Modern computing devices generate high volumes of information and are responsible for the retrieval, storage, and processing of information throughout our day-to-day lives. Emerging technologies which are fast-growing, can make forensics investigations difficult as they span applications in a variety of industries ranging from agriculture, aviation, entertainment, electronics, information technology, and more.
Virtualized environments can make digital forensics challenging, and the current state of digital forensics is rapidly evolving. With the increasing use of electronic devices, there are concerns revolving around privacy violations. Automation fueled by Machine Learning in digital forensics investigations can improve the overall efficiency of the investigation processes and make it easier to ensure the integrity of information when analyzing cases.
We will examine emerging technologies and the latest innovations in the current digital forensics landscape. We will explore what it means to venture into the world of Digital Forensics 2.0 and what forensic examiners are doing to improve their investigative practices. Here are the key trends to watch out for (Barrett, 2008):
IoT has changed the way mobile communications and systems work and enabled interconnectivity between physical and digital infrastructures. Users are sharing their data across multiple platforms, and despite the several benefits of using IoT applications, environments are laden with various cyber threats, such as the destruction of IoT networks, DoS attacks, ransomware, and mass monitoring. IoT forensics ensures the preservation and extraction of critical evidence regardless of technological limitations and responds to investigative requirements without needing user intervention. USB forensics is growing in its capabilities and is used to trace USB connection activities in networks to assist with investigations. It identifies file-related operations like copy-pasting pictures and opening documents and helps in analyzing potential digital artifacts. Digital devices also contain important footprints, and the MSC protocol is a standard used for defining communications between operating systems and USB devices. Forensic examiners can get full access to clusters, systems, and sectors by using the MSC protocol and can address security vulnerabilities before a data breach happens.
Cloud Forensics relies on the sharing of resources across local servers and personal devices to run applications. A majority of growth can be attributed to ubiquitous access, and there are plenty of opportunities for improving the scope of criminal investigations in the field. Infrastructure as a Service (IaaS) clients give investigators the access they need to the right information for solving cases. Virtualization allows multiple instances to be separated from physical systems and separates cases across cloud environments as well. This ensures user anonymity for shared infrastructures during forensics investigations. Cloud forensics focuses on capturing traffic transiting networks and data packets which might be considered being sourced from unusual or malicious traffic. It is multi-dimensional and encompasses technical, organizational, and legal domains. Methods like live forensics, evidence segregation, and collecting client-side artifacts are laid emphasis on. Forensic examiners also focus on examining multi-tenancy environments, SLAs, CSPs, multi-jurisdictional environments, and trust boundaries without violating the laws and regulations of states (Obbayi, 2018).
Social Media Forensics
Social media forensics has gained a lot of traction with the advent of Web 2.0 technologies and Industry 4.0. Different social media platforms like Instagram, LinkedIn, Facebook, and Twitter are exposed to hackers, and their databases are most vulnerable to malware attacks. Investigators are able to access diverse subsets of different data sources, photographs, contact lists, demographics, metadata, and text messages. These can be used to assist forensic investigations and solve cases. Digital artifacts can be extracted from timestamps, URLs, passwords, images, and other social media mobile applications for analysis.
There are three key features social media forensics offers when it comes to the latest developments – tempering localization analysis, reverse search integration, and metadata visualization and extraction. Forensic algorithms can generate up to 6 different tampering localization maps to acquire tempering traces on social media, and it also supports embedded thumbnails. Forensic experts can examine these to ascertain crucial evidence and proceed with their investigations (Alghamdi, 2020).
Digital Forensics for Code Semantics
A multi-layer automation approach is used to collect information from multiple social media networks by law enforcement officials. Semantic reverse engineering is used to understand binary codes in closed-source software packaging and for recovering data structure instances without leaving any traces of execution. It can extract high-level semantic meanings for associated memory addresses, and its forensic applications are used for sensitive data protection, vulnerability scanning, and so on. Reviver and Mismo are popular digital forensics frameworks used to do cross-platform binary code similarity detection and analysis for vulnerability identification. It uses deep learning and dynamic analysis to evaluate data structures, IoT firmware images, and CVE (Common Vulnerabilities and Exposures) functions in smartphones and devices.
