skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: On Exploring the Sub-domain of Artificial Intelligence (AI) Model Forensics
AI Forensics is a novel research field that aims at providing techniques, mechanisms, processes, and protocols for an AI failure investigation. In this paper, we pave the way towards further exploring a sub-domain of AI forensics, namely AI model forensics, and introduce AI model ballistics as a subfield inspired by forensic ballistics. AI model forensics studies the forensic investigation process, including where available evidence can be collected, as it applies to AI models and systems. We elaborate on the background and nature of AI model development and deployment, and highlight the fact that these models can be replaced, trojanized, gradually poisoned, or fooled by adversarial input. The relationships and the dependencies of our newly proposed subdomain draws from past literature in software, cloud, and network forensics. Additionally, we share a use-case mini-study to explore the peculiarities of AI model forensics in an appropriate context. Blockchain is discussed as a possible solution for maintaining audit trails. Finally, the challenges of AI model forensics are discussed.  more » « less
Award ID(s):
1921813
PAR ID:
10430160
Author(s) / Creator(s):
; ; ;
Editor(s):
Gladyshev, P.; Goel, S.; James, J.; Markowsky, G.; Johnson, D.
Date Published:
Journal Name:
Digital Forensics and Cyber Crime. ICDF2C 2021
Volume:
441
Page Range / eLocation ID:
35-51
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. (, the IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC'22))
    This paper presents a systematic approach to designing digital forensics instructional materials to address the severe shortage of active learning materials in the digital forensics community. The materials include real-world scenario-based case studies, hands-on problem-driven labs for each case study, and an integrated forensic investigation environment. In this paper, we first clarify some fundamental concepts related to digital forensics, such as digital forensic artifacts, artifact generators, and evidence. We then re-categorize knowledge units of digital forensics based on the artifact generators for measuring the coverage of learning outcomes and topics. Finally, we utilize a real-world cybercrime scenario to demonstrate how knowledge units, digital forensics topics, concepts, artifacts, and investigation tools can be infused into each lab through active learning. The repository of the instructional materials is publicly available on GitHub. It has gained nearly 600 stars and 22k views within several months. Index Terms 
    more » « less
  2. ; (, ICC 2021 - IEEE International Conference on Communications)
    null (Ed.)
    Autonomous vehicles (AVs) rely on on-board sensors and computation capabilities to drive on the road with limited or no human intervention. However, autonomous driving decisions can go wrong for numerous reasons, leading to accidents on the road. The AVs lack a proper forensics investigation framework, which is essential for various reasons such as resolving insurance disputes, investigating attacks, compliance with autonomous driving safety guidelines, etc. To design robust and safe AVs, identifying the actual reason behind any incident involving the AV is crucial. Hence, it is essential to collect meaningful logs from different autonomous driving modules and store them in a secure and tamper-proof way. In this paper, we propose AVGuard, a forensic investigation framework that collects and stores the autonomous driving logs. The framework can generate and verify proofs to ensure the integrity of collected logs while preventing collusion attacks among multiple dishonest parties. The stored logs can be used later by investigators to identify the exact incident. Our proof-of-concept implementation shows that the framework can be integrated with autonomous driving modules efficiently without any significant overheads. 
    more » « less
  3. ; ; ; (, 17th International Conference on Information Warfare and Security)
    Memory Forensics is one of the most important emerging areas in computer forensics. In memory forensics, analysis of userland memory is a technique that analyses per-process runtime data structures and extracts significant evidence for application-specific investigations. In this research, our focus is to examine the critical challenges faced by process memory acquisition that can impact object and data recovery. Particularly, this research work seeks to address the issues of consistency and reliability in userland memory forensics on Android. In real-world investigations, memory acquisition tools record the information when the device is running. In such scenarios, each application’s memory content may be in flux due to updates that are in progress, garbage collection activities, changes in process states, etc. In this paper we focus on various runtime activities such as garbage collection and process states and the impact they have on object recovery in userland memory forensics. The outcome of the research objective is to assess the reliability of Android userland memory forensic tools by providing new research directions for efficiently developing a metric study to measure the reliability. We evaluated our research objective by analysing memory dumps acquired from 30 apps in different Process Acquisition Modes. The Process Acquisition Mode (PAM) is the memory dump of a process that is extracted while external runtime factors are triggered. Our research identified an inconsistency in the number of objects recovered from analysing the process memory dumps with runtime factors included. Particularly, the evaluation results revealed differences in the count of objects recovered in different acquisition modes. We utilized Euclidean distance and covariance as the metrics for our study. These two metrics enabled the authors to identify how the change in the number of recovered objects in PAM impact forensic analysis. Our conclusion revealed that runtime factors could on average result in about 20% data loss, thus revealing these factors can have an obvious impact on object recovery. 
    more » « less
  4. ; ; (, Frontiers in ecology and evolution)
    null (Ed.)
    Death is a universal phenomenon and what happens after life has led to extensive forensic ecology research. Consequently, we now know that the shell of the once living provides fertile ground for other life forms, spanning prokaryotic microbes to large, vertebrate scavengers. This ephemeral patch of newly available resources also provides rich sources of evidence that can be used in death investigation. In recent years there have been substantial advances in technology that have facilitated the research and application of human remains decomposition in ways that harness theory and basic understanding of the ecological and evolutionary sciences (Tomberlin et al., 2011). To that end, this special issue covers the most recent perspectives and research that explores the complex ways that the once living can provide important information to the forensic sciences, in ways that can ultimately be applied to the judicial system and its processes. It is within this context of linking basic research in death and decomposition to applications of forensics that the special topic was born. 
    more » « less
  5. ; (, The 2024 ADMI Symposium.)
    In recent years, the number of Internet of Things (IoT) devices has expanded fast, transforming various industries such as healthcare, manufacturing, and transportation, and delivering benefits to both individuals and industries. However, the increased use of IoT devices has exposed IoT ecosystems to a slew of security risks and digital forensic issues. This thesis investigates the most common IoT security dangers and attacks, as well as students' understanding of them and mitigation techniques, as well as the key issues involved with IoT forensic investigations. In this thesis, a mixed-method approach is used, combining a literature review and a survey investigation. The poll measures students' understanding of IoT security threats, mitigation approaches, and perceptions of the most effective ways to improve IoT security. In addition, the survey underlines the importance of user training and awareness in minimizing IoT dangers, highlighting the most effective strategies, such as stronger regulations and increased device security by manufacturers. The literature review provides a complete overview of the most popular IoT security risks and attacks, including malware, malicious code injection, replay attacks, Man in the Middle (MITM), botnets, and Distributed Denial of Service (DDoS). This paper also emphasizes the definition and process of digital and IoT forensics, the significance of IoT forensics, and various data sources in IoT ecosystems. The key issues of IoT forensics and how they affect the efficiency of digital investigations in the IoT ecosystem are thoroughly investigated. Overall, the findings of this study contribute to ongoing research to improve IoT device security, emphasize the necessity of greater awareness and user training, and address the issues of IoT forensic investigations. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email