Evaluating tamper resistance of digital forensic artifacts during event reconstruction

• URL: http://arxiv.org/abs/2412.12814v1
• Date: Tue, 17 Dec 2024 11:32:02 GMT
• Title: Evaluating tamper resistance of digital forensic artifacts during event reconstruction
• Authors: Céline Vanini, Chris Hargreaves, Frank Breitinger,
• Abstract summary: This article proposes a framework to assess the tamper resistance of data sources used in event reconstruction.<n>We discuss factors affecting data resilience, introduce a scoring system for evaluation, and illustrate its application with case studies.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Event reconstruction is a fundamental part of the digital forensic process, helping to answer key questions like who, what, when, and how. A common way of accomplishing that is to use tools to create timelines, which are then analyzed. However, various challenges exist, such as large volumes of data or contamination. While prior research has focused on simplifying timelines, less attention has been given to tampering, i.e., the deliberate manipulation of evidence, which can lead to errors in interpretation. This article addresses the issue by proposing a framework to assess the tamper resistance of data sources used in event reconstruction. We discuss factors affecting data resilience, introduce a scoring system for evaluation, and illustrate its application with case studies. This work aims to improve the reliability of forensic event reconstruction by considering tamper resistance.

Related papers

• SoK: Timeline based event reconstruction for digital forensics: Terminology, methodology, and current challenges [0.0]
  Event reconstruction is a technique that examiners can use to attempt to infer past activities by analyzing digital artifacts. Despite its significance, the field suffers from fragmented research, with studies often focusing narrowly on aspects like timeline creation or tampering detection. This paper proposes a comprehensive framework for timeline-based event reconstruction, adapted from traditional forensic science models.
  arXiv  Detail & Related papers  (2025-04-25T07:33:35Z)
• Strategies and Challenges of Timestamp Tampering for Improved Digital Forensic Event Reconstruction (extended version) [3.9055399604553536]
  We investigate the problem of users tampering with timestamps on a running (live'') system. By performing a qualitative user study with advanced university students, we observe, for example, a commonly applied multi-step approach. We derive factors that influence the reliability of successful tampering, such as the individual knowledge about temporal traces.
  arXiv  Detail & Related papers  (2024-12-30T23:05:11Z)
• Unsupervised dense retrieval with conterfactual contrastive learning [16.679649921935482]
  We propose to improve the robustness of dense retrieval models by enhancing their sensitivity of fine-graned relevance signals. A model achieving sensitivity in this context should exhibit high variances when documents' key passages determining their relevance to queries have been modified. Motivated by causality and counterfactual analysis, we propose a series of counterfactual regularization methods.
  arXiv  Detail & Related papers  (2024-12-30T07:01:34Z)
• GenDFIR: Advancing Cyber Incident Timeline Analysis Through Retrieval Augmented Generation and Large Language Models [0.08192907805418582]
  Cyber timeline analysis is crucial in Digital Forensics and Incident Response (DFIR) Traditional methods rely on structured artefacts, such as logs and metadata, for evidence identification and feature extraction. This paper introduces GenDFIR, a framework leveraging large language models (LLMs), specifically Llama 3.1 8B in zero shot mode, integrated with a Retrieval-Augmented Generation (RAG) agent.
  arXiv  Detail & Related papers  (2024-09-04T09:46:33Z)
• On the Identification of Temporally Causal Representation with Instantaneous Dependence [50.14432597910128]
  Temporally causal representation learning aims to identify the latent causal process from time series observations. Most methods require the assumption that the latent causal processes do not have instantaneous relations. We propose an textbfIDentification framework for instantanetextbfOus textbfLatent dynamics.
  arXiv  Detail & Related papers  (2024-05-24T08:08:05Z)
• Repetition In Repetition Out: Towards Understanding Neural Text Degeneration from the Data Perspective [91.14291142262262]
  This work presents a straightforward and fundamental explanation from the data perspective. Our preliminary investigation reveals a strong correlation between the degeneration issue and the presence of repetitions in training data. Our experiments reveal that penalizing the repetitions in training data remains critical even when considering larger model sizes and instruction tuning.
  arXiv  Detail & Related papers  (2023-10-16T09:35:42Z)
• Advancing Counterfactual Inference through Nonlinear Quantile Regression [77.28323341329461]
  We propose a framework for efficient and effective counterfactual inference implemented with neural networks. The proposed approach enhances the capacity to generalize estimated counterfactual outcomes to unseen data. Empirical results conducted on multiple datasets offer compelling support for our theoretical assertions.
  arXiv  Detail & Related papers  (2023-06-09T08:30:51Z)
• A Principled Design of Image Representation: Towards Forensic Tasks [75.40968680537544]
  We investigate the forensic-oriented image representation as a distinct problem, from the perspectives of theory, implementation, and application. At the theoretical level, we propose a new representation framework for forensics, called Dense Invariant Representation (DIR), which is characterized by stable description with mathematical guarantees. We demonstrate the above arguments on the dense-domain pattern detection and matching experiments, providing comparison results with state-of-the-art descriptors.
  arXiv  Detail & Related papers  (2022-03-02T07:46:52Z)
• Stateful Offline Contextual Policy Evaluation and Learning [88.9134799076718]
  We study off-policy evaluation and learning from sequential data. We formalize the relevant causal structure of problems such as dynamic personalized pricing. We show improved out-of-sample policy performance in this class of relevant problems.
  arXiv  Detail & Related papers  (2021-10-19T16:15:56Z)
• Person Re-Identification using Deep Learning Networks: A Systematic Review [8.452237741722726]
  Person re-identification has received a lot of attention from the research community in recent times. Person re-identification lies at the heart of research relevant to tracking robberies, preventing terrorist attacks and other security critical events. This review deals with the latest state-of-the-art deep learning based approaches for person re-identification.
  arXiv  Detail & Related papers  (2020-12-24T16:36:59Z)
• An Efficient and Scalable Deep Learning Approach for Road Damage Detection [0.0]
  This paper introduces a deep learning-based surveying scheme to analyze the image-based distress data in real-time. A database consisting of a diverse population of crack distress types such as longitudinal, transverse, and alligator cracks is used. Proposed models, resulted in F1-scores, ranging from 52% to 56%, and average inference time from 178-10 images per second.
  arXiv  Detail & Related papers  (2020-11-18T23:05:41Z)
• Visual Causality Analysis of Event Sequence Data [32.74361488457415]
  We introduce a visual analytics method for recovering causalities in event sequence data. We extend the Granger causality analysis algorithm on Hawkes processes to incorporate user feedback into causal model refinement.
  arXiv  Detail & Related papers  (2020-09-01T04:28:28Z)
• DeSePtion: Dual Sequence Prediction and Adversarial Examples for Improved Fact-Checking [46.13738685855884]
  We show that current systems for fact-checking are vulnerable to three categories of realistic challenges for fact-checking. We present a system designed to be resilient to these "attacks" using multiple pointer networks for document selection. We find that in handling these attacks we obtain state-of-the-art results on FEVER, largely due to improved evidence retrieval.
  arXiv  Detail & Related papers  (2020-04-27T15:18:49Z)
• Fast(er) Reconstruction of Shredded Text Documents via Self-Supervised Deep Asymmetric Metric Learning [62.34197797857823]
  A central problem in automatic reconstruction of shredded documents is the pairwise compatibility evaluation of the shreds. This work proposes a scalable deep learning approach for measuring pairwise compatibility in which the number of inferences scales linearly. Our method has accuracy comparable to the state-of-the-art with a speed-up of about 22 times for a test instance with 505 shreds.
  arXiv  Detail & Related papers  (2020-03-23T03:22:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.