ForTrace Workshop @ DFRWS EU 2024

8 Januar 2024

During an investigation, digital forensic examiners are typically confronted with a wide variety of investigation objectives. In order to train digital forensic practitioners, make faster progress in the development and validation of forensic tools and software, and to support forensic research, the demand and expectations for up-to-date data sets are increasing. However, manually creating data sets is a complex, tedious, and time-consuming task increasing the need for automated solutions. This workshop will demonstrate how the open-source data synthesis framework ForTrace can be used to simultaneously generate persistent, volatile and network traces to provide forensic data sets. It will also show how to provide the respective ground truth of the simulated forensic images. The generation of various forensically relevant and complex scenarios will be discussed by performing the detailed implementation, configuration and evaluation of these scenarios within the ForTrace data synthesis framework. These demonstrations include, for example, the forensic artifact creation of a typical malware infection including a client and server system, a ransomware scenario and, last but not least, the actual creation of important forensic artifacts on Windows and Linux systems (e.g., artifacts in the operating system, in the file system, in memory, etc.). Finally, some additional important aspects and solutions to problems that complicate the automatic data synthesis process are discussed.

For more details, please visit the website of DFRWS EU 2024.