Digital Forensics (DF) encompasses the recovery and investigation of material found in digital devices. Generally, it is used to support or refute a hypothesis before courts identifying direct evidence of a crime, confirming alibis or statements, identifying sources (for example, in copyright cases), or authenticating documents. Besides that, DF techniques are also very widely used during internal corporate investigations or intrusion investigation. The ANFORA team has a large field experience in DF applied to solve court trials or inter-corporate disputes. Moreover, the team has carried out all of its research, with quantitative and qualitative results, in the field of Information Security and, more precisely, in fields such as privacy, anonymity, key management, cryptography, channel coding and fingerprinting. ANFORA is the ideal framework to extend this previous experience into the DF specific cases. We have identified 3 topics in which ANFORA will contribute to the innovation in DF: 1) The use of existing or modified fingerprinting and network coding techniques for NF. DF techniques are often used over storage devices, such as hard disks and SD cards, but they are increasingly used over network traffic in what is called Network Forensics (NF). The case of huge celebrity photo leaks from iCloud (Apple Cloud) in September 2014, still unsolved, makes evidence of the need of more powerful an efficient NF techniques. The ANFORA team believes that applying fingerprinting and network coding techniques to network DF will probably result in developing better, more-efficient and less-indiscriminate procedures. 2) The creation of new techniques and tools aimed at simplifying the forensic-investigator work flow. The target is to enhance current DF processes by improving or freshly implementing tools automatizing procedures, by innovating in the analysis of the DF data, e.g. with Big- Data techniques, and by implementing our own network-DF proposals. The large experience of the team in real use cases defines an unbeatable starting point for this goal. 3) The development of anti-forensic tools that allow preserving privacy of citizens, corporations and organizations. The application of NF techniques could be a double-edged sword. We can find several examples of massive, indiscriminate gathering of user-connection data, as well as massive infections with police-managed malware that literally spies on users. Aiming at finding a good balance between traceability and privacy, the goal is to implement: anonymization techniques that allow tracking real identities only after committing a crime, techniques to hide the traceability of resources, and mechanisms for providing plausible deniability. The need of innovation in DF has caused the interest in this project by several companies (corroborated by the signature of a letter of interest): Uría-Menendez, a lawyers office; Scytl, a company supporting electronic voting; and INCIDE, a digital forensics company.
Plan Estatal de Investigación Científica y Técnica y de Innovación 2013-2016
Programa Estatal de I+D+i Orientada a los Retos de la Sociedad
Retos de Investigación: Proyectos de I+D+i
Gobierno De España. Ministerio De Economía Y Competitividad, Mineco
Hernández-Serrano, Juan; Muñoz, J.; Leon, O.; Mikkelsen, L.; Schwefel, H.; Bröring, A. Global Internet of Things Summit p. 1-6 DOI: 10.1109/GIOTS.2018.8534534 Presentation's date: 2018-06 Presentation of work at congresses
Hernández-Serrano, Juan; Muñoz, J.; Bröring, A.; Esparza, O.; Mikkelsen, L.; Schwarzott, W.; Leon, O.; Zibuschka, J. International Workshop on Interoperability and Open-Source Solutions p. 107-122 DOI: 10.1007/978-3-319-56877-5_7 Presentation of work at congresses