Advances in the application of Ontologies in the area of Digital Forensic Electronic Mail

This article presents a descriptive review of the research published in the last five years to identify areas of unavailability in the study of Digital Forensics problems. Particularly, it is important to define the state of the art related to the application of ontologies, especially in the forensics of emails. The following objectives of the review are proposed: identify and study the most up-to-date research contributions on Ontologies and Digital Forensics; establish the gaps in current research reltated with the application of Ontologies to Digital Forensics; and correlate these works from attributes of proximity (or distance) with the application of ontologies to the forensic analysis of emails. In addition, a systematic method is defined to select the research works that are considered of interest for this review. It is expected that it will lead to the identification of gaps in the investigation of characteristic problems in digital forensic analysis, and the definition of an updated theoretical framework linked to the forensic analysis of emails with the application of ontologies.

[1]  Jill Slay,et al.  Development of an Ontology Based Forensic Search Mechanism: Proof of Concept , 2006, J. Digit. Forensics Secur. Law.

[2]  Mark de Reuver,et al.  Designing viable business models for context-aware mobile services , 2009, Telematics Informatics.

[3]  S. Dija,et al.  Detection of spoofed mails , 2015, 2015 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC).

[4]  Benjamin C. M. Fung,et al.  E-mail authorship attribution using customized associative classification , 2015, Digit. Investig..

[5]  M. Tahar Kechadi,et al.  Network investigation methodology for BitTorrent Sync: A Peer-to-Peer based file synchronisation service , 2015, Comput. Secur..

[6]  Bandu B. Meshram,et al.  Forensic Investigation Processes for Cyber Crime and Cyber Space , 2014 .

[7]  Ragib Hasan,et al.  Hot Zone Identification: Analyzing Effects of Data Sampling on Spam Clustering , 2014, J. Digit. Forensics Secur. Law.

[8]  Sule Yildirim-Yayilgan,et al.  Ontologies for Social Media Digital Evidence , 2016 .

[9]  Sami Zhioua,et al.  NetInfoMiner: High-level information extraction from network traffic , 2017, 2017 IEEE International Conference on Big Data and Smart Computing (BigComp).

[10]  Bruce J. Nikkel Registration Data Access Protocol (RDAP) for digital forensic investigators , 2017, Digit. Investig..

[11]  Katrin Franke,et al.  Practical use of Approximate Hash Based Matching in digital investigations , 2014, Digit. Investig..

[12]  Vassil Roussev,et al.  SCADA network forensics of the PCCC protocol , 2017, Digit. Investig..

[13]  Heloise Pieterse,et al.  Playing hide-and-seek: Detecting the manipulation of Android Timestamps , 2015, 2015 Information Security for South Africa (ISSA).

[14]  Maninder Singh,et al.  A Survey on Zero-Day Polymorphic Worm Detection Techniques , 2014, IEEE Communications Surveys & Tutorials.

[15]  C. S. Brown,et al.  Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice , 2015 .

[16]  Chien-Chih Chen,et al.  Ctracer: Uncover C&C in Advanced Persistent Threats Based on Scalable Framework for Enterprise Log Data , 2015, 2015 IEEE International Congress on Big Data.

[17]  Wojciech Mazurczyk,et al.  Steganography in Modern Smartphones and Mitigation Techniques , 2014, IEEE Communications Surveys & Tutorials.

[18]  Sangjin Lee,et al.  Towards Syntactic Approximate Matching - A Pre-Processing Experiment , 2016, J. Digit. Forensics Secur. Law.

[19]  Steven Furnell,et al.  A novel privacy preserving user identification approach for network traffic , 2017, Comput. Secur..

[20]  Maria J Grant,et al.  A typology of reviews: an analysis of 14 review types and associated methodologies. , 2009, Health information and libraries journal.

[21]  Ajeet Singh Poonia,et al.  Live forensics analysis: Violations of business security policy , 2014, 2014 International Conference on Contemporary Computing and Informatics (IC3I).

[22]  Long Chen,et al.  Forensic Analysis of Email on Android Volatile Memory , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[23]  Paul Rayson,et al.  A Systematic Survey of Online Data Mining Technology Intended for Law Enforcement , 2015, ACM Comput. Surv..

[24]  Ruzanna Chitchyan,et al.  Data exfiltration: A review of external attack vectors and countermeasures , 2018, J. Netw. Comput. Appl..

[25]  Richard E. Harang,et al.  MEADE: Towards a Malicious Email Attachment Detection Engine , 2018, 2018 IEEE International Symposium on Technologies for Homeland Security (HST).

