Vision: An empirical framework for examiners to accessing password-protected resources for on-the-scene digital investigations

Jewan Bang; Jungheum Park; Sangjin Lee

doi:10.1016/j.fsidi.2022.301376

Vision: An empirical framework for examiners to accessing password-protected resources for on-the-scene digital investigations

Jewan Bang, Jungheum Park, Sangjin Lee

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

It is increasingly becoming difficult to acquire meaningful information in the field of digital forensics through the traditional approach owing to advances in information security and anti-forensics techniques. To counteract anonymous services such as data in remote areas without authentication information, data encryption, device locks, and cryptocurrencies, it is important to acquire key information through live forensics at search and seizure sites. Thus, it is necessary to establish a response system that explores and processes credential information on site and extracts meaningful information based on the processed information. To this end, this study proposes a new digital forensics framework for application at search and seizure sites. The proposed framework is designed to allow expansion in the form of additional functions on account of a module type development for the system even when new services and digital devices appear in the future. We then explain its applicability through case studies of actual digital investigations.

Original language	English
Article number	301376
Journal	Forensic Science International: Digital Investigation
Volume	40
DOIs	https://doi.org/10.1016/j.fsidi.2022.301376
Publication status	Published - 2022 Mar

Bibliographical note

Funding Information:
This work is a part of Ph.D. thesis of the first author at the School of Cybersecurity, Korea University, South Korea. This work was supported by a Korea University Grant, and also supported by Police-Lab 2.0 Program( www.kipot.or.kr ) funded by the Ministry of Science and ICT(MSIT, Korea) & Korean National Police Agency (KNPA, Korea) [Project Name: Research on Data Acquisition and Analysis for Counter Anti-Forensics/ Project Number: 210121M07 ].

Publisher Copyright:
© 2022 Elsevier Ltd

Keywords

Anti-forensics
Credential information
Digital forensics
Live forensics
Search and seizure

ASJC Scopus subject areas

Information Systems
Medical Laboratory Technology
Law
Pathology and Forensic Medicine
Computer Science Applications

Access to Document

10.1016/j.fsidi.2022.301376

Cite this

@article{5e5d2b5b887c4d2d8b1070726e1aef3a,

title = "Vision: An empirical framework for examiners to accessing password-protected resources for on-the-scene digital investigations",

abstract = "It is increasingly becoming difficult to acquire meaningful information in the field of digital forensics through the traditional approach owing to advances in information security and anti-forensics techniques. To counteract anonymous services such as data in remote areas without authentication information, data encryption, device locks, and cryptocurrencies, it is important to acquire key information through live forensics at search and seizure sites. Thus, it is necessary to establish a response system that explores and processes credential information on site and extracts meaningful information based on the processed information. To this end, this study proposes a new digital forensics framework for application at search and seizure sites. The proposed framework is designed to allow expansion in the form of additional functions on account of a module type development for the system even when new services and digital devices appear in the future. We then explain its applicability through case studies of actual digital investigations.",

keywords = "Anti-forensics, Credential information, Digital forensics, Live forensics, Search and seizure",

author = "Jewan Bang and Jungheum Park and Sangjin Lee",

note = "Funding Information: This work is a part of Ph.D. thesis of the first author at the School of Cybersecurity, Korea University, South Korea. This work was supported by a Korea University Grant, and also supported by Police-Lab 2.0 Program( www.kipot.or.kr ) funded by the Ministry of Science and ICT(MSIT, Korea) & Korean National Police Agency (KNPA, Korea) [Project Name: Research on Data Acquisition and Analysis for Counter Anti-Forensics/ Project Number: 210121M07 ]. Publisher Copyright: {\textcopyright} 2022 Elsevier Ltd",

year = "2022",

month = mar,

doi = "10.1016/j.fsidi.2022.301376",

language = "English",

volume = "40",

journal = "Forensic Science International: Digital Investigation",

issn = "2666-2825",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - Vision

T2 - An empirical framework for examiners to accessing password-protected resources for on-the-scene digital investigations

AU - Bang, Jewan

AU - Park, Jungheum

AU - Lee, Sangjin

N1 - Funding Information: This work is a part of Ph.D. thesis of the first author at the School of Cybersecurity, Korea University, South Korea. This work was supported by a Korea University Grant, and also supported by Police-Lab 2.0 Program( www.kipot.or.kr ) funded by the Ministry of Science and ICT(MSIT, Korea) & Korean National Police Agency (KNPA, Korea) [Project Name: Research on Data Acquisition and Analysis for Counter Anti-Forensics/ Project Number: 210121M07 ]. Publisher Copyright: © 2022 Elsevier Ltd

PY - 2022/3

Y1 - 2022/3

N2 - It is increasingly becoming difficult to acquire meaningful information in the field of digital forensics through the traditional approach owing to advances in information security and anti-forensics techniques. To counteract anonymous services such as data in remote areas without authentication information, data encryption, device locks, and cryptocurrencies, it is important to acquire key information through live forensics at search and seizure sites. Thus, it is necessary to establish a response system that explores and processes credential information on site and extracts meaningful information based on the processed information. To this end, this study proposes a new digital forensics framework for application at search and seizure sites. The proposed framework is designed to allow expansion in the form of additional functions on account of a module type development for the system even when new services and digital devices appear in the future. We then explain its applicability through case studies of actual digital investigations.

AB - It is increasingly becoming difficult to acquire meaningful information in the field of digital forensics through the traditional approach owing to advances in information security and anti-forensics techniques. To counteract anonymous services such as data in remote areas without authentication information, data encryption, device locks, and cryptocurrencies, it is important to acquire key information through live forensics at search and seizure sites. Thus, it is necessary to establish a response system that explores and processes credential information on site and extracts meaningful information based on the processed information. To this end, this study proposes a new digital forensics framework for application at search and seizure sites. The proposed framework is designed to allow expansion in the form of additional functions on account of a module type development for the system even when new services and digital devices appear in the future. We then explain its applicability through case studies of actual digital investigations.

KW - Anti-forensics

KW - Credential information

KW - Digital forensics

KW - Live forensics

KW - Search and seizure

UR - http://www.scopus.com/inward/record.url?scp=85127131759&partnerID=8YFLogxK

U2 - 10.1016/j.fsidi.2022.301376

DO - 10.1016/j.fsidi.2022.301376

M3 - Article

AN - SCOPUS:85127131759

SN - 2666-2825

VL - 40

JO - Forensic Science International: Digital Investigation

JF - Forensic Science International: Digital Investigation

M1 - 301376

ER -

Vision: An empirical framework for examiners to accessing password-protected resources for on-the-scene digital investigations

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this