Computer Science Building, Room 151
Digital forensics is tasked with the examination and extraction of evidence from a diverse set of devices and information sources. While digital forensics has long been synonymous with file recovery, this label no longer adequately describes the science's role in modern investigations. Spurred by evolving technologies and online crime, law enforcement is shifting the focus of digital forensics from its traditional role in the final stages of an investigation to assisting investigators in the earliest phases --- often before a suspect has been identified and a warrant served. Investigators need new forensic techniques to investigate online crimes, such as child pornography trafficking on peer-to-peer networks (p2p), and to extract evidence from new information sources, such as mobile phones.
The traditional approach of developing tools tailored specifically to each source is no longer tenable given the diversity, volume of storage, and rate of introduction of new devices and network applications. Instead, I propose the adoption of flexible, inference-based techniques to extract evidence even when the underlying data format is largely unknown. Such techniques can be readily applied to a wide variety of different evidence sources without requiring significant manual work on the investigator's part. I propose to evaluate these claims using two different, but increasingly important, forensic scenarios: mobile phone triage and network-based investigations. My techniques are evaluated under the real-world legal constraints and restrictions of investigators.
Advisor: Brian Levine