DOC PREVIEW
UTD CS 4398 - Intelligent Digital Forensics

This preview shows page 1-2-3-4-5-6 out of 19 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Digital ForensicsReading for LectureAbstract of Paper 1IntroductionXIRAF FrameworkForensic ApplicationsSummary and DirectionsAbstract of Paper 2Selective ImagingIntelligent ImagingDigital Evidence Bags“The Ultimate Test”Slide 13Abstract of Paper 3Slide 15Slide 16Technical ApproachSlide 18Slide 19Digital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at Dallas Intelligent Digital ForensicsOctober 8, 2010Reading for Lecturehttp://dfrws.org/2006/proceedings/7-Alink.pdfXIRAF – XML-based indexing and querying for digital forensicshttp://dfrws.org/2006/proceedings/8-Turner.pdfSelective and intelligent imaging using digital evidence bagshttp://dfrws.org/2006/proceedings/9-Lee.pdfDetecting false captioning using common-sense reasoningAbstract of Paper 1This paper describes a novel, XML-based approach towards managing and querying forensic traces extracted from digital evidence. This approach has been implemented in XIRAF, a prototype system for forensic analysis. XIRAF systematically applies forensic analysis tools to evidence files (e.g., hard disk images). Each tool produces structured XML annotations that can refer to regions (byte ranges) in an evidence file. XIRAF stores such annotations in an XML database, which allows us to query the annotations using a single, powerful query language (XQuery). XIRAF provides the forensic investigator with a rich query environment in which browsing, searching, and predefined query templates are all expressed in terms of XML database queriesIntroductionFramework for forensic analysis called XIRAFA clean separation between feature extraction and analysis-Features extracted are stored in XML formatA single, XML-based output format for forensic analysis toolsThe use of XML database technology for storing and querying the XML output of analysis tools.XIRAF FrameworkConsists of three componentsFeature extraction manager-Features are extracted from BLOBs (Binary large objects) using feature extraction tools-Output of the tools are coded in XML for the forensics analyzerTool repository-Tools are wrapped (e.g., object wrappers)Storage subsysystem-Stores BLOBs and XML annotations-XQuery used to query XML dataForensic ApplicationsAuthors have implemented following applications-Timeline browser: Through web browser examiner can look at data/time of interest-Photo searchSearch for images satisfying certain conditions-Child pornography detectionUsing hashing carried out matchingSummary and DirectionsThe separation of feature extraction and analysis brings benefits to both phases. XIRAF extracts features automatically, which is essential when processing large input sets. The use of XML as a common, intermediate output format for tools allows the integration of the output of diverse, independent tools that produce similar information. This handles both the heterogeneity present in the input data (e.g., different browser types) and with the diversity of forensic analysis tools. These benefits are demonstrated both by the timeline browser and by child pornography detection program. By storing extracted features in an XML database system one can analyze those features using a single, general-purpose, powerful query language. In addition, we benefit automatically from advances that are made in the area of XML database systemsDirections: Use semantic web technologies?Abstract of Paper 2This paper defines what selective imaging is, and the types of selective imaging that can be performed. This is contrasted with intelligent imaging and the additional capabilities that have to be built into an imager for it to be ‘intelligent’. A selective information capture scenario is demonstrated using the digital evidence bag (DEB) storage format. A DEB is a universal container for digital evidence from any source that allows the provenance to be recorded and continuity to be maintained throughout the life of the investigation. The paper concludes by defining the ‘ultimate test’ for an intelligent and selective imagerSelective ImagingSelective imaging is a term that is generally associated with the decision not to acquire all the possible information during the capture process. It is now recognized that ‘partial or selective file copying may be considered as an alternative’ when it may not be practical to acquire everything. Techniques include manual selection, semi-automatic selection, automatic selectionIntelligent ImagingInclude the domain experts in the imaging processHow do you go about capturing the knowledge of the technical experts that are familiar with digital technical complexities and legal domain experts and combine them? How do you know that you have captured everything relevant to the case under investigation or have not missed evidence of other offences?Digital Evidence BagsBoth selective and intelligent imaging techniques offer many more options and capabilities than current bit stream imaging. There are currently no commercial tools that perform selective imaging and adequately record the provenance of the selected information.Furthermore, no method has existed that captured the criteria or method used by the examiner in deciding what to acquire. For example, was an arbitrary manual selection used or was information captured based on category of information, file extensions, file signature or hash set.Authors solution to these problems is by the use of the digital evidence bag (DEB) format. A DEB is a universal container for digital information from any source. It allows the provenance of digital information to be recorded and continuity to be maintained throughout the life of the exhibit. Additionally, DEBs may be encapsulated within other DEBs. This feature differentiates the DEB structure from that used by current monolithic formats commonly in use.“The Ultimate Test”The method and storage container used must be able to store sufficient information about the provenance of the information captured such that when the information is restored it is identical to that which would have been acquired should a bit stream image have been taken.Summary and DirectionsThe methodology described and demonstrated by the authors is claimed to be a big improvement over bit stream imaging methods currently used. Directions-Better selection methods, more accurate?Abstract of Paper 3Detecting manipulated images has become an


View Full Document

UTD CS 4398 - Intelligent Digital Forensics

Documents in this Course
Botnets

Botnets

33 pages

Botnets

Botnets

33 pages

Load more
Download Intelligent Digital Forensics
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Intelligent Digital Forensics and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Intelligent Digital Forensics 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?