A5094580984- Digital and Cyber Forensics
- Digital Media Forensic Detection
- Advanced Malware Detection Techniques
- Forensic and Genetic Research
- Archaeology and ancient environmental studies
- Image Processing and 3D Reconstruction
- Data Quality and Management
- Privacy-Preserving Technologies in Data
- Forensic Anthropology and Bioarchaeology Studies
- Privacy, Security, and Data Protection
University of Lausanne
2024-2025
École Polytechnique Fédérale de Lausanne
2024
Second-hand electronic devices are increasingly being sold online. Although more affordable and environment-friendly than new products, second-hand devices, in particular those with storage capabilities, create security privacy threats (e.g., malware or confidential data still stored on the device, aka remnant data). Previous work studied this issue from a technical point of view only perspective sellers but buyers has been largely overlooked. In paper, we fill gap take multi-disciplinary...
Generating timelines, i.e., sorting events by their respective timestamps, is an essential technique commonly used in digital forensic investigations. But timestamps are not the only source of timing information. For example, sequence numbers embedded databases or positional information, such as line log files, often contain implicit information about order without directly referencing a timestamp. We present method that can integrate into timelines separating sources distinct time domains,...
Timestamps and their correct interpretation play a crucial role in digital forensic investigations, particularly when the objective is to establish timeline of events a.k.a. event reconstruction. However, way these timestamps are generated heavily depends on an internal clock, or 'system time', from which many derived. Consequently, this system time skewed due tampering, natural clock drift, malfunctions, recorded will not reflect actual times (real-world) occurred. This raises question how...
In this article, three main approaches to situate forensic traces in time were revisited under the prism of Sydney Declaration and adapted be applicable a large range physical digital traces. The first approach is based on tags which are time-based characteristics produced as result an activity at specific time. They can either directly related (i.e., stamps) or indirectly indicators). While relatively straightforward, require scientific knowledge correctly interpreted account for risks...
Event reconstruction is a fundamental part of the digital forensic process, helping to answer key questions like who, what, when, and how. A common way accomplishing that use tools create timelines, which are then analyzed. However, various challenges exist, such as large volumes data or contamination. While prior research has focused on simplifying less attention been given tampering, i.e., deliberate manipulation evidence, can lead errors in interpretation. This article addresses issue by...
Timestamps play a pivotal role in digital forensic event reconstruction, but due to their non-essential nature, tampering or manipulation of timestamps is possible by users multiple ways, even on running systems. This has significant effect the reliability results from applying timeline analysis as part an investigation. In this paper, we investigate problem with (``live'') system. While prior work shown that evidence hard, focus question \emph{why} so. By performing qualitative user study...