A Forensic Traceability Index in Digital Forensic Investigation

Digital crime inflicts immense damage to users and systems and now it has reached a level of sophistication that makes it difficult to track its sources or origins especially with the advancements in modern computers, networks and the availability of diverse digital devices. Forensic has an important role to facilitate investigations of illegal activities and inappropriate behaviors using scientific methodologies, techniques and investigation frameworks. Digital forensic is developed to investigate any digital devices in the detection of crime. This paper emphasized on the research of traceability aspects in digital forensic investigation process. This includes discovering of complex and huge volume of evidence and connecting meaningful relationships between them. The aim of this paper is to derive a traceability index as a useful indicator in measuring the accuracy and completeness of discovering the evidence. This index is demonstrated through a model (TraceMap) to facilitate the investigator in tracing and mapping the evidence in order to identify the origin of the crime or incident. In this paper, tracing rate, mapping rate and offender identification rate are used to present the level of tracing ability, mapping ability and identifying the offender ability respectively. This research has a high potential of being expanded into other research areas such as in digital evidence presentation.

[1]  Sundresan Perumal Digital Forensic Model Based On Malaysian Investigation Process , 2009 .

[2]  J. Herrerias,et al.  A Log Correlation Model to Support the Evidence Search Process in a Forensic Investigation , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[3]  Eoghan Casey,et al.  Digital Evidence and Computer Crime , 2000 .

[4]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[5]  Nicole Beebe,et al.  Digital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results , 2007, Digit. Investig..

[6]  M. Sharifi,et al.  An Exprimental Analysis of Proactive Detection of Distributed Denial of Service Attacks , 2004 .

[7]  Escola Politécnica,et al.  Improving Chain of Custody in Forensic Investigation of Electronic Digital Systems , 2011 .

[8]  Grant Zemont,et al.  Towards Value-Based Requirements Traceability , 2005 .

[9]  Mark Pollitt,et al.  The Evolution of Computer Forensic Best Practices: An Update on Programs and Publications , 2006, J. Digit. Forensic Pract..

[10]  P. Deepa Shenoy,et al.  A Data Mining Approach for Data Generation and Analysis for Digital Forensic Application , 2010 .

[11]  Richard Clayton,et al.  Anonymity and traceability in cyberspace , 2005 .

[12]  Ammar Al-Dallal,et al.  Achieving High Recall and Precision with HTLM Documents: An Innovation Approach in Information Retrieval , 2011 .

[13]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[14]  Jan H. P. Eloff,et al.  Framework for a Digital Forensic Investigation , 2006, ISSA.

[15]  Mohd Faizal Abdollah,et al.  A New Malware Attack Pattern Generalization , 2011 .

[16]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[17]  Peter Stephenson A comprehensive approach to digital incident investigation , 2003, Inf. Secur. Tech. Rep..

[18]  Eduardo B. Fernández,et al.  Attack Patterns: A New Forensic and Design Tool , 2007, IFIP Int. Conf. Digital Forensics.

[19]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[20]  Y. Robiah,et al.  Advanced Trace Pattern For Computer Intrusion Discovery , 2010, ArXiv.

[21]  Linda Westfall Bidirectional Requirements Traceability , 2007 .

[22]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[23]  Ophir Frieder,et al.  A system for the proactive, continuous, and efficient collection of digital forensic evidence , 2011, Digit. Investig..

[24]  Shahrin Sahib,et al.  Mapping Process of Digital Forensic Investigation Framework , 2008 .

[25]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[26]  Mohd Faizal Abdollah,et al.  Adapting Traceability in Digital Forensic Investigation Process , 2011 .

[27]  Mohd Faizal Abdollah,et al.  SCENARIO BASED WORM TRACE PATTERN IDENTIFICATION TECHNIQUE , 2010 .

[28]  Noureddine Boudriga,et al.  Cognitive-Maps Based Investigation of Digital Security Incidents , 2008, 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering.

[29]  Gregory K. Price,et al.  Traceability in the U.S. Food Supply: Economic Theory and Industry Studies , 2004 .

[30]  Y. Robiah,et al.  Tracing Technique for Blaster Attack , 2009, ArXiv.

[31]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[32]  Peter Sommer,et al.  Intrusion detection systems as evidence , 1999, Comput. Networks.

[33]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[34]  Matt Bishop,et al.  Digital Forensics: Defining a Research Agenda , 2009 .

[35]  Boris Skoric,et al.  Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems , 2006, ESORICS.

[36]  Babak Sadeghiyan,et al.  A data correlation method for anomaly detection systems using regression relations , 2009, 2009 First International Conference on Future Information Networks.

[37]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[38]  Y. Robiah,et al.  An improved traditional worm attack pattern , 2010, 2010 International Symposium on Information Technology.

[39]  Richard Stevens,et al.  Requirements Traceability , 1997, RE.

[40]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[41]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[42]  Mohd Faizal Abdollah,et al.  Traceability in digital forensic investigation process , 2011, 2011 IEEE Conference on Open Systems.

[43]  Thorsten Holz Security Measurements and Metrics for Networks , 2005, Dependability Metrics.

[44]  Bertil Pålsson,et al.  An attempt to apply traceability to grinding circuits , 2007 .

[45]  Warren G. Kruse,et al.  Computer Forensics: Incident Response Essentials , 2001 .

[46]  Atif Ahmad,et al.  The forensic chain-of-evidence model: Improving the process of evidence collection in incident handling procedures , 2002 .

[47]  Felix C. Freiling,et al.  A Common Process Model for Incident Response and Computer Forensics , 2007, IMF.