Protecting world leaders against deep fakes using facial, gestural, and vocal mannerisms.

Since their emergence a few years ago, artificial intelligence (AI)-synthesized media-so-called deep fakes-have dramatically increased in quality, sophistication, and ease of generation. Deep fakes have been weaponized for use in nonconsensual pornography, large-scale fraud, and disinformation campaigns. Of particular concern is how deep fakes will be weaponized against world leaders during election cycles or times of armed conflict. We describe an identity-based approach for protecting world leaders from deep-fake imposters. Trained on several hours of authentic video, this approach captures distinct facial, gestural, and vocal mannerisms that we show can distinguish a world leader from an impersonator or deep-fake imposter.

Automated infection risks assessments (AIRa) for decision-making using a blockchain-based alert system: A case study in a representative building.

Indoor air quality (IAQ) is an important parameter in protecting the occupants of an indoor environment. Previous studies have shown that an indoor environment with poor ventilation increases airborne virus transmission. Existing research has concluded that high ventilation rates can reduce the risk of individuals in indoor environments being infected. However, most existing ventilation systems are designed to be efficient under non-pandemic conditions. Ultimately, indoor environments will become hotspots for the transmission of airborne viruses. Current infection risk assessments can estimate virus transmission via airborne routes, but with limited information sharing among stakeholders. Our own research did not identify any systems that integrate risk assessments with smart sensors in order to support information sharing with experts in indoor environments in their decision-making process. To fill this gap, we designed a blockchain-based prototype (AIRa) that integrates CO2 smart sensor data with infection risk assessments from a post-pandemic perspective. This system generates two types of alerts: (1) P-Alert and (2) R0-Alert for decision-making by building owners, such as increasing the ventilation rate or track and trace, as needed. AIRa shows various benefits over three existing infection-control alert systems. Our solution stores and shares information such as the timestamp and room number, instead of storing building user's personal information. Our approach does not require a QR code to be scanned or a mobile app to be downloaded in order to enable track and trace. However, AIRa is still an early prototype for evaluating the risks of airborne virus transmission in smart building environments. Multidisciplinary knowledge and technological research will be vital in formulating different alerts in the future.

Digital Forensic Analysis of Vehicular Video Sensors: Dashcams as a Case.

Dashcams are considered video sensors, and the number of dashcams installed in vehicles is increasing. Native dashcam video players can be used to view evidence during investigations, but these players are not accepted in court and cannot be used to extract metadata. Digital forensic tools, such as FTK, Autopsy and Encase, are specifically designed for functions and scripts and do not perform well in extracting metadata. Therefore, this paper proposes a dashcam forensics framework for extracting evidential text including time, date, speed, GPS coordinates and speed units using accurate optical character recognition methods. The framework also transcribes evidential speech related to lane departure and collision warning for enabling automatic analysis. The proposed framework associates the spatial and temporal evidential data with a map, enabling investigators to review the evidence along the vehicle's trip. The framework was evaluated using real-life videos, and different optical character recognition (OCR) methods and speech-to-text conversion methods were tested. This paper identifies that Tesseract is the most accurate OCR method that can be used to extract text from dashcam videos. Also, the Google speech-to-text API is the most accurate, while Mozilla's DeepSpeech is more acceptable because it works offline. The framework was compared with other digital forensic tools, such as Belkasoft, and the framework was found to be more effective as it allows automatic analysis of dashcam evidence and generates digital forensic reports associated with a map displaying the evidence along the trip.

A Meta-Learning Approach for Few-Shot Face Forgery Segmentation and Classification.

The technology for detecting forged images is good at detecting known forgery methods. It trains neural networks using many original and corresponding forged images created with known methods. However, when encountering unseen forgery methods, the technology performs poorly. Recently, one suggested approach to tackle this problem is to use a hand-crafted generator of forged images to create a range of fake images, which can then be used to train the neural network. However, the aforementioned method has limited detection performance when encountering unseen forging techniques that the hand-craft generator has not accounted for. To overcome the limitations of existing methods, in this paper, we adopt a meta-learning approach to develop a highly adaptive detector for identifying new forging techniques. The proposed method trains a forged image detector using meta-learning techniques, making it possible to fine-tune the detector with only a few new forged samples. The proposed method inputs a small number of the forged images to the detector and enables the detector to adjust its weights based on the statistical features of the input forged images, allowing the detection of forged images with similar characteristics. The proposed method achieves significant improvement in detecting forgery methods, with IoU improvements ranging from 35.4% to 127.2% and AUC improvements ranging from 2.0% to 48.9%, depending on the forgery method. These results show that the proposed method significantly improves detection performance with only a small number of samples and demonstrates better performance compared to current state-of-the-art methods in most scenarios.

