A Forensic Traceability Index in Digital Forensic Investigation

Siti Rahayu Selamat; Shahrin Sahib; Nor Hafeizah; Robiah Yusof; Mohd Faizal Abdollah

doi:10.4236/jis.2013.41004

Journal of Information Security > Vol.4 No.1, January 2013

A Forensic Traceability Index in Digital Forensic Investigation

Siti Rahayu Selamat, Shahrin Sahib, Nor Hafeizah, Robiah Yusof, Mohd Faizal Abdollah
Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka City, Malaysia.
DOI: 10.4236/jis.2013.41004 PDF HTML XML 8,072 Downloads 15,794 Views Citations

Abstract

Digital crime inflicts immense damage to users and systems and now it has reached a level of sophistication that makes it difficult to track its sources or origins especially with the advancements in modern computers, networks and the availability of diverse digital devices. Forensic has an important role to facilitate investigations of illegal activities and inappropriate behaviors using scientific methodologies, techniques and investigation frameworks. Digital forensic is developed to investigate any digital devices in the detection of crime. This paper emphasized on the research of traceability aspects in digital forensic investigation process. This includes discovering of complex and huge volume of evidence and connecting meaningful relationships between them. The aim of this paper is to derive a traceability index as a useful indicator in measuring the accuracy and completeness of discovering the evidence. This index is demonstrated through a model (TraceMap) to facilitate the investigator in tracing and mapping the evidence in order to identify the origin of the crime or incident. In this paper, tracing rate, mapping rate and offender identification rate are used to present the level of tracing ability, mapping ability and identifying the offender ability respectively. This research has a high potential of being expanded into other research areas such as in digital evidence presentation.

Keywords

Digital Forensic Investigation; Traceability; Tracing Rate; Mapping Rate; Offender Identification Rate; Forensic Traceability Index; Trace Pattern

Share and Cite:

