Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Digital Forensics: Review of Issues in Scientific Validation of Digital Evidence

  • Received : 2017.11.16
  • Accepted : 2017.12.29
  • Published : 2018.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Digital forensics is a vital part of almost every criminal investigation given the amount of information available and the opportunities offered by electronic data to investigate and evidence a crime. However, in criminal justice proceedings, these electronic pieces of evidence are often considered with the utmost suspicion and uncertainty, although, on occasions are justifiable. Presently, the use of scientifically unproven forensic techniques are highly criticized in legal proceedings. Nevertheless, the exceedingly distinct and dynamic characteristics of electronic data, in addition to the current legislation and privacy laws remain as challenging aspects for systematically attesting evidence in a court of law. This article presents a comprehensive study to examine the issues that are considered essential to discuss and resolve, for the proper acceptance of evidence based on scientific grounds. Moreover, the article explains the state of forensics in emerging sub-fields of digital technology such as, cloud computing, social media, and the Internet of Things (IoT), and reviewing the challenges which may complicate the process of systematic validation of electronic evidence. The study further explores various solutions previously proposed, by researchers and academics, regarding their appropriateness based on their experimental evaluation. Additionally, this article suggests open research areas, highlighting many of the issues and problems associated with the empirical evaluation of these solutions for immediate attention by researchers and practitioners. Notably, academics must react to these challenges with appropriate emphasis on methodical verification. Therefore, for this purpose, the issues in the experiential validation of practices currently available are reviewed in this study. The review also discusses the struggle involved in demonstrating the reliability and validity of these approaches with contemporary evaluation methods. Furthermore, the development of best practices, reliable tools and the formulation of formal testing methods for digital forensic techniques are highlighted which could be extremely useful and of immense value to improve the trustworthiness of electronic evidence in legal proceedings.

Keywords

References

  1. National Research Council, Strengthening Forensic Science in the United States: A Path Forward. Washington, DC: National Academies Press, 2009.
  2. President's Council of Advisors on Science and Technology, Report to the President Forensic Science in Criminal Courts: Ensuring Scientific Validity of Feature-Comparison Methods. Washington, DC: Executive Office of the President, 2016.
  3. D. M. Risinger, M. J. Saks, W. C. Thompson, and R. Rosenthal, "The Daubert/Kumho implications of observer effects in forensic science: hidden problems of expectation and suggestion," California Law Review, vol. 90, no. 1, 2002.
  4. P. Roberts, "Paradigms of forensic science and legal process: a critical diagnosis," Philosophical Transactions of the Royal Society B, vol. 370, no. 1674, article no. 20140256, 2015.
  5. M. Meyers and M. Rogers, "Digital forensics: meeting the challenges of scientific evidence," in IFIP International Conference on Digital Forensics. Boston, MA: Springer, 2005, pp. 43-50.
  6. E. Van Buskirk and V. T. Liu, "Digital evidence: challenging the presumption of reliability," Journal of Digital Forensic Practice, vol. 1, no. 1, pp. 19-26, 2006. https://doi.org/10.1080/15567280500541421
  7. G. Edmond and D. Mercer, "Trashing junk science," Stanford Technology Law Review, no. 3, 1998.
  8. R. G. Behrents, "Lucy fell from a tree and plunged 40 feet to her death," American Journal of Orthodontics and Dentofacial Orthopedics, vol. 150, no. 5, pp. 719-722, 2016. https://doi.org/10.1016/j.ajodo.2016.09.002
  9. H. F. Fradella, A. Fogarty, and L. O'Neill, "The impact of Daubert on the admissibility of behavioral science testimony," Pepperdine Law Review, vol. 30, no. 3, pp. 403-444, 2002.
  10. D. J. Ryan and G. Shpantzer, "Legal aspects of digital forensics," 2002 [Online]. Available: http://euro.ecom.cmu.edu/program/law/08-732/Evidence/RyanShpantzer.pdf.
  11. D. B. Garrie, "Digital forensic evidence in the courtroom: understanding content and quality," Northwestern Journal of Technology and Intellectual Property, vil. 12, no. 2, article no. 5, 2014.
