ForTrace Workshop @ DFRWS EU 2024

8 Januar 2024

During an investigation, digital forensic examiners are typically confronted with a wide variety of investigation objectives. In order to train digital forensic practitioners, make faster progress in the development and validation of forensic tools and software, and to support forensic research, the demand and expectations for up-to-date data sets are increasing. However, manually creating data sets is a complex, tedious, and time-consuming task increasing the need for automated solutions. This workshop will demonstrate how the open-source data synthesis framework ForTrace can be used to simultaneously generate persistent, volatile and network traces to provide forensic data sets. It will also show how to provide the respective ground truth of the simulated forensic images. The generation of various forensically relevant and complex scenarios will be discussed by performing the detailed implementation, configuration and evaluation of these scenarios within the ForTrace data synthesis framework. These demonstrations include, for example, the forensic artifact creation of a typical malware infection including a client and server system, a ransomware scenario and, last but not least, the actual creation of important forensic artifacts on Windows and Linux systems (e.g., artifacts in the operating system, in the file system, in memory, etc.). Finally, some additional important aspects and solutions to problems that complicate the automatic data synthesis process are discussed.

For more details, please visit the website of DFRWS EU 2024.

 

 

Aktuelles

Vortrag des Forschungsinstituts CODE auf der 31. DFN-CERT Konferenz in Hamburg

Als externer Doktorand stellte Michael Mundt die Arbeit "Gib dem Dino Futter – adaptive Detektion von Bedrohungen in KRITIS-Netzwerken mittels Open-Source-Forensik" auf der 31. DFN-CERT Konferenz am 30./31. Januar vor.

DFRWS EU 2024 - Two papers accepted

Our two papers on "Hypervisor-based Data Synthesis: On its Potential to Tackle the Curse of Client-side Agent Remnants in Forensic Image Generation" and "Ubi est indicium? On Forensic Analysis of the UBI File System" were accepted for presentation at the DFRWS EU 2024.

IFIP WG 11.9 ICDF 2024 - Paper accepted and presented

Our paper on "Usable and Assessable Generation of Forensic Data Sets Containing Anti-Forensic Traces at the Filesystem Level" was accepted for presentation at the IFIP WG 11.9 ICDF 2024.

AICSEC 2023 - Paper accepted

We will present our work on "Scalable Image Clustering to screen for self-produced CSAM" in Bratislava at the AICSEC 2023.

NordSec 2023 - Paper accepted

We will present our work on WhatsApp Stickers in Oslo at the NordSec 2023.

DFRWS USA 2023 - PAPER ACCEPTED

Our paper Combining AI and AM - Improving Approximate Matching through Transformer Networks was accepted at the DFRWS USA 2023.