Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Towards Automated Digital Alibis

677 views

Published on

Digital traces found on local hard drives as a result of online activities have become very valuable in reconstructing events in digital forensic investigations. This paper demonstrates that forged alibis can be created for online activities and social interactions. In particular, a novel, automated framework is presented that uses social interactions to create false digital alibis. The framework simulates user activity and supports communications via email as well as instant messaging using a chatbot. The framework is evaluated by extracting forensic artifacts and comparing them with the results obtained from a human user study.

Published in: Internet
  • Be the first to like this

Towards Automated Digital Alibis

  1. 1. Towards automated digital alibis Stefanie Beyer 08.01.2014
  2. 2. Towards automated digital alibis ● Increasing use of digital devices ● Possibilities for abuse ● Digital evidence
  3. 3. Digital Evidence
  4. 4. Related Work ● How to forge a digital alibi on Mac OS X – A. Castiglione et al., 2011 ● The forensic analysis of a false digital alibi – A. Castiglione et al., 2012 ● Automated construction of a false digital alibi – De Santis et al., 2011
  5. 5. Limitations ● Windows XP, Windows 7 – AutoIt, Java ● Mac OS – Applescript ● Limited predefined actions ● No social interaction
  6. 6. Approach ● Alibi framework ● Platform independence ● Social Communication ● Adaptable Workflow according to user preferences ● Avoiding of postprocesses
  7. 7. Alibi Framework - Design
  8. 8. Alibi Framework - Implementation
  9. 9. Implementation Details (1/2) ● Simulation of mouse clicks and key strokes ● Social interaction – Chatbot: PyAIML ● Browsing the web – Splinter
  10. 10. Implementation Details (2/2) ● Scheduler – Overall management, Timer ● Program Manager – Program execution: Surfing, Documents, other Programs ● Social Interaction Component – Chat conversation via Skype, Email
  11. 11. Configuration of the alibi framework ● Timeframe ● Programs to use ● Login details ● Number of executions ● Screen resolution ● Profile directory of Firefox
  12. 12. Configuration of the user's preferences (1/2) ● Websites ● Search words ● Path to documents, videos and songs ● Friends to chat ● Mail adresses of friends
  13. 13. Configuration of the user's preferences (2/2) ● Response time – Min/max values ● Topic of emails ● Length chat messages – Min/max values ● Topic/phrases for chat conversation
  14. 14. Evaluation and Improvement ● Test persons – Test-Sessions for 30 minutes each – Forensic analysis of the VM – Evaluation of the ordinary user behaviour for default values ● Adaption of the simulator
  15. 15. Comparison: simulator and test persons
  16. 16. Possible execution
  17. 17. Demo - Chat
  18. 18. Digital Forensics ● Autopsy ● MAC-timestamps ● Databases – places.sqlite – Main.db – Inbox/sent
  19. 19. Future Work ● Timeframe ● Autoconfiguration ● Historical text comprehension of chatbots ● Content related anwearing of emails
  20. 20. Summary ● Alibi Framework – Platform independence (Linux) – Forging of social interaction (email, chat) – Configuration ● Prototype → restrictions – Communication – Timeframe https://github.com/mmulazzani/alibiFramework

×