Methodology for the Automated Metadata-Based Classification of Incriminating Digital Forensic Artefacts

07/02/2019
by   Xiaoyu Du, et al.
0

The ever increasing volume of data in digital forensic investigation is one of the most discussed challenges in the field. Usually, most of the file artefacts on seized devices are not pertinent to the investigation. Manually retrieving suspicious files relevant to the investigation is akin to finding a needle in a haystack. In this paper, a methodology for the automatic prioritisation of suspicious file artefacts (i.e., file artefacts that are pertinent to the investigation) is proposed to reduce the manual analysis effort required. This methodology is designed to work in a human-in-the-loop fashion. In other words, it predicts/recommends that an artefact is likely to be suspicious rather than giving the final analysis result. A supervised machine learning approach is employed, which leverages the recorded results of previously processed cases. The process of features extraction, dataset generation, training and evaluation are presented in this paper. In addition, a toolkit for data extraction from disk images is outlined, which enables this method to be integrated with the conventional investigation process and work in an automated fashion.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
12/02/2020

Automated Artefact Relevancy Determination from Artefact Metadata and Associated Timeline Events

Case-hindering, multi-year digital forensic evidence backlogs have becom...
research
05/31/2019

DFS: A Dataset File System for Data Discovering Users

Many research questions can be answered quickly and efficiently using da...
research
09/03/2020

Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

Investigating cybersecurity incidents requires in-depth knowledge from t...
research
01/27/2023

Adversarial Networks and Machine Learning for File Classification

Correctly identifying the type of file under examination is a critical p...
research
10/26/2020

5W1H-based Expression for the Effective Sharing of Information in Digital Forensic Investigations

Digital forensic investigation is used in various areas related to digit...
research
01/20/2022

NapierOne: A modern mixed file data set alternative to Govdocs1

It was found when reviewing the ransomware detection research literature...
research
09/13/2023

Towards Reliable Dermatology Evaluation Benchmarks

Benchmark datasets for digital dermatology unwittingly contain inaccurac...

Please sign up or login with your details

Forgot password? Click here to reset