Dr. Husrev Taha Sencar from Hamad Bin Khalifa University’s Qatar Computing Research Institute highlights the importance of digital forensics in a highly computerized world
With digital media becoming a hotbed for various crimes, such as cyber harassment, copyright infringement and identity theft among so many others, the field of digital forensics is becoming more and more important. Digital forensics uses computer science and investigative procedures involving the analysis of digital evidence that can be used in the court of law.
Cybercrime is a longstanding problem which gets harder to deal with by the day, according to Dr. Husrev Taha Sencar, Principal Scientist at Qatar Computing Research Institute (QCRI), part of Qatar Foundation’s Hamad Bin Khalifa University. The reason for this is that “the volume and sophistication of attacks are growing faster than our defensive capabilities,” Dr. Sencar says.
He also points to the fact that that cybersecurity is an area where your opponent is as smart, tech-savvy, and well-resourced as you are, if not better.
The internet is like a bottomless pit and looking for a piece of evidence in this infinite web of information is akin to looking for a needle in a haystack. Scientists have been creating Artificial Intelligence (AI) models that sift through massive amounts of data, find anomalies in behavior, process data at faster speeds, and do much more, but newer challenges always keep cropping up.
“In recent years, AI has been improving the performance of systems in several tasks – such as identifying anomalies in user activity and computer system behavior,” said Dr. Sencar.
An important limitation of current AI methods is that they typically rely on large amounts of, what we call, labeled data for training
“However, an important limitation of current AI methods is that they typically rely on large amounts of, what we call, labeled data for training. In the security context, creating such datasets is very challenging, and the agility of attackers is not helping us much. Therefore, the gains provided by AI have less impact in this area as compared to developments in fields like computer vision or language processing.”
Analyzing data quickly is another big challenge in digital forensics.
The amount of data that require analysis have increased so rapidly that time complexity of deployed methods has become a big concern in all fields of digital forensics, according to Dr. Sencar. “These include evidence extraction, search, organization and analysis of collected data, attribution of digital evidence, and verifying the integrity of evidential data. In each of these sub-domains, researchers are trying to develop new methods that can handle this challenge and provide timely and accurate analysis.”
It is very important that we create a collective effort against security problems, as one person, one group, one nation cannot handle the challenges involved in it
Dr. Sencar also notes that with smart cities coming to life, the world is now moving to an era where compromising a computer or system will no longer refer to losing data but to loss of control over everyday systems – where lives will inevitably be on the line. Without the required investigative capabilities, it will be extremely difficult to manage threats in those systems that are increasingly more automated and have many more Internet-connected components.
“It's not like one person or one country’s problem, as we are living in a borderless world,” Dr. Sencar says. “So it is very important that we create a collective effort against security problems, as one person, one group, one nation cannot handle the challenges involved in it.”
The cybersecurity team at QCRI is pursuing work on several fronts. In enterprise security, they are trying to develop methods for alert validation and investigation of cyber incidents. On the media forensics side, they have developed new data recovery methods to help extract photo and video data from storage devices. While, on the financial side, they have built systems for blockchain analysis and searching the dark web to trace cryptocurrency transactions and to uncover relations.
“All research work pursued by our cybersecurity group involves development of systems that extend these research capabilities to the use of security practitioners, most critically, to those working in several institutions and ministries in Qatar,” Dr. Sencar says.