Announcements
News and announcements from the Forensics and Security Research Group.
VAAS: A novel dual-module framework for image manipulation detection in digital forensics, combining global attention-based anomaly estimation with patch-level self-consistency scoring for interpretable anomaly detection and tamper localization.
This paper presents a novel approach to indoor multimedia geolocation using electrical sockets as consistent indoor markers for geolocation. A three-stage deep learning pipeline detects plug sockets, classifies them into standardized types, and maps them to countries. The approach is evaluated on the Hotels-50K dataset and demonstrates its practical utility for law enforcement in human trafficking investigations.
This paper proposes a computer vision approach to geolocation using universal visual cues, specifically electrical plug sockets, to narrow down the search space for law enforcement in combating crimes such as human trafficking and child exploitation.
The group has new work appearing at DFRWS EU 2026 and in Forensic Science International: Digital Investigation.
AutoDFBench 1.0 is a comprehensive benchmarking framework for digital forensic tool testing and validation, addressing the lack of standardisation in tool validation and evaluation methodologies. It integrates five areas defined by the NIST CFTT programme and enables fair and reproducible comparison across tools and forensic scripts.
This paper proposes a standardized methodology for evaluating the performance of Large Language Models (LLMs) in digital forensic timeline analysis tasks, such as event summarization. The methodology includes a dataset, timeline generation, and ground truth development, and recommends the use of BLEU and ROUGE metrics for quantitative evaluation.
This paper presents an AI-based network forensic readiness framework for resource-constrained environments. The framework integrates optimised artificial intelligence models to detect attacks in real-time, capturing and preserving critical forensic artefacts. It aligns with ISO/IEC 27043:2015 Digital Forensic Readiness principles, reducing time and human effort.
This paper proposes recommendations for fine-tuning large language models (LLMs) for digital forensics tasks, addressing the gap in existing research. A case study on chat summarization showcases the applicability of the recommendations, evaluating multiple fine-tuned models to assess their performance. The study shares lessons learned from the case study, providing insights into the fine-tuning process, computational power issues, data challenges, and evaluation methods.
This paper proposes a low-overhead and non-invasive electromagnetic side-channel monitoring approach for forensic-ready industrial control systems. It uses unintentional electromagnetic radiation emitted by Ethernet network cables to detect denial of service attacks with considerable accuracy, introducing an architecture for ICS infrastructure to be forensic-ready with minimal computational resources.
This paper proposes a model architecture that integrates image N-dominant colours and colour histogram vectors with image embedding from deep metric learning and classification perspectives to improve image geolocation in indoor scenes.
AutoDFBench is an automated framework for testing and evaluating AI-generated digital forensic code and tools. It validates AI-generated code against NIST's Computer Forensics Tool Testing Program (CFTT) procedures and calculates a benchmarking score. The framework operates in four phases: data preparation, API handling, code execution, and result recording with score calculation.
This study explores the potential of Large Language Models (LLMs) in improving digital forensic investigation efficiency, addressing challenges such as bias, explainability, censorship, and resource-intensive infrastructure. A comprehensive literature review highlights the current challenges in digital forensics and the possibilities of incorporating LLMs, with a focus on established models, methods, and key challenges.
This paper introduces the Network Forensic Readiness for Edge Devices (NetFoREdge) framework, which deploys lightweight AI models in resource-constrained environments for attack detection, evidence collection, and preservation. The framework is evaluated on two datasets, achieving accuracy rates exceeding 99.60% and 99.98% for multiclassification.
This study investigates the effectiveness of colour-based descriptors in Content-Based Image Retrieval (CBIR) for human trafficking image analysis. The research evaluates the impact of various parameters on image matching accuracy, achieving a Top-50 accuracy of over 95% on the Hotels-50K dataset. The approach demonstrates potential in advancing image analysis tools for human trafficking investigations and other contexts.
This paper explores the effectiveness of combining a strategic contextual approach with large language models in password cracking. The authors create context-based password dictionaries through training PassGPT models with contextual information, demonstrating improved password cracking efficiency and accuracy.
This paper evaluates the benefits of context-based password cracking for digital forensics, demonstrating that targeted approaches can increase the likelihood of success when contextual information is available. The study presents an experimental methodology and results section analyzing the approach's performance across ten datasets, proving the impact of context in password cracking.
This study explores the application of Electromagnetic Side-Channel Analysis (EM-SCA) for non-invasively detecting cryptographic settings in IoT devices. The researchers used a machine learning-based approach to identify key lengths and algorithms employed in IoT devices, demonstrating a notable accuracy of 94.55% in distinguishing between AES and ECC operations. This method has significant implications for digital forensic investigations, offering a novel approach for uncovering encrypted data's cryptographic settings.
