| 1. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
A Review of Mobile Forensic Investigation Process Models
- 2020
-
Ingår i: IEEE Access. - : IEEE. - 2169-3536. ; 8, s. 173359-173375
-
Forskningsöversikt (refereegranskat)abstract
- Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for investigation.
|
|
| 2. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Categorization and Organization of Database Forensic Investigation Processes
- 2020
-
Ingår i: IEEE Access. - : IEEE. - 2169-3536. ; 8, s. 112846-112858
-
Tidskriftsartikel (refereegranskat)abstract
- Database forensic investigation (DBFI) is an important area of research within digital forensics. It & x2019;s importance is growing as digital data becomes more extensive and commonplace. The challenges associated with DBFI are numerous, and one of the challenges is the lack of a harmonized DBFI process for investigators to follow. In this paper, therefore, we conduct a survey of existing literature with the hope of understanding the body of work already accomplished. Furthermore, we build on the existing literature to present a harmonized DBFI process using design science research methodology. This harmonized DBFI process has been developed based on three key categories (i.e. planning, preparation and pre-response, acquisition and preservation, and analysis and reconstruction). Furthermore, the DBFI has been designed to avoid confusion or ambiguity, as well as providing practitioners with a systematic method of performing DBFI with a higher degree of certainty.
|
|
| 3. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Digital Forensics Subdomains : The State of the Art and Future Directions
- 2021
-
Ingår i: IEEE Access. - : IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC. - 2169-3536. ; 9, s. 152476-152502
-
Tidskriftsartikel (refereegranskat)abstract
- For reliable digital evidence to be admitted in a court of law, it is important to apply scientifically proven digital forensic investigation techniques to corroborate a suspected security incident. Mainly, traditional digital forensics techniques focus on computer desktops and servers. However, recent advances in digital media and platforms have seen an increased need for the application of digital forensic investigation techniques to other subdomains. This includes mobile devices, databases, networks, cloud-based platforms, and the Internet of Things (IoT) at large. To assist forensic investigators to conduct investigations within these subdomains, academic researchers have attempted to develop several investigative processes. However, many of these processes are domain-specific or describe domain-specific investigative tools. Hence, in this paper, we hypothesize that the literature is saturated with ambiguities. To further synthesize this hypothesis, a digital forensic model-orientated Systematic Literature Review (SLR) within the digital forensic subdomains has been undertaken. The purpose of this SLR is to identify the different and heterogeneous practices that have emerged within the specific digital forensics subdomains. A key finding from this review is that there are process redundancies and a high degree of ambiguity among investigative processes in the various subdomains. As a way forward, this study proposes a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains. Using the proposed solution, an investigator can effectively organize the knowledge process for digital investigation.
|
|
| 4. |
- Al-Dhaqm, Arafat, et al.
(författare)
-
Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field
- 2020
-
Ingår i: IEEE Access. - : IEEE. - 2169-3536. ; 8, s. 145018-145032
-
Tidskriftsartikel (refereegranskat)abstract
- For every contact that is made in a database, a digital trace will potentially be left and most of the database breaches are mostly aimed at defeating the major security goals (Confidentiality, Integrity, and Authenticity) of data that reside in the database. In order to prove/refute a fact during litigation, it is important to identify suitable investigation techniques that can be used to link a potential incident/suspect to the digital crime. As a result, this paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field. While developing the IIRM, design science methodology has been adapted and the outcome of this study has shown significant and promising approaches that could be leveraged by digital forensic experts, legal practitioners and law enforcement agencies. This is owing to the fact, that IIRM construction has followed incident investigation principles that are stipulated in ISO guidelines.
|
|
| 5. |
- Nor Azhan, Nor Amira, et al.
(författare)
-
Error Level Analysis Technique for Identifying JPEG Block Unique Signature for Digital Forensic Analysis
- 2022
-
Ingår i: Electronics. - : MDPI. - 2079-9292. ; 11:9
-
Tidskriftsartikel (refereegranskat)abstract
- The popularity of unique image compression features of image files opens an interesting research analysis process, given that several digital forensics cases are related to diverse file types. Of interest has been fragmented file carving and recovery which forms a major aspect of digital forensics research on JPEG files. Whilst there exist several challenges, this paper focuses on the challenge of determining the co-existence of JPEG fragments within various file fragment types. Existing works have exhibited a high false-positive rate, therefore rendering the need for manual validation. This study develops a technique that can identify the unique signature of JPEG 8 × 8 blocks using the Error Level Analysis technique, implemented in MATLAB. The experimental result that was conducted with 21 images of JFIF format with 1008 blocks shows the efficacy of the proposed technique. Specifically, the initial results from the experiment show that JPEG 8 × 8 blocks have unique characteristics which can be leveraged for digital forensics. An investigator could, therefore, search for the unique characteristics to identify a JPEG fragment during a digital investigation process.
|
|
