Digital Evidence

Developing Statistical Foundations for Digital Evidence

Across the country and world, there is a widespread use of mobile devices, computers, cloud computing and storage, and other internet-based services. As such, digital evidence has become vital in providing insights and conclusions in criminal investigations, some of which include various forms of cybercrimes.

Digital evidence presents many challenges in criminal investigations. Often digital evidence is incomplete, which may result from data storage outsourcing, the use of sample- or summary-based logging approaches in networked IT systems, from unpublished features of operating systems, or undetected faults in forensic tooling or procedural errors. Along with incomplete digital evidence, forensic investigators may find errors caused by malicious parties. Beyond that, digital components and technology continue to rapidly change, making it difficult to validate data.

Major aspects of digital forensics include

  • The identification of devices used in crime
  • The identification of the individual that actually used the device
  • And proving that there is a relationship between the individual and evidential data about a criminal activity.

Collaboration

CSAFE brings together a collaborative task force of staticians, researchers in anthropological methods, machine learning researchers, forensic scientists and more to:

  • Develop a robust, well-calibrated measure of trustworthiness for digital evidence.
  • Develop a forensic framework to answer questions about the origin, provenance, and integrity of the evidential data and to reconstruct their processing history.
  • Develop statistical models to predict the source of digital evidence as a function of hardware/device characteristics.
  • Explore countermeasures against efforts to hide or erase digital evidence.
  • Advance the probabilistic detection of novel environmental traces inherently left on evidential data.
  • Propose probability/statistical approaches to detect environmental traces left by digital evidence.
  • Develop analytical techniques to fingerprint devices from the physical to the application layers.
  • Design calibration experiments and construct a trustworthiness measure for device fingerprints.
  • Develop a taxonomy for keystroke styles and determine the sources of variation in keystroke dynamics.
  • Develop statistical models for an individual’s digital behavior.