Investigations are a significant step in the operational workflows for large scale systems across multiple domains such as services, data, AI/ML, mobile. Investigation processes followed by on-call engineers are often manual or rely on ad-hoc scripts. This leads to inefficient investigations resulting in increased time to mitigate and isolate failures/SLO violations. It also contributes to on-call toil and poor productivity leading to multiple hours/days spent in triaging/debugging incidents. In this paper, we present DrP, an end-to-end framework and system to automate investigations that reduces the mean time to resolve incidents (MTTR) and reduces on-call toil. DrP consists of an expressive and flexible SDK to author investigation playbooks in code (called analyzers), a scalable backend system to execute these automated playbooks, plug-ins to integrate playbooks into mainstream workflows such as alerts and incident management tools, and a post-processing system to take actions on investigations including mitigation steps. We have implemented and deployed DrP at large scale at Meta covering 300+ teams, 2000+ analyzers, across a large set of use cases across domains such as service
The continuous growth of the e-commerce industry attracts fraudsters who exploit stolen credit card details. Companies often investigate suspicious transactions in order to retain customer trust and address gaps in their fraud detection systems. However, analysts are overwhelmed with an enormous number of alerts from credit card transaction monitoring systems. Each alert investigation requires from the fraud analysts careful attention, specialized knowledge, and precise documentation of the outcomes, leading to alert fatigue. To address this, we propose a fraud analyst assistant (FAA) framework, which employs multi-modal large language models (LLMs) to automate credit card fraud investigations and generate explanatory reports. The FAA framework leverages the reasoning, code execution, and vision capabilities of LLMs to conduct planning, evidence collection, and analysis in each investigation step. A comprehensive empirical evaluation of 500 credit card fraud investigations demonstrates that the FAA framework produces reliable and efficient investigations comprising seven steps on average. Thus we found that the FAA framework can automate large parts of the workload and help reduce
This paper presents AuditBench, a new benchmark dataset for evaluating the capabilities of LLMs at investigating security-related system audit logs. We design and use this benchmark to explore the performance of LLMs on four log-investigation tasks that incident response teams commonly perform, ranging from triaging alerts generated by detectors to identifying persistence mechanisms on compromised systems. AuditBench consists of system audit logs collected from Linux and Windows machines, and spans over 50 different security investigation scenarios, including both malicious and benign activity. Using our benchmark, we evaluate and analyze the performance of five frontier LLMs at analyzing audit logs for attack investigations. Our analysis illuminates how LLM performance and error profiles vary according to different design choices, such as differences in model size, data representation, prompt construction, and specific investigation tasks. Additionally, we characterize the quality of the explanations produced by LLMs and the types of errors that models make across our benchmark. Collectively, our work provides a foundation for assessing the capabilities of LLMs for investigating s
Open Source Intelligence (OSINT) investigations, which rely entirely on publicly available data such as social media, play an increasingly important role in solving crimes and holding governments accountable. The growing volume of data and complex nature of tasks, however, means there is a pressing need to scale and speed up OSINT investigations. Expert-led crowdsourcing approaches show promise but tend to either focus on narrow tasks or domains or require resource-intense, long-term relationships between expert investigators and crowds. We address this gap by providing a flexible framework that enables investigators across domains to enlist crowdsourced support for the discovery and verification of OSINT. We use a design-based research (DBR) approach to develop OSINT Research Studios (ORS), a sociotechnical system in which novice crowds are trained to support professional investigators with complex OSINT investigations. Through our qualitative evaluation, we found that ORS facilitates ethical and effective OSINT investigations across multiple domains. We also discuss broader implications of expert-crowd collaboration and opportunities for future work.
