Loading
IA-REDI | Information Assurance - Research, Education, and Development Institute

Research | Digital and Network Forensics

Research


Forensics is the science of collecting analyzing and reporting of evidence left behind after an incident or crime. Digital Forensics looks at evidence left behind when someone uses a digital device such as a computer or cell phone. Network Forensics looks at evidence from attacks or incidents, using a computer network. The Digital and Network Forensics groups are active in both Digital and Network Forensics.



Student Research

COMPARING THE EFFECTIVENESS OF ANDROID DEVICE FORENSIC SOFTWARE

By: Brandon Walston,
Norfolk State University, 2014
Advisor:Dr. Jonathan Graham

Mobile devices are one of the most used technologies today and are gaining popularity with each new release which offers more functions and better networks. With new advancements brings a level of threats associated with users and their mobile devices. Android is a rather new Linux based operating system that was bought by Google in 2005 and the first version was released in 2007 [1]. In addition, android devices store a lot of data that can be stored locally or remotely, which allows the data to be acquired. This data can be used for criminal investigations, corporate investigations, or e-discovery. There are multiple android device forensic tools available that can extract data from android devices, I will be comparing the effectiveness of six tools to determine which tools can extract the most forensic artifacts from the device. The goal of this project is to evaluate and compare the effectiveness of android forensic tools. This project will focus on how the tools extract data from android devices. Also, the project will show the effectiveness of each tool by comparing how much data they extract from the device compared to the data present on the device. Six different tools will be tested on one device to see how much data they can extract from the device.




AUTOMATING FINDING TRACES LEFT BEHIND AFTER A NETWORK ATTACK

By: Sandi Samuel,
Norfolk State University, 2014
Advisor:Dr. Jonathan M. Graham, Dr. Aurelia Williams

There is always evidence left behind after an attack. The problem is, "where should one look for this evidence?". There are numerous locations where the evidence could be hiding and unless one is experienced,, a lot of time can be wasted trying to locate this evidence. The ultimate goal of this research is to develop a mobile application which will guide an analyst through the steps needed to locate the evidence.




DIGITAL FORENSICS CASE STUDIES

By: Dr. John Ellis JR., and Ahmad Muhammad
Norfolk State University, 2014
Advisor:Dr. Jonathan Graham

A useful exercise for digital forensics students is to have students solve a simulated criminal case where clues are placed on digital devices. The clues are collected in an image and students are required to re-create the incident. There are very few digital forensic case studies available and we intend to address this shortage.




A Digital First Responders Application

By Justin Hobbs
Norfolk State University, 2014
Advisor: Dr. Jonathan M. Graham, Dr. Cheryl Hinds, Dr. Aurelia Williams

This project creates an application to assist First Responders on the proper procedures when they arrive at the scene of the incident. The application will be Android based therefore it can be run on many mobile device and will entail the base steps to investigating a crime scene which are to Secure and Evaluate the Scene, Document the Scene, Collection and Preservation of Evidence, as well as Package and Transport Evidence. Sub-steps for each main step have been incorporated into the application to give First Responders a set of detailed steps to follow while at the crime scene. This Graphical User Interface (GUI) based application will provide step-by-step instructions for the First Responder. The mobile application can run on any device that uses the Android platform. The versatility of the application makes it accessible at the crime scene. First Responders will be more effective at the crime scene while using this application because it can be used as a tool to refresh First Responders of crime investigation steps.
This application will be beneficial for law enforcement, national laboratories, and any other companies that participate in cyber-crime investigations. Digital forensic investigators can benefit from this application because inexperienced users can use the application to save steps during their crime scene investigation. First Responders have the ability to gather evidence to solve computer forensics cases easier. This tool can be used for training exercises for aspiring digital forensic investigators. In addition, academia can benefit by utilizing this tool as part of a lab module. National Laboratories can use the information gathered using the First Responders application to handle data mining and obtain more thorough data.