Artificial Intelligence and Digital Forensics
Automated identification of digital evidence and advanced mixed data forensic analysis is used to streamline the decision-making process during legal proceedings by analyzing relevant evidence and presenting appropriate findings. AI technology is used for pattern recognition in clusters, and decision trees are used in conjunction with neural nets to help with the identification of initial patterns, which is of critical importance for forensic investigations.
Data mining is another area of interest where exploratory data is used to highlight key relationships between information and users and make deeper assessments. AI techniques are being used to examine the imaging of virtual disks and can automate forensic processes to help experts speed up repairs and conduct analysis for closing cases in record times.
The top algorithms being used for quantum forensics in the digital landscape are Shor’s O(n3) integer factorization and discrete logarithms. These are used to solve cryptoanalysis challenges associated with RSA-like and EC-based public-key cryptosystems. They can analyze compromised cryptosystems in real time and speed up cryptographic quantum computing times. This means that organizations can eliminate large-scale cybercrimes in the future and improve both the quantity and quality of evidence recovered from digital devices for further analysis and interpretation in proceedings (Overill, 2012).
Technological advances in virtualization technologies like VMware, Microsoft, Sun, and Parallels offer in-depth views and insights into digital forensic examinations in virtual environments. Parallels operate on the Macintosh platform and provide users with up to 350 software downloads through a library that allows users to deploy and manage OS environments. Many companies in the market are offering virtual box solutions, and the InBoxer Anti-risk app is popular for archiving emails, electronic evidence discovery, and real-time content monitoring. The use of virtualization is not limited to official cases but can be used for individual investigations as well. For example, MojoPac isolates host PCs from desktop environments and can load its virtualized environments onto portable USB storage devices, Windows host computers, and network-attached storage.
The Portable Virtual Privacy Machine is another innovation that aids forensic examiners with privacy-enabled open-source internet applications. It can be loaded on flash memory cards, iPods, secure digital devices, and USB drives.
Virtual machines are also useful tools in forensics since they can track and record activity trails of users and produce seamless recreation of crime scenes for further forensic examinations. Law enforcement officers source images from a suspect’s native environment and analyze these files in virtual machines to see how the perpetrators, along with their evidence, respond to and react in their natural states.
The next version of digital forensics is dubbed by experts as Digital Forensics 2.0, and it is basically a collection of emerging technologies and enhancements which aid with the investigation process. The completeness of data and data privacy preservation need to be compatible with each other, and researchers are addressing this challenge by leveraging emerging technologies. Digital forensic frameworks use a mix of machine learning and automation to retrieve higher-level evidence and securely log investigation steps. These frameworks also establish a high level of accountability throughout the process, thus garnering trust and improving the effectiveness of said investigations.
- Alghamdi, M. I. (2020, October 12). Digital Forensics in Cyber Security—Recent Trends, Threats, and Opportunities. Retrieved from Intechnopen: https://www.intechopen.com/chapters/76151
- Barrett, D. (2008). Trends in Virtualized Environments. Retrieved from The Journal of Digital Forensics Security And Law: https://commons.erau.edu/cgi/viewcontent.cgi?article=1038&context=jdfsl
- Obbayi, L. (2018, February 28). Computer Forensics: Hybrid and Emerging Technologies. Retrieved from InfoSec: https://resources.infosecinstitute.com/topic/computer-forensics-hybrid-emerging-technologies/
- Overill, R. (2012, January). Digital quantum forensics: Future challenges and prospects. Retrieved from ResearchGate: http://dx.doi.org/10.1504/IJITCC.2012.050410