• Analyzing the DarkNetMarkets subreddit for evolutions of tools and trends using LDA topic modeling 

      Porter, Kyle (Journal article; Peer reviewed, 2018)
      Darknet markets, which can be considered as online black markets, in general sell illegal items such as drugs, firearms, and malware. In July 2017, significant law enforcement operations compromised or completely took down ...
    • Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria Mode 

      Alendal, Gunnar; Dyrkolbotn, Geir Olav; Axelsson, Stefan (Journal article; Peer reviewed, 2018)
      The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security ...
    • Generic Metadata Time Carving 

      Porter, Kyle (Peer reviewed; Journal article, 2020)
      Recovery of files can be a challenging task in file system investigations, and most carving techniques are based on file signatures or semantics within the file. However, these carving techniques often only recover the ...
    • Multinomial malware classification via low-level features 

      Banin, Sergii; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2018)
      Because malicious software or (”malware”) is so frequently used in a cyber crimes, malware detection and relevant research became a serious issue in the information security landscape. However, in order to have an appropriate ...
    • Reverse engineering of ReFS 

      Nordvik, Rune; Georges, Henry; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)
      File system forensics is an important part of Digital Forensics. Investigators of storage media have traditionally focused on the most commonly used file systems such as NTFS, FAT, ExFAT, Ext2-4, HFS+, APFS, etc. NTFS is ...
    • The reliability of clocks as digital evidence under low voltage conditions 

      Sandvik, Jens-Petter; Årnes, Andrè (Journal article; Peer reviewed, 2018)
      Battery powered electronic devices like mobile phones are abundant in the world today, and such devices are often subject to digital forensic examinations. In this paper, we show that the assumptions that clocks are close ...
    • Using NTFS cluster allocation behavior to find the location of user data 

      Karresand, Nils Martin Mikael; Axelsson, Stefan; Dyrkolbotn, Geir Olav (Journal article; Peer reviewed, 2019)
      Digital forensics is heavily affected by the large and increasing amount of data to be processed. To solve the problem there is ongoing research to find more efficient carving algorithms, use parallel processing in the ...
    • Using the object ID index as an investigative approach for NTFS file systems 

      Nordvik, Rune; Toolan, Fergus; Axelsson, Stefan (Journal article; Peer reviewed, 2019)
      When investigating an incident it is important to document user activity, and to document which storage device was connected to which computer. We present a new approach to documenting user activity in computer systems ...