  12. S. Mahle, "An introduction to Daubert v. Merrell Dow," 2008 [Online]. Available: http://www.daubertexpert.com/basics_daubert-v-merrell-dow.html.
  13. European Network of Forensic Science Institutes, "Best Practice Manual for the forensic examination of handwriting," Report No. ENFSI-BPM-FHX-01, 2015.
  14. S. Garfinkel, P. Farrell, V. Roussev, and G. Dinolt, "Bringing science to digital forensics with standardized forensic corpora," Digital Investigation, vol. 6, pp. S2-S11, 2009. https://doi.org/10.1016/j.diin.2009.06.016
  15. I. Baggili and F. Breitinger, "Data sources for advancing cyber forensics: what the social world has to offer," in Proceedings of the 2015 AAAI Spring Symposium Series, Palo Alto, CA, 2015.
  16. R. Bekkerman, "Automatic categorization of email into folders: benchmark experiments on Enron and SRI corpora," University of Massachusetts Amherst, MA, 2004.
  17. MAWI Working Group Traffic Archive [Online]. Available: http://mawi.wide.ad.jp/mawi/.
  18. H. Visti, "ForGe: computer forensic test image generator," 2013 [Online]. Available: https://articles.forensicfocus.com/2013/10/18/forge-computer-forensic-test-image-generator/
  19. M. Powell, "The canterbury corpus," 2001 [Online]. Available: http://corpus.canterbury.ac.nz/.
  20. "UMass Trace Repository," 2009 [Online]. Available: http://traces.cs.umass.edu/index.php/Main/HomePage.
  21. C. Grajeda, F. Breitinger, and I. Baggili, "Availability of datasets for digital forensics: and what is missing," Digital Investigation, vol. 22, pp. S94-S105, 2017. https://doi.org/10.1016/j.diin.2017.06.004
  22. "Hacking Case," 2007 [Online]. Available: https://www.cfreds.nist.gov/Hacking_Case.html.
  23. Y. Yannikos, L. Graner, M. Steinebach, and C. Winter, "Data corpora for digital forensics education and research," in IFIP International Conference on Digital Forensics. Heidelberg: Springer, 2014, pp. 309-325.
  24. K. Roberts, M. A. Roach, J. Johnson, J. Guthrie, and S. M. Harabagiu, "EmpaTweet: annotating and detecting emotions on Twitter," in Proceedings of the 8th International Conference on Language Resources and Evaluation, Istanbul, Turkey, 2012, pp. 3806-3813.
  25. K. A. Cole, S. Gupta, D. Gurugubelli, and M. K. Rogers, "A review of recent case law related to digital forensics: the current issues," in Proceedings of the Conference on Digital Forensics, Security and Law, Daytona Beach, FL, 2015, pp. 95-103.
  26. A. Eckelberry, G. Dardick, J. A. Folkerts, A. Shipp, E. Sites, J. Stewart, and R. Stuart, "Technical review of the trial testimony State of Connecticut vs. Julie Amero," 2007 [Online]. Available: http://sunbeltblog.eckelberry.com/wp-content/ihs/alex/julieamerosummary.pdf.
  27. Scientific Working Group on Digital Evidence, "SWGDE establishing confidence in digital forensic results by error mitigation analysis," Scientific Working Group on Digital Evidence, 2017.
  28. S. L. Garfinkel, "Digital forensics research: the next 10 years," Digital Investigation, vol. 7, pp. S64-S73, 2010. https://doi.org/10.1016/j.diin.2010.05.009
  29. J. I. James and P. Gladyshev, "Challenges with automation in digital forensic investigations," 2013 [Online]. Available: https://arxiv.org/ftp/arxiv/papers/1303/1303.4498.pdf.
  30. J. Slay, Y. C. Lin, B. Turnbull, J. Beckett, and P. Lin, "Towards a formalization of digital forensics," in IFIP International Conference on Digital Forensics. Heidelberg: Springer, 2009, pp. 37-47.
  31. National Institute of Standards and Technology, "Computer Forensic Tool Testing Program (CFTT)," 2017 [Online]. Available: https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testingprogram-cftt.
