Challenges with Digital Forensics

IT: Future of digital forensics

Introduction

The IT industry is constantly evolving, and as a result, many people are becoming victims of malware, corporate spearfishing and whaling exploits, mobile devices, and the theft of confidential private data. The collection, storage, study, and presentation of evidence from digital media are all part of the digital forensics process. With the emergence of issues in the world of forensic investigations, more interesting problems for both victims and investigators are on the horizon. Computers are increasingly becoming embedded within larger systems as they become smaller, faster, and cheaper, allowing information to be produced, stored, interpreted, analysed, and communicated in unexpected ways. We used to collect digital evidence from monolithic, stand-alone mainframes, but now we have PCs, supercomputers, distributed client-server networks, laptops and mobile phones, as well as LANs and WANs to send data around the world, which can be used to gather digital evidence.

Evidence stored on a computer is not special in terms of relevance and materiality, but it should be limited by changing legal requirements and restrictions to protect privacy concerns because it can be easily duplicated and updated, often without leaving any traces, and is readily accessible to a wrongdoer using another computer half a world away. In general, privacy refers to whether or not information can be accessed.

The forensics practitioners must follow the code of ethics in order to protect the client's privacy. Depending on the seriousness of the issue and the need for a result, the client's privacy could need to be violated in the course of a thorough investigation. However, it is likely that the victim agency would lose faith in the forensics team. Furthermore, there are organizations where even a minor leak of information will result in massive media coverage, jeopardizing the organization's image and, ultimately, its business.

In such cases, privacy rights and the need for law enforcement to scan and seize digital evidence during digital forensics are inextricably linked. It's also likely that the forensics specialist does not share the details with any third parties and only uses the client's confidential information, which is also a breach of the client's right to privacy.

As a result, it is the policymaker's duty to understand the effect of forensics in the light of wider business priorities and make the tough choices that trade off forensics capabilities with privacy considerations and, as a result, morale. Selective revelation, strong audit, and rule processing tools are key techniques for digital forensics in order to protect privacy. The dilemmas in the current situation are: How to track digital forensics while keeping search details private? How do we prevent private information from being leaked in the name of forensics?

Digital Forensic Investigation

Forensic Investigation (F.I.) is a procedure in a computer system for determining the evidence and facts to be presented in court. It may involve a variety of different device layers. The different network architectures will necessitate different F.I approaches and levels of complexity. When it comes to the problem of decentralized authority, the F.I. of cloud computing systems is more complicated. Cloud computing providers vary by region and location, and some of them can encrypt data before delivering it to the public network. The use of peer-to-peer apps can make F.I recovery more difficult.

Since it can scan and copy files from or to any node/computer, it becomes a factor in exposing company confidential information to any attack. The analyst must specify the configuration parameters for peer-to-peer (P2P) F.I., such as the password, username, log time, installation time, and so on. They also recommend using the LANGuard program to keep an eye on P2P traffic on the network. The more sophisticated cell phones become, the more vulnerable they become to attack. Smartphone users are increasingly engaging in personal private practices such as online banking and e-commerce. Obtaining and spreading confidential information, fraud, theft, money laundering, copyright infringement, and indecent image are all examples of mobile device misuse. By using bit-to-bit copy, the author emphasizes the digital acquisition approach on the Subscriber Identity Module (SIM), memory card, and flash memory. The source, on the other hand, discusses copying acquisition while using the hash verification technique. When the device is being investigated during the F.I. phase, it is important to protect the privacy of honest users.

In a cloud computing system, there is a chance of substantial data exposure to security threats and privacy violations. Furthermore, the audit trail process can be used to track down user behaviour. The forensic analyst must treat the information with caution, otherwise it could end up in the wrong hands. To keep data private and confidential, it can be encrypted using software or hardware. The implementation of encrypted disks was prompted by the need to secure users' personal data and information. Nowadays, the mechanism and methodology for preventing attacks are given more thought. A critical mechanism within an organization's network is the control and simulation of network operations.

Nonetheless, even with the bare minimum of knowledge, computer systems are vulnerable to attack. When using encrypted traffic, it affects the privacy of users who feel they are safely secured. The area of modern forensics must evolve in parallel with cloud computing and the Internet of Things. Modern forensics techniques are divided into three categories: stored data and filesystem analysis, network forensics, and reverse engineering, which entails looking at malware samples, traces, network traffic, and log files.

Digital forensics Challenges

• High speed and volumes

For at least a decade, problems with collecting, storing, and processing vast volumes of data for forensic purposes have existed, and are now being compounded by the widespread availability and marketing of digital information.

The availability of gigabit class connections and multimedia-rich content has resulted in a huge increase in the amount of data that should be collected and processed in order to gather clues or detect crimes. This is especially important in live network analysis, since the investigator might not be able to collect and store all of the required traffic.

• Complexity

Evidence is no longer limited to a single host, but is instead dispersed across a variety of physical and virtual locations, including online social networks, cloud services, and personal network–attached storage devices. As a result, more skills, tools, and time are needed to recreate evidence completely and correctly. The digital investigation group has slammed partially automating certain activities, claiming that it could easily degrade the investigation's efficiency.

• Establishment of quality

Despite technical advancements, files remain the most commonly stored, classified, and analysed digital objects. As a result, the scientific community has attempted, but failed, to settle on common formats, schemas, and ontologies.

They go on to say that investigating cutting-edge cybercrime can necessitate collaborative data processing or the use of outsourced storage and computation. As a result, the creation of proper standard formats and abstractions would be a critical move for the digital forensics community.

