2019-12-19 on Digital Forensics

da/sec scientific talk on Digital Forensics

Topic: Generating data sets for digital forensics with the hystck framework

by Thomas Schäfer
D19/2.03a, December 19, 2019 (Thursday), 12.00 noon

Keywords — User Simulation, Data set generation, Networks, evidence generation,

Abstract

Digital forensics becomes more and more prominent as the amount of data produced and collected on computer systems is reaching new hights every year. In order to be able to handle this data more processing power is needed, however processing power alone is no longer the most important part. It is crucial to filter the data before processing it. With this pre-processing we are able to identify unchanged system files or simply data traces that are of no concern to the case at hand. The filtering needs to be adapted on the fly as new system files are being added or new ways to collect digital evidence are found. This is where the hystck framework can be utilized. For filtering and testing we need data where we know the ground truth, thus what kind of traces we want to find and what traces we do not want to find. Hystck is able to simulate a running computer system or network and even user behaviour like opening programms like firefox for example and browse webpages. This simulation generates “real-world” like data to test filters and algorithms against.