Digital Forensics Techniques and Trends: A Review
The research work presented in this paper aims to review Digital Forensics (DF) techniques and trends. As computer technology advances day by day, the chances of data being misused and tampered with are also growing daily. The advancement in technology results in various cyber-attacks on computers and mobile devices. DF plays a vital role in the investigation and prevention of cyber-attacks. DF can be used to find the shreds of evidence and prevent attacks from happening in the future. Earlier presented reviews highlighted specific issues in DF only. This paper explores deeply DF issues by highlighting domain- specific issues and possible helpful areas for DF. This article highlights the investigation process framework and related approaches for the digital investigation process. The cognitive and human factors that affect the DF process are also presented to strengthen the investigation process. Nowadays, many DF tools are available in the industry that helps in DF investigation. A comparative analysis of the four DF tools is also presented. Finally DF performance is discussed. The submitted work may help the researchers go deeper into DF and apply the best tools and models according to their requirements.
[1] Ademu I., Imafidon C., and Preston D., “A New Approach of Digital Forensic Model for Digital Forensic Investigation,” International Journal of Advanced Computer Science and Applications, vol. 2, no. 12, pp. 175-178, 2011. DOI:10.14569/IJACSA.2011.021226
[2] Agarwal A., Gupta M., Gupta S., and Gupta S., “Systematic Digital Forensic Investigation Model,” International Journal of Computer Science and Security, vol. 5, no. 1, pp. 118-131, 2011.
[3] Agarwal R. and Kothari S., “Review of Digital Forensic Investigation Frameworks,” Information Science and Applications, vol. 339, pp. 561-571, 2015. https://doi.org/10.1007/978-3-662-46578- 3_66
[4] Ali M., Shiaeles S., Clarke N., and Kontogeorgis D., “A Proactive Malicious Software Identification Approach for Digital Forensic Examiners,” Journal of Information Security and Applications, vol. 47, pp. 139-155, 2019. https://doi.org/10.1016/j.jisa.2019.04.013
[5] Al-Sharif Z., “Utilizing Program’s Execution Data for Digital Forensics,” in Proceedings of the 3rd International Conference on Digital Security and Forensics (DigitalSec), Kuala Lumpur, pp. 12-19, 2016.
[6] Aminnezhad A., Dehghantanha A., and Abdullah M., “A Survey on Privacy Issues in Digital Forensics,” International Journal of Cyber- Security and Digital Forensics, vol. 1, no. 4, pp. 311-323, 2014. https://go.gale.com/ps/i.do?id=GALE%7CA3545 78179&sid=googleScholar&v=2.1&it=r&linkacc ess=abs&issn=23050012&p=AONE&sw=w&use rGroupName=anon%7E445326da&aty=open+we b+entry
[7] Anghel C., “Digital Forensics-A Literature Review,” The Annals of “Dunarea de Jos” University of Galati. Fascicle, Electrotechnics, Electronics, Automatic Control, Informatics, vol. 42, no. 1, pp. 23-27, 2019. DOI: https://doi.org/10.35219/eeaci.2019.1.05
[8] Arshad H., Jantan A., and Abiodun O., “Digital Forensics: Review of Issues in Scientific Validation of Digital Evidence,” Journal of Information Processing Systems, vol. 14, no. 2, pp. 346-376, 2018. DOI:10.3745/JIPS.03.0095
[9] Bariki H., Hashmi M., and Baggili I., “Defining a Standard for Reporting Digital Evidence Items in Computer Forensic Tools,” Lecture Notes of the Institute for Computer Sciences, Social- Informatics and Telecommunications Engineering, vol. 53, pp. 78-95, 2010. https://doi.org/10.1007/978-3-642-19513-6_7
[10] Baryamureeba V. and Tushabe F., “The Enhanced Digital Investigation Process Model,” in proceedings of the Digital Forensic Research Conference, Baltimore, pp. 1-10, 2004. https://dfrws.org/presentation/the-enhanced- digital-investigation-process-model/
[11] Beebe N. and Clark J., “A Hierarchical, Objectives-based Framework for the Digital Investigations Process,” Digit Investigation, vol. 2, no. 2, pp. 147-167, 2005. https://doi.org/10.1016/j.diin.2005.04.002
[12] Bensefia H. and Ghoualmi N., “An Intelligent System for Decision Making in Firewall Forensics,” in Proceedings of the Digital Information and Communication Technology and its Applications, Dijon, pp. 470-484, 2011. https://doi.org/10.1007/978-3-642-21984-9_40
[13] Carrier B. and Spafford E., “An Event-Based Digital Forensic Investigation Framework,” in Proceedings of the DFRW Digital Forensic Research Conference, Baltimore, pp. 1-29, 2004.
