Download PDFOpen PDF in browser

Computer Aided Diagnostics of Digital Evidence Tampering (CADDET)

EasyChair Preprint no. 1203

11 pagesDate: June 16, 2019

Abstract

The tampering of the digital crime scene has become more common. When tampering behaviour is successful, it does not leave a trace of either the incriminating evidence or the act of tampering and the digital evidence that digital investigators seek will be absent. The research into the automatic detection of digital evidence tampering has been ongoing for over one decade. Many approaches had been proposed, but the practical tools for automatic detection of evidence tampering are still missing. Automatic analysis is hard due to the complexity of real-world computers and differences between software installed on different computers. A similar problem exists in medical imaging. Despite the common grand design, every human is unique and complex, and it is hard to come up with the exact rules for detecting lesions in medical images. Visualization for forensic analysis of the data stored on a specific device has received much less attention, while the use of visualization for detection of digital evidence tampering is virtually unexplored.

This paper proposes, for the first time, a semi-automated approach based on visualization of relevant data properties, helping human investigators to detect digital evidence tampering and anomaly. This is analogous to computer-aided processing of medical X-Ray images that enhance the visibility of lesions facilitating easier detection by a doctor. The aim of this paper is to identify data tampered features on the digital devices, then find suitable visualization to display identified data tampered features for investigators. One of the outstanding features of the approach proposed in this paper for detecting digital evidence tampering is its malleability. It can easily apply to any specific or whole part of data in the digital devices, visualize, and reveal offender concealment behaviour in relation to the detection of evidence tampering.

Keyphrases: anti-forensics, Cybercrime, Digital Evidence Tampering, Digital Forensics, visualization

BibTeX entry
BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:
@Booklet{EasyChair:1203,
  author = {Babak Habibnia and Pavel Gladyshev},
  title = {Computer Aided Diagnostics of Digital Evidence Tampering (CADDET)},
  howpublished = {EasyChair Preprint no. 1203},

  year = {EasyChair, 2019}}
Download PDFOpen PDF in browser