Your search keyword '"Mohamad Ahtisham Wani"' showing total 8 results

1. Dataset for forensic analysis of B-tree file system

Author

Mohamad Ahtisham Wani and Wasim Ahmad Bhat

Subjects

Computer applications to medicine. Medical informatics, R858-859.7, Science (General), Q1-390

Abstract

Since B-tree file system (Btrfs) is set to become de facto standard file system on Linux (and Linux based) operating systems, Btrfs dataset for forensic analysis is of great interest and immense value to forensic community. This article presents a novel dataset for forensic analysis of Btrfs that was collected using a proposed data-recovery procedure. The dataset identifies various generalized and common file system layouts and operations, specific node-balancing mechanisms triggered, logical addresses of various data structures, on-disk records, recovered-data as directory entries and extent data from leaf and internal nodes, and percentage of data recovered.

Published

2018

2. Forensic analysis of Twitch video streaming activities on Android

Author

Ali Alzahrani, Wasim Ahmad Bhat, and Mohamad Ahtisham Wani

Subjects

Multimedia, Computer science, 010401 analytical chemistry, Digital forensics, Copyright infringement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, computer.software_genre, 01 natural sciences, 0104 chemical sciences, Pathology and Forensic Medicine, Forensic science, 03 medical and health sciences, 0302 clinical medicine, Child sexual abuse, Genetics, ComputingMilieux_COMPUTERSANDSOCIETY, 030216 legal & forensic medicine, Video streaming, Android (operating system), computer

Abstract

Video streaming abuses range from copyright infringement and piracy to child sexual abuse and murder. This paper performs proactive forensics of Twitch video streaming activities on Android devices. We designed our experiments using a methodology based on black-box testing principles and conducted them on Android devices using a forensic framework. The results of our experiments suggest that forensic investigators can extract evidences of streams broadcast, shared, and watched by the user, and associate them with the Twitch account of the user. We detail all the recoverable artifacts of forensic significance, provide mechanisms to extract them based on the identified anchors, and interpret their significance in forensic investigations.

Published

2021

3. Can computer forensic tools be trusted in digital investigations?

Author

Ali Alzahrani, Mohamad Ahtisham Wani, and Wasim Ahmad Bhat

Subjects

File system, Exploit, Computers, Computer science, White-box testing, Forensic Sciences, 010401 analytical chemistry, Computer forensics, Forensic Medicine, Computer security, computer.software_genre, 01 natural sciences, 0104 chemical sciences, Pathology and Forensic Medicine, Task (project management), 03 medical and health sciences, 0302 clinical medicine, Digital evidence, Humans, Crime scene, Crime, 030216 legal & forensic medicine, computer

Abstract

This paper investigates whether computer forensic tools (CFTs) can extract complete and credible digital evidence from digital crime scenes in the presence of file system anti-forensic (AF) attacks. The study uses a well-established six stage forensic tool testing methodology based on black-box testing principles to carry out experiments that evaluate four leading CFTs for their potential to combat eleven different file system AF attacks. Results suggest that only a few AF attacks are identified by all the evaluated CFTs, while as most of the attacks considered by the study go unnoticed. These AF attacks exploit basic file system features, can be executed using simple tools, and even attack CFTs to accomplish their task. These results imply that evidences collected by CFTs in digital investigations are not complete and credible in the presence of AF attacks. The study suggests that practitioners and academicians should not absolutely rely on CFTs for evidence extraction from a digital crime scene, highlights the implications of doing so, and makes many recommendations in this regard. The study also points towards immediate and aggressive research efforts that are required in the area of computer forensics to address the pitfalls of CFTs.

Published

2021

4. File system anti-forensics – types, techniques and tools

Author

Ali Alzahrani, Mohamad Ahtisham Wani, and Wasim Ahmad Bhat

Subjects

File system, 021110 strategic, defence & security studies, Thesaurus (information retrieval), General Computer Science, Process (engineering), Computer science, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, 0211 other engineering and technologies, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Technical information, 02 engineering and technology, computer.software_genre, Data science, Digital evidence, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Crime scene, Law, computer

Abstract

Forensics paved the way for the growth of anti-forensics, and the time has come for anti-forensics to return the favour. For that purpose, it is imperative that forensic investigators and practitioners are armed with the knowledge of contemporary anti-forensics types, techniques and tools. This article aims to provide technical information and a comprehensive understanding of file system anti-forensics types, techniques and tools so as to facilitate investigators' ability to collect technically credible and legally admissible digital evidence from crime scenes. Forensics paved the way for the growth of anti-forensics, which tries to prevent, hinder or corrupt the forensic process of evidence acquisition and analysis. The time has come for anti-forensics to return the favour. Mohamad Ahtisham Wani, Ali AlZahrani and Wasim Ahmad Bhat provide technical information and a comprehensive understanding of file system anti-forensics types, techniques and tools so as to facilitate investigators' ability to collect technically credible and legally admissible digital evidence from crime scenes.

