DOCSLIB.ORG

Graph-Based Temporal Analysis in Digital Forensics Nikolai A

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-22-2019 Graph-based Temporal Analysis in Digital Forensics Nikolai A. Adderley Follow this and additional works at: https://scholar.afit.edu/etd Part of the Data Storage Systems Commons, and the Hardware Systems Commons Recommended Citation Adderley, Nikolai A., "Graph-based Temporal Analysis in Digital Forensics" (2019). Theses and Dissertations. 2241. https://scholar.afit.edu/etd/2241 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. GRAPH-BASED TEMPORAL ANALYSIS IN DIGITAL FORENSICS THESIS Nikolai A. Adderley, 1stLt, USAF AFIT-ENG-MS-19-M-005 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio DISTRIBUTION STATEMENT A APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. The views expressed in this document are those of the author and do not reflect the official policy or position of the United States Air Force, the United States Department of Defense or the United States Government. This material is de- clared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT-ENG-MS-19-M-005 GRAPH-BASED TEMPORAL ANALYSIS IN DIGITAL FORENSICS THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command in Partial Fulfillment of the Requirements for the Degree of Master of Science in Electrical Engineering Nikolai A. Adderley, B.S 1stLt, USAF March 2019 DISTRIBUTION STATEMENT A APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. AFIT-ENG-MS-19-M-005 GRAPH-BASED TEMPORAL ANALYSIS IN DIGITAL FORENSICS THESIS Nikolai A. Adderley, B.S 1stLt, USAF Committee Membership: Dr. Gilbert L. Peterson Chair Dr. Robert Mills Member Dr. Douglas Hodson Member AFIT-ENG-MS-19-M-005 Abstract Establishing a timeline as part of a digital forensics investigation is a vital part of understanding the order in which system events occurred. However, most digital forensics tools present timelines as histogram or as raw artifacts. Conse- quently, digital forensics examiners are forced to rely on manual, labor-intensive practices to reconstruct system events. Current digital forensics analysis tools are at their technological limit with the increasing storage and complexity of data. A graph-based timeline can present digital forensics evidence in a structure that can be immediately understood and effortlessly focused. This paper presents the Tem- poral Analysis Integration Management Application (TAIMA) to enhance digital forensics analysis via information visualization (infovis) techniques. TAIMA is a prototype application that provides a graph-based timeline for event reconstruc- tion using abstraction and visualization techniques. A workflow illustration and pilot usability study provided evidence that TAIMA assisted digital forensics spe- cialists in identifying key system events during digital forensics analysis. iv Acknowledgements To my loving and supportive wife and children. Thank you for your sacrifice over the last two years and always being in my corner making sure I had all the love and support I needed to get through this. Additionally, I would like to thank my thesis chair and supervisor Dr. Gilbert L. Peterson for his astute guidance, patience and direction throughout my course work and thesis process. Moreover, I would also like to thank Capt. Daniel Schelkoph for his efforts in creating a test Neo4j database and assistance in incorporating it into TAIMA. Nikolai A. Adderley v Table of Contents Page Abstract . iv Acknowledgements . .v List of Figures . ix List of Tables . xi I. Introduction . .1 1.1 Digital Forensics . .3 1.2 Problem Statement . .5 1.3 Research Hypotheses . .6 1.4 Research Questions . .7 1.5 Contributions . .8 1.6 Organization of the Thesis . .9 II. Literature Review . 10 2.1 Information Visualization (infovis) Frameworks . 11 2.1.1 The Visual Information Seeking Mantra . 12 2.1.2 The Explore, Investigate and Correlate (EIC) Conceptual Framework . 14 2.1.3 Visualization Pipeline . 15 2.2 Abstraction . 17 2.2.1 Temporal Event Abstraction . 17 2.3 Temporal Analysis . 19 2.4 Digital Forensics Timelines . 19 2.4.1 Text-based Timeline . 21 2.4.2 Graph-based Timeline Analysis Studies . 22 2.5 Human-Computer Interaction (HCI) and Usability Testing . 25 2.5.1 Usability Testing . 26 III. Temporal Analysis Integration Management Application (TAIMA) ...................................................... 28 3.1 GRANDStack (GraphQL, React, Apollo, Neo4j Database) . 30 3.1.1 GraphQL . 31 3.1.2 Apollo Client . 31 3.1.3 React (JavaScript Library) . 31 3.1.4 Neo4j . 32 vi Page 3.1.5 Rendering the Grahical Timeline . 32 3.2 Data Transformation. 33 3.2.1 Import Data Acquisition . 33 3.2.2 Adaptive Data Reduction . 34 3.2.3 Visibility Transformation . 34 3.2.4 Viewing Transformation . 36 3.2.5 Rendering . 36 3.2.6 Visual Display . 37 3.3 The Interface . 37 3.3.1 Sheiderman Requirements . 38 3.4 The Data Model . 39 3.5 Temporal Event Abstraction . 41 3.6 TAIMA Workflow . 45 3.7 The Interface: Input Fields . 46 3.8 The Timeline . 47 3.9 Zoom...................................................... 49 3.10 Traces . 49 3.11 Summary . 50 IV. Research Design/Strategy . 52 4.1 Evaluating User Experience (UE) . 52 4.1.1 Disk Image . 53 4.1.2 Task Description . 54 4.1.3 Population Selection . 55 4.1.4 Evaluation Technique . 56 4.1.5 Data Analysis Procedure . 57 4.1.6 Research Limitations . 58 V. Results & Analysis . 60 5.1 Abstraction Evaluation . 60 5.2 Data Analysis . 62 5.2.1 Evaluating User Experience (UE) results . 62 5.2.2 Performance . 63 5.2.3 Accuracy . 63 5.2.4 Usability . 64 VI. Conclusion . 72 6.1 Results . 73 6.2 Limitations . 74 6.3 Future Work . 75 vii Page Appendix A. Approval . 77 Appendix B. Institutional Review Board Memorandum . 78 Appendix C. Study Instructions . 89 Appendix D. Raw Data . ..
Recommended publications
  • Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking

    Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking

    Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking ROD GEHL AND DARRYL PLECAS JUSTICE INSTITUTE OF BRITISH COLUMBIA NEW WESTMINSTER, BC Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted. Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is, unless otherwise noted, released under a Creative Commons Attribution 4.0 International (CC BY-NC) license. This means you are free to copy, retain (keep), reuse, redistribute, remix, and revise (adapt or modify) this textbook but not for commercial purposes. Under this license, anyone who revises this textbook (in whole or in part), remixes portions of this textbook with other material, or redistributes a portion of this textbook, may do so without gaining the author’s permission providing they properly attribute the textbook or portions of the textbook to the author as follows: Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is used under a CC BY-NC 4.0 International license. Additionally, if you redistribute this textbook (in whole or in part) you must retain the below statement, Download this book for free at https://pressbooks.bccampus.ca/criminalinvestigation/ as follows: 1. digital format: on every electronic page 2. print format: on at least one page near the front of the book To cite this textbook using APA, for example, follow this format: Gehl, Rod & Plecas, Darryl. (2016). Introduction to Criminal Investigation: Processes, Practices and Thinking.
  • 2021-22 Undergraduate Catalog

    2021-22 Undergraduate Catalog

    Undergraduate and Graduate Course Descriptions for the 2021 - 2022 Academic Year ACCT - Accounting ACCT 201 INTRO TO FINANCIAL ACCOUNTING: A comprehensive study of basic financial accounting processes applicable to a service, merchandising, and manufacturing business. An analysis of transactions, journalizing, posting, preparation of working papers and ­financial statements. ACCT 202 INTRO TO MANAGERIAL ACCT: An introductory study of managerial accounting processes including job order costing, process costing, cost­volume­profit analysis, standard costs, activity­based costing, cost analysis, budgeting, and managerial decision making. Prerequisite: ACCT 201 or equivalent with a minimum grade of C. ACCT 301 INTERMEDIATE ACCOUNTING I: A study of financial accounting ­standard setting, the conceptual framework underlying financial accounting, balance sheet and income statement ­presentations, revenue and expense ­recognition, and accounting for current assets, and current liabilities. Prerequisite: ACCT 202 with a minimum grade of C. ACCT 302 INTERMEDIATE ACCOUNTING II: This class is the second course of the three­semester sequence of intermediate financial accounting. This course focuses on issues related to the reporting and analysis of financial accounting information. The objective in this course is to examine in detail (with an emphasis on both the "what" and the "why") the following financial topics: 1) Operational Assets 2) Time value of money 3) Bonds and long term notes 4) Leases 5) Employee benefits and pensions. Prerequisite: ACCT301 or equivalent with a minimum grade of C. ACCT 306 COST ACCOUNTING: A study of cost behavior, overhead cost ­allocations, cost systems design, and an introduction to activity­based costing and control systems. Emphasis is on case studies and other practical applications.
  • Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing

    Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing

    Georgia Southern University Digital Commons@Georgia Southern Electronic Theses and Dissertations Graduate Studies, Jack N. Averitt College of Spring 2018 Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data Majeed Kayode Raji Follow this and additional works at: https://digitalcommons.georgiasouthern.edu/etd Part of the Business Analytics Commons, Business Intelligence Commons, Computational Engineering Commons, and the Other Engineering Commons Recommended Citation Raji, Majeed Kayode, "Digital Forensic Tools & Cloud-Based Machine Learning for Analyzing Crime Data" (2018). Electronic Theses and Dissertations. 1879. https://digitalcommons.georgiasouthern.edu/etd/1879 This thesis (open access) is brought to you for free and open access by the Graduate Studies, Jack N. Averitt College of at Digital Commons@Georgia Southern. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons@Georgia Southern. For more information, please contact [email protected]. DIGITAL FORENSIC TOOLS & CLOUD-BASED MACHINE LEARNING FOR ANALYZING CRIME DATA by MAJEED KAYODE RAJI (Under the Direction of Hayden Wimmer) ABSTRACT Digital forensics is a branch of forensic science in which we can recreate past events using forensic tools for a legal measure. Also, the increase in the availability of mobile devices has led to their use in criminal activities. Moreover, the rate at which data is being generated has been on the increase which has led to big data problems. With cloud computing, data can now be stored, processed and analyzed as they are generated. This thesis document consists of three studies related to data analysis. The first study involves analyzing data from an Android smartphone while making a comparison between two forensic tools; Paraben E3: DS and Autopsy.
  • Hacking Exposed Computer Forensics, Second Edition, Delivers the Most Valuable Insight on the Market

    Hacking Exposed Computer Forensics, Second Edition, Delivers the Most Valuable Insight on the Market

    HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co.
  • IEEE Paper Template in A4 (V1)

    IEEE Paper Template in A4 (V1)

    ISSN 2319 – 1953 International Journal of Scientific Research in Computer Science Applications and Management Studies Digital Forensics in Cloud Computing Environment Santhosh B, Nelson Dsouza#2, Akash D Kumbhar*2 #1,Associate Professor, Dept of MCA,AIMIT, Mangaluru, Karnataka, India #2Department of MCA, AIMIT, Mangaluru, Karnataka, India Abstract— The Internet is growing explosively, as is the • In a lawful manner, preserving, extracting, storing, analyzing number of crimes committed against or using computers. As a and presenting the evidence. response to the growth of computer crime, the field of computer • To gain an insight into the activities and techniques used by forensics has emerged. Computer forensics involves carefully cybercriminals. And find a counter way to solve the loopholes. collecting and examining electronic evidence that not only assesses the damage to a computer as a result of an electronic III. CHALLENGES AND RESEARCH GAPS attack, but also to recover lost information from such a system to prosecute a criminal. With the growing importance of computer The states not available, suspect and court ready becomes a security today and the seriousness of cybercrime, it is important challenge for cloud forensic investigator to recognize the data for computer professionals to understand the technology that is set for them. The increase in data storage capacity in a cloud used in computer forensics. This paper will discuss the need, goal is a disadvantage for a digital forensic investigation as it for computer forensics to be practiced in an effective, legal ways increases the time for analyzing the abundant data. and challenges. Forensics is the process of using scientific Lack of tools and little expertise in cloud forensics is of knowledge for collecting, analyzing and presenting evidence to concern, involves more challenging when encryption, multi- the courts.
  • Auditing Database Systems Through Forensic Analysis