Cybersecurity and Cyber Forensics for Smart Cities: A Comprehensive Literature Review and Survey.

Smart technologies, such as the Internet of Things (IoT), cloud computing, and artificial intelligence (AI), are being adopted in cities and transforming them into smart cities. In smart cities, various network technologies, such as the Internet and IoT, are combined to exchange real-time information, making the everyday lives of their residents more convenient. However, there is a lack of systematic research on cybersecurity and cyber forensics in smart cities. This paper presents a comprehensive review and survey of cybersecurity and cyber forensics for smart cities. We analysed 154 papers that were published from 2015 to 2022 and proposed a new framework based on a decade of related research papers. We identified four major areas and eleven sub-areas for smart cities. We found that smart homes and the IoT were the most active research areas within the cybersecurity field. Additionally, we found that research on cyber forensics for smart cities was relatively limited compared to that on cybersecurity. Since 2020, there have been many studies on the IoT (which is a technological component of smart cities) that have utilized machine learning and deep learning. Due to the transmission of large-scale data through IoT devices in smart cities, ML and DL are expected to continue playing critical roles in smart city research.

Unmasking Cybercrime with Artificial-Intelligence-Driven Cybersecurity Analytics.

Cybercriminals are becoming increasingly intelligent and aggressive, making them more adept at covering their tracks, and the global epidemic of cybercrime necessitates significant efforts to enhance cybersecurity in a realistic way. The COVID-19 pandemic has accelerated the cybercrime threat landscape. Cybercrime has a significant impact on the gross domestic product (GDP) of every targeted country. It encompasses a broad spectrum of offenses committed online, including hacking; sensitive information theft; phishing; online fraud; modern malware distribution; cyberbullying; cyber espionage; and notably, cyberattacks orchestrated by botnets. This study provides a new collaborative deep learning approach based on unsupervised long short-term memory (LSTM) and supervised convolutional neural network (CNN) models for the early identification and detection of botnet attacks. The proposed work is evaluated using the CTU-13 and IoT-23 datasets. The experimental results demonstrate that the proposed method achieves superior performance, obtaining a very satisfactory success rate (over 98.7%) and a false positive rate of 0.04%. The study facilitates and improves the understanding of cyber threat intelligence, identifies emerging forms of botnet attacks, and enhances forensic investigation procedures.

Detection of Double-Compressed Videos Using Descriptors of Video Encoders.

In digital forensics, video becomes important evidence in an accident or a crime. However, video editing programs are easily available in the market, and even non-experts can delete or modify a section of an evidence video that contains adverse evidence. The tampered video is compressed again and stored. Therefore, detecting a double-compressed video is one of the important methods in the field of digital video tampering detection. In this paper, we present a new approach to detecting a double-compressed video using the proposed descriptors of video encoders. The implementation of real-time video encoders is so complex that manufacturers should develop hardware video encoders considering a trade-off between complexity and performance. According to our observation, hardware video encoders practically do not use all possible encoding modes defined in the video coding standard but only a subset of the encoding modes. The proposed method defines this subset of encoding modes as the descriptor of the video encoder. If a video is double-compressed, the descriptor of the double-compressed video is changed to the descriptor of the video encoder used for double-compression. Therefore, the proposed method detects the double-compressed video by checking whether the descriptor of the test video is changed or not. In our experiments, we show descriptors of various H.264 and High-Efficiency Video Coding (HEVC) video encoders and demonstrate that our proposed method successfully detects double-compressed videos in most cases.

Considerations and Challenges for Real-World Deployment of an Acoustic-Based COVID-19 Screening System.

