Muhamad Faishol Hakim, Alamsyah Alamsyah

Development of Digital Forensic Framework for Anti-Forensic and Profiling Using Open Source Intelligence in Cyber Crime Investigation

Introduction

Development of digital forensic framework for anti-forensic and profiling using open source intelligence in cyber crime investigation. Develops a digital forensic framework to counter anti-forensic techniques and enhance cybercrime suspect profiling using Open Source Intelligence (OSINT) for investigations.

Abstract

Abstract. Cybercrime is a crime that increases every year. The development of cyber crime occurs by utilizing mobile devices such as smartphones. So it is necessary to have a scientific discipline that studies and handles cybercrime activities. Digital forensics is one of the disciplines that can be utilized in dealing with cyber crimes. One branch of digital forensic science is mobile forensics which studies forensic processes on mobile devices. However, in its development, cybercriminals also apply various techniques used to thwart the forensic investigation process. The technique used is called anti-forensics. Purpose: It is necessary to have a process or framework that can be used as a reference in handling cybercrime cases in the forensic process. This research will modify the digital forensic investigation process. The stages of digital forensic investigations carried out consist of preparation, preservation, acquisition, examination, analysis, reporting, and presentation stages. The addition of the use of Open Source Intelligence (OSINT) and toolset centralization at the analysis stage is carried out to handle anti-forensics and add information from digital evidence that has been obtained in the previous stage. Methods/Study design/approach: This research will modify the digital forensic investigation process. The stages of digital forensic investigations carried out consist of preparation, preservation, acquisition, examination, analysis, reporting, and presentation stages. The addition of the use of Open Source Intelligence (OSINT) and toolset centralization at the analysis stage is carried out to handle anti-forensics and add information from digital evidence that has been obtained in the previous stage. By testing the scenario data, the results are obtained in the form of processing additional information from the files obtained and information related to user names. Result/Findings: The result is a digital forensic phase which concern on anti-forensic identification on media files and utilizing OSINT to perform crime suspect profiling based on the evidence collected in digital forensic investigation phase. Novelty/Originality/Value: Found 3 new types of findings in the form of string data, one of which is a link, and 7 new types in the form of usernames which were not found in the use of digital forensic tools. From a total of 408 initial data and new findings with a total of 10 findings, the percentage of findings increased by 2.45%.

Review

The submitted work, "Development of Digital Forensic Framework for Anti-Forensic and Profiling Using Open Source Intelligence in Cyber Crime Investigation," addresses a highly pertinent challenge in contemporary digital forensics. With the escalating complexity and frequency of cybercrime, particularly those involving mobile devices, the discipline of digital forensics is crucial. However, the abstract highlights the growing sophistication of cybercriminals who employ anti-forensic techniques to obstruct investigations. The paper proposes to tackle this by developing a modified digital forensic framework designed to counter anti-forensics and enhance suspect profiling capabilities, particularly through the integration of Open Source Intelligence (OSINT). The core methodology involves a modification of the standard digital forensic investigation process, which includes preparation, preservation, acquisition, examination, analysis, reporting, and presentation stages. The novelty lies in the specific enhancements introduced at the analysis stage: the incorporation of OSINT and toolset centralization. These additions are intended to aid in identifying anti-forensic measures and enriching information derived from digital evidence. Through testing with scenario data, the research claims to have successfully processed additional information, including file-related details and user names. Significantly, the authors report the discovery of 3 new types of string data (one a link) and 7 new types of usernames, which were not detectable by conventional digital forensic tools. These findings represent a 2.45% increase over initial data, contributing to the identification of anti-forensic activity and facilitating crime suspect profiling. The paper’s strength lies in its timely focus on anti-forensics and the proactive integration of OSINT, which are critical areas for advancing digital forensic capabilities. The attempt to systematize these within a modified framework is a commendable step. However, the abstract could benefit from further elaboration on several points. The description of "toolset centralization" is vague, and more specifics on its implementation and benefits would be valuable. While the reported increase in findings (2.45%) is quantified, the qualitative significance of these "new types" of string data and usernames for real-world investigations and their direct impact on countering specific anti-forensic techniques could be more thoroughly explained. Future iterations or the full paper should detail the specific OSINT tools and methodologies employed for profiling, the nature of the "scenario data" used for testing, and a more comprehensive discussion of the anti-forensic techniques addressed by the framework's modifications. Despite these minor points for clarification, the work presents a relevant and potentially impactful approach to modern cybercrime investigation.

Full Text

Comments

You need to be logged in to post a comment.