Digital forensics subdomains: The state of the art and future directions

For reliable and relevant scientific evidence to be admitted in a court of law, it is important to apply digital forensic investigation techniques to corroborate a suspected potential security incident. Mainly, traditional digital forensics techniques have focused on computer desktops and servers. H...

Full description

Saved in:
Bibliographic Details
Main Authors: Al-Dhaqm, Arafat, Ikuesan, Richard A., Kebande, Victor R., Shukor, Abd Razak, Grispos, George, Choo, Raymond Kim-Kwang, Al-rimy, Bander Ali Saleh, Alsewari, Abdulrahman A.
Format: Article
Language:English
Published: IEEE 2021
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/32735/1/Digital%20forensics%20subdomains_The%20state%20of%20the%20art%20and%20future%20directions.pdf
http://umpir.ump.edu.my/id/eprint/32735/
https://doi.org/10.1109/ACCESS.2021.3124262
https://doi.org/10.1109/ACCESS.2021.3124262
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Malaysia Pahang
Language: English
Description
Summary:For reliable and relevant scientific evidence to be admitted in a court of law, it is important to apply digital forensic investigation techniques to corroborate a suspected potential security incident. Mainly, traditional digital forensics techniques have focused on computer desktops and servers. However, recent advances in digital media and platforms have seen an increased need for the application of digital forensic investigation techniques to other subdomains including small and mobile devices, databases, networks, cloud-based platforms, and the Internet of Things (IoT). To assist forensic investigators, conduct investigations within these subdomains, academic researchers have attempted to develop a number of investigative processes. However, many of these processes are domain-specific or describe domain-specific investigative tools. Hence, we hypothesize that the literature is littered with potentially overlapping and contradicting investigative process for conducting investigations within these subdomains. To investigate this hypothesis, a digital forensic model-orientated Systematic Literature Review (SLR) within the above digital forensic subdomains was undertaken. The purpose of the SLR was to identify the different and heterogeneous practices that have emerged within the specific subdomains. A key finding from the SLR is that there is a potential information overload and a high-degree of ambiguity among investigative processes in the above subdomains. The outcome of this study proposes a high-level abstract metamodel called The Digital Forensic Metamodel (DFM), which combines common processes, activities, techniques, and tasks for the above subdomains.