Computational Forensics for Large-scale Fraud Detection, Crime Investigation and Prevention

The overall objective of ArsForensica was to provide new knowledge that can significantly improve the prevention, preparedness, investigation and prosecution of incidents in ICT environments without compromising privacy and the rule of law. Specifically, this project focused on proactive and reactive digital investigations, for example, to prevent and combat fraud, economic crime, money laundering and terror finance. Fraud prevention and criminal investigations lead to exciting research challenges, i.e. (i) a Huge amount of electronic data needs to be analysed, (ii) Tiny pieces of evidence that are hidden in a chaotic environment, (iii) Diverse quality of traces and possibility of obfuscating / planting, (iv) Dynamic environments and permanently changing situations / contexts, (v) Partial knowledge, required approximation, as well as (vi) Decision making under uncertainties and conjectures. The project is the first of its kind. It brings together a group of leading Norwegian and international researchers and several industries and government organisations. The research takes an inter-disciplinary approach with perspectives from the computing, forensic and social sciences. The core-research group comprises scientists from the NTNU Digital Forensics Group at the Department of Information Security and Communication Technology (IIK), the Norwegian University of Science and Technology (NTNU), the Norwegian Computing Centre, and the Norwegian Police University College. In addition, the project includes outstanding scientists from the University of California Santa Cruz in the USA, the Kyushu Institute of Technology in Japan, the United Nations Interregional Crime and Justice Research Institute, and the University of Groningen in the Netherlands. User partners include the Norwegian National Police Directorate, Kripos, Økokrim, Oslo Police District, and the Netherlands Forensics Institute. Security-service providers for the Norwegian financial sector, i.e. FinansCERT and mnemonic, are also participating in research and validation of new computational methods to be developed.

The project brought together highly specialised researchers and practitioners to analyse cybercrime traces on the Internet, digital evidence, and digitised physical evidence, i.e. paper documents. Project members represent a wide range of disciplinary backgrounds, such as forensics, computational science, and social science, i.e. privacy, civil & criminal law. The project explored three main domains: H1-Analysing large diverse data sources, H2-Techniques for new investigative settings, and H3-Novel infrastructures & legal frameworks. It conducts multi-disciplinary research and training for a body of early-stage researchers and a group of experienced researchers. Further on, the project studied three case scenarios: (i) Investigation of financial fraud, economic crime & money laundering in cooperation with partner Økokrim, (ii) Cybercrime investigation & prevention together with Kripos, and (iii) Case-work related to the recognition of individuals together with OPD. The scenarios with active user involvement guided the research throughout the project. In summary, the primary results of the Arsforensica project were: * Gain new knowledge on large-scale fraud detection, crime investigation & prevention in compliance with privacy and legal aspects. * Explore socio-technical controls to balance forensics-by-design & privacy-by-design. * Work towards sustainable investigation methods that follow sound forensic principles. * Develop software methods & infrastructures to increase efficiency in large-scale forensic investigations. * Support search & analysis through terabytes of electronic data stored within closed systems and open Internet. * Enable extracting behavioural profiles of perpetrators and prevent criminal activities. * Educate 7 PhD (6 RCN-funded) and seven additional PhD receiving funding from the KD or JDB. The secondary outcomes were: * Strengthen national competence in cybercrime investigation and prevention by establishing sustainable research and educational environments at the NTNU and the Norwegian police. * Increase the understanding of the socio-technical frontiers of forensics investigations, such as investigative quality and validation. * Influence research directions and the composition of higher education curricula in forensics with new offerings of short-term, postgraduate education, regular BSc, MSc, and PhD courses, as well as three published books with Wiley publisher.

Evidence derived from ICT using Digital Forensics techniques is playing an increasingly important role, e.g. in criminal investigations, corporate compliance activities, counter terrorism and intelligence operations. The emergence of technologies such as Cloud Computing, Social Networks, and the growing use of Mobile Embedded Devices, poses challenges. At the same time these technologies, i.e. the Cloud, offer a potential solution to the computing-resource capacity needed for data analysis during large-scale investigations. The project explores three hypotheses: H1-Analysing large diverse data sources, H2-Techniques for new investigative settings, H3-Novel infrastructures & legal frameworks. It conducts inter-disciplinary research and training to a body of early stage researchers (7 PhDs) and 11 experienced researchers. Major studies (PhD research) are: Fault-tolerant feature selection and approximate search, Online learning for behavioral analysis, Situational awareness and resilience to obfuscation, Cybercrime investigation and preventions, Internet evidence collection and analysis, Socio-technical and Techno-legal aspects, Privacy-preserving Government Cloud-Forensics architecture. Hence, the project will prototype three case scenarios: (i) Investigation of financial fraud, economic crime & money laundering in cooperation with partner Økokrim, (ii) Cybercrime investigation & prevention together with mnemonic AS and Kripos, and (iii) Case-work related to the recognition of individuals together with OPD. The scenarios with active user involvement will guide the research throughout the project. The project brings together highly specialized researchers and practitioner in analysing digital evidence, cybercrime traces in the Internet, and digitized physical evidence, i.e. paper documents. Project members represent a wide range of disciplinary backgrounds such as forensics, computational science, social science, i.e. privacy, civil & criminal law.