  32. D. Bennett, "The challenges facing computer forensics investigators in obtaining information from mobile devices for use in criminal investigations," Information Security Journal: A Global Perspective, vol. 21, no. 3, pp. 159-168, 2012. https://doi.org/10.1080/19393555.2011.654317
  33. L. Pan and L. Batten, "Reproducibility of digital evidence in forensic investigations," in Proceedings of the 5th Annual Digital Forensic Research Workshop, New Orleans, LA, 2005, pp. 1-8.
  34. G. Palmer, "A road map for digital forensic research," in Proceedings of the 1st Digital Forensic Research Workshop, Utica, NY, 2001, pp. 27-30).
  35. M. Reith, C. Carr, and G. Gunsch, "An examination of digital forensic models," International Journal of Digital Evidence, vol. 1, no. 3, 1-12, 2002.
  36. W. A. Jansen and A. Delaitre, Mobile Forensic Reference Materials: A Methodology and Reification. Gaithersburg, MD: US Department of Commerce, National Institute of Standards and Technology, 2009.
  37. Wholesale Applications Community, "What is WAC," 2015 [Online]. Available: http://www.wholesaleappcommunity.com/what-is-wac/.
  38. Scientific Working Group on Digital Evidence [Online]. Available: https://www.swgde.org/.
  39. G. Tully, Forensic Science Regulator's Annual Report 2014-2015. Birmingham, UK: The Forensic Science Regulator, 2015.
  40. Forensic Science Regulator, Draft Guidance : Digital Forensics Method Validation. London: Crown Prosecution Service, 2014.
  41. State of North Carolina v. Bradley Graham Cooper (No. COA12-926) [Online]. Available: http://wwwcache.wral.com/asset/specialreports/nancycooper/2013/02/28/12166096/4128-sccoa.pdf.
  42. United States v. Suarez, 2010 WL 4226524 (D.N.J. Oct. 21, 2010) [Online]. Available: https://www.ediscoverylaw.com/2010/11/court-imposes-adverse-inference-for-failure-to-preserve-text-messages-relatedto-criminal-investigation/.
  43. R. Harris, "Arriving at an anti-forensics consensus: examining how to define and control the anti-forensics problem," Digital Investigation, vol. 3, pp. 44-49, 2006. https://doi.org/10.1016/j.diin.2006.06.005
  44. C. S. J. Peron and M. Legary, "Digital anti-forensics: emerging trends in data transformation techniques," in Proceedings of E-crime and Computer Evidence Conference, Technip, Monaco, 2005.
  45. S. L. Garfinkel, "Carving contiguous and fragmented files with fast object validation," Digital Investigation, vol. 4, pp. 2-12, 2007. https://doi.org/10.1016/j.diin.2007.06.017
  46. M. C. Stamm, W. S. Lin, and K. R. Liu, "Temporal forensics and anti-forensics for motion compensated video," IEEE Transactions on Information Forensics and Security, vol. 7, no. 4, pp. 1315-1329, 2012. https://doi.org/10.1109/TIFS.2012.2205568
  47. T. Newsham, C. Palmer, and A. Stamos, "Breaking forensics software: weaknesses in critical evidence collection," 2007 [Online]. Available: https://pdfs.semanticscholar.org/cc18/d7cc9017d35277d966fe62481a251280748d.pdf.
  48. I. Baggili, A. BaAbdallah, D. Al-Safi, and A. Marrington, "Research trends in digital forensic science: an empirical analysis of published research," in International Conference on Digital Forensics and Cyber Crime. Heidelberg: Springer, 2013, pp. 144-157.
  49. M. Wundram, F. C. Freiling, and C. Moch, "Anti-forensics: the next step in digital forensics tool testing," in Proceedings of the 7th International Conference on IT Security Incident Management and IT Forensics, Nuremberg, Germany, 2013, pp. 83-97.
  50. M. Anobah, S. Saleem, and O. Popov, "Testing framework for mobile device forensics tools," The Journal of Digital Forensics, Security and Law, vol. 9, no. 2, pp. 221-234, 2014.
  51. G. C. Kessler, "Anti-forensics and the digital investigator," 2007 [Online]. Available: http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1000&context=adf.
