In developing the workforce, we propose as our first task to analyze and develop pathways for motivating, recruiting, training, and maintaining minority and underrepresented students to aspire to government service, especially in digital forensics, cybersecurity and STEM areas. Each university currently has a pathway forward for their students and the projects they will be undertaking (see Appendix 1. Recruitment and Assessment). We will investigate the efficacy of these programs and provide collaborative workforce education and training through academic year research, summer programs, educational curriculum, seminars and workshops. We will optimize he use of Zoom video conferencing, Microsoft TEAMs, and other virtual presence opportunities, as well as each university’s “Lessons Learned” during the COVID-19 pandemic to build a responsive research community and participate together in all aspects of the university educational, research and training experience. Mentors from business, industry and government will participate in these sessions to help develop mentoring relationships across the FINDS Research Center for students, as well as faculty at all levels.
During the Academic Year, undergraduate and graduate students at each of the universities will be engaged throughout the academic year in project research for the program as outlined in this proposal. Faculty members and students from each of the participating universities will meet via Zoom or other virtual means monthly to collaborate on the research, discuss progress of the research projects and to exchange information on courses and mentoring, including discussion of US Army opportunities and government/industry workforce opportunities upon graduation. This will include recruitment of other undergraduates and Masters/Ph.D. students and encouragement in support of minority students in research programs to seek ARL/AFRL summer internships and future employment. They will be introduced to digital forensics, as well as the role of DoD researchers and practitioners. Skills will be developed by hands on learning.
Five selected students and their faculty members will be hosted by the NFSTC (a part of FIU) in Largo, Florida, for one week to complete an intensive, hands-on training program. The activities will include; Day 1: an introduction to digital forensics and an overview of digital forensic triage and tools; Day 2: analysis: utilizing ftk, magnet axiom, and autopsy to analyze the imaged media device. After analyzing and tagging items of interest, the students will create reports. Day 3: Drone data extraction – Cell Phone Forensics using XRY, Cellbrite and other tools to perform extractions, bypass pins, retrieve data, etc. Day 4: Students will perform network forensics to capture and analyze data. Day 5: Students will perform image and video forensics, by capturing, extracting and analyzing data. Upon completion of this training, the students and faculty will join the 4-week summer program at FIU (if pandemic conditions permit) or attend a virtual 4- week summer program online using Zoom/Microsoft Teams as interactive platforms as described below.
In a summer session, we will invite 5 minority/underrepresented undergraduate students from FIU and 5 students from the partnering HBCUs for an FIU-NFSTC hosted research program, providing an intensive research sprint, and opportunities to meet guest speakers, faculty and industry mentors. The first week will consist of a virtual digital forensics training program conducted by NFSTC in Largo, Florida, where students will be introduced to applied digital forensic research, conducting (where possible) hands-on, applied digital forensics work and attending Digital Forensics platform instruction. The program will consist of the following events.
Students will work on the following projects, as well as open digital forensics research projects based upon the individual student and faculty member selection. These projects are designed to be conducted in a “sprint” environment.
The push to move digital forensic training online has created a desire to have a virtual environment in which to conduct training. There are many hands-on tools and special circumstances that have made this a unique challenge. While there are many current solutions for virtual forensic environments (see CyberFlorida, and FIU E-Labs for example) these do not fit our unique current and future needs, as these solutions provide an adequate platform only for analysis work of forensics, but lack the often-overlooked collection procedures essential to development of digital forensic examiners. These collection procedures are the foundation of the digital forensic process and quite often given short shrift in training scenarios. We propose to address this shortfall through development of virtual Local Media Acquisition—the process of creating forensic images from media, Cellphone Acquisition—extracting information from cellphones, and Boot Scan Analysis, and forensic triage tools used to bypass Windows passwords or boot a machine in a forensically sound manner. The process of acquiring information from the device is often the most important step in cell phone forensics. The hands-on aspect of this process, while difficult to replicate “virtually,” is invaluable as it requires changing settings on the phones, plugging in cables and initializing phone processes to successfully acquire data. We propose to develop processes allowing remote boot of a device to an alternate OS, but still have direct access to the hard drive/memory, making these processes extremely valuable to forensics examiners.
TrID is a command line tool that performs file signature analysis to determine if there is a file extension/file signature mismatch. Some users have an aversion to command line, fearing irretrievable disruption of the files. We propose to develop a simple graphical user interface (GUI) or batch file tool to execute the process. If successful, the project would enable the correct switches to be applied, which will not only identify mismatches but will amend the filename:extension to include the correct file extension. Resolution of the project will provide soldiers with an expedient means of identifying file signatures real time.
Rapid SEED: A Field Expedient Tool for quickly seeding user data on multiple mobile training devices. Seeding user data on multiple training phones has been a manual, time consuming process. The National Institute of Standards and Technology (NIST) published a Quick Start Guide for Populating Mobile Test Devices (NIST Special Publication 800-202), which provides procedures for documenting and populating various data elements typically found within the contents of a mobile device, e.g., mobile phone, tablet, etc., to test digital forensic tools often used in incident response and criminal investigations. The most common smartphones used in training are Android devices, which are based on Linux. The most time- consuming part of seeding devices is call logs, SMS messages, and MMS messages data, but it would be optimal to seed all data fields in the NIST guide. We propose to develop a script or GUI to transfer data from tables (in .XML, or Excel, etc. format) based off the NIST guide, and filled in with user data, that could be used to transfer the data to mobile devices. This would expedite data seeding processes. Multiple devices can be quickly seeded based on training scenarios, saving valuable field time for robust scenarios.
The volume of available data requires exploitation of data streams and sources, and fusion of information through application of Artificial Intelligence/Machine Learning techniques. Data sources include cloud-based information storage and retrieval, Internet access to open-source and classified information through computer fraud and cyber- attacks, and information centric warfare disrupting instruments of national power. AI/ML techniques will be employed to develop new tools for extraction, data preservation and development of visually extracted data. Example projects with national labs and industry partners in this area would include the following:
We will conduct two digital forensics research workshops as part of our overall effort. The workshops will take place during the fall semester of 2023 and in the spring semester of 2026. Each workshop would consist of two panels and a Future Concept Action Session seeking to outline innovative technologies and actions in developing new, transformational tools and techniques for digital forensics. The workshop approach would use a presentation and question-answer panel presentation to prepare the participants for investigating and resolving the research challenges. This would also serve to disseminate ongoing FINDS Center research.
Scientific objectives would be to address emerging research questions, as outlined in our current research projects and to address other issues that may arise as the science of digital forensics continues to emerge and transform. Of key interest in all panel discussions would be the rapid analysis, exploitation and defense of information to assure U.S. military dominance in all aspects of the digital information domain. The workshop results would serve as a starting point for additional research. The proceedings will contain a “Way Ahead” section identifying future research and operational activities, serving to inculcate findings into an actionable strategy.