and acquisition device identification. Unfortunately, existing solutions that address image tampering problems fail to identify the device that produces the images or footage while techniques that can identify the camera is incapable of locating the tampered content of its captured images. In this paper, a new perceptual data-device hash is proposed to locate maliciously tampered image regions and identify the source camera of the received image data as a non-repudiable attestation in digital forensics. The presented image may have been either tampered or gone through benign content preserving geometric transforms or image processing operations. The proposed image hash is generated by projecting the invariant image features into a physical unclonable function (PUF)-defined Bernoulli random space. The tamper-resistant random PUF response is unique for each camera and can only be generated upon triggered by a challenge, which is provided by the image acquisition timestamp. The proposed hash is evaluated on the modified CASIA database and CMOS image sensor-based PUF simulated using 180 nm TSMC technology. It achieves a high tamper detection rate of 95.42% with the regions of tampered content successfully located, a good authentication performance of above 98.5% against standard content-preserving manipulations, and 96.25% and 90.42%, respectively, for the more challenging geometric transformations of rotation (0 360°) and scaling (scale factor in each dimension: 0.5). It is demonstrated to be able to identify the source camera with 100% accuracy and is secure against attacks on PUF.
Al-Dhaqm, A., Razak, S. A., Ikuesan, R. A., Kebande, V. R., Siddique, K..  2020.  A Review of Mobile Forensic Investigation Process Models. IEEE Access. 8:173359—173375.
Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for investigation.
Verdoliva, L..  2020.  Media Forensics and DeepFakes: An Overview. IEEE Journal of Selected Topics in Signal Processing. 14:910—932.
With the rapid progress in recent years, techniques that generate and manipulate multimedia content can now provide a very advanced level of realism. The boundary between real and synthetic media has become very thin. On the one hand, this opens the door to a series of exciting applications in different fields such as creative arts, advertising, film production, and video games. On the other hand, it poses enormous security threats. Software packages freely available on the web allow any individual, without special skills, to create very realistic fake images and videos. These can be used to manipulate public opinion during elections, commit fraud, discredit or blackmail people. Therefore, there is an urgent need for automated tools capable of detecting false multimedia content and avoiding the spread of dangerous false information. This review paper aims to present an analysis of the methods for visual media integrity verification, that is, the detection of manipulated images and videos. Special emphasis will be placed on the emerging phenomenon of deepfakes, fake media created through deep learning tools, and on modern data-driven forensic methods to fight them. The analysis will help highlight the limits of current forensic tools, the most relevant issues, the upcoming challenges, and suggest future directions for research.
Al-Dhaqm, A., Razak, S. A., Dampier, D. A., Choo, K. R., Siddique, K., Ikuesan, R. A., Alqarni, A., Kebande, V. R..  2020.  Categorization and Organization of Database Forensic Investigation Processes. IEEE Access. 8:112846—112858.
Database forensic investigation (DBFI) is an important area of research within digital forensics. It's importance is growing as digital data becomes more extensive and commonplace. The challenges associated with DBFI are numerous, and one of the challenges is the lack of a harmonized DBFI process for investigators to follow. In this paper, therefore, we conduct a survey of existing literature with the hope of understanding the body of work already accomplished. Furthermore, we build on the existing literature to present a harmonized DBFI process using design science research methodology. This harmonized DBFI process has been developed based on three key categories (i.e. planning, preparation and pre-response, acquisition and preservation, and analysis and reconstruction). Furthermore, the DBFI has been designed to avoid confusion or ambiguity, as well as providing practitioners with a systematic method of performing DBFI with a higher degree of certainty.
2021-03-04
Knyazeva, N., Khorkov, D., Vostretsova, E..  2020.  Building Knowledge Bases for Timestamp Changes Detection Mechanisms in MFT Windows OS. 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :553—556.

File timestamps do not receive much attention from information security specialists and computer forensic scientists. It is believed that timestamps are extremely easy to fake, and the system time of a computer can be changed. However, operating system for synchronizing processes and working with file objects needs accurate time readings. The authors estimate that several million timestamps can be stored on the logical partition of a hard disk with the NTFS. The MFT stores four timestamps for each file object in \$STANDARDİNFORMATION and \$FILE\_NAME attributes. Furthermore, each directory in the İNDEX\_ROOT or İNDEX\_ALLOCATION attributes contains four more timestamps for each file within it. File timestamps are set and changed as a result of file operations. At the same time, some file operations differently affect changes in timestamps. This article presents the results of the tool-based observation over the creation and update of timestamps in the MFT resulting from the basic file operations. Analysis of the results is of interest with regard to computer forensic science.

2021-02-23
Patil, A., Jha, A., Mulla, M. M., Narayan, D. G., Kengond, S..  2020.  Data Provenance Assurance for Cloud Storage Using Blockchain. 2020 International Conference on Advances in Computing, Communication Materials (ICACCM). :443—448.