  52. K. Hausknecht and S. Gruicic, "Anti-computer forensics," in Proceedings of the 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, 2017, pp. 1233-1240.
  53. M. Rogers, "Anti-forensics: the coming wave in digital forensics," in Proceedings of the Center for Education and Research in Information Assurance and Security, West Lafayette, IN, 2006.
  54. K. Conlan, I. Baggili, and F. Breitinger, "Anti-forensics: furthering digital forensic science through a new extended, granular taxonomy, Digital Investigation, vol. 18, pp. S66-S75, 2016. https://doi.org/10.1016/j.diin.2016.04.006
  55. R. Bohme and M. Kirchner, "Counter-forensics: attacking image forensics," in Digital Image Forensics. New York, NY: Springer, 2013, pp. 327-366.
  56. M. K. Rogers and K. Seigfried, "The future of computer forensics: a needs analysis survey," Computers & Security, vol. 23, no. 1, pp. 12-16, 2014. https://doi.org/10.1016/j.cose.2004.01.003
  57. S. Biggs and S. Vidalis, "Cloud computing: the impact on digital forensic investigations," in Proceedings of the International Conference for Internet Technology and Secured Transactions, London, UK, 2009, pp. 1-6.
  58. G. Al Sadi, "Cloud computing architecture and forensic investigation challenges," International Journal of Computer Applications, vol. 124, no. 7, pp. 20-25, 2015. https://doi.org/10.5120/ijca2015905521
  59. D. Lillis, B. Becker, T. O'Sullivan, and M. Scanlon, "Current challenges and future research areas for digital forensic investigation," in Proceedings of the 11th ADFSL Conference on Digital Forensics, Security and Law, Daytona Beach, FL, 2016.
  60. K. Curran, A. Robinson, S. Peacocke, and S. Cassidy, "Mobile phone forensic analysis," International Journal of Digital Crime and Forensics, vol. 2, no. 3, pp. 15-27, 2012. https://doi.org/10.4018/jdcf.2010070102
  61. S. Schjolberg and S. Ghernaouti-Helie, A Global Treaty on Cybersecurity and Cybercrime. Oslo, Norway: Cybercrimedata, 2011.
  62. K. Nance, B. Hay, and M. Bishop, "Digital forensics: defining a research agenda," in Proceedings of the 42nd Hawaii International Conference on System Sciences, Big Island, HI, 2009, pp. 1-6.
  63. S. Raghavan, "Digital forensic research: current state of the art," CSI Transactions on ICT, vol. 1, no. 1, pp. 91-114, 2013. https://doi.org/10.1007/s40012-012-0008-7
  64. N. M. Karie and H. S. Venter, "Taxonomy of challenges for digital forensics," Journal of Forensic Sciences, vol. 60, no. 4, pp. 885-893, 2015. https://doi.org/10.1111/1556-4029.12809
  65. M. Damshenas, A. Dehghantanha, and R. Mahmoud, "A survey on digital forensics trends," International Journal of Cyber-Security and Digital Forensics, vol. 3, no. 4, pp. 209-235, 2014.
  66. "X1 Social Discovery," [Online]. Available: http://www.x1.com/products/x1_social_discovery/case_law_2012.html.
  67. "2015 mid-year e-Discovery update," [Online]. Available: http://www.gibsondunn.com/publications/Pages/2015-Mid-Year-E-Discovery-Update.aspx.
  68. J. Patzakis, "Hundreds of thousands of legal cases estimated to address social media in 2016," 2016 [Online]. Available: https://blog.x1discovery.com/2016/08/31/hundreds-of-thousands-of-legal-cases-estimated-toaddress-social-media-in-2016/.
  69. State of Louisiana v. Demontre Smith (No. 2015-K-1359) [Online]. Available: https://law.justia.com/cases/louisiana/fourth-circuit-court-of-appeal/2016/2015-k-1359.html.
  70. M. Bader and I. Baggili, "iPhone 3GS forensics: logical analysis using apple iTunes backup utility," Small Scale Digital Device Forensics Journal, vol. 4, no. 1, pp. 1-15, 2010.
  71. J. Lessard and G. Kessler, "Android forensics: simplifying cell phone examinations," Small Scale Digital Device Forensics Journal, vol. 4, no. 1, pp. 1-12, 2010.
