skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Visualizing and Reasoning about Presentable Digital Forensic Evidence with Knowledge Graphs
Making digital evidence presentable is hard due to its intangible and complex nature and the variety of targeted audiences. In this paper, we present Digital Forensic Knowledge Graph (DFKG) for visualizing and reasoning about digital forensic evidence. We first describe the criteria of presentable evidence to ensure the authenticity, integrity, validity, credibility, and relevance of evidence. Then we specify DFKG to capture presentable forensic evidence from three perspectives: (1) the background of a criminal case, (2) the reconstructed timeline, and (3) the verifiable digital evidence related to the criminal activity timeline. We also present a case study to illustrate the DFKG-based approach.  more » « less
Award ID(s):
2039288
PAR ID:
10404814
Author(s) / Creator(s):
Date Published:
Journal Name:
the 19th IEEE Conference on Privacy, Security and Trust (PST’22)
Page Range / eLocation ID:
1-10
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, WCSE)
    The increasing prevalence of Internet of Things (IoT) devices has introduced significant challenges in digital forensic investigations, requiring new strategies for effective evidence prioritization and analysis. Traditional forensic methods struggle with data heterogeneity, volatility, and legal constraints, making IoT evidence collection complex and time-sensitive. This paper presents a weighted prioritization model (WPM) that ranks IoT devices based on six forensic criteria, enabling investigators to focus on highpriority evidence first, reducing data loss and optimizing forensic workflows. Through case studies in arson, homicide, and missing person investigations, we demonstrate how WPM enhances investigative decisionmaking and resource allocation in real-world forensic scenarios. The proposed framework offers a structured, scalable, and adaptable approach to IoT forensic investigations, improving efficiency, reliability, and legal compliance in digital evidence collection. 
    more » « less
  2. ; (, Journal of the Royal Statistical Society Series A: Statistics in Society)
    Abstract The use of likelihood ratios for quantifying the strength of forensic evidence in criminal cases is gaining widespread acceptance in many forensic disciplines. Although some forensic scientists feel that subjective likelihood ratios are a reasonable way of expressing expert opinion regarding strength of evidence in criminal trials, legal requirements of reliability of expert evidence in the United Kingdom, United States and some other countries have encouraged researchers to develop likelihood ratio systems based on statistical modelling using relevant empirical data. Many such systems exhibit exceptional power to discriminate between the scenario presented by the prosecution and an alternate scenario implying the innocence of the defendant. However, such systems are not necessarily well calibrated. Consequently, verbal explanations to triers of fact, by forensic experts, of the meaning of the offered likelihood ratio may be misleading. In this article, we put forth a statistical approach for testing the calibration discrepancy of likelihood ratio systems using ground truth known empirical data. We provide point estimates as well as confidence intervals for the calibration discrepancy. Several examples, previously discussed in the literature, are used to illustrate our method. Results from a limited simulation study concerning the performance of the proposed approach are also provided. 
    more » « less
  3. (, the IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC'22))
    This paper presents a systematic approach to designing digital forensics instructional materials to address the severe shortage of active learning materials in the digital forensics community. The materials include real-world scenario-based case studies, hands-on problem-driven labs for each case study, and an integrated forensic investigation environment. In this paper, we first clarify some fundamental concepts related to digital forensics, such as digital forensic artifacts, artifact generators, and evidence. We then re-categorize knowledge units of digital forensics based on the artifact generators for measuring the coverage of learning outcomes and topics. Finally, we utilize a real-world cybercrime scenario to demonstrate how knowledge units, digital forensics topics, concepts, artifacts, and investigation tools can be infused into each lab through active learning. The repository of the instructional materials is publicly available on GitHub. It has gained nearly 600 stars and 22k views within several months. Index Terms 
    more » « less
  4. (, Journal of Health and Social Behavior)
    This article reveals how law and legal interests transform medicine. Drawing on qualitative interviews with medical professionals, this study shows how providers mobilize law and engage in investigatory work as they deliver care. Using the case of drug testing pregnant patients, I examine three mechanisms by which medico-legal hybridity occurs in clinical settings. The first mechanism, clinicalization, describes how forensic tools and methods are cast in clinical terminology, effectively cloaking their forensic intent. In the second, medical professionals informally rank the riskiness of illicit substances using both medical and criminal-legal assessments. The third mechanism describes how gender, race, and class inform forensic decision-making and criminal suspicion in maternal health. The findings show that by straddling both medical and legal domains, medicine conforms to the standards and norms of neither institution while also suspending meaningful rights for patients seeking care. 
    more » « less
  5. ; ; ; ; (, International Conference on Availability, Reliability and Security)
    null (Ed.)
    Distributed file systems present distinctive forensic challenges in comparison to traditional locally mounted file system volume. Storage device media can number in the thousands, and forensic investigations in this setting necessitate a tailored approach to data collection. The Hadoop Distributed File System (HFDS) produces and maintains partially persistent metadata that is pursuant with a logical volume, a file system, and file addresses on the centralized server. Hence, this research investigates the viability of using a residual central server digital artifact to generate a history model of the distributed file system. The history model affords an investigator a high-level perspective of low-level events to narrow investigative process obligations. The model is generated through set-theoretic relations of the file system essential data structure. Graph-theoretic ordering is applied to the events to provide a history model. The research contribution is a rapid reconstruction of the HDFS storage state transitions generating timelines for system events to forensically assess HDFS properties with conceptual similarity to traditional low-level file system forensic tool output. The results of this research provide a prototype tool, DFS3, for rapid and noninvasive data storage state timeline reconstruction in a big data distributed file system. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email