Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Assurance

ISA 2011: Information Security and Assurance pp 87–100Cite as

The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 200))

Abstract

Recent papers have urged the need for new forensic techniques and tools able to investigate anti-forensics methods, and have promoted automation of live investigation. Such techniques and tools are called proactive forensic approaches, i.e., approaches that can deal with digitally investigating an incident while it occurs. To come up with such an approach, a Systematic Literature Review (SLR) was undertaken to identify and map the processes in digital forensics investigation that exist in literature. According to the review, there is only one process that explicitly supports proactive forensics, the multicomponent process [1]. However, this is a very high-level process and cannot be used to introduce automation and to build a proactive forensics system. As a result of our SLR, a derived functional process that can support the implementation of a proactive forensics system is proposed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Grobler, C.P., Louwrens, C.P., von Solms, S.H.: A Multi-component View of Digital Forensics. In: ARES 2010 International Conference on Availability, Reliability, and Security, pp. 647–652 (2010)

    Google Scholar 

  2. Garfinkel, S.: Anti-forensics: Techniques, detection and countermeasures. In: 2nd International Conference on i-Warfare and Security, p. 77 (2007)

    Google Scholar 

  3. Garfinkel, S.L.: Digital forensics research: The next 10 years. Digital Investigation 7, S64–S73 (2010)

    Article  Google Scholar 

  4. Orebaugh, A.: Proactive forensics. Journal of Digital Forensic Practice 1, 37 (2006)

    Article  Google Scholar 

  5. Brereton, P., Kitchenham, B.A., Budgen, D., Turner, M., Khalil, M.: Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software 80, 571–583 (2007)

    Article  Google Scholar 

  6. Rowlingson, R.: A ten step process for forensic readiness. International Journal of Digital Evidence 2, 1–28 (2004)

    Google Scholar 

  7. Palmer, G.: A road map for digital forensics research-report from the first Digital Forensics Research Workshop (DFRWS), Utica, New York (2001)

    Google Scholar 

  8. Mark, R., Clint, C., Gregg, G.: An Examination of Digital Forensic Models. International Journal of Digital Evidence 1, 1–12 (2002)

    Google Scholar 

  9. Carrier, B., Spafford, E.: An event-based digital forensic investigation framework. In: Proceeding of the 4th Digital Forensic Research Workshop, pp. 11–13 (2004)

    Google Scholar 

  10. Baryamureeba, V., Tushabe, F.: The Enhanced Digital Investigation Process Model. Asian Journal of Information Technology 5, 790–794 (2006)

    Google Scholar 

  11. Kohn, M., Eloff, J., Olivier, M.: Framework for a digital forensic investigation. In: Proceedings of Information Security South Africa (ISSA) 2006 from Insight to Foresight Conference (2006)

    Google Scholar 

  12. Stephenson, P.: A comprehensive approach to digital incident investigation. Information Security Technical Report 8, 42–54 (2003)

    Article  Google Scholar 

  13. Stephenson, P.: Completing the Post Mortem Investigation. Computer Fraud & Security, 17–20 (2003)

    Google Scholar 

  14. Harrison, W.: The digital detective: An introduction to digital forensics. Advances in Computers 60, 75–119 (2004)

    Article  Google Scholar 

  15. Beebe, N.L., Clark, J.G.: A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation 2, 147–167 (2005)

    Article  Google Scholar 

  16. Ieong, R.S.C.: FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation 3, 29–36 (2006)

    Article  Google Scholar 

  17. Khatir, M., Hejazi, S.M., Sneiders, E.: Two-Dimensional Evidence Reliability Amplification Process Model for Digital Forensics. In: Third International Annual Workshop on Digital Forensics and Incident Analysis, WDFIA 2008, pp. 21–29 (2008)

    Google Scholar 

  18. Pollitt, M.M.: An Ad Hoc Review of Digital Forensic Models. In: Second International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2007, pp. 43–54 (2007)

    Google Scholar 

  19. Yong-Dal, S.: New Digital Forensics Investigation Procedure Model. In: Fourth International Conference on Networked Computing and Advanced Information Management, NCM 2008, pp. 528–531 (2008)

    Google Scholar 

  20. Billard, D.: An Extended Model for E-Discovery Operations. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, vol. 306, pp. 277–287. Springer, Boston (2009)

    Chapter  Google Scholar 

  21. Tanner, A., Dampier, D.: Concept Mapping for Digital Forensic Investigations. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, vol. 306, pp. 291–300. Springer, Boston (2009)

    Chapter  Google Scholar 

  22. Ruan, C., Huebner, E.: Formalizing Computer Forensics Process with UML. In: Yang, J., Ginige, A., Mayr, H.C., Kutsche, R.-D. (eds.) Information Systems: Modeling, Development, and Integration, vol. 20, pp. 184–189. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Slay, J., Lin, Y.-C., Turnbull, B., Beckett, J., Lin, P.: Towards a Formalization of Digital Forensics. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, pp. 37–47. Springer, Boston (2009)

    Chapter  Google Scholar 

  24. Kizza, J.: Computer Crime Investigations-Computer Forensics. In: Ethical and Social Issues in the Information Age, pp. 343–358. Springer, London (2007)

    Google Scholar 

  25. Selamat, S., Yusof, R., Sahib, S.: Mapping process of digital forensic investigation framework. IJCSNS 8, 163 (2008)

    Google Scholar 

  26. Perumal, S.: Digital forensic model based on Malaysian investigation process. IJCSNS 9, 38 (2009)

    Google Scholar 

  27. Carrier, B., Spafford, E.: Getting physical with the digital investigation process. International Journal of Digital Evidence 2, 1–20 (2003)

    Google Scholar 

  28. Ciardhu∙in, S.: An extended model of cybercrime investigations. International Journal of Digital Evidence 3, 1–22 (2004)

    Google Scholar 

  29. Rogers, M., Goldman, J., Mislan, R., Wedge, T., Debrota, S.: Computer forensics field triage process model. Journal of Digital Forensics, Security and Law 1, 27–40 (2006)

    Google Scholar 

  30. Freiling, F., Schwittay, B.: A common process model for incident response and computer forensics. In: 3rd International Conference on IT-Incident Management and IT- Forensic (2007)

    Google Scholar 

  31. Kent, K., Chevalier, S., Grance, T., Dang, H.: "Guide to Integrating Forensic Techniques into Incident Response. NIST Special Publication 800-86 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical and Computer Engineering, University of Victoria, Canada

    Soltan Alharbi & Issa Traore

  2. Computer Science Department, University of Victoria, Canada

    Jens Weber-Jahnke

Authors
  1. Soltan Alharbi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jens Weber-Jahnke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Issa Traore
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, 133 Ojeong-dong, Daeduk-gu, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  2. The Ohio State University, 470 Hitchcock Hall, 2070 Neil Avenue, 43210-1275, Columbus, OH, USA

    Hojjat Adeli

  3. Hannam University, 133 Ojeong-dong, Daeduk-gu, 306-791, Daejeon, Korea

    Rosslin John Robles

  4. Hannam University, 133 Ojeong-dong, Daeduk-gu, Daejeon, Korea

    Maricel Balitanas

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alharbi, S., Weber-Jahnke, J., Traore, I. (2011). The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review. In: Kim, Th., Adeli, H., Robles, R.J., Balitanas, M. (eds) Information Security and Assurance. ISA 2011. Communications in Computer and Information Science, vol 200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23141-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23141-4_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23140-7

  • Online ISBN: 978-3-642-23141-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation