DFRWS EU 2022 - Paper accepted
23 Dezember 2021
The article ForTrace - A Holistic Forensic Data Set Synthesis Framework was accepted at DFRWS. The article presents our data synthesis framework in the field of digital forensics and contains essential results of the master thesis of our student Stephan Maltan from the Universität der Bundeswehr München. The paper will be presented at the Digital Forensic Research Workshop (DFRWS) EU 2022 as a hybrid event in Oxford in March 2022.
Authors: Thomas Göbel, Stephan Maltan, Jan Türr, Harald Baier, Florian Mann
Abstract:
Digital forensic experts are confronted with a wide variety of investigation objectives, e.g., to deal with an infected ITsystem. The same holds for digital forensic tools. Mostly different sources of digital traces have to be inspected includingpersistent storage devices (e.g., SSDs, SD cards, USB drives), volatile main memory snapshots, and network captures,respectively. In order to train experts and tools and keep them up-to-date, a capacious amount of realistic, timelytraining data is necessary. However, due to different reasons like privacy, secrecy, or intellectual property rights there isa large gap in digital forensic training data. In recent years different synthesis frameworks to generate realistic digitalforensic data sets have been proposed. However, none of these frameworks provides aholisticapproach to generaterealistic digital forensic relevant traces of different sources. In this paper we introduceForTrace, a holistic frameworkfor the simultaneous generation of persistent, volatile and network traces. Our approach is based on the data synthesisframeworkhystck. We explain our extension ofhystckby defining properties of a holistic data set synthesis frameworkand by discussing different forensically relevant scenarios and their implementation inForTrace. We then successfully evaluate ForTrace with respect to diverse realistic and complex scenarios. ForTrace is open source and may be adapted or extended with respect to individual needs.