Abstract
For reliable digital evidence to be admitted in a court of law, it is important to apply scientifically proven digital forensic investigation techniques to corroborate a suspected security incident. Mainly, traditional digital forensics techniques focus on computer desktops and servers. However, recent advances in digital media and platforms have seen an increased need for the application of digital forensic investigation techniques to other subdomains. This includes mobile devices, databases, networks, cloud-based platforms, and the Internet of Things (IoT) at large. To assist forensic investigators to conduct investigations within these subdomains, academic researchers have attempted to develop several investigative processes. However, many of these processes are domain-specific or describe domain-specific investigative tools. Hence, in this paper, we hypothesize that the literature is saturated with ambiguities. To further synthesize this hypothesis, a digital forensic model-orientated Systematic Literature Review (SLR) within the digital forensic subdomains has been undertaken. The purpose of this SLR is to identify the different and heterogeneous practices that have emerged within the specific digital forensics subdomains. A key finding from this review is that there are process redundancies and a high degree of ambiguity among investigative processes in the various subdomains. As a way forward, this study proposes a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains. Using the proposed solution, an investigator can effectively organize the knowledge process for digital investigation.
Highlights
The implementation of cybersecurity systems and processes is often inadequate to ensure the Confidentiality, Integrity Availability, and Authenticity (CIAA) of information
In 2001, a group of researchers defined digital forensics as “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources to facilitate or further the reconstruction of events found to be criminal or helping to anticipate unauthorized actions shown to be disruptive to planned operations” [1]
This study aims to highlight the different and heterogeneous practices that have emerged within the subdomains of mobile device forensics, network forensics, database forensics, and Internet of Things (IoT) forensics
Summary
The implementation of cybersecurity systems and processes is often inadequate to ensure the Confidentiality, Integrity Availability, and Authenticity (CIAA) of information. In 2001, a group of researchers defined digital forensics as “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources to facilitate or further the reconstruction of events found to be criminal or helping to anticipate unauthorized actions shown to be disruptive to planned operations” [1] Since this definition was proposed, various investigative frameworks and process models have been developed that have a focus on digital forensics. Behavioral biometrics is the process of identifying, extracting, and presenting soft attributes of the user of a digital object(s), in such a way that an action or a series of actions can be attributed to a user with minimal ambiguity This approach is gradually gaining wider adoption within the digital forensic subdomains, as highlighted in recent studies [12]–[17]. The section details the methodology used to develop the review process
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
