University of New Haven’s Groundbreaking Artifact Genome Project Earns National Science Foundation Grant
The $300,000 award will support the development of educational materials that will enable aspiring cybersecurity and digital forensics professionals to learn how to identify digital artifacts.
July 25, 2019
In his small-scale digital device forensics course, Ibrahim "Abe" Baggili, Ph.D., tells his students to choose five of their favorite apps, dig around in them, and try to identify digital artifacts –information or data created as a result of the use of an electronic device that shows past activity – that could be of value to investigators.
He explains to his students that what they uncover – a digital footprint, if you will – could be added to the University’s Artifact Genome Project (AGP), the world’s first and largest repository of digital artifacts, numbering more than 1,000 – and growing daily.
The AGP allows researchers and investigators working in the field to keep up with technology in mobile phones, laptops with different operating systems, drones, Fitbits, and the millions of applications available for smartphones and other devices. It documents how various apps and digital information used as forensic evidence are structured and decoded, recording how, where, and what type of digital evidence can be located and, if data is encrypted, how to unencrypt it.
Established in 2017, the AGP has a community of 243 vetted users from 169 organizations from 23 countries around the globe. The AGP is also in a testing phase to be implemented within the federal government space.
"Educational programs and resources have not kept up with digital forensics artifacts, which are the cornerstone of real-world investigations."Ibrahim "Abe" Baggili, Ph.D.
Thanks to a recent grant, the AGP community has the potential to grow even more. A $300,000 award from the National Science Foundation (NSF), will support the development of educational materials that will be used at universities around the world to help prepare the next generation of digital forensic investigators and cybersecurity professionals – and, potentially, add artifacts to the AGP.
In a rapidly changing field – one that all levels of government and corporations across every field rely on to keep their information safe – Dr. Baggili says it is vitally important that cybersecurity students have the most current material to work with and study.
To meet that need, Dr. Baggili and his team are developing educational modules that blend self-directed hands-on exercises and quizzes that provide students with answers in real time, so they learn as they go.
These modules will consist of video exercises to teach students how to use the AGP and how to document an artifact. Modules will include scavenger hunts in which students are asked questions about existing artifacts, such as: "Where in the operating system can you find an artifact on a Windows system that shows the last time the computer was logged in?"
University educators – who must be vetted by the AGP – will be able to integrate the self-directed learning modules into their digital forensics courses.
"As we continue to build the AGP, we’re identifying more artifacts and archiving them, so studying the scientific principles of these artifacts over time becomes possible."Ibrahim "Abe" Baggili, Ph.D.
In the NSF proposal, Dr. Baggili and his team noted that "educational programs and resources have not kept up with digital forensics artifacts, which are the cornerstone of real-world investigations."
Dr. Baggili says creating shared educational modules addresses many important needs in this fast-moving multidisciplinary field of study as they:
Promote sharing of newly discovered artifacts in an organized fashion between the academic and practitioner communities.
Create an artifact learning platform where there was previously none, featuring a publicly accessible educational platform and academic exercises related to digital forensic artifacts that students can learn from, explore, and submit answers to for automatic assessment. It also means creating an academic community around artifacts where none currently exists.
Help universities with time and cost constraints. Dr. Baggili estimates that the time it would take educators to forensically understand artifacts produced by new mobile applications is equivalent to the time it would take to publish results in a high-impact journal article.
Address the lack of granularity in academic exercises. Dr. Baggili’s team found that students at universities are often asked to analyze data dumps, including disk or memory images and network traffic, but universities typically don’t have the resources to teach students how to identify or analyze artifacts. This gives students the practice needed to develop those important skills they will use in their careers, Dr. Baggili says.
The team working on this project consists of Dr. Baggili, principal investigator; Cinthya Grajeda Mendez ’17, ’20 M.S., AGP manager; Shabana Akhtar Baig ’20 M.S., lead AGP developer; Courtney Hassenfeldt ’18, ’20 M.S., lead artifact digger; Devon Clark ’15, ’17 M.S., lead software development consultant; and a group of cybersecurity and networks and computer science students who will be hired to "conduct rigorous artifact digging and curation."
Building up the AGP and a repository of digital forensic artifacts will, in turn, lead to critical scientific analysis, says Dr. Baggili.
"As we continue to build the AGP, we’re identifying more artifacts and archiving them, so studying the scientific principles of these artifacts over time becomes possible," he says. "This is important to advancing our work."