Abstract
Email addresses and credit card numbers found on digital forensic images are frequently an important asset in a forensic casework. However, the automatic harvesting of these data often yields many false positives. This paper presents the Forensic Enhanced Analysis (FEA) module for the Autopsy digital forensic software. FEA aims to eliminate false positives of email addresses and credit card numbers harvested by Autopsy, thus reducing the workload of the forensic examiner. FEA also harvests potential Bitcoin public addresses and private keys and validates them by looking into Bitcoin’s blockchain for the transactions linked to public addresses. FEA explores the report functionality of Autopsy and allows exports in CSV, HTML and XLS formats. Experimental results over four digital forensic images show that FEA eliminates as many as \(40\%\) of email addresses and \(55\%\) of credit card numbers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
FEA is available at https://doi.org/10.5281/zenodo.1006703 (GPLv3 license).
- 3.
- 4.
Available at data.iana.org/TLD/tlds-alpha-by-domain.txt.
- 5.
ISO/IEC 7812-1:2006. Identification cards – Identification of issuers – Part 1: Numbering system.
References
Paul, P.K., Bhuimali, A., Shivraj, K.S.: Internet corporation for assigned names and numbers: an overview. Asian J. Eng. Appl. Technol. 5(2), 40–43 (2016)
Bahnsen, A.C., Aouada, D., Stojanovic, A., Ottersten, B.: Feature engineering strategies for credit card fraud detection. Expert Syst. Appl. 51, 134–142 (2016)
Duchamp, D., et al.: Prefetching hyperlinks. In: USENIX Symposium on Internet Technologies and Systems, pp. 12–23 (1999)
Elz, R., Bush, R.: Clarifications to the DNS specification. Technical report (1997)
Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based Cryptojacking. arXiv preprint arXiv:1803.02887 (2018)
Garfinkel, S.: AFF and AFF4: where we are, where we are going, and why it matters to you. In: Sleuth Kit and Open Source Digital Forensics Conference (2010)
Garfinkel, S.L.: Digital media triage with bulk data analysis and bulk\(\_\)extractor. Comput. Secur. 32, 56–72 (2013)
Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS performance and the effectiveness of caching. IEEE/ACM Trans. Netw. 10(5), 589–603 (2002)
Klensin, J.: RFC 5321: simple mail transfer protocol (2008). https://tools.ietf.org/html/rfc5321
Liao, K., Zhao, Z., Doupé, A., Ahn, G.J.: Behind closed doors: measurement and analysis of CryptoLocker ransoms in Bitcoin. In: 2016 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–13. IEEE (2016)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Panchal, E.P.: Extraction of persistence and volatile forensics evidences from computer system. Int. J. Comput. Trends Technol. (IJCTT) 4(5), 964–968 (2013)
Postel, J.: Domain name system structure and delegation (1994)
Resnick, P.: RFC 5322: Internet message format (2008). https://tools.ietf.org/html/rfc5322
Rowe, N.C., Schwamm, R., McCarrin, M.R., Gera, R.: Making sense of email addresses on drives. J. Digit. Forensics Secur. Law: JDFSL 11(2), 153 (2016)
Wachira, W., Waweru, K., Nyaga, L.: Transposition error detection in Luhn’s algorithm. Int. J. Pure Appl. Sci. Technol. 30(1), 24 (2015)
Acknowledgements
This work was partially supported by FCT, Instituto de Telecomunicações under project UID/EEA/50008/2013 and CIIC under project UID/CEC/04524/2016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Domingues, P., Frade, M., Parreira, J.M. (2020). Filtering Email Addresses, Credit Card Numbers and Searching for Bitcoin Artifacts with the Autopsy Digital Forensics Software. In: Madureira, A., Abraham, A., Gandhi, N., Silva, C., Antunes, M. (eds) Proceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018). SoCPaR 2018. Advances in Intelligent Systems and Computing, vol 942. Springer, Cham. https://doi.org/10.1007/978-3-030-17065-3_32
Download citation
DOI: https://doi.org/10.1007/978-3-030-17065-3_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17064-6
Online ISBN: 978-3-030-17065-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)