Coronavirus disease 2019 (COVID-19) has led to countless deaths and widespread global disruptions. Acoustic-based artificial intelligence (AI) tools could provide a simple, scalable, and prompt method to screen for COVID-19 using easily acquirable physiological sounds. These systems have been demonstrated previously and have shown promise but lack robust analysis of their deployment in real-world settings when faced with diverse recording equipment, noise environments, and test subjects. The primary aim of this work is to begin to understand the impacts of these real-world deployment challenges on the system performance. Using Mel-Frequency Cepstral Coefficients (MFCC) and RelAtive SpecTrAl-Perceptual Linear Prediction (RASTA-PLP) features extracted from cough, speech, and breathing sounds in a crowdsourced dataset, we present a baseline classification system that obtains an average receiver operating characteristic area under the curve (AUC-ROC) of 0.77 when discriminating between COVID-19 and non-COVID subjects. The classifier performance is then evaluated on four additional datasets, resulting in performance variations between 0.64 and 0.87 AUC-ROC, depending on the sound type. By analyzing subsets of the available recordings, it is noted that the system performance degrades with certain recording devices, noise contamination, and with symptom status. Furthermore, performance degrades when a uniform classification threshold from the training data is subsequently used across all datasets. However, the system performance is robust to confounding factors, such as gender, age group, and the presence of other respiratory conditions. Finally, when analyzing multiple speech recordings from the same subjects, the system achieves promising performance with an AUC-ROC of 0.78, though the classification does appear to be impacted by natural speech variations. Overall, the proposed system, and by extension other acoustic-based diagnostic aids in the literature, could provide comparable accuracy to rapid antigen testing but significant deployment challenges need to be understood and addressed prior to clinical use.

Game-Theoretic Decision Support for Cyber Forensic Investigations.

The use of anti-forensic techniques is a very common practice that stealthy adversaries may deploy to minimise their traces and make the investigation of an incident harder by evading detection and attribution. In this paper, we study the interaction between a cyber forensic Investigator and a strategic Attacker using a game-theoretic framework. This is based on a Bayesian game of incomplete information played on a multi-host cyber forensics investigation graph of actions traversed by both players. The edges of the graph represent players' actions across different hosts in a network. In alignment with the concept of Bayesian games, we define two Attacker types to represent their ability of deploying anti-forensic techniques to conceal their activities. In this way, our model allows the Investigator to identify the optimal investigating policy taking into consideration the cost and impact of the available actions, while coping with the uncertainty of the Attacker's type and strategic decisions. To evaluate our model, we construct a realistic case study based on threat reports and data extracted from the MITRE ATT&CK STIX repository, Common Vulnerability Scoring System (CVSS), and interviews with cyber-security practitioners. We use the case study to compare the performance of the proposed method against two other investigative methods and three different types of Attackers.

An Autonomous Log Storage Management Protocol with Blockchain Mechanism and Access Control for the Internet of Things.

As the Internet of Things (IoT) has become prevalent, a massive number of logs produced by IoT devices are transmitted and processed every day. The logs should contain important contents and private information. Moreover, these logs may be used as evidences for forensic investigations when cyber security incidents occur. However, evidence legality and internal security issues in existing works were not properly addressed. This paper proposes an autonomous log storage management protocol with blockchain mechanism and access control for the IoT. Autonomous model allows sensors to encrypt their logs before sending it to gateway and server, so that the logs are not revealed to the public during communication process. Along with blockchain, we introduce the concept "signature chain". The integration of blockchain and signature chain provides efficient management functions with valuable security properties for the logs, including robust identity verification, data integrity, non-repudiation, data tamper resistance, and the legality. Our work also employs attribute-based encryption to achieve fine-grained access control and data confidentiality. The results of security analysis using AVSIPA toolset, GNY logic and semantic proof indicate that the proposed protocol meets various security requirements. Providing good performance with elliptic curve small key size, short BLS signature, efficient signcryption method, and single sign-on solution, our work is suitable for the IoT.

RPAS Forensic Validation Analysis Towards a Technical Investigation Process: A Case Study of Yuneec Typhoon H.

The rapid pace of invention in technology and the evolution of network communication has produced a new lifestyle with variety of opportunities and challenges. Remotely Piloted Aerial Systems (RPAS) technology, which includes drones, is one example of a recently invented technology that requires the collection of a solid body of defensible and admissible evidence to help eliminate potential real-world threats posed by their use. With the advent of smartphones, there has been an increase in digital forensic investigation processes developed to assist specialized digital forensic investigators in presenting forensically sound evidence in the courts of law. Therefore, it is necessary to apply digital forensic techniques and procedures to different types of RPASs in order to create a line of defense against new challenges, such as aerial-related incidents, introduced by the use of these technologies. Drone operations by bad actors are rapidly increasing and these actors are constantly developing new approaches. These criminal operations include invasion of privacy, drug smuggling, and terrorist activities. Additionally, drone crashes and incidents raise significant concerns. In this paper, we propose a technical forensic process consisting of ten technical phases for the analysis of RPAS forensic artifacts, which can reduce the complexity of the identification and investigation of drones. Using the proposed technical process, we analyze drone images using the Computer Forensics Reference Datasets (CFReDS) and present results for the Typhoon H aerial vehicle manufactured by Yuneec, Inc. Furthermore, this paper explores the availability and value of digital evidence that would allow a more practical digital investigation to be able to build an evidence-based experience. Therefore, we particularly focus on developing a technical drone investigation process that can be applied to various types of drones.

