During the project the consortium achieved the following results.
Identification and analysis of the privacy, ethical, and social issues of the RAMSES research project. We carried out an impact assessment, as well as monitored and evaluated the ethical and privacy aspects of the RAMSES platform and the tools. In the course of the project, we monitored the ethical and privacy compliant development of the RAMSES platform and its tools, provided an ethics, privacy, and data protection evaluation of RAMSES based on the answers provided by end-users during the RAMSES pilots and created a report that focused on the ethical and legal aspects of digital forensics and surveillance in Europe.
Design, analysis and deployment of a Big Data platform to serve as the basis for the analytical software components. This scalable software system provides capabilities for data acquisition, data storage, data processing, and data exploitation, taking into account the massive and unstructured nature of the information managed in the project. In particular, the main objectives achieved are:
- To provide a ready-to-use system with improved capabilities for the LEAs to conduct investigations by using information traveling and stored on the Internet obtained under a lawful warrant.
- To provide a secure platform in order to avoid attacks on the application and to keep the confidentiality, integrity, and availability of the data.
- To create an innovative solution following the Open Source concepts.
Deployment and integration into the RAMSES platform of:
- Banking Trojan analyzer and the Bitcoin tracker, whose prototypes were designed and implemented during RP1. The Banking Trojan analyzer is based on a memory forensics framework for banking Trojan and ransomware analysis and detection. The Bitcoin Tracker is based on a modular framework for extracting intelligence from the Bitcoin network to analyze the malicious use of this cryptocurrency.
- An integrated tool for:
- The image source acquisition identification of mobile devices.
- Video source acquisition identification of mobile devices.
- Detecting image and video manipulation.
- Steganalysis analysis.
Continuous maintenance and improvement of all tools systems taking into account the needs of the Law Enforcement Agencies (LEAs). We further improved the tools by making them more user-friendly, improving the memory forensics analysis, improving the synchronization process with the RAMSES platform, and fixing reported bugs.
Analysis of inherent characteristics of Ransomware.
Analysis of Banking Trojan behavior
Methodology and test of guidelines and platform in terms of impact, usability, functionality, and efficacy. We validated and evaluated the results achieved through a number of PILOT-CASES that took place in different EU countries, whose implementation has been based on a set of common guidelines developed by the consortium. During this reporting period, LEAs tested the platform through real life-like exercises and use cases scenarios. Each testing phase was followed by an evaluation of the degree of satisfaction of the end-users. This was then assessed, and it was done so to provide partners with feedback and inputs to further improve RAMSES’ tools.The implementation of pilots throughout the project was, therefore, a functional activity, necessary to concretely test the platform and prove its efficacy. It included the development of six use cases, based on the two areas of interest of the project, i.e. ransomware and banking Trojans. Pilot 1 was run through use cases 1, 2, 3 and 4, while Pilot 2 was run through use cases 5 and 6. Both activities involved internal LEAs. Within the validation context, external LEAs were also engaged (such as Interpol), through testing and evaluating the platform.
The consortium disseminated the project results, the developments, and the outcomes known to and exploited by the relevant parties and interested members of the public through different means. In particular, the promotion of the project processes and outcomes.