Advertisement
(Screenshot: Courtesy of the University of New Haven)

One digital investigator in Texas comes upon a tiny fragment of smartphone evidence that takes days to understand and unwind. The same digital trace had been thoroughly investigated and catalogued by a counterpart in Britain—but there was never any way to share the information, except through decentralized online groups.

The University of New Haven has now set up what it envisions to be the major hub to connect cyber forensics teams the world over: the Artifact Genome Project.

“The only way to learn from each other is to share with each other all of these artifacts as they come from different (sources),” said Ibrahim Baggili, co-director and founder of the Cyber Forensics Research and Education Group at the school. “Everybody’s working on a different crime—everybody’s working on something involving a new app, or somebody hit something on their particular phone or system. It’s important that we start sharing and collecting, so that investigators can start learning from each other.”

The Project’s name is an echo of the Human Genome Project, that landmark venture that produced the first sequence of Homo sapiens DNA at the turn of the millennium. Baggili and his team envision a comparable breakthrough in worldwide digital forensics, they said. 

Artifacts are traces of digital history that could tell investigators a story of crime—or any activity that is more mundane. A registry entry on a computer telling when it was last turned on, a tiny file stored on a smartphone which contains a username and password, a text message, and other small nuggets are all considered artifacts.

The New Haven team published arguably the most thorough and formal definition of “artifacts” to date in the Elsevier journal Digital Investigation last year.

(Screenshot: Courtesy of the University of New Haven)

“The idea is, artifacts exist on many systems, and people typically want to investigate them,” said Baggili.

Baggili gave Forensic Magazine a virtual tour of the AGP on June 13.

The system involves a cross-referenced and exhaustive search function, a detailed method for uploading new entries, and even “leaderboards” to show which organizations and individuals are contributing the most to the AGP. A messaging system will also allow communication between the experts.

Researchers and investigators have to be approved by the administrators—without “giving access to every single person.” Each submission to the database is also vetted by the site runners, as well. Baggili and lead developer Devon Clark are joined by the lead artifact contributor from New Haven, Brandon Knieriem, in launching the database.

So far, more than 100 investigators are already part of the AGP membership, Baggili said.

“This is our version of shouting over the cubicle wall in the lab—‘Hey, do you know where I can find this?’” he added. “But now, instead of asking four people that are in one lab, you might be asking 200 or 300 or 1,000 people, because it’s that much easier to get the information back.”

The project was federally funded, through VACCINE (Visual Analytics for Command, Control and Interoperability Environments), a U.S. Department of Homeland Security Center of Excellence at Purdue University.

The AGP could go beyond just a listing of digital artifacts, said Baggili.

“I envision this being a repository—but also a community,” he said. “This could grow into a Facebook or LinkedIn for investigators.”

The Artifact Genome Project is up and running here.

Advertisement
Advertisement