o Forensic Analysis of Invisible Internet (I2P)
There is growing interest in the Invisible Web and its use for criminal purposes. There is a need for methods and tools to acquire and analyze digital evidence related to I2P. This forensic challenge would combine forensic analysis of host, memory, and network traffic. The challenge scenario could involve malware (see i2Ninja) and/or file sharing (rhinos).
o Forensic Analysis of Evidence in the Cloud
As more devices rely on cloud services, there is an increasing need for methods and tools to acquire and analyze digital evidence stored in these environments. This forensic challenge would involve evidence acquired from various cloud environments, potentially involving backend information from providers, e.g., Amazon, Apple, Google, Microsoft, Terremark. For practical and legal reasons, the challenge creators would probably have to acquire much/all of the data in order to make it available for analysis.
o Forensic Analysis of Microsoft Windows 10
The release of Windows 10 will bring challenges from a forensic perspective. This challenge would explore the unique forensic challenges associated with Windows 10.
o Forensic Analysis of Internet-of-Things (IoT)
There is growing interest/concern related to IoT, including how aggregate data from these devices can impact security and influence digital forensics. This forensic challenge would involve a variety of devices in multiple locations, and correlating evidence from a bunch of devices. For technical and security reasons, the challenge creators would probably have to acquire much/all of the data in order to make it available for analysis.
o Forensic Analysis of Personal Drones
There is a growing market for small unmanned aerial vehicles (a.k.a. drones) for personal and official uses. These devices can contain digital evidence in various contexts, ranging from police surveillance to privacy invasion. This forensic challenge would involve data from several types of drones, ranging in cost and capability, and would include captured and transmitted information (e.g., recorded video, telemetry).
o Abstraction of Digital Evidence
Given a dataset, produce a high level, human understandable overview of activities. The goal of this challenge area is to encourage people to dream up ways of correlating evidence sources to produce high level timelines. This challenge relates to prior work such as DFRWS2012 “An automated timeline reconstruction approach for digital forensic investigations” by Christopher Hargreaves and Jonathan Patterson and DFRWS2014 “A Complete Formalized Knowledge Representation Model for Advanced Digital Forensics Timeline Analysis” by Yoan Chabot, Aurelie Bertaux, Christophe Nicolle and Tahar Kechadi.
Other research areas of interest that could be explored in DFRWS Forensic Challenges include:
- BIOS / UEFI malware
- Pattern Searching / Graph Query of Digital Evidence
- Visual Analytic Techniques
- Automated Prioritization of Forensic Artifacts