Technical reporting in digital forensics

Prasanta Kumar Parichha

17 Maret 2020

Abstract: Crimes committed using computers are increasing rapidly, posing a challenge to law enforcement. Investigations including cybercrime, terrorism, and civil litigation all make use of digital forensics today. Because of the ever-increasing sophistication of modern technology, forensic investigations of this sort can quickly become difficult and time-consuming. In order to successfully retrieve meaningful digital evidence during such investigations, however, a standard framework for digital forensic professionals to follow must be developed. All appropriate steps that a digital forensic investigation would take should be highlighted by the framework and methodology used to conduct digital forensics. This study provides a system for conducting digital forensic investigations with an emphasis on the forensic aspects of those probes, the tools and procedures employed by examiners, and the significance of hashing in preventing the manipulation of evidence. Digital forensics, as a whole, is still a field that is widely growing along with the continually advancing world of technology. This form of forensics is one that is also growing in importance and necessity due to crimes stemming from digital devices becoming increasingly popular as well. These steady numbers are what have and will continue to drive the field of digital forensics into meeting its full potential on a consistent basis, in both a preventative and recovering manner. However, in order to recognize this potential, it is important to first understand what digital forensics really entails

R. Montasari A. Daneshkhah S. Parkinson + 3 lainnya

2 Maret 2020

Considering the ever-growing ubiquity of technology, there is an associated growth in the possibility of digital devices related to a criminal investigation or civil litigation. As the variety of digital devices is increasing, the storage capacity of each is also rising exponentially. Due to the varied and large volumes of data produced, law enforcement agencies (LEAs) worldwide are facing a significant backlog of cases. This has culminated in significant delays in dealing with cases that urgently require digital forensic investigations (DFIs). It is of paramount importance that new research approaches be adopted to address such challenges. This article evaluates the existing set of circumstances surrounding the field of digital forensics (DF). The article provides two important contributions to the field of DF; it identifies and analyses the most important mid- and long-term challenges that need to be considered by LEAs. It also proposes important specific future research directions, the undertaking of which can assist LEAs in adopting a new approach to addressing these challenges.

Amrita Ghosal C. Patsakis M. Conti + 6 lainnya

10 Agustus 2021

Due to its critical role in cybersecurity, digital forensics has received significant attention from researchers and practitioners alike. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of several technologies. To date, researchers have presented many surveys and reviews on the field. However, such articles focused on the advances of each particular domain of digital forensics individually. Therefore, while each of these surveys facilitates researchers and practitioners to keep up with the latest advances in a particular domain of digital forensics, the global perspective is missing. Aiming to fill this gap, we performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensics topics and identified their main challenges. Despite the diversity of topics and methods, there are several common problems that are faced by almost all of them, with most of them residing in evidence acquisition and pre-processing due to counter analysis methods and difficulties of collecting data from devices, the cloud etc. Beyond pure technical issues, our study highlights procedural issues in terms of readiness, reporting and presentation, as well as ethics, highlighting the European perspective which is traditionally stricter in terms of privacy. Our extensive analysis paves the way for closer collaboration among researcher and practitioners among different topics of digital forensics.

Abdulrahman A. Alsewari S. Razak Arafat Al-dhaqm + 5 lainnya

2021

For reliable digital evidence to be admitted in a court of law, it is important to apply scientifically proven digital forensic investigation techniques to corroborate a suspected security incident. Mainly, traditional digital forensics techniques focus on computer desktops and servers. However, recent advances in digital media and platforms have seen an increased need for the application of digital forensic investigation techniques to other subdomains. This includes mobile devices, databases, networks, cloud-based platforms, and the Internet of Things (IoT) at large. To assist forensic investigators to conduct investigations within these subdomains, academic researchers have attempted to develop several investigative processes. However, many of these processes are domain-specific or describe domain-specific investigative tools. Hence, in this paper, we hypothesize that the literature is saturated with ambiguities. To further synthesize this hypothesis, a digital forensic model-orientated Systematic Literature Review (SLR) within the digital forensic subdomains has been undertaken. The purpose of this SLR is to identify the different and heterogeneous practices that have emerged within the specific digital forensics subdomains. A key finding from this review is that there are process redundancies and a high degree of ambiguity among investigative processes in the various subdomains. As a way forward, this study proposes a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains. Using the proposed solution, an investigator can effectively organize the knowledge process for digital investigation.

Maria Ioanna Maratsi O. Popov Y. Charalabidis + 1 lainnya

4 Oktober 2022

The first step that forensic examiners perform is identifying and acquiring data. Both are among the most critical segments in the forensic process since they are sine qua non for completing the examination and analysis phases. The evidence acquisition must be managed in a deliberate, ethical and legal manner. On many occasions, the outcome of the investigation depends mainly on the relevance and precision of the evidence acquired. The goal of this research is to identify both legal and ethical issues that forensic investigators face during evidence acquisition and to design a framework using design science, which recognises and resolves the problems identified. The framework must preserve the forensic soundness of the investigation, overall integrity, effectiveness, and efficiency. The elicitation of the requirements for the framework is based on a literature review and ex-ante expert interviews, while the validation and evaluation of the framework stem from ex-post expert interviews. The designed framework aims to minimise hazardous practices that lead to negative consequences and to effectively align the new technologies in digital forensics with human expertise for improved results during the phase of digital evidence acquisition.