    Auditing Database Systems Through Forensic Analysis

    DePaul University Via Sapientiae College of Computing and Digital Media Dissertations College of Computing and Digital Media Summer 7-17-2020 Auditing database systems through forensic analysis James Wagner DePaul University, [email protected] Follow this and additional works at: https://via.library.depaul.edu/cdm_etd Part of the Computer and Systems Architecture Commons, and the Data Storage Systems Commons Recommended Citation Wagner, James, "Auditing database systems through forensic analysis" (2020). College of Computing and Digital Media Dissertations. 23. https://via.library.depaul.edu/cdm_etd/23 This Dissertation is brought to you for free and open access by the College of Computing and Digital Media at Via Sapientiae. It has been accepted for inclusion in College of Computing and Digital Media Dissertations by an authorized administrator of Via Sapientiae. For more information, please contact [email protected]. AUDITING DATABASE SYSTEMS THROUGH FORENSIC ANALYSIS BY JAMES WAGNER A DISSERTATION SUBMITTED TO THE SCHOOL OF COMPUTING, COLLEGE OF COMPUTING AND DIGITAL MEDIA OF DEPAUL UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY DEPAUL UNIVERSITY CHICAGO, ILLINOIS 2020 DePaul University College of Computing and Digital Media Dissertation Verification This doctoral dissertation has been read and approved by the dissertation committee below according to the requirements of the Computer and Information Systems PhD program and DePaul University. Name: James Wagner Title of dissertation: AUDITING DATABASE SYSTEMS THROUGH FORENSIC ANALYSIS Date of Dissertation Defense: 07/17/2020 Alexander Rasin Dissertation Advisor* Boris Glavic st 1 Reader Tanu Malik 2nd Reader Jacob Furst 3rd Reader Karen Heart 4th Reader (if applicable) 5th Reader (if applicable) * A copy of this form has been signed, but may only be viewed after submission and approval of FERPA request letter.
  • A Brief on Innovation Towards Forensic Science

    A Brief on Innovation Towards Forensic Science

    Journal of Forensic Pathology Commentary A Brief on Innovation towards Forensic Science MA Farhangi* Department of Drug Applied Research Center, Tabriz University of Medical Sciences, Tabriz, Iran INTRODUCTION Ideally acquisition involves capturing a picture of the computer's volatile memory (RAM) and creating a particular sector level Digital forensics (sometimes referred to as digital forensic duplicate (or "forensic duplicate") of the media, often employing science) may be a branch of forensic science encompassing the a write blocking device to stop modification of the first . recovery and investigation of fabric found in digital devices, However, the expansion in size of storage media and often in reference to computer crime. The term digital forensics developments like cloud computing have led to more use of 'live' was originally used as a synonym for computer forensics but has acquisitions whereby a 'logical' copy of the info is acquired expanded to hide investigation of all devices capable of storing instead of an entire image of the physical memory device .Both digital data. With roots within the personal computing acquired image (or logical copy) and original media/data are revolution of the late 1970s and early 1980s, the discipline hashed (using an algorithm like SHA-1 or MD5) and therefore evolved during a haphazard manner during the 1990s, and it the values compared to verify the copy is accurate. had been not until the first 21st century that national policies emerged. Digital forensics is usually utilized in both legal code and personal investigation. Traditionally it's been related to legal Digital forensics investigations have a spread of applications.
  • Hacking Exposed Computer Forensics.Pdf