Efficient password cracking is a critical aspect of digital forensics, enabling investigators to decrypt protected content during criminal investigations. Traditional password cracking methods, including brute-force, dictionary and rule-based attacks face challenges in balancing efficiency with increasing computational complexity. This study explores rule based optimisation strategies to enhance the effectiveness of password cracking while minimising resource consumption. By analysing publicly available password datasets, we propose an optimised rule set that reduces computational iterations by approximately 40%, significantly improving the speed of password recovery. Additionally, the impact of national password recommendations were examined, specifically, the UK National Cyber Security Centre's three word password guideline on password security and forensic recovery. Through user generated password surveys, we evaluate the crackability of three word passwords using dictionaries of varying common word proportions. Results indicate that while three word passwords provide improved memorability and usability, they remain vulnerable when common word combinations are used, with up to 7
Current and upcoming large optical and near-infrared astronomical surveys have fundamental science as their primary drivers. To cater to those, these missions scan large fractions of the entire sky at multiple wavelengths and epochs. These aspects make these data sets also valuable for investigations into astronomical hazards for life on Earth. The Netherlands Research School for Astronomy (NOVA) is a partner in several optical / near-infrared surveys. In this paper we focus on the astronomical hazard value for two sets of those: the surveys with the OmegaCAM wide-field imager at the VST and with the Euclid Mission. For each of them we provide a brief overview of the astronomical survey hardware, the data and the information systems. We present first results related to the astronomical hazard investigations. We evaluate to what extent the existing functionality of the information systems covers the needs for the astronomical hazard investigations
Precise knowledge of the frequency dependent electromagnetic properties of porous media is urgently necessary for successful utilization of high frequency electromagnetic measurement techniques for near and subsurface sensing. Thus, there is a need of systematic investigations by means of dielectric spectroscopy of unsaturated and saturated soils under controlled hydraulic conditions. In this context, two-port rod based transmission lines (R-TMLs) were characterized in the frequency range from 1 MHz to 10 GHz by combined theoretical, numerical, and experimental investigations. To analyze coupled hydraulic and dielectric soil properties a slightly plastic clay soil was investigated. There is evidence that the bound water contribution of the soil is substantially lower than expected.
The use of automation in digital forensic investigations is not only a technological issue, but also has political and social implications. This work discusses some challenges with the implementation and acceptance of automation in digital forensic investigation, and possible implications for current digital forensic investigators. Current attitudes towards the use of automation in digital forensic investigations are examined, as well as the issue of digital investigators knowledge acquisition and retention. The argument is made for a well planned, careful use of automation going forward that allows for a more efficient and effective use of automation in digital forensic investigations while at the same time attempting to improve the overall quality of expert investigators. Targeting and carefully controlling automated solutions for beginning investigators may improve the speed and quality of investigations while at the same time letting expert digital investigators spend more time utilizing expert level knowledge required in manual phases of investigations. By considering how automated solutions are being implemented into digital investigations, investigation unit managers can inc
The paper presents many facets of medical imaging investigations radiological risks. The total volume of prescribed medical investigations proves a serious lack in monitoring and tracking of the cumulative radiation doses in many health services. Modern radiological investigations equipment is continuously reducing the total dose of radiation due to improved technologies, so a decrease in per caput dose can be noticed, but the increasing number of investigations has determined a net increase of the annual collective dose. High doses of radiation are cumulated from Computed Tomography investigations. An integrated system for radiation safety of the patients investigated by radiological imaging methods, based on smart cards and Public Key Infrastructure allow radiation absorbed dose data storage.
We consider certain star versions of the Menger, Hurewicz and Rothberger properties. Few important observations concerning these properties are presented, which have not been investigated in earlier works. A variety of investigations is performed using Alster covers and critical cardinalities $\mathfrak{d}$, $\mathfrak{b}$ and ${\sf cov}(\mathcal{M})$. Our study explores further ramifications on the extent and Alexandroff duplicate. In the process we present investigations on the star versions of the Rothberger property and compare with similar prior observations of the star versions of the Menger and Hurewicz properties. We sketch few tables that interpret (mainly preservation-kind of) properties of the star selection principles obtained so far. We also present implication diagrams to explicate the interplay between the star selection principles.
The main subject of the work is experimental investigation of local-time effect existence on laboratory scale, which means longitudinal distances between locations of measurements from tens to one meter. Also short revue of our investigations of local-time effect existence for distances from 15 km to 500 m are presented. Besides investigations of the minimal spatial scale of local-time effect existence the paper presents investigations of the named effect for time domain. In this relation a structure of intervals distribution in neighborhood of local-time peak was studied and splitting of the peak was found out. Further investigations shows second order splitting of local-time peak. From this result arise a supposition that space-time heterogeneity, which following from local-time effect existence probably has fractal character. Obtained results lead to conclusion about sharp anisotropy of space-time.
Digital evidence underpin the majority of crimes as their analysis is an integral part of almost every criminal investigation. Even if we temporarily disregard the numerous challenges in the collection and analysis of digital evidence, the exchange of the evidence among the different stakeholders has many thorny issues. Of specific interest are cross-border criminal investigations as the complexity is significantly high due to the heterogeneity of legal frameworks which beyond time bottlenecks can also become prohibiting. The aim of this article is to analyse the current state of practice of cross-border investigations considering the efficacy of current collaboration protocols along with the challenges and drawbacks to be overcome. Further to performing a legally-oriented research treatise, we recall all the challenges raised in the literature and discuss them from a more practical yet global perspective. Thus, this article paves the way to enabling practitioners and stakeholders to leverage horizontal strategies to fill in the identified gaps timely and accurately.