  72. D. Walnycky, I. Baggili, A. Marrington, J. Moore, and F. Breitinger, "Network and device forensic analysis of android social-messaging applications," Digital Investigation, vol. 14, pp. S77-S84, 2015. https://doi.org/10.1016/j.diin.2015.05.009
  73. M. Huber, M. Mulazzani, M. Leithner, S. Schrittwieser, G. Wondracek, and E. Weippl, "Social snapshots: digital forensics for online social networks," in Proceedings of the 27th Annual Computer Security Applications Conference, Orlando, FL, 2011, pp. 113-122.
  74. M. Mulazzani, M. Huber, and E. Weippl, "Social network forensics: tapping the data pool of social networks," in Proceedings of the 8th Annual IFIP Working Group, Pretoria, South Africa, 2012, pp. 1-20.
  75. H. Chung, J. Park, S. Lee, and C. Kang, "Digital forensic investigation of cloud storage services," Digital Investigation, vol. 9, no. 2, pp. 81-95, 2012. https://doi.org/10.1016/j.diin.2012.05.015
  76. V. Roussev and S. McCulley, "Forensic analysis of cloud-native artifacts," Digital Investigation, vol. 16, pp. S104-S113, 2016. https://doi.org/10.1016/j.diin.2016.01.013
  77. N. H. Ab Rahman, N. D. W. Cahyani, and K. K. R. Choo, "Cloud incident handling and forensic-by-design: cloud storage as a case study," Concurrency and Computation: Practice and Experience, vol. 29, no. 14, article no. e3868, 2017.
  78. D. Quick and K. K. R. Choo, "Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata? Digital Investigation, vol. 10, no. 3, pp. 266-277, 2013. https://doi.org/10.1016/j.diin.2013.07.001
  79. B. Martini and K. K. R. Choo, "Cloud forensic technical challenges and solutions: a snapshot," IEEE Cloud Computing, vol. 1, no. 4, pp. 20-25, 2014. https://doi.org/10.1109/MCC.2014.69
  80. S. Simou, C. Kalloniatis, S. Gritzalis, and H. Mouratidis, "A survey on cloud forensics challenges and solutions," Security and Communication Networks, vol. 9, no. 18, pp. 6285-6314, 2016. https://doi.org/10.1002/sec.1688
  81. X. Jin and G. Yang, "Model-checking of merging events for digital forensics," International Journal of Digital Content Technology and its Applications, vol. 6, no. 22, pp. 785-793, 2012. https://doi.org/10.4156/jdcta.vol6.issue22.89
  82. Y. Wen, X. Man, K. Le, and W. Shi, "Forensics-as-a-service (faas): computer forensic workflow management and processing using cloud," in Proceedings of the 4th International Conferences on Clouding Computing, GRIDs, and Virtualization, Valencia, Spain, 2013, pp. 208-214.
  83. S. Zawoad and R. Hasan, "Cloud forensics: a meta-study of challenges, approaches, and open problems," 2013 [Online]. Available: https://arxiv.org/abs/1302.6312.
  84. A. M. Balogun and S. Y. Zhu, "Privacy impacts of data encryption on the efficiency of digital forensics technology," International Journal of Advanced Computer Science and Applications, vol. 4, no. 5, pp. 36-40, 2013.
  85. S. Lowman, "The effect of file and disk encryption on computer forensics," 2010 [Online]. Available: https://www.lowmanio.co.uk/share/The%20Effect%20of%20File%20and%20Disk%20Encryption%20on%20Computer%20Forensics.pdf.
  86. United States District Court for the District of Vermont, "In re grand jury subpoena to Sebastien Boucher," No. 2:06-mj-91, 2009 WL 424718, 2009.
  87. D. Olenick, "Apple iOS and Google Android smartphone market share flattening: IDC," 2015 [Online]. Available: http://www.forbes.com/sites/dougolenick/2015/05/27/apple-ios-and-google-android-smartphonemarket-share-flattening-idc/#345f7bcd2d4e.
  88. "IDC: Smartphone OS Market Share," 2017 [Online]. Available: https://www.idc.com/promo/smartphonemarket-share/os.
  89. C. I. Wong, K. Y. Wong, K. W. Ng, W. Fan, and K. H. Yeung, "Design of a crawler for online social networks analysis," WSEAS Transactions on Communications, vol. 13, pp. 263-274, 2014.
  90. The Washington Post, "Compromise needed on smartphone encryption," 2014 [Online]. Available: https://www.washingtonpost.com/opinions/compromise-needed-on-smartphone-encryption/2014/10/03/96680bf8-4a77-11e4-891d-713f052086a0_story.html?utm_term=.20649329becb.
  91. Human Rights Council, "Human Rights Council holds panel discussion on the right to privacy in the digital age," 2014 [Online]. Available: http://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=15017&.
  92. D. E. Sanger and M. Apuzzo, "James Comey, F.B.I. Director, hints at action as cellphone data is locked," 2014 [Online]. Available: http://www.nytimes.com/2014/10/17/us/politics/fbi-director-in-policy-speechcalls-dark-devices-hindrance-to-crime-solving.html.
  93. J. L. Hall, "The NSA's split-key encryption proposal is not serious," 2015 [Online]. Available: https://cdt.org/blog/the-nsas-split-key-encryption-proposal-is-not-serious/.
  94. K, Schaul, "Encryption techniques and access they give," 2015 [Online]. Available: https://www.Washingtonpost.com/apps/g/page/world/encryption-techniques-and-access-they-give/1665/.
  95. P. Swire and K. Ahmad, "Encryption and Globalization," Columbia Science and Technology Law Review, vol. 13, pp. 416-481, 2012.
  96. C. Thompson, "The revolutionary quantum computer that may not be quantum at all," 2014 [Online]. Available: https://www.wired.com/2014/05/quantum-computing/.
  97. D. Poeter, "IBM says it's 'on the cusp' of building a quantum computer," 2012 [Online]. Available: https://www.pcmag.com/article2/0,2817,2400930,00.asp.
  98. T. Simonite, "Digital summit: Microsoft's quantum search for the 'next transistor,'" 2014 [Online]. Available: https://www.technologyreview.com/s/528256/digital-summit-microsofts-quantum-search-for-thenext-transistor/.
  99. V. Wadhwa, "Quantum computing is about to overturn cybersecurity's balance of power," 2015 [Online]. Available: https://www.washingtonpost.com/news/innovations/wp/2015/05/11/quantum-computing-isabout-to-overturn-cybersecuritys-balance-of-power/?utm_term=.4bbf79aa1abf.
  100. C. S. Brown, "Investigating and prosecuting cyber crime: forensic dependencies and barriers to justice," International Journal of Cyber Criminology, vol. 9, no. 1, pp. 55-119, 2015.
  101. A. J. Slavin, "A brief history and philosophy of physics," 1994 [Online]. Available: https://www.trentu.ca/physics/history_895.html.
  102. Columbia University, "History of chemistry," [Online]. Available: http://www.columbia.edu/itc/chemistry/chem-c2507/navbar/chemhist.html.
  103. History of Forensic Psychology, "Fingerprint analysis," [Online]. Available: http://forensicpsych.umwblogs.org/research/criminal-justice/fingerprint-analysis/.
  104. D. A. Mandal, "History of DNA research," 2012 [Online]. Available: https://www.news-medical.net/lifesciences/History-of-DNA-Research.aspx.
  105. P. A. Collier and B. J. Spaul, "A forensic methodology for countering computer crime," Artificial Intelligence Review, vol. 6, no. 2, pp. 203-215, 1992. https://doi.org/10.1007/BF00150234
  106. B. Reed, "A brief history of smartphones." 2010 [Online]. Available: https://www.pcworld.com/article/199243/a_brief_history_of_smartphones.html.
  107. K. Bryan, "Psychologist Michelle Theer, her Internet affair with John Diamond, and the murder of air force captain Marty Theer," 2017 [Online]. Available: https://soapboxie.com/military/Michelle-Theer-John-Diamond.
  108. M. Pollitt, "A history of digital forensics," in IFIP International Conference on Digital Forensics. Heidelberg: Springer, 2010, pp. 3-15.