Published

2020

5. Forensic analysis of B-tree file system (Btrfs)

Author

Mohamad Ahtisham Wani and Wasim Ahmad Bhat

Subjects

File system, Database, Degree (graph theory), Computer science, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Directory, computer.software_genre, Computer Science Applications, Forensic science, B-tree, Medical Laboratory Technology, Data_FILES, 0202 electrical engineering, electronic engineering, information engineering, Law, computer

Abstract

This paper identifies forensically important artifacts of B-tree file system (Btrfs), analyses changes that they incur due to node-balancing during file and directory operations, and based on the observed file system state-change proposes an evidence-extraction procedure. The findings suggested that retrieving forensic evidence in a fresh B-tree file system is difficult, the probability of evidence-extraction increases as the file system ages, internal nodes are the richest sources of forensic data, degree of evidence-extraction depends upon whether nodes are merged or redistributed, files with size less than 1 KB and greater than 4 KB have highest chances of recovery, and files with size 3–4 KB have least chances of recovery.

Published

2018

6. Privacy Preserving Anti-forensic Techniques

Author

Mohamad Ahtisham Wani

Subjects

Value (ethics), Computer science, business.industry, media_common.quotation_subject, Internet privacy, Data security, Privacy preserving, Information hiding, Obfuscation, Personal identity, Confidentiality, business, Anonymity, media_common

Abstract

In this digital age of mass surveillance and personal identity theft, data security and privacy is a major concern. Although sophisticated tools and software that guarantee privacy are easily available, users are increasingly becoming aware of their privacy concerns and look for solutions that enables them to secure data on their own, owing to its sensitivity and confidentiality. Anti-forensics has been at the forefront in data concealment by using novel data hiding and trail obfuscation techniques which promise great value when it comes to maintaining anonymity, privacy and confidentiality of data. This chapter takes a look at various anti-forensic techniques that promise value when it comes to data obscurity and discusses their potential in ensuring its security and privacy.

Published

2021

7. An analysis of anti-forensic capabilities of B-tree file system (Btrfs)

Author

Mohamad Ahtisham Wani, Wasim Ahmad Bhat, and Ali Dehghantanha

Subjects

File system, Database, Computer science, 010401 analytical chemistry, ComputingMilieux_LEGALASPECTSOFCOMPUTING, computer.software_genre, 01 natural sciences, 0104 chemical sciences, Pathology and Forensic Medicine, Forensic science, 03 medical and health sciences, 0302 clinical medicine, Data_FILES, 030216 legal & forensic medicine, computer

Abstract

Anti-forensic techniques aim to prevent, hinder or corrupt the forensic process of evidence acquisition, its analysis, and/or its admissibility. File systems are at the spotlight of almost every fo...

Published

2018

8. Forensic analysis of Sync.com and FlipDrive cloud applications on Android platform

Author

Sajid Sajad Khan, Mohamad Ahtisham Wani, Faiqah Farooq Shah, Wasim Ahmad Bhat, and Mohammad Faid Jalal

Subjects

Computer science, business.industry, 010401 analytical chemistry, sync, Cloud computing, Login, 01 natural sciences, 0104 chemical sciences, Pathology and Forensic Medicine, World Wide Web, 03 medical and health sciences, Upload, 0302 clinical medicine, Server, 030216 legal & forensic medicine, Timestamp, Android (operating system), business, Law, Cloud storage

Abstract

The complex architecture and legal restrictions associated with cloud services make the acquisition of data from servers almost impossible in digital investigations involving cloud services. However, smartphones used to access these cloud services can serve as potential sources. In this paper, we investigate Sync.com and FlipDrive cloud client applications on Android platform for artefacts left behind by user activities. Our experiments demonstrate that rich information arising from user activities is left behind by these applications. This information includes installation details, login credentials, names and timestamps of files uploaded, downloaded, deleted and shared. The study also identifies mechanisms for extracting these artefacts from the devices. These findings assist forensic investigators in performing complete, credible and conclusive digital investigation by allowing them to create complete file management history of these applications. Finally, based on these findings, we make many recommendations relevant to the digital investigation involving these applications.

Published

2019