S. Rahayu Selamat, S. Sahib, N. Hafeizah, R. Yusof and M. Faizal Abdollah, "A Forensic Traceability Index in Digital Forensic Investigation," Journal of Information Security, Vol. 4 No. 1, 2013, pp. 19-32. doi: 10.4236/jis.2013.41004.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	E. Casey and G. L. Palmer, “Digital Evidence and Computer Crime,” 2nd Edition, Elsevier Academic Press, Cambridge, 2004.
[2]	D. Birk and C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering, 26-26 May 2011, Oakland, pp. 1-10.
[3]	P. Stephenson, “A Comprehensive Approach to Digital Incident Investigation,” Information Security Technical Report, Vol. 8, No. 2, 2003, pp. 42-54.
[4]	G. Palmer, “A Road Map for Digital Forensic Research,” Technical Report (DTR-T001-01) for Digital Forensic Research Workshop (DFRWS), New York, 2001.
[5]	W. Kruse and J. Heiser, “Computer Forensics: Incident Response Essentials,” Addison Wesley, Indianapolis, 2002.
[6]	A. Brill and M. Pollitt, “The Evolution of Computer Forensic Best Practices: An Update on Programs and Publications,” Journal of Digital Forensic Practice, Vol. 1, No. 1, 2006, pp. 3-11. doi:10.1080/15567280500541488
[7]	M. Kohn, J. Eloff and M. Olivier, “Framework for a Digital Forenisc Investigation,” Proceedings of the Information Security South Africa (ISSA) 2006 from Insight to Foresight Conference, Sandton, 5-7 July 2006, pp. 1-7.
[8]	S. Satpathy, S. K. Pradhan and B. B. Ray, “A Digital Investigation Tool based on Data Fusion in Management of Cyber Security Systems,” International Journal of Information Technology and Knowledge Management, Vol. 2, No. 2, 2010, pp. 561-565.
[9]	S. S. Rahayu, Y. Robiah and S. Shahrin, “Mapping Process of Digital Forensic Investigation Framework,” International Journal of Computer Science and Network Security, Vol. 8, No. 10, 2008, pp. 163-169.
[10]	V. Baryamureeba and F. Tushabe, “The Enhanced Digital Investigation Process Model,” Proceedings of the Digital Forensic Research Workshop (DFRWS), 11-13 August 2004, Baltimore, pp. 1-9.
[11]	B. Carrier and E. Spafford, “Getting Physical with the Digital Investigation Process,” International Journal of Digital Evidence, Vol. 2, No. 2, 2003, pp. 1-21.
[12]	S. ó. Ciardhuáin, “An Extended Model of Cybercrime Investigations,” International Journal of Digital Evidence, Vol. 3, No. 1, 2004, pp. 1-22.
[13]	M. Roger, “DCSA: Applied Digital Crime Scene Analysis,” Handbook of Information Security, New York, 2006.
[14]	M. Reith, C. Carr and G. Gunsch, “An Examination of Digital Forensic Models,” International Journal of Digital Evidence, Vol. 1, No. 3, 2002, pp. 1-12.
[15]	N. L. Beebe and J. G. Clark, “A Hierarchical, Objectives-Based Framework for the Digital Investigations Process,” Proceedings of the Digital Forensic Research Workshop (DFRWS), 11-13 August 2004, Baltimore, pp. 146-166.
[16]	F. C. Freiling and B. Schwittay, “A Common Process Model for Incident Response and Computer Forensics,” Proceedings of the Conference on IT Incident Management and IT Forensics, 11-13 September 2007, Stuttgart, pp. 1-21.
[17]	S. Perumal, “Digital Forensic Model Based on Malaysian Investigation Process,” International Journal of Computer Science and Network Security, Vol. 9, No. 8, 2009, pp. 38-44.
[18]	S. Rekhis, J. Krichene and N. Boudriga, “Cognitive-Maps Based Investigation of Digital Security Incident,” Proceedings of the Third International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, 22 May 2008, pp. 25-40.
[19]	S. L. Garfinkel, “Digital Forensics Research: The next 10 Years,” Journal of Digital Investigation, Vol. 7, 2010, pp. S64-S73.
[20]	T. Lindsey, “Challenges in Digital Forensics,” The Digital Forensic Research Workshop (DFRWS), New York, 2006.
[21]	K. Nance, B. Hay and M. Bishop, “Digital Forensics: Defining a Research Agenda,” Proceedings of the 42nd Hawaii International Conference on System Sciences, Big Island, 5-8 January 2009, pp. 1-6.
[22]	C. Shields, O. Frieder and M. Maloof, “A System for the Proactive, Continuous and Efficient Collection of Digital Forensic Evidence,” Journal of Digital Investigation, Vol. 8, 2011, pp. S3-S13. doi:10.1016/j.diin.2011.05.002
[23]	A. Ahmad, “The Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures,” Proceedings of the 6th Asia Conference on Information Systems (PACIS 2002), 2-4 September 2002, Tokyo pp. 1-5.
[24]	V. H. Bhat, P. G. Rao, R. V. Abhilash, P. D. Shenoy, K. R. Venugopal and L. M. Patnaik, “A Data Mining Approach for Data Generation and Analysis for Digital Forensic Application,” IACSIT International Journal of Engineering and Technology, Vol. 2, No. 3, 2010, pp. 314-319.
[25]	G. Giova, “Improving Chain of Custody in Forensic Investigation of Electronic Digital Systems,” International Journal of Computer Science and Network Security, Vol. 11, No. 1, 2011, pp. 1-9.
[26]	J. Herrerias and R. Gomez, “A Log Correlation Model to Support the Evidence Search Process in a Forensic Investigation,” Proceedings of the 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’07), Bell Harbor, 10-12 April 2007, pp. 31-42. doi:10.1109/SADFE.2007.1
[27]	P. Sommer, “Intrusion Detection Systems as Evidence,” Computer Networks, Vol. 31, No. 23, 1999, pp. 2477-2487. doi:10.1016/S1389-1286(99)00113-9
[28]	P. Oghazi, B. Palsson and K. Tano, “An Attempt to Apply Traceability to Grinding Circuits,” Proceedings of the Conference in Mineral Processing, Lulea, 6-7 February 2007, pp. 169-183.
[29]	R. Clayton, “Anonymity and Traceability in Cyberspace,” Ph.D. Thesis, University of Cambridge, Cambridge, 2005.
