| 1. |
- Adeopatoye, Remilekun, et al.
(författare)
-
Towards an Open-Source Based E-Mail Forensic Tool that uses Headers in Digital Investigation
- 2023
-
Ingår i: ACM International Conference Proceeding Series. - : ACM Digital Library. - 9798400700194
-
Konferensbidrag (refereegranskat)abstract
- Email-related incidents/crimes are on the rise owing to the fact that communication by electronic mail (e-mail) has become an important part of our daily lives. The technicality behind e-mail plays an important role when looking for digital evidence that can be used to create a hypothesis that can be used during litigation. During this process, it is needful to have a tool that can help to isolate email incidents as a potential crime scene in the wake of suspected attacks. The problem that this paper is addressing paper, is more centered on realizing an open-source email-forensic tool that used the header analysis approach. One advantage of this approach is that it helps investigators to collect digital evidence from e-mail systems, organize the collected data, analyze and discover any discrepancies in the header fields of an e-mail, and generates an evidence report. The main contribution of this paper focuses on generating a freshly computed hash that is attached to every generated report, to ensure the verifiability, reliability, and integrity of the reports to prove that they have not been modified in any way. Finally, this ensures that the sanctity and forensic soundness of the collected evidence are maintained. © 2023 ACM.
|
|
| 2. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
A Review of Mobile Forensic Investigation Process Models
- 2020
-
Ingår i: IEEE Access. - : IEEE. - 2169-3536. ; 8, s. 173359-173375
-
Forskningsöversikt (refereegranskat)abstract
- Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for investigation.
|
|
| 3. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Categorization and Organization of Database Forensic Investigation Processes
- 2020
-
Ingår i: IEEE Access. - : IEEE. - 2169-3536. ; 8, s. 112846-112858
-
Tidskriftsartikel (refereegranskat)abstract
- Database forensic investigation (DBFI) is an important area of research within digital forensics. It & x2019;s importance is growing as digital data becomes more extensive and commonplace. The challenges associated with DBFI are numerous, and one of the challenges is the lack of a harmonized DBFI process for investigators to follow. In this paper, therefore, we conduct a survey of existing literature with the hope of understanding the body of work already accomplished. Furthermore, we build on the existing literature to present a harmonized DBFI process using design science research methodology. This harmonized DBFI process has been developed based on three key categories (i.e. planning, preparation and pre-response, acquisition and preservation, and analysis and reconstruction). Furthermore, the DBFI has been designed to avoid confusion or ambiguity, as well as providing practitioners with a systematic method of performing DBFI with a higher degree of certainty.
|
|
| 4. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Digital Forensics Subdomains : The State of the Art and Future Directions
- 2021
-
Ingår i: IEEE Access. - : IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC. - 2169-3536. ; 9, s. 152476-152502
-
Tidskriftsartikel (refereegranskat)abstract
- For reliable digital evidence to be admitted in a court of law, it is important to apply scientifically proven digital forensic investigation techniques to corroborate a suspected security incident. Mainly, traditional digital forensics techniques focus on computer desktops and servers. However, recent advances in digital media and platforms have seen an increased need for the application of digital forensic investigation techniques to other subdomains. This includes mobile devices, databases, networks, cloud-based platforms, and the Internet of Things (IoT) at large. To assist forensic investigators to conduct investigations within these subdomains, academic researchers have attempted to develop several investigative processes. However, many of these processes are domain-specific or describe domain-specific investigative tools. Hence, in this paper, we hypothesize that the literature is saturated with ambiguities. To further synthesize this hypothesis, a digital forensic model-orientated Systematic Literature Review (SLR) within the digital forensic subdomains has been undertaken. The purpose of this SLR is to identify the different and heterogeneous practices that have emerged within the specific digital forensics subdomains. A key finding from this review is that there are process redundancies and a high degree of ambiguity among investigative processes in the various subdomains. As a way forward, this study proposes a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains. Using the proposed solution, an investigator can effectively organize the knowledge process for digital investigation.
|
|
| 5. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Face validation of database forensic investigation metamodel
- 2021
-
Ingår i: Infrastructures. - Basel : MDPI. - 2412-3811. ; 6:2, s. 1-19
-
Tidskriftsartikel (refereegranskat)abstract
- Using a face validity approach, this paper provides a validation of the Database Forensic Investigation Metamodel (DBFIM). The DBFIM was developed to solve interoperability, heterogeneity, complexity, and ambiguity in the database forensic investigation (DBFI) field, where several models were identified, collected, and reviewed to develop DBFIM. However, the developed DBFIM lacked the face validity-based approach that could ensure DBFIM’s applicability in the DBFI field. The completeness, usefulness, and logic of the developed DBFIM needed to be validated by experts. Therefore, the objective of this paper is to perform the validation of the developed DBFIM using the qualitative face validity approach. The face validity method is a common way of validating metamodels through subject expert inquiry on the domain application of the metamodel to assess whether the metamodel is reasonable and compatible based on the outcomes. For this purpose, six experts were nominated and selected to validate the developed DBFIM. From the expert review, the developed DBFIM was found to be complete, coherent, logical, scalable, interoperable, and useful for the DBFI field.
|
|
| 6. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Research Challenges and Opportunities in Drone Forensics Models
- 2021
-
Ingår i: Electronics. - Switzerland : MDPI. - 2079-9292. ; 10:13
-
Forskningsöversikt (refereegranskat)abstract
- The emergence of unmanned aerial vehicles (also referred to as drones) has transformed the digital landscape of surveillance and supply chain logistics, especially in terrains where such was previously deemed unattainable. Moreover, the adoption of drones has further led to the proliferation of diverse drone types and drone-related criminality, which has introduced a myriad of security and forensics-related concerns. As a step towards understanding the state-of-the-art research into these challenges and potential approaches to mitigation, this study provides a detailed review of existing digital forensic models using the Design Science Research method. The outcome of this study generated in-depth knowledge of the research challenges and opportunities through which an effective investigation can be carried out on drone-related incidents. Furthermore, a potential generic investigation model has been proposed. The findings presented in this study are essentially relevant to forensic researchers and practitioners towards a guided methodology for drone-related event investigation. Ultimately, it is important to mention that this study presents a background for the development of international standardization for drone forensics.
|
|
| 7. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field
- 2020
-
Ingår i: IEEE Access. - : IEEE. - 2169-3536. ; 8, s. 145018-145032
-
Tidskriftsartikel (refereegranskat)abstract
- For every contact that is made in a database, a digital trace will potentially be left and most of the database breaches are mostly aimed at defeating the major security goals (Confidentiality, Integrity, and Authenticity) of data that reside in the database. In order to prove/refute a fact during litigation, it is important to identify suitable investigation techniques that can be used to link a potential incident/suspect to the digital crime. As a result, this paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field. While developing the IIRM, design science methodology has been adapted and the outcome of this study has shown significant and promising approaches that could be leveraged by digital forensic experts, legal practitioners and law enforcement agencies. This is owing to the fact, that IIRM construction has followed incident investigation principles that are stipulated in ISO guidelines.
|
|
| 8. |
- Al-Ghushami, Abdullah, et al.
(författare)
-
Detecting Centralized Architecture-Based Botnets using Travelling Salesperson Non-Deterministic Polynomial-Hard problem-TSP-NP Technique
- 2019
-
Ingår i: 2019 IEEE CONFERENCE ON APPLICATION, INFORMATION AND NETWORK SECURITY (AINS). - : IEEE. - 9781728133065 - 9781728133072 ; , s. 77-81
-
Konferensbidrag (refereegranskat)abstract
- The threats posed by botnets in the cyber-space continues to grow each day and it has become very hard to detect or infiltrate bots given that the botnet developers each day keep changing the propagation and attack techniques. Currently, most of these attacks have been centered on stealing computing energy, theft of personal information and Distributed Denial of Service (DDoS attacks). In this paper, the authors propose a novel technique that uses the Non-Deterministic Polynomial-Time Hardness (NP-Hard Problem) based on the Traveling Salesperson Person (TSP) that depicts that a given bot, b(j), is able to visit each host on a network environment, NE, and then it returns to the botmaster in form of instruction(command) through optimal minimization of the hosts that are or may be attacked. Given that b(j) represents a piece of malicious code and based on TSP-NP Hard Problem which forms part of combinatorial optimization, the authors present an effective approach for the detection of the botnet. It is worth noting that the concentration of this study is basically on the centralized botnet architecture. This holistic approach shows that botnet detection accuracy can be increased with a degree of certainty and potentially decrease the chances of false positives. Nevertheless, a discussion on the possible applicability and implementation has also been given in this paper.
|
|
| 9. |
- Alawadi, Sadi, 1983-, et al.
(författare)
-
A Federated Interactive Learning IoT-Based Health Monitoring Platform
- 2021
-
Ingår i: New Trends in Database and Information Systems. - Cham : Springer. ; , s. 235-246, s. 235-246
-
Konferensbidrag (refereegranskat)abstract
- Remote health monitoring is a trend for better health management which necessitates the need for secure monitoring and privacy-preservation of patient data. Moreover, accurate and continuous monitoring of personal health status may require expert validation in an active learning strategy. As a result, this paper proposes a Federated Interactive Learning IoT-based Health Monitoring Platform (FIL-IoT-HMP) which incorporates multi-expert feedback as ‘Human-in-the-loop’ in an active learning strategy in order to improve the clients’ Machine Learning (ML) models. The authors have proposed an architecture and conducted an experiment as a proof of concept. Federated learning approach has been preferred in this context given that it strengthens privacy by allowing the global model to be trained while sensitive data is retained at the local edge nodes. Also, each model’s accuracy is improved while privacy and security of data has been upheld.
|
|
| 10. |
- Alawadi, Sadi, 1983-, et al.
(författare)
-
FedCSD : A Federated Learning Based Approach for Code-Smell Detection
- 2024
-
Ingår i: IEEE Access. - : Institute of Electrical and Electronics Engineers (IEEE). - 2169-3536. ; 12, s. 44888-44904
-
Tidskriftsartikel (refereegranskat)abstract
- Software quality is critical, as low quality, or 'Code smell,' increases technical debt and maintenance costs. There is a timely need for a collaborative model that detects and manages code smells by learning from diverse and distributed data sources while respecting privacy and providing a scalable solution for continuously integrating new patterns and practices in code quality management. However, the current literature is still missing such capabilities. This paper addresses the previous challenges by proposing a Federated Learning Code Smell Detection (FedCSD) approach, specifically targeting 'God Class,' to enable organizations to train distributed ML models while safeguarding data privacy collaboratively. We conduct experiments using manually validated datasets to detect and analyze code smell scenarios to validate our approach. Experiment 1, a centralized training experiment, revealed varying accuracies across datasets, with dataset two achieving the lowest accuracy (92.30%) and datasets one and three achieving the highest (98.90% and 99.5%, respectively). Experiment 2, focusing on cross-evaluation, showed a significant drop in accuracy (lowest: 63.80%) when fewer smells were present in the training dataset, reflecting technical debt. Experiment 3 involved splitting the dataset across 10 companies, resulting in a global model accuracy of 98.34%, comparable to the centralized model's highest accuracy. The application of federated ML techniques demonstrates promising performance improvements in code-smell detection, benefiting both software developers and researchers. © 2013 IEEE.
|
|
