Computational Forensics for Large-scale Fraud Detection, Crime Investigation and Prevention
Alternativ tittel: Computational Forensics for avdekking av svindel, kriminaletterforskning og forebygging ved hjelp av analyse metoder for store datamengder
Målet med prosjektet ArsForensica var å gi ny kunnskap som forbedrer forebygging av svindel, etterforskning og påtale av hendelser i IKT-miljøer, uten at det går på akkord med personvern og rettssikkerhet. ArsForensica fokuserer spesielt på digital etterforskning av Big Data og på Etterforskning som en tjeneste, for proaktive og reaktive digitale undersøkelser. Prosjekter setter søkelyset på økonomiske misligheter, økonomisk kriminalitet, hvitvasking og finansiering av terrorisme. Forskningsutfordringer er f eks (i) enorme mengder elektroniske data som må analyseres, (ii) Fragmenter av bevis som er skjult i et kaotisk miljø, (iii) Varierende kvalitet på spor og mulighet for å plante/forvrenge spor, (iv) dynamiske miljøer og kontinuerlig endring av situasjoner/sammenhenger, (v) mangelfull kunnskap, samt (vi) beslutninger preget av usikkerhet og antagelser. Prosjektet er det første i sitt slag. Det bringer sammen en gruppe av ledende norske og internasjonale forskere, og et betydelig antall industrielle aktører og offentlige organisasjoner. Forskningen har en tverrfaglig tilnærming med utgangspunkt i databehandling, digital etterforskning og samfunnsfag. Kjernen av forskergruppen består av forskere fra NTNU Digital Forensics Group ved Institutt for informasjonssikkerhet og kommunikasjonsteknologi (IIK), Norges teknisk-naturvitenskapelige universitet (NTNU), Norsk Regnesentral og den norske Politihøgskolen. I tillegg omfatter prosjektet fremragende forskere fra University of California Santa Cruz i USA, Kyushu Institute of Technology i Japan, FNs Interregional Crime and Justice Research Institute, og Universitetet i Groeningen i Nederland. Utøvende partnere inkluderer det norske Politidirektoratet, Kripos, Økokrim, Oslo politidistrikt og Netherlands Forensics Institute. Sikkerhetstjeneste-leverandører for den norske finanssektoren, dvs. FinansCERT og mnemonic, deltar også i forskning og validering av nye beregningsmetoder som skal utvikles.
The project brought together highly specialised researchers and practitioners to analyse cybercrime traces on the Internet, digital evidence, and digitised physical evidence, i.e. paper documents. Project members represent a wide range of disciplinary backgrounds, such as forensics, computational science, and social science, i.e. privacy, civil & criminal law.
The project explored three main domains: H1-Analysing large diverse
data sources, H2-Techniques for new investigative settings, and H3-Novel infrastructures & legal frameworks. It conducts multi-disciplinary research and training for a body of early-stage researchers and a group of experienced researchers.
Further on, the project studied three case scenarios: (i) Investigation of financial fraud, economic crime & money laundering in cooperation with partner Økokrim, (ii) Cybercrime investigation & prevention together with Kripos, and (iii) Case-work related to the recognition of individuals together with OPD. The scenarios with active user involvement guided the research throughout the project.
In summary, the primary results of the Arsforensica project were:
* Gain new knowledge on large-scale fraud detection, crime investigation & prevention in compliance with privacy and legal aspects.
* Explore socio-technical controls to balance forensics-by-design & privacy-by-design.
* Work towards sustainable investigation methods that follow sound forensic principles.
* Develop software methods & infrastructures to increase efficiency in large-scale forensic investigations.
* Support search & analysis through terabytes of electronic data stored within closed systems and open Internet.
* Enable extracting behavioural profiles of perpetrators and prevent criminal activities.
* Educate 7 PhD (6 RCN-funded) and seven additional PhD receiving funding from the KD or JDB.
The secondary outcomes were:
* Strengthen national competence in cybercrime investigation and prevention by establishing sustainable research and educational environments at the NTNU and the Norwegian police.
* Increase the understanding of the socio-technical frontiers of forensics investigations, such as investigative quality and validation.
* Influence research directions and the composition of higher education curricula in forensics with new offerings of short-term, postgraduate education, regular BSc, MSc, and PhD courses, as well as three published books with Wiley publisher.
Evidence derived from ICT using Digital Forensics techniques is playing an increasingly important role, e.g. in criminal investigations, corporate compliance activities, counter terrorism and intelligence operations. The emergence of technologies such as Cloud Computing, Social Networks, and the growing use of Mobile Embedded Devices, poses challenges. At the same time these technologies, i.e. the Cloud, offer a potential solution to the computing-resource capacity needed for data analysis during large-scale investigations.
The project explores three hypotheses: H1-Analysing large diverse data sources, H2-Techniques for new investigative settings, H3-Novel infrastructures & legal frameworks. It conducts inter-disciplinary research and training to a body of early stage researchers (7 PhDs) and 11 experienced researchers. Major studies (PhD research) are: Fault-tolerant feature selection and approximate search, Online learning for behavioral analysis, Situational awareness and resilience to obfuscation, Cybercrime investigation and preventions, Internet evidence collection and analysis, Socio-technical and Techno-legal aspects, Privacy-preserving Government Cloud-Forensics architecture. Hence, the project will prototype three case scenarios: (i) Investigation of financial fraud, economic crime & money laundering in cooperation with partner Økokrim, (ii) Cybercrime investigation & prevention together with mnemonic AS and Kripos, and (iii) Case-work related to the recognition of individuals together with OPD. The scenarios with active user involvement will guide the research throughout the project.
The project brings together highly specialized researchers and practitioner in analysing digital evidence, cybercrime traces in the Internet, and digitized physical evidence, i.e. paper documents. Project members represent a wide range of disciplinary backgrounds such as forensics, computational science, social science, i.e. privacy, civil & criminal law.