[14] Castelo Gómez J., Carrillo Mondéjar J., Roldán Gómez J., and Martínez Martínez J., “A Context- Centered Methodology For IoT Forensic Investigations,” International Journal of Information Security, vol. 20, pp. 647-673, 2021. https://doi.org/10.1007/s10207-020-00523-6
[15] Cusack B. and Liang J., “Comparing the Performance of three Digital Forensic Tools,” Journal of Applied Computing and Information Technology, vol. 15, no. 1, pp. 1-9, 2011.
[16] Dalezios N., Shiaeles S., Kolokotronis N., and Ghita B., “Digital Forensics Cloud Log Unification: Implementing CADF in Apache CloudStack,” Journal of Information Security and Applications, vol. 54, pp. 102555, 2020. https://doi.org/10.1016/j.jisa.2020.102555
[17] Damshenas M., Dehghantanha A., and Mahmoud R., “A Survey on Digital Forensics Trends,” International Journal of Cyber-Security and Digital Forensics, vol. 3, no. 4, pp. 209-235, 2014.
[18] Elyas M., Maynard S., Ahmad A., and Lonie A., “Towards a Systemic Framework for Digital Forensic Readiness,” Journal of Computer Information and Systems, vol. 54, no. 3, pp. 97- 105, 2015. doi:10.1080/08874417.2014.11645708
[19] Galloway P., “Preservation of Digital Objects,” Annual Review of Information Science and Technology, vol. 38, pp. 549-590, 2004. https://doi.org/10.1002/aris.1440380112
[20] Garfinkel S., “Digital Forensics Research: The Next 10 Years,” Digital Investigation, vol. 7, pp. S64-S73, 2010. https://doi.org/10.1016/j.diin.2010.05.009
[21] Ghazinour K., Vakharia D., Kannaji K., and Satyakumar R., “A Study on Digital Forensic Digital Forensics Techniques and Trends: A Review 653 Tools,” in Proceedings of the IEEE International Conference on Power, Control, Signals and Instrumentation Engineering, Chennai, pp. 3136- 3142, 2018. DOI: 10.1109/ICPCSI.2017.8392304
[22] Grispos G., Storer T., and Glisson W., “A Comparison of Forensic Evidence Recovery Techniques for a Windows Mobile Smart Phone,” Digital Investigation, vol. 8, no. 1, pp. 23-36, 2011. https://doi.org/10.1016/j.diin.2011.05.016
[23] Guido M., Buttner J., and Grover J., “Rapid Differential Forensic Imaging of Mobile Devices,” Digital Investigation, Evaluation of Digital Forensics Tools on Data Recovery and Analysis, vol. 18, pp. S46-S54, 2016. https://doi.org/10.1016/j.diin.2016.04.012
[24] Guo Y. and Slay J., “Data Recovery Function Testing for Digital Forensic Tools,” in Proceedings of the 6th International Conference on Advances in Digital Forensics, Hong Kong, pp. 297-311, 2010. https://doi.org/10.1007/978-3- 642-15506-2_21
[25] Gupta P., Singh J., Kaur A., and Shashi M., “Digital Forensics: A Technological Revolution in Forensic Sciences,” Journal of Indian Academy of Forensic Medicine, vol. 33, no. 2, pp. 166-170, 2011. https://www.indianjournals.com/ijor.aspx?target= ijor:jiafm&volume=33&issue=2&article=018
[26] Irons A., “Digital Forensics and Measurement Science,” Measurement and Control, vol. 43, no. 8, pp. 238-242, 2010. DOI:10.1177/002029401004300803
[27] James J. and Gladyshev P., “Automated Inference of Past Action Instances in Digital Investigations,” International Journal of Information Security, vol. 14, no. 3, pp. 249-261, 2015. DOI:10.1007/s10207-014-0249-6.
