NexGenDFA: A Framework for Next Generation Digital Forensic Analysis

NexGenDFA：下一代数字取证分析框架

• 批准号: RGPIN-2020-06160
• 负责人: ElKhatib, Khalil
• 金额: $ 2.11万
• 依托单位: University of Ontario Institute of Technology
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=746424
• 关键词: NexGenDFA; Framework; Next; Generation; Digital

With the spike in the number and scale of cyberattacks, digital forensic (DF) has become an indispensable tool for security experts. Cyberattacks are costing businesses trillions of dollars, and the loss of billions of personal and financial records (and possible meddling with elections). Executing digital forensics after a security incident becomes a necessity to identify root causes and possibly individuals behind the attack. It can also help to avoid future similar incidents, and when possible, accelerate the restoration of any service affected. However, digital forensics is becoming a very complex and overwhelming task due to a number of reasons including; (1) the large number of data sources of forensic interest and sometimes in proprietary formats, (2) the enormous volume of forensic data, and last but not least, (3) the association of new technologies in cyberattacks (Blockchain, Internet of Things (IoT), Connected and Autonomous Vehicles, Drones, and cloud/edge/fog computing). These all add convolution to the processes of digital evidence acquisition, triage and analysis. In this research program, I propose to investigate the design and implementation of a forensic framework and associated tools that use machine learning algorithms combined with big data visual analytics that go beyond the current state of the art of forensic tools. The outcome of the program will help cut the time and cost for digital forensic investigations, by providing digital forensic analyst with the knowledge and tools to better unveil, understand and evidence pieces. Additionally, the program will address real-world data analytic problem leading to enormous social and economic benefits. Last but not least, the program will also contribute to the development of research talents and the training of HQP in machine learning and visual analytics, positioning Canada as a leader in these fields.

随着网络攻击数量和规模的激增，数字取证（DF）已成为安全专家不可或缺的工具。网络攻击给企业造成了数万亿美元的损失，还造成了数十亿个人和财务记录的损失（还可能干预选举）。在安全事件发生后执行数字取证成为确定攻击背后的根本原因和可能的个人的必要条件。它还可以帮助避免未来发生类似事件，并在可能的情况下加速恢复任何受影响的服务。然而，由于许多原因，数字取证正在成为一项非常复杂和压倒性的任务，包括；(1)法医感兴趣的大量数据源，有时是专有格式，(2)大量的法医数据，最后但并非最不重要的是，(3)网络攻击新技术的关联（区块链，物联网（IoT），联网和自动驾驶汽车，无人机和云/边缘/雾计算）。这些都为数字证据的采集、分类和分析过程增加了卷积。在这个研究项目中，我建议研究一个取证框架和相关工具的设计和实现，这些工具使用机器学习算法和大数据可视化分析相结合，超越了取证工具的当前水平。该计划的成果将有助于减少数字取证调查的时间和成本，为数字取证分析师提供更好地揭示、理解和证据碎片的知识和工具。此外，该计划将解决现实世界的数据分析问题，从而带来巨大的社会和经济效益。最后但并非最不重要的是，该计划还将有助于开发研究人才和HQP在机器学习和视觉分析方面的培训，使加拿大成为这些领域的领导者。