The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review

Recent papers have urged the need for new forensic techniques and tools able to investigate anti-forensics methods, and have promoted automation of live investigation. Such techniques and tools are called proactive forensic approaches, i.e., approaches that can deal with digitally investigating an incident while it occurs. To come up with such an approach, a Systematic Literature Review (SLR) was undertaken to identify and map the processes in digital forensics investigation that exist in literature. According to the review, there is only one process that explicitly supports proactive forensics, the multicomponent process [1]. However, this is a very high-level process and cannot be used to introduce automation and to build a proactive forensics system. As a result of our SLR, a derived functional process that can support the implementation of a proactive forensics system is proposed.

[1]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[2]  Joseph Migga Kizza Ethical And Social Issues In The Information Age , 2003, Texts in Computer Science.

[3]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[4]  Heinrich C. Mayr,et al.  Information Systems: Modeling, Development, and Integration, Third International United Information Systems Conference, UNISCON 2009, Sydney, Australia, April 21-24, 2009. Proceedings , 2009, International United Information Systems Conference.

[5]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[6]  Paul Lin,et al.  Towards a Formalization of Digital Forensics , 2009, IFIP Int. Conf. Digital Forensics.

[7]  Eugene H. Spafford,et al.  An Event-Based Digital Forensic Investigation Framework , 2004 .

[8]  Ricci S. C. Ieong,et al.  FORZA - Digital forensics investigation framework that incorporate legal issues , 2006, Digit. Investig..

[9]  Marcus K. Rogers,et al.  Computer Forensics Field Triage Process Model , 2006, J. Digit. Forensics Secur. Law.

[10]  Peter Stephenson Completing the Post Mortem Investigation , 2003 .

[11]  Pearl Brereton,et al.  Lessons from applying the systematic literature review process within the software engineering domain , 2007, J. Syst. Softw..

[12]  Shahrin Sahib,et al.  Mapping Process of Digital Forensic Investigation Framework , 2008 .

[13]  Sundresan Perumal Digital Forensic Model Based On Malaysian Investigation Process , 2009 .

[14]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[15]  Peter Stephenson A comprehensive approach to digital incident investigation , 2003, Inf. Secur. Tech. Rep..

[16]  Mark Pollitt,et al.  An Ad Hoc Review of Digital Forensic Models , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[17]  Yong-Dal Shin New Digital Forensics Investigation Procedure Model , 2008, 2008 Fourth International Conference on Networked Computing and Advanced Information Management.

[18]  Joseph Migga Kizza,et al.  Computer Crime Investigations – Computer Forensics , 2010 .

[19]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[20]  Felix C. Freiling,et al.  A Common Process Model for Incident Response and Computer Forensics , 2007, IMF.

[21]  David A. Dampier,et al.  Concept Mapping for Digital Forensic Investigations , 2009, IFIP Int. Conf. Digital Forensics.

[22]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[23]  Ewa Huebner,et al.  Formalizing Computer Forensics Process with UML , 2009, UNISCON.

[24]  Sujeet Shenoi,et al.  Advances in Digital Forensics V - Fifth IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 26-28, 2009, Revised Selected Papers , 2009, IFIP Int. Conf. Digital Forensics.

[25]  Simson L. Garfinkel,et al.  Anti-Forensics: Techniques, Detection and Countermeasures , 2007 .

[26]  Warren Harrison,et al.  The Digital Detective: An Introduction to Digital Forensics , 2004, Adv. Comput..

[27]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[28]  Jan H. P. Eloff,et al.  Framework for a Digital Forensic Investigation , 2006, ISSA.

[29]  David Billard An Extended Model for E-Discovery Operations , 2009, IFIP Int. Conf. Digital Forensics.

[30]  Sebastiaan H. von Solms,et al.  A Multi-component View of Digital Forensics , 2010, 2010 International Conference on Availability, Reliability and Security.

[31]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[32]  M. Khatir,et al.  Two-Dimensional Evidence Reliability Amplification Process Model for Digital Forensics , 2008, 2008 Third International Annual Workshop on Digital Forensics and Incident Analysis.

[33]  Angela Orebaugh,et al.  Proactive Forensics , 2006, J. Digit. Forensic Pract..