skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Towards Designing Shared Digital Forensics Instructional Materials
This paper presents a systematic approach to designing digital forensics instructional materials to address the severe shortage of active learning materials in the digital forensics community. The materials include real-world scenario-based case studies, hands-on problem-driven labs for each case study, and an integrated forensic investigation environment. In this paper, we first clarify some fundamental concepts related to digital forensics, such as digital forensic artifacts, artifact generators, and evidence. We then re-categorize knowledge units of digital forensics based on the artifact generators for measuring the coverage of learning outcomes and topics. Finally, we utilize a real-world cybercrime scenario to demonstrate how knowledge units, digital forensics topics, concepts, artifacts, and investigation tools can be infused into each lab through active learning. The repository of the instructional materials is publicly available on GitHub. It has gained nearly 600 stars and 22k views within several months. Index Terms  more » « less
Award ID(s):
2039288
PAR ID:
10404816
Author(s) / Creator(s):
Date Published:
Journal Name:
the IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC'22)
Page Range / eLocation ID:
117-122
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, Digital Forensics and Cyber Crime. ICDF2C 2021)
    Gladyshev, P.; Goel, S.; James, J.; Markowsky, G.; Johnson, D. (Ed.)
    AI Forensics is a novel research field that aims at providing techniques, mechanisms, processes, and protocols for an AI failure investigation. In this paper, we pave the way towards further exploring a sub-domain of AI forensics, namely AI model forensics, and introduce AI model ballistics as a subfield inspired by forensic ballistics. AI model forensics studies the forensic investigation process, including where available evidence can be collected, as it applies to AI models and systems. We elaborate on the background and nature of AI model development and deployment, and highlight the fact that these models can be replaced, trojanized, gradually poisoned, or fooled by adversarial input. The relationships and the dependencies of our newly proposed subdomain draws from past literature in software, cloud, and network forensics. Additionally, we share a use-case mini-study to explore the peculiarities of AI model forensics in an appropriate context. Blockchain is discussed as a possible solution for maintaining audit trails. Finally, the challenges of AI model forensics are discussed. 
    more » « less
  2. ; ; (, National Cyber Summit)
    As our lives become more dependent on digital technology, cyber crime is increasing in our society. There is now an ever-increasing need to counter cyber crime through digital forensics investigations. With rapid developments in technology such as cloud computing, the Internet of Things, and mobile computing, it is vital to ensure proper training of law enforcement personnel and judges in the theory and practice of digital forensics. In this paper, we describe our methods and approach to create curricula, educational materials, and courses for training law en- forcement and judicial personnel in digital forensics. We partnered with legal experts to design a series of modules/courses on digital forensics to educate the actual target demographics. Training materials have been designed to be not only scalable to nationwide law enforcement and ju- dicial professionals, but also amenable to regular updates to respond to rapidly changing attacks and forensic techniques. 
    more » « less
  3. ; ; ; ; (, DFRWS 2019)
    The majority of sensitive and personal user data is stored in different Database Management Systems (DBMS). For example, Oracle is frequently used to store corporate data, MySQL serves as the back-end storage for most webstores, and SQLite stores personal data such as SMS messages on a phone or browser bookmarks. Each DBMS manages its own storage (within the operating system), thus databases require their own set of forensic tools. While database carving solutions have been built by multiple research groups, forensic investigators today still lack the tools necessary to analyze DBMS forensic artifacts. The unique nature of database storage and the resulting forensic artifacts require established standards for artifact storage and viewing mechanisms in order for such advanced analysis tools to be developed. In this paper, we present 1) a standard storage format, Database Forensic File Format (DB3F), for database forensic tools output that follows the guidelines established by other (file system) forensic tools, and 2) a view and search toolkit, Database Forensic Toolkit (DF-Toolkit), that enables the analysis of data stored in our database forensic format. Using our prototype implementation, we demonstrate that our toolkit follows the state-of-the-art design used by current forensic tools and offers easy-to-interpret database artifact search capabilities. 
    more » « less
  4. ; ; (, WCSE)
    The increasing prevalence of Internet of Things (IoT) devices has introduced significant challenges in digital forensic investigations, requiring new strategies for effective evidence prioritization and analysis. Traditional forensic methods struggle with data heterogeneity, volatility, and legal constraints, making IoT evidence collection complex and time-sensitive. This paper presents a weighted prioritization model (WPM) that ranks IoT devices based on six forensic criteria, enabling investigators to focus on highpriority evidence first, reducing data loss and optimizing forensic workflows. Through case studies in arson, homicide, and missing person investigations, we demonstrate how WPM enhances investigative decisionmaking and resource allocation in real-world forensic scenarios. The proposed framework offers a structured, scalable, and adaptable approach to IoT forensic investigations, improving efficiency, reliability, and legal compliance in digital evidence collection. 
    more » « less
  5. ; (, Proceedings of the Fifth Asia Pacific Society for Computers in Education International Conference on Computational Thinking and STEM Education,)
    The focus of this paper is to investigate how elementary students learned computer science concepts through storytelling in Scratch. To serve this purpose, we conducted artifact interviews with 4th graders who were engaged with a computer science (CS) integrated module in their English language arts (ELA) class. Students created stories in Scratch with a focus on character traits. The constructionist design of the Scratch tool supports student learning through tinkering, the creation of meaningful artifacts, and through the theatrical metaphor that underlies interface design. This paper explores how two 4th graders demonstrated their CS/CT and ELA knowledge through the design of a Scratch artifact and how Scratch facilitated this interdisciplinary learning. While there have been studies in middle school and in after-school contexts that focus on digital storytelling and writing, there are few papers that examine interdisciplinary integration in the formal school context at the elementary level. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email