This paper proposes an integrated framework for digital forensic investigations employing AutoGen AI agents and Large Language Models (LLMs) to alleviate investigative workload and shorten the learning curve for investigators. The framework utilizes AI agents and LLMs to perform tasks articulated in natural language by a human agent, addressing the challenges of evolving requirements and information accuracy.
This paper presents a novel digital forensic methodology for recovering encryption keys from black-box IoT devices using electromagnetic side-channel analysis (EM-SCA). The approach leverages machine learning techniques to enhance the digital forensic process, reducing key space and mitigating investigative roadblocks. This automated, adaptable system preserves forensic evidence integrity and ensures wide applicability in the evolving IoT landscape.
This study investigates the cross-device portability of Electromagnetic Side-Channel Analysis (EM-SCA) for digital forensics, exploring its applicability to various smart devices. The authors experiment with different devices, including iPhones and Nordic Semiconductor nRF52-DK, and demonstrate the effectiveness of transfer learning techniques in achieving high accuracy.
This study surveys 135 peer-reviewed articles published at the Digital Forensics Research Conference Europe (DFRWS EU) from 2014 to 2023, analyzing co-authorships, geographical spread, and citation metrics to inform future research directions in digital forensic research.
This paper presents the results of the largest digital forensic practitioner survey to date, DFPulse, conducted in 2024. The survey collected data from 122 practitioners worldwide, providing insights into their operating environments, technologies used, challenges faced, and future research directions. The study aims to improve collaboration between academia and practitioners, addressing the gap between research and practice in digital forensics.
This paper evaluates AI-based network intrusion detection in resource-constrained environments, proposing a novel approach that trains and deploys AI models on resource-constrained devices. The approach achieves high classification accuracy, identifying and recording potential malicious attacks in real-time with minimal overhead.
This thesis presents a context-based password cracking approach for digital investigation, introducing a methodology and framework for creating and assessing custom dictionary wordlists for dictionary-based password cracking attacks. The approach leverages contextual information to generate bespoke password candidate lists, achieving significant improvements over traditional approaches, with over 50% improvement in some instances.
This paper presents a methodology for optimising and ranking contextual wordlists for password cracking, tailored to the suspect in a digital forensic investigation. The approach is evaluated with data leaks from compromised online communities, demonstrating its effectiveness in finding passwords not recovered by traditional methods.
This editorial discusses the implications of ChatGPT on digital forensic investigation, highlighting both beneficial use cases and potential risks. It explores the use of Large Language Models (LLMs) in generating scripts, question answering, multilingual analysis, and automated sentiment analysis, while also addressing concerns about bias, errors, and overreliance on these systems.
This paper assesses the impact of ChatGPT on digital forensics, evaluating its capabilities and risks in various use cases, including artefact understanding, evidence searching, code generation, anomaly detection, incident response, and education. The study highlights both the potential benefits and limitations of using ChatGPT in digital forensic investigations, concluding that it can be a useful supporting tool for knowledgeable users but requires careful consideration of its strengths and weaknesses.
This paper presents a deep learning-based network intrusion detection system (IDS) for resource-constrained environments. The proposed 1D-Dilated Causal Neural Network (1D-DCNN) model achieves high accuracy in detecting malicious attacks, outperforming existing deep learning approaches. The model's efficiency and effectiveness make it suitable for resource-constrained environments.
This study demonstrates a novel attack vector on industrial control systems (ICS) that leverages electromagnetic (EM) radiation from wired Ethernet connections to exfiltrate sensitive information. The attack exploits compromised firmware to encode data into packet transmission patterns, which are then captured and demodulated by an attacker's software-defined radio. This covert channel facilitates data exfiltration from up to two meters away with a 10 bps data rate.
This paper provides a comprehensive survey of the application of artificial intelligence (AI) in network forensics, including expert systems, machine learning, deep learning, and ensemble/hybrid approaches. It discusses the current challenges and future directions in network forensics, covering various application areas such as network traffic analysis, intrusion detection systems, and Internet-of-Things devices.
This chapter explores security, ethics, and privacy concerns in remote extended reality learning environments, highlighting the need for a comprehensive approach to address these issues in immersive education.
This paper introduces a novel dictionary generation methodology for contextual-based password cracking, enabling the creation of custom dictionary word lists for dictionary-based password cracking attacks. The approach leverages contextual information encountered during an investigation, such as user habits and personal information, to generate targeted password candidates. This methodology has the potential to expedite password cracking processes in law enforcement investigations.
