A Framework for the Validation of Network Artifacts

Digital forensics has been of growing interest over the past ten to fifteen years despite being a relatively new scientic eld. Many technologies and forensics processes have been developed to meet the growing number of cases relying on digital artifacts. In this paper, we presents a framework for the validation of network artifacts in digital forensics investigations. Validation in the context of this work, refers to the overall probability of reaching the correct inferences about the artifacts, given a specic method and data. The main hypothesis of this work is that the validity of network artifacts can be determined based on probabilistic modelling of internal consistency of artifacts. The framework consists of three phases, namely: data collection, feature selection, and validation process. We demonstrate the functionality of the proposed framework using network artifacts obtained from Intrusion Detection Systems. Also, we assume that the initial acquisition of the network artifacts is forensically sound and steps are taken to ensure that the integrity of the artifacts is maintained during the data collection phase. A Monte Carlo Feature Selection and Interdependency Discovery algorithm is applied in selecting the informative features, while logistic regression is used as the probabilistic modelling methodology for the validation process. The experiment results show the validity of the network artifacts and can serve as a scientic methodology to support the initial assertions drawn from the network artifacts.

[1]  David W. Hosmer,et al.  Applied Logistic Regression , 1991 .

[2]  Mark Pollitt,et al.  Advances in Digital Forensics , 2006 .

[3]  Ken Kelley,et al.  A Comparison of Two-Group Classification Methods , 2011 .

[4]  Ali A. Ghorbani,et al.  Characterization of Tor Traffic using Time based Features , 2017, ICISSP.

[5]  N. Nic Daéid,et al.  Science in the court: pitfalls, challenges and solutions , 2015, Philosophical Transactions of the Royal Society B: Biological Sciences.

[6]  Brett A. Becker,et al.  Current Challenges and Future Research Areas for Digital Forensic Investigation , 2016, ArXiv.

[7]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[8]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[9]  David A. Freedman,et al.  Statistical Models: Theory and Practice: References , 2005 .

[10]  Daniel B. Garrie,et al.  Digital Forensic Evidence in the Courtroom: Understanding Content and Quality , 2014 .

[11]  Philip H. W. Leong,et al.  Grammar-Based Feature Generation for Time-Series Prediction , 2015 .

[12]  Eva A. Vincze,et al.  Challenges in Digital Forensics , 2017 .

[13]  Katharina Wagner,et al.  Digital Evidence And Computer Crime Forensic Science Computers And The Internet , 2016 .

[14]  Michał Dramiński,et al.  rmcfs: An R Package for Monte Carlo Feature Selection and Interdependency Discovery , 2018 .