Skip to main content
SpringerLink
Log in

Support Tool Selection in Digital Forensics Training

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1768))

Included in the following conference series:

  • 692 Accesses

Abstract

One of the most common challenges for digital forensic investigations is the selection of suitable analysis tools in an ever-changing environment. In recent years, live digital forensic investigations are emerging throughout organizations due to Advanced Persistent Threats (APT). At the same time, the variety and availability of digital forensic tools expand rapidly. As there is no objective guideline to enable decision-support for tool selection, forensic analysts mostly rely on their experience. They apply tools they are familiar with, although, these tools might not be the most suitable ones for the analysis task at hand. We propose a concept that enables a well-considered tool selection for experts based on desired tool characteristics. The concept supports training the right tool selection to be forensically ready for future investigations and to structure cybersecurity knowledge within an organization. To evaluate our approach, we apply the concept to a use case and demonstrate its application and performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.fticonsulting-emea.com/?rl=emea.

References

  1. Adelstein, F.: Live forensics: diagnosing your system without killing it first. Commun. ACM 49, 63–66 (2006)

    Article  Google Scholar 

  2. Alzuri, A., Andrade, D., Escobar, Y.N., Zambora, B.M.: The growth of fileless malware. IEEE REM Group, pp. 1–5 (2019)

    Google Scholar 

  3. Carrier, B.D.: Defining digital forensic examination and analysis tool using abstraction layers. Int. J. Digit. EVid. 1, 1–12 (2003)

    Google Scholar 

  4. Casey, E.: Handbook of Digital Forensics and Investigation. Elsevier Science, Amsterdam (2009)

    Google Scholar 

  5. Casino, F., et al.: Research trends, challenges, and emerging topics in digital forensics: a review of reviews. IEEE Access 10, 25464–25493 (2022)

    Article  Google Scholar 

  6. Chyung, S.Y., Roberts, K., Swanson, I., Hankinson, A.: Evidence-based survey design: the use of a midpoint on the likert scale. Perform. Improv. 56(10), 15–23 (2017)

    Article  Google Scholar 

  7. Corallo, A., Lazoi, M., Lezzi, M., Luperto, A.: Cybersecurity awareness in the context of the industrial internet of things: a systematic literature review. Comput. Ind. 137, 103614 (2022)

    Article  Google Scholar 

  8. Eckert, W.G.: Introduction to Forensic Sciences, 2nd edn. Elsevier Science Publishing Co., New York (1992)

    Google Scholar 

  9. Englbrecht, L., Meier, S., Pernul, G.: Towards a capability maturity model for digital forensic readiness. Wirel. Networks 26(7), 4895–4907 (2020)

    Article  Google Scholar 

  10. Farkas, A., Rózsa, P., Stubnya, E.: Transitive matrices and their applications. Linear Algebra Appl. 302, 423–433 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  11. Farmer, D., Venema, W.: Forensic Discovery, vol. 1. Addison-Wesley Professional, Boston (2004)

    Google Scholar 

  12. Ferrante, A.J.: Project cato. https://assets.documentcloud.org/documents/6668313/FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf (2019). Accessed 07 Dec 2022

  13. Karabiyik, U., Karabiyik, T.: A game theoretic approach for digital forensic tool selection. MDPI Math. 8(5), 1–13 (2020)

    Google Scholar 

  14. Keipour, H., Hazra, S., Finne, N., Voigt, T.: Generalizing supervised learning for intrusion detection in IoT mesh networks. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Security. UbiSec 2021, pp. 214–228. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-0468-4_16

  15. Kiper, J.R.: Pick a tool, the right tool: developing a practical typology for selecting digital forensics tools. SANS Institute - Information Security Reading Room, pp. 1–24 (2018)

