Abstract
Recent papers have urged the need for new forensic techniques and tools able to investigate anti-forensics methods, and have promoted automation of live investigation. Such techniques and tools are called proactive forensic approaches, i.e., approaches that can deal with digitally investigating an incident while it occurs. To come up with such an approach, a Systematic Literature Review (SLR) was undertaken to identify and map the processes in digital forensics investigation that exist in literature. According to the review, there is only one process that explicitly supports proactive forensics, the multicomponent process [1]. However, this is a very high-level process and cannot be used to introduce automation and to build a proactive forensics system. As a result of our SLR, a derived functional process that can support the implementation of a proactive forensics system is proposed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Grobler, C.P., Louwrens, C.P., von Solms, S.H.: A Multi-component View of Digital Forensics. In: ARES 2010 International Conference on Availability, Reliability, and Security, pp. 647–652 (2010)
Garfinkel, S.: Anti-forensics: Techniques, detection and countermeasures. In: 2nd International Conference on i-Warfare and Security, p. 77 (2007)
Garfinkel, S.L.: Digital forensics research: The next 10 years. Digital Investigation 7, S64–S73 (2010)
Orebaugh, A.: Proactive forensics. Journal of Digital Forensic Practice 1, 37 (2006)
Brereton, P., Kitchenham, B.A., Budgen, D., Turner, M., Khalil, M.: Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software 80, 571–583 (2007)
Rowlingson, R.: A ten step process for forensic readiness. International Journal of Digital Evidence 2, 1–28 (2004)
Palmer, G.: A road map for digital forensics research-report from the first Digital Forensics Research Workshop (DFRWS), Utica, New York (2001)
Mark, R., Clint, C., Gregg, G.: An Examination of Digital Forensic Models. International Journal of Digital Evidence 1, 1–12 (2002)
Carrier, B., Spafford, E.: An event-based digital forensic investigation framework. In: Proceeding of the 4th Digital Forensic Research Workshop, pp. 11–13 (2004)
Baryamureeba, V., Tushabe, F.: The Enhanced Digital Investigation Process Model. Asian Journal of Information Technology 5, 790–794 (2006)
Kohn, M., Eloff, J., Olivier, M.: Framework for a digital forensic investigation. In: Proceedings of Information Security South Africa (ISSA) 2006 from Insight to Foresight Conference (2006)
Stephenson, P.: A comprehensive approach to digital incident investigation. Information Security Technical Report 8, 42–54 (2003)
Stephenson, P.: Completing the Post Mortem Investigation. Computer Fraud & Security, 17–20 (2003)
Harrison, W.: The digital detective: An introduction to digital forensics. Advances in Computers 60, 75–119 (2004)
Beebe, N.L., Clark, J.G.: A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation 2, 147–167 (2005)
Ieong, R.S.C.: FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation 3, 29–36 (2006)
Khatir, M., Hejazi, S.M., Sneiders, E.: Two-Dimensional Evidence Reliability Amplification Process Model for Digital Forensics. In: Third International Annual Workshop on Digital Forensics and Incident Analysis, WDFIA 2008, pp. 21–29 (2008)
Pollitt, M.M.: An Ad Hoc Review of Digital Forensic Models. In: Second International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2007, pp. 43–54 (2007)
Yong-Dal, S.: New Digital Forensics Investigation Procedure Model. In: Fourth International Conference on Networked Computing and Advanced Information Management, NCM 2008, pp. 528–531 (2008)
Billard, D.: An Extended Model for E-Discovery Operations. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, vol. 306, pp. 277–287. Springer, Boston (2009)
Tanner, A., Dampier, D.: Concept Mapping for Digital Forensic Investigations. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, vol. 306, pp. 291–300. Springer, Boston (2009)
Ruan, C., Huebner, E.: Formalizing Computer Forensics Process with UML. In: Yang, J., Ginige, A., Mayr, H.C., Kutsche, R.-D. (eds.) Information Systems: Modeling, Development, and Integration, vol. 20, pp. 184–189. Springer, Heidelberg (2009)
Slay, J., Lin, Y.-C., Turnbull, B., Beckett, J., Lin, P.: Towards a Formalization of Digital Forensics. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, pp. 37–47. Springer, Boston (2009)
Kizza, J.: Computer Crime Investigations-Computer Forensics. In: Ethical and Social Issues in the Information Age, pp. 343–358. Springer, London (2007)
Selamat, S., Yusof, R., Sahib, S.: Mapping process of digital forensic investigation framework. IJCSNS 8, 163 (2008)
Perumal, S.: Digital forensic model based on Malaysian investigation process. IJCSNS 9, 38 (2009)
Carrier, B., Spafford, E.: Getting physical with the digital investigation process. International Journal of Digital Evidence 2, 1–20 (2003)
Ciardhu∙in, S.: An extended model of cybercrime investigations. International Journal of Digital Evidence 3, 1–22 (2004)
Rogers, M., Goldman, J., Mislan, R., Wedge, T., Debrota, S.: Computer forensics field triage process model. Journal of Digital Forensics, Security and Law 1, 27–40 (2006)
Freiling, F., Schwittay, B.: A common process model for incident response and computer forensics. In: 3rd International Conference on IT-Incident Management and IT- Forensic (2007)
Kent, K., Chevalier, S., Grance, T., Dang, H.: "Guide to Integrating Forensic Techniques into Incident Response. NIST Special Publication 800-86 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alharbi, S., Weber-Jahnke, J., Traore, I. (2011). The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review. In: Kim, Th., Adeli, H., Robles, R.J., Balitanas, M. (eds) Information Security and Assurance. ISA 2011. Communications in Computer and Information Science, vol 200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23141-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-23141-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23140-7
Online ISBN: 978-3-642-23141-4
eBook Packages: Computer ScienceComputer Science (R0)