It is increasingly becoming difficult to acquire meaningful information in the field of digital forensics through the traditional approach owing to advances in information security and anti-forensics techniques. To counteract anonymous services such as data in remote areas without authentication information, data encryption, device locks, and cryptocurrencies, it is important to acquire key information through live forensics at search and seizure sites. Thus, it is necessary to establish a response system that explores and processes credential information on site and extracts meaningful information based on the processed information. To this end, this study proposes a new digital forensics framework for application at search and seizure sites. The proposed framework is designed to allow expansion in the form of additional functions on account of a module type development for the system even when new services and digital devices appear in the future. We then explain its applicability through case studies of actual digital investigations.
|Journal||Forensic Science International: Digital Investigation|
|Publication status||Published - 2022 Mar|
Bibliographical noteFunding Information:
This work is a part of Ph.D. thesis of the first author at the School of Cybersecurity, Korea University, South Korea. This work was supported by a Korea University Grant, and also supported by Police-Lab 2.0 Program( www.kipot.or.kr ) funded by the Ministry of Science and ICT(MSIT, Korea) & Korean National Police Agency (KNPA, Korea) [Project Name: Research on Data Acquisition and Analysis for Counter Anti-Forensics/ Project Number: 210121M07 ].
© 2022 Elsevier Ltd
- Credential information
- Digital forensics
- Live forensics
- Search and seizure
ASJC Scopus subject areas
- Information Systems
- Medical Laboratory Technology
- Pathology and Forensic Medicine
- Computer Science Applications