Cloud forensics investigates the crime committed over cloud infrastructures like SLA-violations and storage privacy. Cloud storage forensics is the process of recording the history of the creation and operations performed on a cloud data object and investing it. Secure data provenance in the Cloud is crucial for data accountability, forensics, and privacy. Towards this, we present a Cloud-based data provenance framework using Blockchain, which traces data record operations and generates provenance data. Initially, we design a dropbox like application using AWS S3 storage. The application creates a cloud storage application for the students and faculty of the university, thereby making the storage and sharing of work and resources efficient. Later, we design a data provenance mechanism for confidential files of users using Ethereum blockchain. We also evaluate the proposed system using performance parameters like query and transaction latency by varying the load and number of nodes of the blockchain network.

2021-01-11
Žulj, S., Delija, D., Sirovatka, G..  2020.  Analysis of secure data deletion and recovery with common digital forensic tools and procedures. 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO). :1607–1610.
This paper presents how students practical’s is developed and used for the important task forensic specialist have to do when using common digital forensic tools for data deletion and data recovery from various types of digital media and live systems. Digital forensic tools like EnCase, FTK imager, BlackLight, and open source tools are discussed in developed practical’s scenarios. This paper shows how these tools can be used to train and enhance student understanding of the capabilities and limitations of digital forensic tools in uncommon digital forensic scenarios. Students’ practicals encourage students to efficiently use digital forensic tools in the various professional scenarios that they will encounter.
2020-12-17
Abeykoon, I., Feng, X..  2019.  Challenges in ROS Forensics. 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1677—1682.

The usage of robot is rapidly growth in our society. The communication link and applications connect the robots to their clients or users. This communication link and applications are normally connected through some kind of network connections. This network system is amenable of being attached and vulnerable to the security threats. It is a critical part for ensuring security and privacy for robotic platforms. The paper, also discusses about several cyber-physical security threats that are only for robotic platforms. The peer to peer applications use in the robotic platforms for threats target integrity, availability and confidential security purposes. A Remote Administration Tool (RAT) was introduced for specific security attacks. An impact oriented process was performed for analyzing the assessment outcomes of the attacks. Tests and experiments of attacks were performed in simulation environment which was based on Gazbo Turtlebot simulator and physically on the robot. A software tool was used for simulating, debugging and experimenting on ROS platform. Integrity attacks performed for modifying commands and manipulated the robot behavior. Availability attacks were affected for Denial-of-Service (DoS) and the robot was not listened to Turtlebot commands. Integrity and availability attacks resulted sensitive information on the robot.

Basheer, M. M., Varol, A..  2019.  An Overview of Robot Operating System Forensics. 2019 1st International Informatics and Software Engineering Conference (UBMYK). :1—4.
Autonomous technologies have been rapidly replacing the traditional manual intervention nearly in every aspect of our life. These technologies essentially require robots to carry out their automated processes. Nowadays, with the emergence of industry 4.0, robots are increasingly being remote-controlled via client-server connection, which creates uncommon vulnerabilities that allow attackers to target those robots. The development of an open source operational environment for robots, known as Robot Operating System (ROS) has come as a response to these demands. Security and privacy are crucial for the use of ROS as the chance of a compromise may lead to devastating ramifications. In this paper, an overview of ROS and the attacks targeting it are detailed and discussed. Followed by a review of the ROS security and digital investigation studies.
2020-10-29
Jiang, Jianguo, Li, Song, Yu, Min, Li, Gang, Liu, Chao, Chen, Kai, Liu, Hui, Huang, Weiqing.  2019.  Android Malware Family Classification Based on Sensitive Opcode Sequence. 2019 IEEE Symposium on Computers and Communications (ISCC). :1—7.

Android malware family classification is an advanced task in Android malware analysis, detection and forensics. Existing methods and models have achieved a certain success for Android malware detection, but the accuracy and the efficiency are still not up to the expectation, especially in the context of multiple class classification with imbalanced training data. To address those challenges, we propose an Android malware family classification model by analyzing the code's specific semantic information based on sensitive opcode sequence. In this work, we construct a sensitive semantic feature-sensitive opcode sequence using opcodes, sensitive APIs, STRs and actions, and propose to analyze the code's specific semantic information, generate a semantic related vector for Android malware family classification based on this feature. Besides, aiming at the families with minority, we adopt an oversampling technique based on the sensitive opcode sequence. Finally, we evaluate our method on Drebin dataset, and select the top 40 malware families for experiments. The experimental results show that the Total Accuracy and Average AUC (Area Under Curve, AUC) reach 99.50% and 98.86% with 45. 17s per Android malware, and even if the number of malware families increases, these results remain good.