[28] Kamal K., Alfadel M., and Munia M., “Memory Forensics Tools: Comparing Processing Time and Left Artifacts on Volatile Memory,” International Workshop on Computational Intelligence, Dhaka, pp. 84-90, 2016. DOI: 10.1109/IWCI.2016.7860344
[29] Karie N. and Venter H., “Toward a General Ontology for Digital Forensic Disciplines,” Journal of Forensic Science, vol. 59, no. 5, pp. 1231-1241, 2014. DOI:10.1111/1556-4029.12511
[30] Kent K., Chevalier S., Grance T., and Dang H., Guide to Integrating Forensic Techniques into Incident Response, National Institute of Standards and Technology, 2006. doi:10.6028/NIS.SP.800- 86
[31] Kohn M., Eloff J., and Olivier M., “Framework for a Digital Forensic Investigation,” in Proceedings of the Information Security South Africa from Insight to Foresight Conference. So, Sandton, pp. 1-8, 2006.
[32] Lazaridis I., Arampatzis T., and Pouros S., “Evaluation of Digital Forensics Tools on Data Recovery and Analysis,” in Proceedings of the 3rd International Conference on Computer Science, Computer Engineering, and Social Media, Thessaloniki, pp. 67-71, 2016.
[33] Lillis D., Becker B., O’Sullivan T., and Scanlon M., “Current Challenges and Future Research Areas for Digital Forensic Investigation,” in Proceedings of the 11th ADFSL Conference on Digital Forensics, Security and Law, Daytona Beach, pp. 1-11, 2016. https://doi.org/10.48550/arXiv.1604.03850
[34] Lim C., Zhang M., Ouw Z., and Ahmadi H., “Forensics Analysis of USB Flash Drives in Educational Environment,” in Proceedings of the International Conference on Information, Communication Technology and System, Surabaya, pp. 237-242, 2014.
[35] Lovanshi M. and Bansal P., “Comparative Study of Digital Forensic Tools,” Data, Engineering and Applications, Singapore, pp. 195-204, 2019. https://doi.org/10.1007/978-981-13-6351-1_15
[36] Mcdown R., Varol C., Carvajal L., and Chen L., “In-Depth Analysis of Computer Memory Acquisition Software for Forensic Purposes,” Journal of Forensic Sciences, vol. 61, no. S1. pp. S110-S116, 2016. https://doi.org/10.1111/1556- 4029.12979
[37] Muhammad G. and Alghathbar K., “Environment Recognition for Digital Audio Forensics Using MPEG-7 and Mel Cepstral Features,” The International Arab Journal of Information Technology, vol. 10, no. 1, pp. 43-50, 2013.
[38] Mukherjee S. and Haque S., “Review Paper on Digital Forensics Practices: A Road Map for Building Digital Forensics Capability,” Iconic Research and Engineering Journal, vol. 1, no. 9, pp. 96-99, 2018.