    Google Scholar 

  16. Likert, R.: A technique for the measurement of attitudes. Archiv. Psychol. 22(140), 5–55 (1932)

    Google Scholar 

  17. Mansfield-Devine, S.: Fileless attacks: compromising targets without malware. Netw. Secur. 2017(4), 7–11 (2017)

    Article  Google Scholar 

  18. McKemmish, R.: What is forensic computing? Trends Issues Crime Criminal Just. 118, 1–6 (1999)

    Google Scholar 

  19. Mehedi Shamrat, F.J., Chakraborty, S., Billah, M.M., Das, P., Muna, J.N., Ranjan, R.: A comprehensive study on pre-pruning and post-pruning methods of decision tree classification algorithm. In: 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), pp. 1339–1345 (2021)

    Google Scholar 

  20. Menza Karie, N., Karume, S.M., et al.: Digital forensic readiness in organizations: issues and challenges. J. Digital Forens. Secur. Law 12(4), 5 (2017)

    Google Scholar 

  21. NIST: Computer forensics tool catalog (2021). https://toolcatalog.nist.gov/index.php. Accessed 07 Dec 2022

  22. Park, S., Kim, Y., Park, G., Na, O., Chang, H.: Research on digital forensic readiness design in a cloud computing-based smart work environment. Sustainability 10(4), 1203 (2018)

    Article  Google Scholar 

  23. Patrascu, A., Patriciu, V.V.: Beyond digital forensics. A cloud computing perspective over incident response and reporting. In: IEEE 8th International Symposium on Applied Computational Intelligence and Informatics, SACI 2013, Timisoara, Romania, 23–25 May 2013, pp. 455–460. IEEE (2013)

    Google Scholar 

  24. Raghavan, S.: Digital forensic research: current state of the art. CSI Trans. ICT 1(1), 91–114 (2013)

    Article  Google Scholar 

  25. Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48(1), 9–26 (1990)

    Article  MATH  Google Scholar 

  26. Saleem, S., Popov, O., Baggili, I.: A method and a case study for the selection of the best available tool for mobile device forensics using decision analysis. Digit. Investig. 16, 55–64 (2016)

    Article  Google Scholar 

  27. Shafiee Hasanabadi, S., Habibi Lashkari, A., Ghorbani, A.A.: A survey and research challenges of anti-forensics: evaluation of game-theoretic models in simulation of forensic agents’ behaviour. Forensic Sci. Int. Dig. Invest. 35, 301024 (2020)

    Google Scholar 

  28. Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., Markakis, E.K.: A survey on the internet of things (IoT) forensics: challenges, approaches, and open issues. IEEE Commun. Surv. Tutor. 22(2), 1191–1221 (2020)

    Article  Google Scholar 

  29. Tan, J.: Forensic readiness. Cambridge, MA:@ Stake 1 (2001)

    Google Scholar 

  30. Vaidya, O.S., Kumar, S.: Analytic hierarchy process: an overview of applications. Eur. J. Oper. Res. 169(1), 1–29 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  31. Woodiss-Field, A., Johnstone, M.N., Haskell-Dowland, P.: Towards evaluating the effectiveness of botnet detection techniques. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Security. UbiSec 2021, pp. 292–308. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-0468-4_22

  32. Wu, T., Breitinger, F., O’Shaughnessy, S.: Digital forensic tools: Recent advances and enhancing the status quo. Forensic Sci. Int. Dig. Invest. 34, 300999 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Regensburg University, Universitätsstraße 31, Regensburg, 93053, Germany

    Sabrina Friedl, Ludwig Englbrecht, Fabian Böhm & Günther Pernul

Authors
  1. Sabrina Friedl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ludwig Englbrecht
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabian Böhm
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sabrina Friedl .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Temple University, Philadelphia, PA, USA

    Jie Wu

  4. Khalifa University of Science and Technology, Abu Dhabi, United Arab Emirates

    Ernesto Damiani

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Friedl, S., Englbrecht, L., Böhm, F., Pernul, G. (2023). Support Tool Selection in Digital Forensics Training. In: Wang, G., Choo, KK.R., Wu, J., Damiani, E. (eds) Ubiquitous Security. UbiSec 2022. Communications in Computer and Information Science, vol 1768. Springer, Singapore. https://doi.org/10.1007/978-981-99-0272-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-0272-9_1

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-0271-2

  • Online ISBN: 978-981-99-0272-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation