The case for Zero Trust Digital Forensics
- URL: http://arxiv.org/abs/2202.02623v1
- Date: Sat, 5 Feb 2022 19:54:57 GMT
- Title: The case for Zero Trust Digital Forensics
- Authors: Christoper Neale, Ian Kennedy, Blain Price, Bashar Nuseibeh
- Abstract summary: Erroneously treating features of an investigation as trusted can be damaging to the overall reliability of an investigations findings.
A new approach to digital forensics is considered based on the concept of Zero Trust.
Zero Trust describes the practitioner mindset and principles upon which the reliance on trust in network components is eliminated.
- Score: 8.096180040270454
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: It is imperative for all stakeholders that digital forensics investigations
produce reliable results to ensure the field delivers a positive contribution
to the pursuit of justice across the globe. Some aspects of these
investigations are inevitably contingent on trust, however this is not always
explicitly considered or critically evaluated. Erroneously treating features of
the investigation as trusted can be enormously damaging to the overall
reliability of an investigations findings as well as the confidence that
external stakeholders can have in it. As an example, digital crime scenes can
be manipulated by tampering with the digital artefacts left on devices, yet
recent studies have shown that efforts to detect occurrences of this are rare
and argue that this leaves digital forensics investigations vulnerable to
accusations of inaccuracy. In this paper a new approach to digital forensics is
considered based on the concept of Zero Trust, an increasingly popular design
in network security. Zero Trust describes the practitioner mindset and
principles upon which the reliance on trust in network components is eliminated
in favour of dynamic verification of network interactions. An initial
definition of Zero Trust Digital Forensics will be proposed and then a specific
example considered showing how this strategy can be applied to digital forensic
investigations to mitigate against the specific risk of evidence tampering. A
definition of Zero Trust Digital Forensics is proposed, specifically that it is
a strategy adopted by investigators whereby each aspect of an investigation is
assumed to be unreliable until verified. A new principle will be introduced,
namely the multifaceted verification of digital artefacts that can be used by
practitioners who wish to adopt a Zero Trust Digital Forensics strategy during
their investigations...
Related papers
- Bayesian Methods for Trust in Collaborative Multi-Agent Autonomy [11.246557832016238]
In safety-critical and contested environments, adversaries may infiltrate and compromise a number of agents.
We analyze state of the art multi-target tracking algorithms under this compromised agent threat model.
We design a trust estimation framework using hierarchical Bayesian updating.
arXiv Detail & Related papers (2024-03-25T17:17:35Z) - Behind the (Digital Crime) Scenes: An MSC Model [0.0]
The establishment of digital forensics as a foundational discipline for extracting digital evidence further exacerbates the complex nature of criminal investigations.
We delineate the protocols that compose digital forensics within a criminal case, formalise them as message sequence charts (MSCs) and identify their functional requirements.
arXiv Detail & Related papers (2024-03-24T15:29:08Z) - On the Detection of Reviewer-Author Collusion Rings From Paper Bidding [71.43634536456844]
Collusion rings pose a major threat to the peer-review systems of computer science conferences.
One approach to solve this problem would be to detect the colluding reviewers from their manipulated bids.
No research has yet established that detecting collusion rings is even possible.
arXiv Detail & Related papers (2024-02-12T18:12:09Z) - ChatGPT for Digital Forensic Investigation: The Good, The Bad, and The
Unknown [0.36748639131154304]
This paper assesses the impact and potential impact of ChatGPT on the field of digital forensics.
A series of experiments are conducted to assess its capability across several digital forensic use cases.
Overall this paper concludes that while there are some potential low-risk applications of ChatGPT within digital forensics, many are either unsuitable at present.
arXiv Detail & Related papers (2023-07-10T20:07:30Z) - Re-purposing Perceptual Hashing based Client Side Scanning for Physical
Surveillance [11.32995543117422]
We experimentally characterize the potential for one type of misuse -- attackers manipulating the content scanning system to perform physical surveillance on target locations.
Our contributions are threefold: (1) we offer a definition of physical surveillance in the context of client-side image scanning systems; (2) we experimentally characterize this risk and create a surveillance algorithm that achieves physical surveillance rates of >40% by poisoning 5% of the perceptual hash database.
arXiv Detail & Related papers (2022-12-08T06:52:14Z) - Discovering Transferable Forensic Features for CNN-generated Images
Detection [100.12017277070576]
We conduct the first analytical study to discover and understand transferable forensic features (T-FF) in universal detectors.
In this work, we propose a novel forensic feature relevance statistic (FF-RS) to quantify and discover T-FF in universal detectors.
Our investigations uncover an unexpected finding: color is a critical T-FF in universal detectors.
arXiv Detail & Related papers (2022-08-24T07:48:07Z) - A Principled Design of Image Representation: Towards Forensic Tasks [75.40968680537544]
We investigate the forensic-oriented image representation as a distinct problem, from the perspectives of theory, implementation, and application.
At the theoretical level, we propose a new representation framework for forensics, called Dense Invariant Representation (DIR), which is characterized by stable description with mathematical guarantees.
We demonstrate the above arguments on the dense-domain pattern detection and matching experiments, providing comparison results with state-of-the-art descriptors.
arXiv Detail & Related papers (2022-03-02T07:46:52Z) - A New Approach for Image Authentication Framework for Media Forensics
Purpose [0.0]
This paper introduces a novel digital forensic security framework for digital image authentication and originality identification.
The approach depends on implanting secret code into RGB images that should indicate any unauthorized modification on the image under investigation.
arXiv Detail & Related papers (2021-10-03T18:31:37Z) - Where Does Trust Break Down? A Quantitative Trust Analysis of Deep
Neural Networks via Trust Matrix and Conditional Trust Densities [94.65749466106664]
We introduce the concept of trust matrix, a novel trust quantification strategy.
A trust matrix defines the expected question-answer trust for a given actor-oracle answer scenario.
We further extend the concept of trust densities with the notion of conditional trust densities.
arXiv Detail & Related papers (2020-09-30T14:33:43Z) - How Much Can We Really Trust You? Towards Simple, Interpretable Trust
Quantification Metrics for Deep Neural Networks [94.65749466106664]
We conduct a thought experiment and explore two key questions about trust in relation to confidence.
We introduce a suite of metrics for assessing the overall trustworthiness of deep neural networks based on their behaviour when answering a set of questions.
The proposed metrics are by no means perfect, but the hope is to push the conversation towards better metrics.
arXiv Detail & Related papers (2020-09-12T17:37:36Z) - DFraud3- Multi-Component Fraud Detection freeof Cold-start [50.779498955162644]
The Cold-start is a significant problem referring to the failure of a detection system to recognize the authenticity of a new user.
In this paper, we model a review system as a Heterogeneous InformationNetwork (HIN) which enables a unique representation to every component.
HIN with graph induction helps to address the camouflage issue (fraudsterswith genuine reviews) which has shown to be more severe when it is coupled with cold-start, i.e., new fraudsters with genuine first reviews.
arXiv Detail & Related papers (2020-06-10T08:20:13Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.