IWODF 2024 - Paper accepted

17 September 2024

Our article on Scenario-based Data Set Generation for Use in Digital Forensics: A Case Study was accepted at IWODF 2024. This article presents a practical case study on automatic scenario-based data set generation using the ForTrace data synthesis framework. The paper will be presented at the 4th International Workshop on Digital Forensics (IWODF) 2024 as part of the INFORMATIK 2024 in Wiesbaden, Germany in September 2024.

Authors: Thomas Göbel and Harald Baier (Universität der Bundeswehr München), Dennis Wolf (Zentrale Stelle für Informationstechnik im Sicherheitsbereich (ZITiS))

Abstract:

Digital forensics is a rapidly growing and highly relevant field of cybersecurity. In case of an incident, the subsequent digital forensic investigation and analysis shall reveal the respective digital evidence. However, although electronic devices and their data play a central role in each crime investigation, data sets to train experts or to validate tools are sparse. While manual data set generation is a time-consuming, elaborate, and error-prone task, tool-based data synthesis is an excellent candidate for simplifying data generation and solving the data set gap problem. Synthetic data sets can be used, for example, to test and refine forensic tools and methods under controlled conditions. In addition, entirely new approaches can be explored.
Several promising data synthesis frameworks for digital forensic data set creation have been published lately, the most recent of which is ForTrace, a freely available, community-driven data synthesis framework written in Python for generating digital forensic data sets. This paper shows how to apply ForTrace in a large-scale manner without human interaction. Our main goal is to show the usability of ForTrace and demonstrate its practicality and benefits for the digital forensic domain. We therefore provide a sample usage of ForTrace in two scenarios, namely a VeraCrypt and a malware use case, and present the definition of the corresponding configurations.

Aktuelles

NordSec 2024 - Paper accepted

We will present our work on Do-it-yourself drones in Karlstad (Sweden) at the NordSec 2024.

ForTrace Workshop @ DFRWS APAC 2024

We are offering a workshop at DFRWS APAC 2024 on our data synthesis framework ForTrace.

IMF 2024 - Two papers accepted

Our two papers on "Data Synthesis is Going Mobile – On Community-driven Dataset Generation for Android Devices" and "Causal Inconsistencies are Normal in Windows Memory Dumps (too)" were accepted for presentation at the IMF 2024.

Vortrag des Forschungsinstituts CODE auf der 31. DFN-CERT Konferenz in Hamburg

Als externer Doktorand stellte Michael Mundt die Arbeit "Gib dem Dino Futter – adaptive Detektion von Bedrohungen in KRITIS-Netzwerken mittels Open-Source-Forensik" auf der 31. DFN-CERT Konferenz am 30./31. Januar vor.

ForTrace Workshop @ DFRWS EU 2024

We will present our research on the ForTrace data synthesis framework for digital forensics at the DFRWS EU 2024.

DFRWS EU 2024 - Two papers accepted

Our two papers on "Hypervisor-based Data Synthesis: On its Potential to Tackle the Curse of Client-side Agent Remnants in Forensic Image Generation" and "Ubi est indicium? On Forensic Analysis of the UBI File System" were accepted for presentation at the DFRWS EU 2024.