[39] Mumba E. and Venter H., “Mobile Forensics Using the Harmonized Digital Forensic Investigation Process,” in Proceedings of the Information Security for South Africa, Johannesburg, pp. 1-10, 2014. DOI: 10.1109/ISSA.2014.6950491
[40] Park J., Park J., and Huh N., “Block Chain Based Data Logging and Integrity Management System for Cloud Forensics,” Computer Science and Information Technology, vol. 1, pp. 149-159, 2017. DOI : 10.5121/csit.2017.71112
[41] Popescu A. and Farid H., “Statistical Tools for Digital Forensics,” in Proceedings of the 6th International Conference on Information Hiding, Toronto, pp. 128-147, 2004. https://doi.org/10.1007/978-3-540-30114-1_10
[42] Qadir A. and Varol A., “The Role of Machine Learning in Digital Forensics,” in Proceedings of the 8th International Symposium on Digital Forensics and Security, Beirut, pp. 1-5, 2020. 654 The International Arab Journal of Information Technology, Vol. 20, No. 4, July 2023 DOI: 10.1109/ISDFS49300.2020.9116298
[43] Rachit., Bhatt S., and Ragiri P., “Security Trends in Internet of Things: A Survey,” SN Applied Sciences, vol. 3, no. 1, pp. 1-14, 2021. DOI:10.1007/s42452-021-04156-9
[44] Reith M., Carr C., and Gunsch G., “An Examination of Digital Forensic Models,” International Journal of Digital Evidence Fall, vol. 1, no. 3, pp. 1-12, 2002. https://www.researchgate.net/publication/258996 7
[45] Richard G. and Roussev V., “Next-Generation Digital Forensics,” Communications of the ACM, vol. 49, no. 2, pp. 76-80, 2006. DOI:10.1145/1113034.1113074
[46] Rizal R., Riadi I., and Prayudi Y., “Network Forensics for Detecting Flooding Attack on Internet of Things (IoT) Device,” International Journal of Cyber-Security and Digital Forensics, vol. 7, no. 4, pp. 382-390, 2018. https://go.gale.com/ps/i.do?id=GALE%7CA6030 50343&sid=googleScholar&v=2.1&it=r&linkacc ess=abs&issn=23050012&p=AONE&sw=w&use rGroupName=anon%7E426fc0c5&aty=open+we b+entry
[47] Rodrigues C. and Toledo J., “A Value Based Method for Measuring Performance on Forensic Science Service,” Gestão and Produção, vol. 24, no. 3, pp. 538-556, 2017. DOI: 10.1590/0104- 530x2137-16
[48] Sanap V. and Mane V., “Comparative Study and Simulation of Digital Forensic Tools,” International Journal of Computer Applications, vol. 975, pp. 8887, 2015.
[49] Sharma K. and Bhatt S., “SQL Injection Attacks- A Systematic Review,” International Journal of Information and Computer Security, vol. 11, no. 4/5, pp. 493-509, 2019. DOI: 10.1504/IJICS.2019.101937
[50] Stephenson P., “End-to-End Digital Forensics,” Computer Fraud and Security, vol. 2002, no. 9, pp. 17-19, 2002. https://doi.org/10.1016/S1361- 3723(02)00914-4
[51] Stoyanova M., Nikoloudakis Y., Panagiotakis S., Pallis E., and Markakis E., “A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues,” IEEE Communications Surveys and Tutorials, vol. 22, no. 2, pp. 1191-1221, 2020. DOI: 10.1109/COMST.2019.296258
[52] Sunde N. and Dror I., “Cognitive and Human Factors in Digital Forensics: Problems, Challenges, and the Way Forward,” Digital Investigation, vol. 29, pp. 101-108, 2019. https://doi.org/10.1016/j.diin.2019.03.011
[53] Velakanti G. and Katuri A., “Enhancement of Existing Tools and Techniques for Computer Forensic Investigation,” International Journal of Computer Science and Information Technologies, vol. 5, no. 1, pp. 161-164, 2014.
[54] Yusoff Y., Ismail R., and Hassan Z., “Common Phases of Computer Forensics Investigation Models,” International Journal of Computer Science and Information Technology, vol. 3, no. 3, pp. 17-31, 2011. DOI:10.5121/ijcsit.2011.3302