ForTrace - A holistic forensic data set synthesis framework

Göbel T, Maltan S, Türr J, Baier H, Mann F (2022)

Publication Type: Journal article

Publication year: 2022

Journal

Forensic Science International: Digital Investigation Elsevier

Book Volume: 40

Article Number: 301344

DOI: 10.1016/j.fsidi.2022.301344

Abstract

Digital forensic experts are confronted with a wide variety of investigation objectives, e.g., to deal with an infected IT system. The same holds for digital forensic tools. Mostly different sources of digital traces have to be inspected including persistent storage devices (e.g., SSDs, SD cards, USB drives), volatile main memory snapshots, and network captures, respectively. In order to train experts and tools and keep their knowledge and capabilities up-to-date, a capacious amount of realistic, timely training data is necessary. However, due to different reasons like privacy, secrecy, or intellectual property rights there is a large gap in digital forensic training data. In recent years different synthesis frameworks to generate realistic digital forensic data sets have been proposed. However, none of these frameworks provides a holistic approach to generate realistic digital forensic relevant traces of different sources. In this paper we introduce ForTrace, a holistic framework for the simultaneous generation of persistent, volatile and network traces. Our approach is based on the data synthesis framework hystck. We explain our extension of hystck by defining properties of a holistic data set synthesis framework and by discussing different forensically relevant scenarios and their implementation in ForTrace. We then successfully evaluate ForTrace with respect to diverse realistic and complex scenarios. ForTrace is open source and may be adapted or extended with respect to individual needs.

Involved external institutions

Technische Universität Darmstadt DE Germany (DE) Universität der Bundeswehr München DE Germany (DE)

How to cite

APA:

Göbel, T., Maltan, S., Türr, J., Baier, H., & Mann, F. (2022). ForTrace - A holistic forensic data set synthesis framework. Forensic Science International: Digital Investigation, 40. https://dx.doi.org/10.1016/j.fsidi.2022.301344

MLA:

Göbel, Thomas, et al. "ForTrace - A holistic forensic data set synthesis framework." Forensic Science International: Digital Investigation 40 (2022).

BibTeX: Download