The Chair for Informatics (IT security infrastructures)
Applied Forensic Computing Group
The Applied Forensic Computing Group (AFC), led by Dr.-Ing. Andreas Dewald, is settled at the Chair for Informatics and IT security infrastructures (Prof. Felix Freiling) at the Friedrich-Alexander University Erlangen-Nürnberg (FAU). The group proposes a separation of what is currently demanded of practitioners in digital forensics into a rigorous scientific part on the one hand, and a more general methodology of searching and seizing digital evidence and conducting digital investigations on the other in order to mark out the route for computer forensics to turn into a true forensic science as elaborated here. To this end, research topics of the AFC focus on methodology and terminology with respect to forensic computing in its core as well as applied techniques for its more general portion.
The entire chair performs research in many areas of applied IT security (fundamental and systems research). The overall research roadmap is structured around the landscape of cybercrime with its three main groups of actors (attackers, users and investigators) and their main activities and deficits: attack and evasion for attackers, awareness and education for victims, evidence extraction and analysis for investigators.
The landscape of cybercrime and its actors
The amount of crime involving digital systems is steadily increasing. This involves both more traditional crime in which digital systems are merely used as tools (e.g. different types of fraud, blackmailing, hidden communication) as well as new forms of crime in which digital systems are an enabling technology (e.g., computer abuses, malicious software, malicious remote control networks like botnets).
Current and future research areas can be structured according to three research goals, which correspond to the classes of actors mentioned above:
- Develop and cultivate offensive technologies (à attackers)
This comprises “penetration testing”, an approach to assess the security of real-world systems by attacking them. The penetration tester tries to actively push the system to an insecure state by accessing it in a way that was not foreseen by the system’s designer. Current research also includes anti-forensic protection techniques or malware analysis systems.
- Awareness and education (à users)
While technical means for achieving IT security have been steadily improving, the main weak point in securing computer systems is shifting from the technology to the psychology. We examine what people think and feel about computer security and find out how security goals and methods be communicated in an appealing and understandable way.
- Foundations of forensic computing (à investigators)
This research stream stresses the link of forensic computing to other forensic sciences: establishing hypotheses about previous actions based on traces of actions left at the scene of crime. In this context we develop tools and techniques in evidence collection: the examination of traces of volatile information in RAM, dumping and analyzing tools for smartphones like ADEL, or “selective imaging”, the creation of partial forensic images by selectively acquiring only relevant data from digital devices.
We also develop techniques to better educate and train investigators, for instance by the Forensic Image Generator tool (Forensig), which is also a very handy tool for open research questions – like the one presented in the Challenge here.
- Zinaida Benenson, Andreas Dewald, Hans-Georg Eßer, Felix C. Freiling, Tilo Müller, Christian Moch, Stefan Vömel, Sebastian Schinzel, Michael Spreitzenbarth, Ben Stock and Johannes Stüttgen: Exploring the Landscape of Cybercrime. In: Markatos, Evangelos ; Zanero, Stefano (Hrsg.): Proceedings of the First SysSec Workshop (SysSec 2011 Amsterdam 6.7.2011). Amsterdam: Free University, 2011, S. 69-72.
- Andreas Dewald, Felix C. Freiling: From Computer Forensics to Forensic Computing: Investigators Investigate, Scientists Associate. Erlangen: University of Erlangen-Nuremberg. 2014 (CS-2014-04). - Internal Report. 10 Pages (Technical Reports Bd. 2014) ISSN 2191-5008
- Andreas Dewald, Felix C. Freiling: Forensische Informatik. 1. ed. Norderstedt: Books on Demand, 2011. - 132 Pages. ISBN 978-3-8423-7947-3
Our Challenge: Digital Forensics
More and more data is stored and shared by digital devices in our networked world. How secure is this information and how can potential hacks be proven and investigated? This is your chance to help advance digital Crime Scene Investigation methods.