    Hacking Exposed Computer Forensics.Pdf

    www.it-ebooks.info HACKING EXPOSED™ COMPUTER FORENSICS SECOND EDITION REVIEWS “This book provides the right mix of practical how-to knowledge in a straightforward, informative fashion that ties all the complex pieces together with real-world case studies. With so many books on the topic of computer forensics, Hacking Exposed Computer Forensics, Second Edition, delivers the most valuable insight on the market. The authors cut to the chase of what people must understand to effectively perform computer forensic investigations.” —Brian H. Karney, COO, AccessData Corporation “Hacking Exposed Computer Forensics is a ‘must-read’ for information security professionals who want to develop their knowledge of computer forensics.” —Jason Fruge, Director of Consulting Services, Fishnet Security www.it-ebooks.info 00-FM.indd i 8/23/2009 3:54:42 AM “Computer forensics has become increasingly important to modern incident responders attempting to defend our digital castles. Hacking Exposed Computer Forensics, Second Edition, picks up where the first edition left off and provides a valuable reference, useful to both beginning and seasoned forensic professionals. I picked up several new tricks from this book, which I am already putting to use.” —Monty McDougal, Raytheon Information Security Solutions, and author of the Windows Forensic Toolchest (WFT) (www.foolmoon.net) “Hacking Exposed Computer Forensics, Second Edition, is an essential reference for both new and seasoned investigators. The second edition continues to provide valuable information in a format that is easy to understand and reference.” —Sean Conover, CISSP, CCE, EnCE “This book is an outstanding point of reference for computer forensics and certainly a must-have addition to your forensic arsenal.” —Brandon Foley, Manager of Enterprise IT Security, Harrah’s Operating Co.
  • Forensic Science 1 Forensic Science

    Forensic Science 1 Forensic Science

    Forensic science 1 Forensic science "Forensics" redirects here. For other uses, see Forensics (disambiguation). Forensic science Physiological sciences • Forensic anthropology • Forensic archaeology • Forensic odontology • Forensic entomology • Forensic pathology • Forensic botany • Forensic biology • DNA profiling • Bloodstain pattern analysis • Forensic chemistry • Forensic osteology Social sciences • Forensic psychology • Forensic psychiatry Forensic criminalistics • Ballistics • Ballistic fingerprinting • Body identification • Fingerprint analysis • Forensic accounting • Forensic arts • Forensic footwear evidence • Forensic toxicology • Gloveprint analysis • Palmprint analysis • Questioned document examination • Vein matching Digital forensics • Computer forensics • Forensic data analysis • Database forensics • Mobile device forensics • Network forensics • Forensic video • Forensic audio Related disciplines • Fire investigation Forensic science 2 • Fire accelerant detection • Forensic engineering • Forensic linguistics • Forensic materials engineering • Forensic polymer engineering • Forensic statistics • Forensic taphonomy • Vehicular accident reconstruction People • William M. Bass • George W. Gill • Richard Jantz • Edmond Locard • Douglas W. Owsley • Werner Spitz • Auguste Ambroise Tardieu • Juan Vucetich Related articles • Crime scene • CSI effect • Perry Mason syndrome • Pollen calendar • Skid mark • Trace evidence • Use of DNA in forensic entomology • v • t [1] • e Forensic science is the scientific method of gathering and examining
  • A New Framework for Securing, Extracting and Analyzing Big Forensic Data

