SaTC: EDU: Expanding Digital Forensics Education with Artifact Curation and Scalable, Accessible Artifact Exercises

SaTC：EDU：通过工件管理和可扩展、可访问的工件练习扩展数字取证教育

• 批准号: 1900210
• 负责人: Ibrahim Baggili
• 金额: $ 30万
• 依托单位: University of New Haven
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-08-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1900210&HistoricalAwards=false
• 关键词: SaTC; EDU; Expanding; Digital; Forensics

In digital forensic investigations, practitioners typically find data of forensic value in digital forensic artifacts. The Scientific Working Group on Digital Evidence (SWGDE) defines an artifact as "Information or data created as a result of the use of an electronic device that shows past activity". However, educational programs and resources have not kept up with digital forensics artifacts - which are the cornerstone of real-world investigations. Practitioners face the challenge of the diversity and volume of digital forensic artifacts they encounter. This makes the process of integrating artifacts into educational programs difficult. Little to no research has focused on creating scalable educational material that may be employed by instructors to teach the process of artifact curation and analysis. This is not only causing a learning gap in academic programs but is decreasing the possibility of students graduating with the necessary skills to conduct artifact analysis upon graduation. The community needs a granular, validated academic artifact dataset as well as academic exercises that employ them. This project will support the development of educational materials to address the artifact problem and will lead to graduates that understand artifacts, what they are and the process of recovering them.By leveraging past work on the Artifact Genome Project (AGP), the researchers will curate digital forensic artifacts, and use them to design scalable, self-paced, open, online digital forensic exercises. Furthermore, artifacts produced from this work will impact practice. The work will have an impact on a multitude of organizations worldwide spanning private, local, and federal organizations. The work will also impact digital forensics education through a paradigm shift from focusing only on data dumps, to digital forensic artifacts. Lastly, the curation of artifacts over time aids in the exploration of the basic scientific principles related to what artifacts are, their ontology, and definition.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在数字法医调查中，从业者通常在数字法医文物中发现具有法医价值的数据。数字证据科学工作组（SWGDE）将工件定义为“由于使用显示过去活动的电子设备而产生的信息或数据”。然而，教育项目和资源并没有跟上数字取证的步伐，而数字取证是现实世界调查的基石。从业者面临着他们遇到的数字法医文物的多样性和数量的挑战。这使得将人工制品集成到教育计划的过程变得困难。很少甚至没有研究关注于创建可扩展的教育材料，这些材料可以被教师用来教授人工制品管理和分析的过程。这不仅导致了学术项目中的学习差距，而且降低了学生毕业时掌握必要技能进行工件分析的可能性。社区需要一个细粒度的、经过验证的学术工件数据集，以及使用它们的学术练习。该项目将支持教育材料的开发，以解决人工制品问题，并将引导毕业生了解人工制品，它们是什么以及恢复它们的过程。通过利用过去在人工制品基因组计划（AGP）上的工作，研究人员将整理数字法医人工制品，并使用它们来设计可扩展的、自定进度的、开放的、在线的数字法医练习。此外，从这项工作中产生的工件将影响实践。这项工作将对世界范围内的许多组织产生影响，包括私人、地方和联邦组织。这项工作还将通过从只关注数据转储到数字取证文物的范式转变，影响数字取证教育。最后，随着时间的推移，人工制品的管理有助于探索与人工制品是什么、它们的本体和定义相关的基本科学原理。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Zooming into the pandemic! A forensic analysis of the Zoom Application.

• DOI: 10.1016/j.fsidi.2021.301107
• 发表时间: 2021-03
• 期刊: FORENSIC SCIENCE INTERNATIONAL-DIGITAL INVESTIGATION
• 影响因子: 2
• 作者: Mahr, Andrew;Cichon, Meghan;Mateo, Sophia;Grajeda, Cinthya;Baggili, Ibrahim
• 通讯作者: Baggili, Ibrahim

Duck Hunt: Memory forensics of USB attack platforms

Duck Hunt：USB 攻击平台的内存取证

• DOI: 10.1016/j.fsidi.2021.301190
• 发表时间: 2021
• 期刊: Forensic Science International: Digital Investigation
• 作者: Thomas, Tyler;Piscitelli, Mathew;Nahar, Bhavik Ashok;Baggili, Ibrahim
• 通讯作者: Baggili, Ibrahim

Factorizing 2FA: Forensic analysis of two-factor authentication applications

Factorizing 2FA：双因素身份验证应用程序的取证分析

• DOI: 10.1016/j.fsidi.2023.301569
• 发表时间: 2023
• 期刊: Forensic Science International: Digital Investigation
• 作者: Berrios, Jessica;Mosher, Elias;Benzo, Sankofa;Grajeda, Cinthya;Baggili, Ibrahim
• 通讯作者: Baggili, Ibrahim

Alt-tech social forensics: Forensic analysis of alternative social networking applications

Alt-tech 社交取证：替代社交网络应用程序的取证分析

• DOI: 10.1016/j.fsidi.2022.301406
• 发表时间: 2022
• 期刊: Forensic Science International: Digital Investigation
• 作者: Johnson, Hailey;Volk, Karl;Serafin, Robert;Grajeda, Cinthya;Baggili, Ibrahim
• 通讯作者: Baggili, Ibrahim

Forensic Artifact Finder (ForensicAF): An Approach & Tool for Leveraging Crowd-Sourced Curated Forensic Artifacts

法医文物查找器 (ForensicAF)：一种方法

• DOI: 10.1145/3465481.3470051
• 发表时间: 2021
• 期刊: Reliability and Security
• 作者: Balon, Tyler;Herlopian, Krikor;Baggili, Ibrahim;Grajeda-Mendez, Cinthya
• 通讯作者: Grajeda-Mendez, Cinthya