2020-10-16
Al-Nemrat, Ameer.  2018.  Identity theft on e-government/e-governance digital forensics. 2018 International Symposium on Programming and Systems (ISPS). :1—1.

In the context of the rapid technological progress, the cyber-threats become a serious challenge that requires immediate and continuous action. As cybercrime poses a permanent and increasing threat, governments, corporate and individual users of the cyber-space are constantly struggling to ensure an acceptable level of security over their assets. Maliciousness on the cyber-space spans identity theft, fraud, and system intrusions. This is due to the benefits of cyberspace-low entry barriers, user anonymity, and spatial and temporal separation between users, make it a fertile field for deception and fraud. Numerous, supervised and unsupervised, techniques have been proposed and used to identify fraudulent transactions and activities that deviate from regular patterns of behaviour. For instance, neural networks and genetic algorithms were used to detect credit card fraud in a dataset covering 13 months and 50 million credit card transactions. Unsupervised methods, such as clustering analysis, have been used to identify financial fraud or to filter fake online product reviews and ratings on e-commerce websites. Blockchain technology has demonstrated its feasibility and relevance in e-commerce. Its use is now being extended to new areas, related to electronic government. The technology appears to be the most appropriate in areas that require storage and processing of large amounts of protected data. The question is what can blockchain technology do and not do to fight malicious online activity?

2020-08-28
Kommera, Nikitha, Kaleem, Faisal, Shah Harooni, Syed Mubashir.  2016.  Smart augmented reality glasses in cybersecurity and forensic education. 2016 IEEE Conference on Intelligence and Security Informatics (ISI). :279—281.
Augmented reality is changing the way its users see the world. Smart augmented-reality glasses, with high resolution Optical Head Mounted display, supplements views of the real-world using video, audio, or graphics projected in front of user's eye. The area of Smart Glasses and heads-up display devices is not a new one, however in the last few years, it has seen an extensive growth in various fields including education. Our work takes advantage of a student's ability to adapt to new enabling technologies to investigate improvements teaching techniques in STEM areas and enhance the effectiveness and efficiency in teaching the new course content. In this paper, we propose to focus on the application of Smart Augmented-Reality Glasses in cybersecurity education to attract and retain students in STEM. In addition, creative ways to learn cybersecurity education via Smart Glasses will be explored using a Discovery Learning approach. This mode of delivery will allow students to interact with cybersecurity theories in an innovative, interactive and effective way, enhancing their overall live experience and experimental learning. With the help of collected data and in-depth analysis of existing smart glasses, the ongoing work will lay the groundwork for developing augmented reality applications that will enhance the learning experiences of students. Ultimately, research conducted with the glasses and applications may help to identify the unique skillsets of cybersecurity analysts, learning gaps and learning solutions.
2020-06-03
Cedillo, Priscila, Camacho, Jessica, Campos, Karina, Bermeo, Alexandra.  2019.  A Forensics Activity Logger to Extract User Activity from Mobile Devices. 2019 Sixth International Conference on eDemocracy eGovernment (ICEDEG). :286—290.

Nowadays, mobile devices have become one of the most popular instruments used by a person on its regular life, mainly due to the importance of their applications. In that context, mobile devices store user's personal information and even more data, becoming a personal tracker for daily activities that provides important information about the user. Derived from this gathering of information, many tools are available to use on mobile devices, with the restrain that each tool only provides isolated information about a specific application or activity. Therefore, the present work proposes a tool that allows investigators to obtain a complete report and timeline of the activities that were performed on the device. This report incorporates the information provided by many sources into a unique set of data. Also, by means of an example, it is presented the operation of the solution, which shows the feasibility in the use of this tool and shows the way in which investigators have to apply the tool.

Reeva, Patel, Siddhesh, Dhuri, Preet, Gada, Pratik, Shah, Jain, Nilakshi.  2019.  Digital Forensics Capability Analyzer: A tool to check forensic capability. 2019 International Conference on Nascent Technologies in Engineering (ICNTE). :1—7.

Digital forensics is process of identifying, preserving, analyzing and preserving digital evidence. Due to increasing cybercrimes now a days, it is important for all organizations to have a well-managed digital forensics cell. So to overcome this, we propose a framework called digital forensics capability analyser. [1]The main advantage of developing digital analyzer is cost minimization. This tool will provide fundamental information for setting up a digital forensic cell and will also offer services like online sessions. [2] [3]It will help organizations by providing them with a perfect solution according to their requirements to start a digital forensic cell in their respective lnstitution.[4] [5].

Chopade, Mrunali, Khan, Sana, Shaikh, Uzma, Pawar, Renuka.  2019.  Digital Forensics: Maintaining Chain of Custody Using Blockchain. 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :744—747.

