TY - JOUR
T1 - Digital forensics subdomains
T2 - the state of the art and future directions
AU - Al-Dhaqm, Arafat
AU - Ikuesan, Richard Adeyemi
AU - Kebande, Victor R.
AU - Razak, Shukor Abd
AU - Grispos, George
AU - Choo, Kim Kwang Raymond
AU - Al-Rimy, Bander Ali Saleh
AU - Alsewari, Abdulrahman A.
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2021/10/29
Y1 - 2021/10/29
N2 - For reliable digital evidence to be admitted in a court of law, it is important to apply scientifically proven digital forensic investigation techniques to corroborate a suspected security incident. Mainly, traditional digital forensics techniques focus on computer desktops and servers. However, recent advances in digital media and platforms have seen an increased need for the application of digital forensic investigation techniques to other subdomains. This includes mobile devices, databases, networks, cloud-based platforms, and the Internet of Things (IoT) at large. To assist forensic investigators to conduct investigations within these subdomains, academic researchers have attempted to develop several investigative processes. However, many of these processes are domain-specific or describe domain-specific investigative tools. Hence, in this paper, we hypothesize that the literature is saturated with ambiguities. To further synthesize this hypothesis, a digital forensic model-orientated Systematic Literature Review (SLR) within the digital forensic subdomains has been undertaken. The purpose of this SLR is to identify the different and heterogeneous practices that have emerged within the specific digital forensics subdomains. A key finding from this review is that there are process redundancies and a high degree of ambiguity among investigative processes in the various subdomains. As a way forward, this study proposes a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains. Using the proposed solution, an investigator can effectively organize the knowledge process for digital investigation.
AB - For reliable digital evidence to be admitted in a court of law, it is important to apply scientifically proven digital forensic investigation techniques to corroborate a suspected security incident. Mainly, traditional digital forensics techniques focus on computer desktops and servers. However, recent advances in digital media and platforms have seen an increased need for the application of digital forensic investigation techniques to other subdomains. This includes mobile devices, databases, networks, cloud-based platforms, and the Internet of Things (IoT) at large. To assist forensic investigators to conduct investigations within these subdomains, academic researchers have attempted to develop several investigative processes. However, many of these processes are domain-specific or describe domain-specific investigative tools. Hence, in this paper, we hypothesize that the literature is saturated with ambiguities. To further synthesize this hypothesis, a digital forensic model-orientated Systematic Literature Review (SLR) within the digital forensic subdomains has been undertaken. The purpose of this SLR is to identify the different and heterogeneous practices that have emerged within the specific digital forensics subdomains. A key finding from this review is that there are process redundancies and a high degree of ambiguity among investigative processes in the various subdomains. As a way forward, this study proposes a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains. Using the proposed solution, an investigator can effectively organize the knowledge process for digital investigation.
KW - database forensics
KW - digital forensic metamodel
KW - Digital forensics
KW - IoT forensics
KW - mobile forensic
KW - network forensics
UR - http://www.scopus.com/inward/record.url?scp=85118586457&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2021.3124262
DO - 10.1109/ACCESS.2021.3124262
M3 - Article
AN - SCOPUS:85118586457
SN - 2169-3536
VL - 9
SP - 152476
EP - 152502
JO - IEEE Access
JF - IEEE Access
ER -