Future of digital forensics faces six security challenges in fighting borderless cybercrime and dark web tools
By Lori Cameron
Published 03/01/2018
Share this on:
International cybercrime has now become so extensive, underground suppliers are cropping up on the dark web offering easy access to the tools, programming frameworks, and services required to carry out cyberattacks.
“A notable example is Tox, a ransomware construction kit discovered by McAfee Labs on the dark web in May 2015. Briefly, the Tox framework can be customized and used to spread and coordinate infections in return for 20 percent of every ransom paid,” say the authors of “The Future of Digital Forensics: Challenges and the Road Ahead” in IEEE Security & Privacy magazine.
The researchers say today’s international cyberinfrastructures and data volumes are growing at unprecedented rates, creating a quandary for security experts and law enforcement agencies investigating cybercrimes.
Cybercriminals wreak havoc in a multitude of ways—identity theft, cyberbullying, data leakage, distributed denials of service, and malware attacks on medical devices and smart vehicles. They stand ready to bring businesses and governments to their knees.
As cloud computing and the Internet of Things grow more sophisticated, so must the field of modern forensics.
Modern forensics methods cover three main areas: stored data and filesystem analysis, network forensics, and reverse engineering, which involves inspecting malware samples, traces, network traffic, and log files.
Challenges for digital forensics
The authors present six challenges that must be addressed if digital forensics efforts are to be effective in combatting cybercrime.
High speed and volumes
Issues related to acquiring, storing, and processing large amounts of data for forensic purposes have been causing problems for at least a decade, and are now exacerbated by the availability and widespread marketing of digital information.
“The availability of gigabit class links and multimedia-rich contents accounts for an explosion in the volume of data to be stored and processed for collecting clues or detecting incidents. This is of particular relevance in the case of live network analysis, as the investigator might not be able to capture and store all the necessary traffic,” the authors say.
Evidence is no longer confined within a single host but, rather, is scattered among different physical or virtual locations, such as online social networks, cloud resources, and personal network–attached storage units. For this reason, more expertise, tools, and time are needed to completely and correctly reconstruct evidence. Partially automating some tasks has been highly criticized by the digital investigation community, because it could quickly deteriorate the quality of the investigation.
“The technological advances in and proliferation of novel services account for a dramatic increase in the complexity that forensics professionals must manage,” say the authors.
Development of standards
“Despite technological advances, files are still the most popular digital artifacts to be collected, categorized, and analyzed. Thus, the research community has tried to agree on standard formats, schema, and ontologies—but without much success,” the authors say.
They add that investigations of cutting-edge cybercrimes might require processing information in a collaborative manner or using outsourced storage and computation. Therefore, a core step for the digital forensics community will be the development of proper standard formats and abstractions.
Privacy-preserving investigations
Nowadays, people bring into cyberspace many aspects of their lives, primarily through online social networks or social media sites. Unfortunately, collecting information to reconstruct and locate an attack can severely violate users’ privacy and is linked to other hurdles when cloud computing is involved.
Legitimacy
Modern infrastructures are becoming complex and virtualized, often shifting their complexity at the border (such as in fog computing) or delegating some duties to third parties (such as in platform-as-a-service frameworks).
Thus, say the authors, “an important challenge for modern digital forensics will be executing investigations legally, for instance, without violating laws in borderless scenarios.”
Rise of antiforensics techniques
Defensive measures encompass encryption, obfuscation, and cloaking techniques, including information hiding.
Cooperation among international jurisdictions notwithstanding, investigating cybercrime and collecting evidence is essential in building airtight cases for law enforcement. For that, security experts need the best tools to investigate.
“Digital forensics is fundamental to investigations performed in a reality that’s often tightly coupled with its cyberextension. Modern digital societies are subject to cybercriminal activities and fraud leading to economic losses or hazards for individuals. Therefore, the new wave of forensics tools should be engineered to support heterogeneous investigations, preserve privacy, and offer scalability,” say the authors.
Related research on digital forensics and cyber crime in the Computer Society Digital Library
Lori Cameron is a Senior Writer for the IEEE Computer Society and currently writes regular features for Computer magazine, Computing Edge, and the Computing Now and Magazine Roundup websites. Contact her at l.cameron@computer.org. Follow her on LinkedIn.