No Arabic abstract
Due to the increasing connectivity of modern vehicles, collected data is no longer only stored in the vehicle itself but also transmitted to car manufacturers and vehicle assistant apps. This development opens up new possibilities for digital forensics in criminal investigations involving modern vehicles. This paper deals with the digital forensic analysis of vehicle assistant apps of eight car manufacturers. We reconstruct the drivers activities based on the data stored on the smartphones and in the manufacturers backend. For this purpose, data of the Android and iOS apps of the car manufacturers Audi, BMW, Ford, Mercedes, Opel, Seat, Tesla, and Volkswagen were extracted from the smartphone and examined using digital forensic methods in accordance with lawful government-approved forensics guidelines. Additionally, manufacturer data was retrieved using Subject Access Requests. Using the extensive data gathered, we successfully reconstruct trips and refueling processes, determine parking positions and duration, and track the locking and unlocking of the vehicle. These findings show that the digital forensic investigation of smartphone applications is a useful addition to vehicle forensics and should therefore be taken into account in the strategic preparation of future digital forensic investigations.
Metamodeling is used as a general technique for integrating and defining models from different domains. This technique can be used in diverse application domains, especially for purposes of standardization. Also, this process mainly has a focus on the identification of general concepts that exist in various problem domain and their relations and to solve complexity, interoperability, and heterogeneity aspects of different domains. Several diverse metamodeling development approaches have been proposed in the literature to develop metamodels. Each metamodeling development process has some advantages and disadvantages too. Therefore, the objective of this paper is to provide a comprehensive review of existing metamodeling development approaches and conduct a comparative study among them-eventually selecting the best approach for metamodel development in the perspective of digital forensics.
The introduction of Internet of Things (IoT) ecosystems into personal homes and businesses prompts the idea that such ecosystems contain residual data, which can be used as digital evidence in court proceedings. However, the forensic examination of IoT ecosystems introduces a number of investigative problems for the digital forensics community. One of these problems is the limited availability of practical processes and techniques to guide the preservation and analysis of residual data from these ecosystems. Focusing on a detailed case study of the iHealth Smart Scale ecosystem, we present an empirical demonstration of practical techniques to recover residual data from different evidence sources within a smart scale ecosystem. We also document the artifacts that can be recovered from a smart scale ecosystem, which could inform a digital (forensic) investigation. The findings in this research provides a foundation for future studies regarding the development of processes and techniques suitable for extracting and examining residual data from IoT ecosystems.
One of the main issues in digital forensics is the management of evidences. From the time of evidence collection until the time of their exploitation in a legal court, evidences may be accessed by multiple parties involved in the investigation that take temporary their ownership. This process, called Chain of Custody (CoC), must ensure that evidences are not altered during the investigation, despite multiple entities owned them, in order to be admissible in a legal court. Currently digital evidences CoC is managed entirely manually with entities involved in the chain required to fill in documents accompanying the evidence. In this paper, we propose a Blockchain-based Chain of Custody (B-CoC) to dematerialize the CoC process guaranteeing auditable integrity of the collected evidences and traceability of owners. We developed a prototype of B-CoC based on Ethereum and we evaluated its performance.
Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to a consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults $t$ under different network settings. However, if the number of faults $f$ exceeds $t$ then security could be violated. In this paper we mathematically formalize the study of forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible and in as a distributed manner as possible. Our main result is that forensic support of BFT protocols depends heavily on minor implementation details that do not affect the protocols security or complexity. Focusing on popular BFT protocols (PBFT, HotStuff, Algorand) we exactly characterize their forensic support, showing that there exist minor variants of each protocol for which the forensic supports vary widely. We show strong forensic support capability of LibraBFT, the consensus protocol of Diem cryptocurrency; our lightweight forensic module implemented on a Diem client is open-sourced and is under active consideration for deployment in Diem. Finally, we show that all secure BFT protocols designed for $2t+1$ replicas communicating over a synchronous network forensic support are inherently nonexistent; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).
The increasing prevalence of Internet of Things (IoT) devices has made it inevitable that their pertinence to digital forensic investigations will increase into the foreseeable future. These devices produced by various vendors often posses limited standard interfaces for communication, such as USB ports or WiFi/Bluetooth wireless interfaces. Meanwhile, with an increasing mainstream focus on the security and privacy of user data, built-in encryption is becoming commonplace in consumer-level computing devices, and IoT devices are no exception. Under these circumstances, a significant challenge is presented to digital forensic investigations where data from IoT devices needs to be analysed. This work explores the electromagnetic (EM) side-channel analysis literature for the purpose of assisting digital forensic investigations on IoT devices. EM side-channel analysis is a technique where unintentional electromagnetic emissions are used for eavesdropping on the operations and data handling of computing devices. The non-intrusive nature of EM side-channel approaches makes it a viable option to assist digital forensic investigations as these attacks require, and must result in, no modification to the target device. The literature on various EM side-channel analysis attack techniques are discussed - selected on the basis of their applicability in IoT device investigation scenarios. The insight gained from the background study is used to identify promising future applications of the technique for digital forensic analysis on IoT devices - potentially progressing a wide variety of currently hindered digital investigations.