A review of quality procedures in the UK forensic sciences: What can the field of digital forensics learn?

With a reliance on the various forms of forensic science evidence in complex criminal investigations, the measures for ensuring its quality are facing increasing scrutiny. Improvements to quality management systems, to ensure both the robust application of scientific principles and the accurate interpretation and reporting of results, have arisen as a consequence of high-profile rebuttals of forensic science evidence, combined with process improvements driven by evaluation of current practice. These improvements are crucial to ensure validity of results as well as providing assurance for all those involved in the Criminal Justice System. This work first examines the quality management systems utilised for the examination and analysis of fingerprint, body fluid and DNA evidence. It then proceeds to highlight an apparent lack of comparable quality assurance mechanisms within the field of digital forensics, one of the newest branches of forensic science. Proposals are provided for the improvement of quality assurance for the digital forensics arena, drawing on the experiences of, and more well-established practices within, other forensic disciplines.

"I couldn't find it your honour, it mustn't be there!" - Tool errors, tool limitations and user error in digital forensics.

The field of digital forensics maintains significant reliance on the software it uses to acquire and investigate forms of digital evidence. Without these tools, analysis of digital devices would often not be possible. Despite such levels of reliance, techniques for validating digital forensic software are sparse and research is limited in both volume and depth. As practitioners pursue the goal of producing robust evidence, they face the onerous task of both ensuring the accuracy of their tools and, their effective use. Whilst tool errors provide one issue, establishing a tool's limitations also provides an investigatory challenge leading the potential for practitioner user-error and ultimately a grey area of accountability. This article debates the problems surrounding digital forensic tool usage, evidential reliability and validation.

Can we continue to effectively police digital crime?

Now approximately 30years old, the field of digital forensics is arguably facing some of its greatest challenges to date. Whilst currently supporting law enforcement in numerous criminal cases annually, questions are beginning to emerge regarding whether it can sustain this contribution, with digital crime remaining prevalent. In his first live interview in September 2015, Head of MI5, Andrew Parker indicated that individuals are now engaging in computing acts which are beyond the control of authorities, confirming earlier remarks made by British Prime Minister David Cameron in the wake of the Charlie Hebdo attacks. Such comments cast doubt on the future effectiveness of the digital forensic discipline and its ability to effectively investigate those who implement the latest forms of technology to carry out illicit acts. This article debates the controversial question, could we be facing an era where digital crime can no longer be effectively policed?

How Ontologies Have Supported Digital Forensics: Review and Recommendations.

The evolution of digital media has increased the number of crimes committed using digital equipment. This has led to the evolution of the computer forensics area to digital forensics (DF). Such an area aims to analyze information through its main phases of identification, collection, organization, and presentation (reporting). As this area has evolved, many techniques have been developed, mainly focusing on the formalization of terminologies and concepts for providing a common vocabulary comprehension. This has demanded efforts on several initiatives, such as the definition of ontologies, which are a means to identify the main concepts of a given area. Hence, the existing literature provides several ontologies developed for supporting the DF area. Therefore, to identify and analyze the existing ontologies for DF, this paper presents a systematic literature review (SLR) in which primary studies in the literature are studied. This SLR resulted in the identification of ontology building methodologies, ontology types, feasibility points, evaluation/assessment methods, and DF phases and subareas ontologies have supported. These results were based on the analysis of 29 ontologies that aided in answering six research questions. Another contribution of this paper is a set of recommendations on further ontology-based support of DF investigation, which can guide researchers and practitioners in covering existing research gaps.

Interpreting digital traces:- 8 foundational pillars to support the formation of opinion in digital forensics.

The field of digital forensics (DF) is facing increasing scrutiny of the quality of the work it produces. Fundamental to it is the need for its practitioners to be able to accurately determine the meaning of potentially relevant digital traces found during an examination of a device. As the reliance on digital evidence continues to grow, so does the importance of digital trace-interpretation. It is therefore imperative that this task is conducted robustly, where this work describes 'eight pillars' that should underpin how a practitioner has gone about interpreting any given digital trace.

Deepfake forensics: a survey of digital forensic methods for multimodal deepfake identification on social media.