• Investigations that protect people's privacy

People nowadays put many facets of their lives into cyberspace, mainly through online social networks or social media pages. Unfortunately, gathering information to recreate and locate an attack will jeopardize users' privacy and is related to other issues while using cloud storage.

• Legitimacy

Modern infrastructures are becoming more complex and virtualized, with certain functions assigned to third parties or complexity changing at the boundary (as in fog computing) (such as in platform-as-a-service frameworks).

As a result, conducting investigations lawfully, for example, without breaking laws in borderless scenarios, would be a major challenge for modern digital forensics.

• Rising forensic techniques

Encryption, obfuscation, and cloaking tactics, as well as information hiding, are examples of defensive steps. Digital forensics is fundamental to investigations performed in a reality that’s often tightly coupled with its cyberextension. Modern digital societies are subject to cybercriminal activities and fraud leading to economic losses or hazards for individuals. Therefore, the new wave of forensics tools should be engineered to support heterogeneous investigations, preserve privacy, and offer scalability

Cloud Technologies

Since the launch of the Amazon Mechanical Turk in 2002, cloud technology has come a long way. Since then, the cloud has developed into a more cost-effective (both in terms of equipment and operational costs) and flexible way for companies to store data and handle different applications that they may need as part of their operations. This technology is a fantastic tool for companies, but it comes with some drawbacks. One such difficulty is that data can be processed in a number of places, even in a completely different country. Another problem with the cloud is that it is accessible from any place. The Netherlands Forensics Institute established Digital Forensics as a Service in 2010 to address the extreme backlog that investigators face while performing cloud forensics investigations (DFaaS).

The encryption of data in the cloud has its own set of difficulties. In order to decrypt the data and perform a forensic investigation, a digital forensics investigator will need the assistance of the data owner or, if the Service Level Agreement permitted it, the Cloud Service Provider. An investigator will need to either brute force the encryption on the files or find out if there is a decryption method for the files if a malicious party encrypted files in the cloud as part of the crime they committed. If the perpetrator was apprehended and willing to cooperate, this would be a little simpler. The use of "...Policy based or Role based access controls that can be specified in a language like Extensible Access Control Markup Language (XACML) that regulates context-based access rules in the policy compliance point of the data" is one suggested solution (2011).

Mobile Apps

We know from previous testing that directly extracting data from an iOS computer often yields more data than an iCloud backup. Even if the password had not been changed and Apple had allowed auto backup and uploaded it to the cloud, there could be information on the phone that would be inaccessible without Apple's help, as required by the All-Writs Act Order, since the iCloud backup does not contain everything on an iPhone. The Remote data wiping is another problem with mobile devices. This is a security feature built into most smart phones that allows a user to send a text or log into a website, then remotely delete all personal data from the phone, essentially restoring it to its factory state. Another potential problem with smart phones is that there are just too many of them on the market.

Mobile device forensics is an ever-changing world, and innovative forensics techniques must be built to meet new demands as technology advances. There could be no mobile phones in the future, and these devices will instead be a part of what is affectionately known as "wearable technology," which involves contact lenses that serve as the phone screen and a chip inserted into one's wrist that houses all of the phone's hardware and storage. The only way to get in will be through a wireless link. All of these significant developments are well beyond the capabilities of existing digital forensics resources. However, innovation breeds more innovation.

Artificial Intelligence

As much as our morning cup of coffee, robots are a part of our daily lives. A forensic examination is needed when a robot goes awry and causes damage or even harms a person. An investigator must detach the robot, photograph its code, and carry the code to the lab for analysis.

Artificial intelligence (AI) has recently gotten a lot of press. Artificial intelligence, unlike robots, is designed to make decisions based on the world in which it works. These decisions can range from a smart refrigerator replenishing the ice in a freezer to a driverless car swerving to avoid a car but then killing an entire family by driving another car off the road. In that extreme situation, which is becoming increasingly likely with the introduction of self-driving and other autonomous vehicles such as the Tesla. A semi-truck with a white trailer turned left across the lane where a man was driving his Tesla using the Autopilot feature in May of 2016. The Tesla collided with the truck because neither the driver nor the Autopilot system applied the brakes, killing the driver instantly. The National Highway Traffic Safety Administration (NHTSA) conducted an investigation and concluded that “...despite the fact that Autopilot did not avoid the crash, the device worked as it was planned and intended, and therefore did not have a defect.”

It's probable that this investigation included some form of digital forensics component, in which the NHTSA checked the code that would have been relevant in that particular case, working with Tesla software coders as experts. It's quite possible that this investigation proceeded in the same way that any other piece of software would. The distinction here will be that of law. Is the car responsible for the driver's death because the car's Autopilot software did not make the decision to apply the brakes, or is there no case because the car was not configured to make the type of decision needed for this particular circumstance? As previously reported, the NHTSA ruled that the Autopilot system was functioning properly at the time of the accident, and that the driver was to blame for the accident due to his inattention to his surroundings, for which he unfortunately paid the ultimate price.

Conclusion

Technology has advanced by leaps and bounds in the last ten years, and it will continue to develop exponentially beyond our wildest expectations as time goes on. Digital forensics will still have a place in this world, whether it's an email containing a virus that infects an unsuspecting user's device, or artificial intelligence that can almost imitate human thoughts and actions to the point of harming anyone. To address the forensics problems that technology will cause us to face in the future, we will need imaginative minds brimming with creative solutions. It is up to the new generation to assist them in paving the way.