The fundamental aim of digital forensics is to discover, investigate and protect an evidence, increasing cybercrime enforces digital forensics team to have more accurate evidence handling. This makes digital evidence as an important factor to link individual with criminal activity. In this procedure of forensics investigation, maintaining integrity of the evidence plays an important role. A chain of custody refers to a process of recording and preserving details of digital evidence from collection to presenting in court of law. It becomes a necessary objective to ensure that the evidence provided to the court remains original and authentic without tampering. Aim is to transfer these digital evidences securely using encryption techniques.

Ellison, Dagney, Ikuesan, Richard Adeyemi, Venter, Hein S..  2019.  Ontology for Reactive Techniques in Digital Forensics. 2019 IEEE Conference on Application, Information and Network Security (AINS). :83—88.

Techniques applied in response to detrimental digital incidents vary in many respects according to their attributes. Models of techniques exist in current research but are typically restricted to some subset with regards to the discipline of the incident. An enormous collection of techniques is actually available for use. There is no single model representing all these techniques. There is no current categorisation of digital forensics reactive techniques that classify techniques according to the attribute of function and nor is there an attempt to classify techniques in a means that goes beyond a subset. In this paper, an ontology that depicts digital forensic reactive techniques classified by function is presented. The ontology itself contains additional information for each technique useful for merging into a cognate system where the relationship between techniques and other facets of the digital investigative process can be defined. A number of existing techniques were collected and described according to their function - a verb. The function then guided the placement and classification of the techniques in the ontology according to the ontology development process. The ontology contributes to a knowledge base for digital forensics - essentially useful as a resource for the various people operating in the field of digital forensics. The benefit of this that the information can be queried, assumptions can be made explicit, and there is a one-stop-shop for digital forensics reactive techniques with their place in the investigation detailed.

Duy, Phan The, Do Hoang, Hien, Thu Hien, Do Thi, Ba Khanh, Nguyen, Pham, Van-Hau.  2019.  SDNLog-Foren: Ensuring the Integrity and Tamper Resistance of Log Files for SDN Forensics using Blockchain. 2019 6th NAFOSTED Conference on Information and Computer Science (NICS). :416—421.

Despite bringing many benefits of global network configuration and control, Software Defined Networking (SDN) also presents potential challenges for both digital forensics and cybersecurity. In fact, there are various attacks targeting a range of vulnerabilities on vital elements of this paradigm such as controller, Northbound and Southbound interfaces. In addition to solutions of security enhancement, it is important to build mechanisms for digital forensics in SDN which provide the ability to investigate and evaluate the security of the whole network system. It should provide features of identifying, collecting and analyzing log files and detailed information about network devices and their traffic. However, upon penetrating a machine or device, hackers can edit, even delete log files to remove the evidences about their presence and actions in the system. In this case, securing log files with fine-grained access control in proper storage without any modification plays a crucial role in digital forensics and cybersecurity. This work proposes a blockchain-based approach to improve the security of log management in SDN for network forensics, called SDNLog-Foren. This model is also evaluated with different experiments to prove that it can help organizations keep sensitive log data of their network system in a secure way regardless of being compromised at some different components of SDN.

Amato, Giuseppe, Falchi, Fabrizio, Gennaro, Claudio, Massoli, Fabio Valerio, Passalis, Nikolaos, Tefas, Anastasios, Trivilini, Alessandro, Vairo, Claudio.  2019.  Face Verification and Recognition for Digital Forensics and Information Security. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1—6.

In this paper, we present an extensive evaluation of face recognition and verification approaches performed by the European COST Action MULTI-modal Imaging of FOREnsic SciEnce Evidence (MULTI-FORESEE). The aim of the study is to evaluate various face recognition and verification methods, ranging from methods based on facial landmarks to state-of-the-art off-the-shelf pre-trained Convolutional Neural Networks (CNN), as well as CNN models directly trained for the task at hand. To fulfill this objective, we carefully designed and implemented a realistic data acquisition process, that corresponds to a typical face verification setup, and collected a challenging dataset to evaluate the real world performance of the aforementioned methods. Apart from verifying the effectiveness of deep learning approaches in a specific scenario, several important limitations are identified and discussed through the paper, providing valuable insight for future research directions in the field.

Khalaf, Rayan Sulaiman, Varol, Asaf.  2019.  Digital Forensics: Focusing on Image Forensics. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1—5.

The world is continuously developing, and people's needs are increasing as well; so too are the number of thieves increasing, especially electronic thieves. For that reason, companies and individuals are always searching for experts who will protect them from thieves, and these experts are called digital investigators. Digital forensics has a number of branches and different parts, and image forensics is one of them. The budget for the images branch goes up every day in response to the need. In this paper we offer some information about images and image forensics, image components and how they are stored in digital devices and how they can be deleted and recovered. We offer general information about digital forensics, focusing on image forensics.