[26]  Victor R. Kebande,et al.  Onto-Engineering: A Conceptual framework for Integrating Requirement Engineering Process with scientifically tuned Digital Forensics Ontologies , 2017 .

[27]  Leonard Barolli,et al.  ECT: A Novel Architecture for Evidence Collection in Forensic Investigation , 2017, 3PGCIC.

[28]  Brian Neil Levine,et al.  Efficient Smart Phone Forensics Based on Relevance Feedback , 2014, SPSM@CCS.

[29]  Mohamed Abid,et al.  Forensics-aware web services composition and ranking , 2015, iiWAS.

[30]  Guang Yang,et al.  Email Visualization Correlation Analysis Forensics Research , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[31]  Felix Ramisch,et al.  Recovery of SQLite Data Using Expired Indexes , 2015, 2015 Ninth International Conference on IT Security Incident Management & IT Forensics.

[32]  E. Charalambou,et al.  Email forensic tools : A roadmap to email header analysis through a cybercrime use case , 2016 .

[33]  Vikas Gupta File Detection in Network Traffic Using Approximate Matching , 2013 .

[34]  Nathan L. Clarke,et al.  An Automated Approach for Digital Forensic Analysis of Heterogeneous Big Data , 2016, J. Digit. Forensics Secur. Law.

[35]  Roger S. Debreceny,et al.  A taxonomy to guide research on the application of data mining to fraud detection in financial statement audits , 2014, Int. J. Account. Inf. Syst..

[36]  Pradeep K. Atrey,et al.  Email spoofing detection using volatile memory forensics , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[37]  Paula Gomes Mian,et al.  Systematic Review in Software Engineering , 2005 .

[38]  Ali Dehghantanha,et al.  Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies , 2016, PloS one.

[39]  Giancarlo Guizzardi,et al.  Theoretical foundations and engineering tools for building ontologies as reference conceptual models , 2010, Semantic Web.

[40]  Audun Jøsang,et al.  A Framework for Data-Driven Physical Security and Insider Threat Detection , 2018, 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[41]  Mohammed Alzaabi The Use of Ontologies in Forensic Analysis of Smartphone Content , 2015, J. Digit. Forensics Secur. Law.

[42]  Flora Amato,et al.  An Application of Semantic Techniques for Forensic Analysis , 2018, 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[43]  Ronald C. Turner Proposed Model for Natural Language ABAC Authoring , 2017, ABAC '17.

[44]  Kerem Kucuk,et al.  Electronic mail forensic algorithm for crime investigation and dispute settlement , 2018, 2018 6th International Symposium on Digital Forensic and Security (ISDFS).

[45]  Sangjin Lee,et al.  Recovery method of deleted records and tables from ESE database , 2016 .

[46]  Dooho Choi,et al.  The study of document filter for smart device , 2015, 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[47]  Dinesh Patil,et al.  Network Packet Analysis for Detecting Malicious Insider , 2018, 2018 3rd International Conference for Convergence in Technology (I2CT).

[48]  Carmen Medina-López,et al.  Una propuesta metodológica para la realización de búsquedas sistemáticas de bibliografía (A methodological proposal for the systematic literature review) , 2010 .

[49]  Nickson M. Karie,et al.  Toward a General Ontology for Digital Forensic Disciplines , 2014, Journal of forensic sciences.

[50]  Michael Moss,et al.  Our Digital Legacy: an Archival Perspective , 2017 .

[51]  Jungheum Park TREDE and VMPOP: Cultivating multi-purpose datasets for digital forensics – A Windows registry corpus as an example , 2018 .

[52]  Ali Dehghantanha,et al.  Forensics Investigation of OpenFlow-Based SDN Platforms , 2018 .

[53]  Nasir Memon,et al.  InVEST: Intelligent visual email search and triage , 2016 .

[54]  Ainuddin Wahid Abdul Wahab,et al.  An evolution of image source camera attribution approaches. , 2016, Forensic science international.

[55]  Rusydi Umar,et al.  Acquisition of Email Service Based Android Using NIST , 2018 .

[56]  Nhien-An Le-Khac,et al.  Privileged Data Within Digital Evidence , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[57]  Eoghan Casey,et al.  Leveraging CybOX™ to standardize representation and exchange of digital forensic information , 2015, Digit. Investig..

[58]  Juan Caballero,et al.  CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services , 2015, CCS.

[59]  Carsten Maple,et al.  A hybrid approach to combat email-based cyberstalking , 2015, 2015 Fourth International Conference on Future Generation Communication Technology (FGCT).

[60]  Tyler Moore,et al.  Practicing a Science of Security , 2017 .

[61]  Kim-Kwang Raymond Choo,et al.  On cloud security attacks: A taxonomy and intrusion detection and prevention as a service , 2016, J. Netw. Comput. Appl..