    A New Framework for Securing, Extracting and Analyzing Big Forensic Data

    Journal of Digital Forensics, Security and Law Volume 13 Article 6 October 2018 A New Framework for Securing, Extracting and Analyzing Big Forensic Data Hitesh Sachdev Georgia Southern University hayden wimmer Georgia Southern University, [email protected] Lei Chen Georgia Southern University Carl Rebman University of San Diego, [email protected] Follow this and additional works at: https://commons.erau.edu/jdfsl Part of the Computer and Systems Architecture Commons, Computer Law Commons, Data Storage Systems Commons, Information Security Commons, Management Information Systems Commons, Systems Architecture Commons, and the Technology and Innovation Commons Recommended Citation Sachdev, Hitesh; wimmer, hayden; Chen, Lei; and Rebman, Carl (2018) "A New Framework for Securing, Extracting and Analyzing Big Forensic Data," Journal of Digital Forensics, Security and Law: Vol. 13 , Article 6. DOI: https://doi.org/10.15394/jdfsl.2018.1419 Available at: https://commons.erau.edu/jdfsl/vol13/iss2/6 This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of (c)ADFSL Scholarly Commons. For more information, please contact [email protected]. A NEW FRAMEWORK FOR SECURING, EXTRACTING AND ANALYZING BIG FORENSIC DATA Hitesh Sachdev1, Hayden Wimmer1, Lei Chen1, Carl Rebman2 1Georgia Southern University Dept. of Information Technology P.O. Box 8150 Statesboro, GA 30415, USA [email protected], [email protected]*, [email protected] 2University of San Diego School of Business Administration 5998 Alcala Park Coronado 212 San Diego, CA 92110 [email protected] ABSTRACT Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research.
  • Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence

    Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence

    Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence Forensisch korrekte Datensicherung im Zeitalter anti-forensischer Arglosigkeit Der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg zur Erlangung des Doktorgrades Dr.-Ing. vorgelegt von Michael Gruhn aus Bad Windsheim Als Dissertation genehmigt von der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg Tag der mündlichen Prüfung: 2016-11-24 Vorsitzender des Promotionsorgans: Prof. Dr.-Ing. Reinhard Lerch Gutachter: Prof. Dr.-Ing. Felix Freiling Prof. Dr. Zeno Geradts Abstract In this thesis, we tackle anti-forensic and rootkit problems in digital forensics. An anti-forensic technique is any measure that prevents a forensic analysis or reduces its quality. First, we investigate the anti-forensic threat of hard drive firmware rootkits, which can prevent a forensic analyst from acquiring data from the hard drive, thus jeopardizing the forensic analysis. To this end, we first outline the threat of hard drive firmware rootkits. We then provide a procedure to detect and subvert already published hard disk drive firmware bootkits. We further outline potential avenues to detect hard drive firmware rootkits nested deeper within the hard disk drive’s so-called Service Area, a special storage on the magnetic platter reserved for use by the firmware. After addressing the acquisition of persistent data storage in form of hard disk drives, we shift towards acquisition and later analysis of volatile storage, in the form of RAM. To this end, we first evaluate the atomicity and integrity as well as anti-forensic resistance of different memory acquisition techniques with our novel black-box analysis technique.
  • Forensic Chemistry

    Forensic Chemistry

    Cutting-Edge Programs, Experience It: Smart People, Cool Research Chemistry at Illinois Tech Bachelor of Science in FORENSIC CHEMISTRY What Is Forensic Chemistry? Learn forensic Forensic chemistry is the application of chemistry to forensic analytical chemistry investigation. It is a science at the interface of analytical and inorganic chemistry, biochemistry, microbiology, toxicology, and forensic toxicology lab and genetics. techniques that employers need. Is Forensic Chemistry Right for You? Program Benefits Do you want to learn how chemical, biochemical, and • Provides you with specialized skills in chemical, biological, microscopic analysis are applied to crime scene investigation spectroscopic, and chromatographic methods for analysis and drug enforcement administration? Would you like and characterization of forensic samples. to work in a government agency on a team in charge of forensic science and forensic chemistry biodefense and anti- • Learn various areas of forensic science and select courses bioterrorism? This program is right for you if you are interested based on your interest in forensic analytical chemistry, in developing a career in forensic science, forensic medicine, forensic DNA analysis, or forensic data analysis. forensic drug analysis, forensic toxicology and DNA analysis, or criminalistics. • Learn lab skills that employers want in instrumental, colorimetric, and microscopic analysis of forensic samples, What Makes This Program Unique? controlled substances, and standards. • You will build a strong foundation in traditional chemistry • Prepares you to be a viable candidate for professional and then develop sound knowledge and practical skills to positions in forensic chemistry, forensic science, crime earn a B.S. in this specialized program. scene investigation (CSI), drug investigation and enforcement labs.