We present new results from ongoing lattice investigations of supersymmetric Yang--Mills (SYM) theories in three and four space-time dimensions. First considering the maximally supersymmetric 3d theory with $Q = 16$ supercharges, we check that the fermion pfaffian is approximately real and positive, validating phase-quenched RHMC calculations. We then initiate lattice studies of running couplings and non-perturbative $β$ functions for $Q = 16$ SYM in both 3d and 4d, using a simple scheme based on Creutz ratios. Finally, we consider 3d SYM with $Q = 8$ supercharges, developing new software as a first step towards supersymmetric QCD.
An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization's security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study identifying data quality challenges in a Fortune 500 organization's incident response team. Furthermore, the paper provides the foundation for future research regarding data quality concerns in security incident response.
We present investigations of a class of solutions of Einstein's field equations close to the family of lambda-Taub-NUT spacetimes. The studies are done using a numerical code introduced by the author elsewhere. One of the main technical complication is due to the S3-topology of the Cauchy surfaces. Complementing these numerical results with heuristic arguments, we are able to yield some first insights into the strong cosmic censorship issue and the conjectures by Belinskii, Khalatnikov, and Lifschitz in this class of spacetimes. In particular, the current investigations suggest that strong cosmic censorship holds in this class. We further identify open issues in our current approach and point to future research projects.
An area presenting new opportunities for both legitimate business, as well as criminal organizations, is Cloud computing. This work gives a strong background in current digital forensic science, as well as a basic understanding of the goal of Law Enforcement when conducting digital forensic investigations. These concepts are then applied to digital forensic investigation of cloud environments in both theory and practice, and supplemented with current literature on the subject. Finally, legal challenges with digital forensic investigations in cloud environments are discussed.
This review reports some key results in theoretical investigations on configurations of lipid membranes and presents several challenges in this field which involve (i) exact solutions to the shape equation of lipid vesicles; (ii) exact solutions to the governing equations of open lipid membranes; (iii) neck condition of two-phase vesicles in the budding state; (iv) nonlocal theory of membrane elasticity; (v) relationship between symmetry and the magnitude of free energy.
Digital forensics is a cornerstone of modern crime investigations, yet it raises significant privacy concerns due to the collection, processing, and storage of digital evidence. Despite that, privacy threats in digital forensics crime investigations often remain underexplored, thereby leading to potential gaps in forensic practices and regulatory compliance, which may then escalate into harming the freedoms of natural persons. With this clear motivation, the present paper applies the SPADA methodology for threat modelling with the goal of incorporating privacy-oriented threat modelling in digital forensics. As a result, we identify a total of 298 privacy threats that may affect digital forensics processes through crime investigations. Furthermore, we demonstrate an unexplored feature on how SPADA assists in handling domain-dependency during threat elicitation. This yields a second list of privacy threats that are universally applicable to any domain. We then present a comprehensive and systematic privacy threat model for digital forensics in crime investigation. Moreover, we discuss some of the challenges about validating privacy threats in this domain, particularly given the varia
The ever-increasing workload of digital forensic labs raises concerns about law enforcement's ability to conduct both cyber-related and non-cyber-related investigations promptly. Consequently, this article explores the potential and usefulness of integrating Large Language Models (LLMs) into digital forensic investigations to address challenges such as bias, explainability, censorship, resource-intensive infrastructure, and ethical and legal considerations. A comprehensive literature review is carried out, encompassing existing digital forensic models, tools, LLMs, deep learning techniques, and the use of LLMs in investigations. The review identifies current challenges within existing digital forensic processes and explores both the obstacles and the possibilities of incorporating LLMs. In conclusion, the study states that the adoption of LLMs in digital forensics, with appropriate constraints, has the potential to improve investigation efficiency, improve traceability, and alleviate the technical and judicial barriers faced by law enforcement entities.
We investigate traversable wormholes in squared-trace extended gravity within the framework of Finsler-Randers geometry equipped with the Barthel connection. The Einstein-Hilbert action is modified by terms involving the trace of the energy-momentum tensor and its square, generating effective anisotropies through matter-curvature coupling. The resulting field equations are studied under barotropic equations of state with exponential and power-law shape functions. Finslerian anisotropy introduces novel pressure dynamics that enable the classical energy conditions to be satisfied in specific parameter domains. Our analysis shows that the Barthel connection significantly extends the parameter space for non-exotic, physically viable wormholes compared to purely Riemannian models. These findings suggest that Finslerian modifications provide a powerful mechanism for realizing realistic wormhole structures, offering new perspectives on anisotropic and geometrically enriched space-time configurations in extended gravity.