[62]  Emmanuel S. Pilli,et al.  Forensic analysis of E-mail address spoofing , 2014, 2014 5th International Conference - Confluence The Next Generation Information Technology Summit (Confluence).

[63]  Heloise Pieterse,et al.  Reference architecture for android applications to support the detection of manipulated evidence , 2016 .

[64]  Paulo S. C. Alencar,et al.  The use of machine learning algorithms in recommender systems: A systematic review , 2015, Expert Syst. Appl..

[65]  V. N. Venkatakrishnan,et al.  DynaMiner: Leveraging Offline Infection Analytics for On-the-Wire Malware Detection , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[66]  Hossain Shahriar,et al.  A Comparative Study of Email Forensic Tools , 2015 .

[67]  Florian Skopik,et al.  A collaborative cyber incident management system for European interconnected critical infrastructures , 2017, J. Inf. Secur. Appl..

[68]  Lei Chen,et al.  Ontologies and the Semantic Web for Digital Investigation Tool Selection , 2018, J. Digit. Forensics Secur. Law.

[69]  Ibrahim M. Baggili,et al.  Breaking into the vault: Privacy, security and forensic analysis of Android vault applications , 2017, Comput. Secur..

[70]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[71]  Jugal K. Kalita,et al.  Network attacks: Taxonomy, tools and systems , 2014, J. Netw. Comput. Appl..

[72]  Akashdeep Bhardwaj,et al.  Security challenges for cloud-based email infrastructure , 2017, Netw. Secur..

[73]  Hammad Riaz,et al.  Analysis of VMware virtual machine in forensics and anti-forensics paradigm , 2018, 2018 6th International Symposium on Digital Forensic and Security (ISDFS).

[74]  Jonathan Graham,et al.  Hunting Malware: An Example Using Gh0st , 2017, 2017 International Conference on Computational Science and Computational Intelligence (CSCI).

[75]  V. Veselý,et al.  Netfox Detective : A Tool for Advanced Network Forensics Analysis , 2015 .

[76]  Lina Zhou,et al.  Phishing environments, techniques, and countermeasures: A survey , 2017, Comput. Secur..

[77]  Paul. Ohm Good enough Privacy , 2008 .

[78]  Robert H. Deng,et al.  Situation-Aware Authenticated Video Broadcasting Over Train-Trackside WiFi Networks , 2019, IEEE Internet of Things Journal.

[79]  Ali Dehghantanha,et al.  Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study , 2017, ArXiv.

[80]  Joo-Young Lee,et al.  Traffic storing and related information generation system for cyber attack analysis , 2016, 2016 International Conference on Information and Communication Technology Convergence (ICTC).

[81]  Szde Yu Covert communication by means of email spam: A challenge for digital investigation , 2015, Digit. Investig..

[82]  Jie Wu,et al.  Dynamic access policy in cloud-based personal health record (PHR) systems , 2017, Inf. Sci..

[83]  Eoghan Casey,et al.  Using computed similarity of distinctive digital traces to evaluate non-obvious links and repetitions in cyber-investigations , 2018, Digit. Investig..

[84]  Sadie Creese,et al.  Applying Semantic Technologies to Fight Online Banking Fraud , 2015, 2015 European Intelligence and Security Informatics Conference.

[85]  Ali Dehghantanha,et al.  Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study , 2018, IEEE Transactions on Sustainable Computing.

[86]  Subhasis Dasgupta,et al.  PROFORMA: Proactive Forensics with Message Analytics , 2017, IEEE Security & Privacy.

[87]  William K. Robertson,et al.  EmailProfiler: Spearphishing Filtering with Header and Stylometric Features of Emails , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[88]  Juan D. Velásquez,et al.  Una Guía Corta para Escribir Revisiones Sistemáticas de Literatura Parte 3 , 2015 .

[89]  Vacius Jusas,et al.  Methods and Tools of Digital Triage in Forensic Context: Survey and Future Directions , 2017, Symmetry.

[90]  Carsten Maple,et al.  A Machine Learning Framework to Detect and Document Text-Based Cyberstalking , 2015, LWA.

[91]  Pearl Brereton,et al.  Lessons from applying the systematic literature review process within the software engineering domain , 2007, J. Syst. Softw..

[92]  Sadie Creese,et al.  Investigating the leakage of sensitive personal and organisational information in email headers , 2015, J. Internet Serv. Inf. Secur..

[93]  Dipankar Dasgupta,et al.  Forensic Analysis of Ransomware Families Using Static and Dynamic Analysis , 2018, 2018 IEEE Security and Privacy Workshops (SPW).