The rapid advancement of deepfake technology poses an escalating threat of misinformation and fraud enabled by manipulated media. Despite the risks, a comprehensive understanding of deepfake detection techniques has not materialized. This research tackles this knowledge gap by providing an up-to-date systematic survey of the digital forensic methods used to detect deepfakes. A rigorous methodology is followed, consolidating findings from recent publications on deepfake detection innovation. Prevalent datasets that underpin new techniques are analyzed. The effectiveness and limitations of established and emerging detection approaches across modalities including image, video, text and audio are evaluated. Insights into real-world performance are shared through case studies of high-profile deepfake incidents. Current research limitations around aspects like cross-modality detection are highlighted to inform future work. This timely survey furnishes researchers, practitioners and policymakers with a holistic overview of the state-of-the-art in deepfake detection. It concludes that continuous innovation is imperative to counter the rapidly evolving technological landscape enabling deepfakes.

A template for creating and sharing ground truth data in digital forensics.

Ground truth data (GTD) is used by those in the field of digital forensics (DF) for a variety of purposes including to evaluate the functionality of undocumented, new, or emerging technology and services and the digital traces left behind following their usage. Most accepted and reliable trace interpretations must be derived from an examination of relevant GTD, yet despite the importance of it to the DF community, there is little formal guidance available for supporting those who create it, to do so in a way that ensures any data is of good quality, reliable, and therefore usable. In an attempt to address this issue, this work proposes a minimum standard of documentation that must accompany the production of any GTD, particularly when it is intended for use in the process of discovering new knowledge, proposing original interpretations of a digital trace, or determining the functionality of any technology or service. A template structure is discussed and provided in Appendix S1 which sets out a minimum standard for metadata describing any GTD's production process and content. It is suggested that such an approach can support the maintenance of trust in any GTD and improve the shareability of it.

A holistic digital forensic analysis of Discord - Storage, memory, and network perspectives.

In the last decade, the market share and user base of social media applications have witnessed significant growth. However, this surge in popularity has inadvertently drawn the attention of criminals aiming to exploit these platforms for illicit activities. The forensic examination of these applications emerges as a pivotal avenue for uncovering valuable insights into criminal behavior and identifying suspects. Discord, a social media platform, has become a significant focal point for such illicit activities. In this paper, we examine the remnants of Discord on both Windows and Linux operating systems, employing storage, memory, and network analysis techniques to review the remnants of Discord. Our investigation reveals a range of crucial artifacts that have been successfully recovered across all three areas of analysis, including login and payment details, chat history, account information, and much more. Collectively, these artifacts constitute a valuable resource for forensic investigations, allowing the reconstruction of most of the user's activity.

The invisible evidence: Digital forensics as key to solving crimes in the digital age.

Digital transformation rapidly changes how we live our lives in the post pandemic world. Unfortunately, digital technology is not limited to law abiding organisations and citizens. Criminal organisations and individuals are quick to identify new opportunities with new technologies, and digital transformation is dramatically changing the character of crimes, terror, and other threats. The fast emergence of new crimes is facilitated by possibilities brought by disruptive technologies such as AI, Internet of Things, drones, and cryptocurrencies that can be disastrous tools in the hands of criminals. Consequently, our society needs far better capacity to prevent and investigate criminal acts to protect organisations and citizens. This brings an urgent need to proactively reform digital forensics to significantly increase our capability to meet the strain on society brought by crimes evolving in the digital transformation era. The future of forensic science is already here, characterized by a mix of opportunities and challenges. It is essential to make it harder to effectively use digital technologies for criminal activities, while leveraging the possibilities of digital technologies by those affected, law enforcement agencies, business and organisations. As digital technologies continue to evolve, we need to stay up to date with the latest developments to effectively investigate and prosecute crimes in the digital age. There is an increased reliance on digital evidence, and the amount of heterogeneous digital evidence in criminal cases keep increasing. The forensic science techniques thus become more sophisticated and play an increasingly important role. However, the scientific area is extremely broad, and beyond the capability of most forensic science labs to keep up with the technology forefront development speed. Besides an urgent need to bring up the subject to the political arena, examples of how we can meet the challenges are discussed such as by extending our cooperation, encourage and facilitate cooperation for training and education to handle the extremely broad and rapid development, working out methods for explaining and visualising evidence for the treatment and legal values of digital evidence in prosecution, and cooperation between product developers and crime investigators for swift innovation of digital forensics tools and methodologies for quickly emerging threats. This paper will highlight specific examples where modern digital techniques are used to solve crimes in the physical world as well as crimes committed in the digital domain and discuss how "good AI" can be used to fight "evil AI" and finally touch on the sensitive balance between the increased power of the new digital forensic tools and private integrity.