[30]	E. Golan, B. Krissoff, F. Kuchler, L. Calvin, K. Nelson and G. Price, “Traceability in the U.S. Food Supply: Economic Theory and Industry Studies,” Department of Agriculture, Washington DC, 2004.
[31]	G. Zemont, “Towards Value-Based Requirements Traceability,” Master Thesis, DePaul University, Chicago, 2005.
[32]	M. Narmanli, “A Business Rule Approach to Requirements Traceability,” Master Thesis, Middle East Technical University, Ankara, 2010.
[33]	Morckos, M. “Requirements Traceability,” Report for School of Computer Science, University of Waterloo, Waterloo, 2011.
[34]	L. Westfall, “Bidirectional Requirements Traceability,” White Paper, The Westfall Team, Dallas, 2006.
[35]	S. R. Selamat, R. Yusof, S. Sahib, M. F. Abdollah, M. Z. Mas’ud and I. Roslan, “Adapting Traceability in Digital Forensic Investigation Process,” Proceedings of the Malaysian Technical Universities International Conference on Engineering and Technology (MUiCET 2011), Johor, 13-15 November 2011, pp. 1-8.
[36]	C. Rahmani, M. Sharifi and T. Tafazzoli, “An Exprimental Analysis of Proactive Detection of Distributed Denial of Service Attacks,” Proceedings of the IIT Kanpur Hacker’s Workshop (IITKHACK04), 23-24 February 2004, Kanpur, pp. 37-44.
[37]	S. R. Selamat, R. Yusof, S. Sahib, M. F. Abdollah, M. Z. Masud and I. Roslan, “Tracing technique for Blaster Attack,” International Journal of Computer Science and Information Security, Vol. 4, No. 1, 2009, pp. 1-8.
[38]	S. R. Selamat, R. Yusof, S. Sahib, M. Z. Masud, I. Roslan and M. F. Abdollah, “Scenario Based Worm Trace Pattern Identification Technique,” International Journal of Computer Science and Information Security, Vol. 7, No. 1, 2010, pp. 1-9.
[39]	S. R. Selamat, R. Yusof, S. Sahib, M. Z. Masud, M. F. Abdollah and Z. Z. Abidin, “Advanced Trace Pattern for Computer Intrusion Discovery,” Journal of Computing, Vol. 2, No. 6, 2010, pp. 200-207.
[40]	G. Hoglund and G. McGraw, “Exploiting Software: How to Break Code,” Addison-Wesley/Pearson, Indianapolis, 2004.
[41]	A. Moore, R. Ellison and R. Linger, “Attack Modeling for Information Security and Survability. Technical Note (CMU/SEI-2001-TN-001) for Software,” Carnegie Mellon University, Pittsburgh, 2001.
[42]	B. Sean and S. Amit, “Introduction to Attack Patterns,” 2006. https://buildsecurityin.us-cert.gov/
[43]	Fernandez, E., Pelaez, J. and M. Larrondo-Petrie, “Attack Patterns: A New Forensic and Design Tool,” Advances in Digital Forensics III, Proceeding of Third Annual IFIP WG 11.9 International Conference o Digital Forensics, 28-31 January 2007, Cozumel, pp. 345-357. doi:10.1007/978-0-387-73742-3_24
[44]	K. Kent, S. Chevalier, T. Grance and H. Dang, “Guide to Integrating Forensic Techniques into Incident Response,” National Institute of Standards and Technology (NIST), Gaithersburg, 2006,
[45]	R. Yusof , S. R. Selamat, S. Sahib, M. F. Abdollah, M. Z. Masud and M. Ramly, “An Improved Traditional Worm Attack Pattern,” Proceedings of the 4th International Symposium on Information Technology 2010 (ITSIM 2010), 17 June 2010, Kuala Lumpur, pp. 1067-1072.
[46]	R. Yusof, S. R. Selamat, S. Sahib, M. F. Abdollah, M. Z. Mas’ud and M. Ramly, “A New Malware Attack Pattern Generalization,” Proceedings of the Malaysian Technical Universities International Conference on Engineering and Technology (MUiCET 2011), Johor, 13-15 November 2011, pp. 20-29.
[47]	J. Velasco, “A Guide to Electronic Evidence Collection Methodologies,” White Paper, RenewData Corporation, Austin, 2007.
[48]	A. Hassanzadeh and B. Sadeghiyan, “A Data Correlation Method for Anomaly Detection Systems using Regression Relations,” Proceedings of the 1st International Conference on Future Information Networks, Beijing, 14-17 October 2009, pp. 242-248.
[49]	S. R. Selamat, R. Yusof, S. Sahib, N. H. Hassan, M. Z. Mas’ud, Z. Z. and Abidin, “Traceability in Digital Forensic Investigation Process,” Proceedings of the IEEE Conference on Open Systems, Langkawi, 25-28 September 2011, pp. 101-106.
[50]	F. Cohen, “Metrics for Digital Forensics,” Proceedings of the MiniMetriCon Conference, 14 February 2011, San Francisco, pp. 1-22.
[51]	Holz, T. (2008, “Security Measurements and Metrics for Networks,” Dependability Metrics: Advanced Lectures Notes in Computer Science (LNCS), Vol. 4909, pp. 157-165. doi:10.1007/978-3-540-68947-8_13
[52]	A. Al-Dallal and R. S. Abdulwahab, “Achieving High Recall and Precision with HTLM Documents: An Innovation Approach in Information Retrieval,” Proceedings of the World Congress on Engineering (WCE 2011), 6-8 July2011, London, pp. 1-6.
[53]	N. L. Beebe and J. G. Clark, “Digital Forensic Text String Searching: Improving Information Retrieval Effectiveness by Thematically Clustering Search Results,” Journal of Digital Investigation, Vol. 4, 2007, pp. S49-S54. doi:10.1016/j.diin.2007.06.005
[54]	G. Peterson, S. Shenoi and N. Beebe, “Digital Forensic Research: The Good, the Bad and the Unaddressed,” Advances in Digital Forensics V, Vol. 306, 2009, pp. 17-36. doi:10.1007/978-3-642-04155-6
[55]	G. Gu, P. Fogla, D. Dagon, W. Lee and B. Skoric, “Towards an Information-theoretic Framework for Analyzing Intrusion Detection Systems,” Proceedings of the 11st European Symposium on Research in Computer Security (ESORICS’06), 18-20 September 2006, Hamburg, pp. 1-20.

Journals Menu

Follow SCIRP

	+1 323-425-8868
	customer@scirp.org
	+86 18163351462(WhatsApp)
	1655362766

	Paper Publishing WeChat

Journals Menu

Home

About SCIRP

Service

Policies