DANDROID FORENSICS: FORENSIC ANALYSIS OF AN ANDROID DEVICE.

By: Toya D. Rich
Norfolk State University, 2014
Advisor:Dr. Aurelia T. Williams

With the increasing growth of smart phones, the possibility of criminal activity will only begin to increase. A criminal can use a smartphone for fraudulent activity via email, text messaging and over the Internet. A smartphone has an ample amount of data stored on the physical device; this makes smart phones extremely useful to forensic analysts throughout the course of a digital investigation. In this project, a self-paced Hands-on Forensic Lab was developed to introduce different techniques to analyze an Android smartphone. The motivation for this project stems from the professional demand in computer forensics and to introduce and attract students into the emerging computer science field.




Steganography

By: Brandon Walston

The contribution of this research is to discover some of the many steganography tools and compare how they work. Also, have the ability to determine the most and least effective tool by using steganalysis. By finding the most effective tool it can make people aware of which tool to choose for their steganography needs.




Steganalysis

By: Latoya Rutherford
Norfolk State University
Advisor: Dr. Jonathan Graham

We will utilize common steganalysis tools used to detect information that was hidden using steganography software, and classify these tools and ultimately determine which tool proves to be most effective.
We will also propose the design of a new and more effective tool based on our analysis. This project will inform practitioners on the best tool to select and its existing limitations.




Expert System Technologies for Criminal Justice Applications

By: LaToya Rich Norfolk State University
Advisor: Dr. Jonathan Graham

To improve criminal justice policy and practice in the Unites States. National Institute of Justice Research seeks proposals for research and technology development or evaluation of expert systems technologies on hand-held computing devices that emulate expert criminal justice practitioners' cognitive processes to inform the actions of non-expert practitioners and enhance their performance.






AN ANALYSIS OF OPEN-SOURCE VERSUS COMMERCIAL SOFTWARE FORENSIC TOOLS USED IN DIGITAL FORENSIC INVESTIGATIONS

By: Latoya Nicole Rutherford
Norfolk State University, 2012
Advisor: Dr. Jonathan Graham

Digital forensics, typically in relation to a computer crime investigation, is the collection, preservation, acquisition, analysis, and presentation of digital evidence. During a forensic investigation, an investigator or examiner use open-source and commercial forensic tools to perform the following tasks: gather the devices suspected in the crime, protect the integrity of the data on the devices using write blockers, capture a forensic image of the device, look for evidence within the image, and finally produce a report of their findings. To complete these tasks, investigators and examiners utilize open-source forensic tools. Our research problem focuses on whether or not open-source forensic tools are a viable alternative to the commercial forensic tools currently being used in digital forensic investigations. We believe government agencies, law enforcement and universities that offer digital forensic courses, can save thousands of dollars by using freely available open-source forensic tools. However because of the barriers that can be met using open-source forensic tools, such as losing billions of dollars in high profile cases due to inadmissibility of evidence, they choose commercial software forensic tools for assurance purposes. We compared open-source and commercial forensic tools based on performance metrics that reflect common actions taken by investigators and examiners during acquisition, analyzing and reporting stages in digital forensic investigations. The results from our detailed comparative analysis indicate that the open-source and commercial forensic tools used in this research were consistent with small variances in the amount of data extracted from the images. The comparative analysis charts indicate that open-source software forensic tools closely and comprehensively provide the same results as commercial software forensic tools. The comparative analysis charts also prove that using open-source forensic is a viable alternative to commercial forensic tools.






Resources


The Digital and Network Forensic Research Lab is currently operational with seven PC's. The current software operational in the lab are Encase, FTK 3.0, Live Forensics, Steganalyzer, ProDiscover, Invisible secrets, Helix, Autopsy, SleuthKit, WinHex, Paraben, Celldek Logicube, and a host of password recovery tools. It also includes a Virtual Machine of Library Labs. The lab also includes virtual desktops (Windows 7, Windows XP, Ubuntu Linux, Windows 2008 Server).