Abstract
One of the most common challenges for digital forensic investigations is the selection of suitable analysis tools in an ever-changing environment. In recent years, live digital forensic investigations are emerging throughout organizations due to Advanced Persistent Threats (APT). At the same time, the variety and availability of digital forensic tools expand rapidly. As there is no objective guideline to enable decision-support for tool selection, forensic analysts mostly rely on their experience. They apply tools they are familiar with, although, these tools might not be the most suitable ones for the analysis task at hand. We propose a concept that enables a well-considered tool selection for experts based on desired tool characteristics. The concept supports training the right tool selection to be forensically ready for future investigations and to structure cybersecurity knowledge within an organization. To evaluate our approach, we apply the concept to a use case and demonstrate its application and performance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adelstein, F.: Live forensics: diagnosing your system without killing it first. Commun. ACM 49, 63–66 (2006)
Alzuri, A., Andrade, D., Escobar, Y.N., Zambora, B.M.: The growth of fileless malware. IEEE REM Group, pp. 1–5 (2019)
Carrier, B.D.: Defining digital forensic examination and analysis tool using abstraction layers. Int. J. Digit. EVid. 1, 1–12 (2003)
Casey, E.: Handbook of Digital Forensics and Investigation. Elsevier Science, Amsterdam (2009)
Casino, F., et al.: Research trends, challenges, and emerging topics in digital forensics: a review of reviews. IEEE Access 10, 25464–25493 (2022)
Chyung, S.Y., Roberts, K., Swanson, I., Hankinson, A.: Evidence-based survey design: the use of a midpoint on the likert scale. Perform. Improv. 56(10), 15–23 (2017)
Corallo, A., Lazoi, M., Lezzi, M., Luperto, A.: Cybersecurity awareness in the context of the industrial internet of things: a systematic literature review. Comput. Ind. 137, 103614 (2022)
Eckert, W.G.: Introduction to Forensic Sciences, 2nd edn. Elsevier Science Publishing Co., New York (1992)
Englbrecht, L., Meier, S., Pernul, G.: Towards a capability maturity model for digital forensic readiness. Wirel. Networks 26(7), 4895–4907 (2020)
Farkas, A., Rózsa, P., Stubnya, E.: Transitive matrices and their applications. Linear Algebra Appl. 302, 423–433 (1999)
Farmer, D., Venema, W.: Forensic Discovery, vol. 1. Addison-Wesley Professional, Boston (2004)
Ferrante, A.J.: Project cato. https://assets.documentcloud.org/documents/6668313/FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf (2019). Accessed 07 Dec 2022
Karabiyik, U., Karabiyik, T.: A game theoretic approach for digital forensic tool selection. MDPI Math. 8(5), 1–13 (2020)
Keipour, H., Hazra, S., Finne, N., Voigt, T.: Generalizing supervised learning for intrusion detection in IoT mesh networks. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Security. UbiSec 2021, pp. 214–228. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-0468-4_16
Kiper, J.R.: Pick a tool, the right tool: developing a practical typology for selecting digital forensics tools. SANS Institute - Information Security Reading Room, pp. 1–24 (2018)
Likert, R.: A technique for the measurement of attitudes. Archiv. Psychol. 22(140), 5–55 (1932)
Mansfield-Devine, S.: Fileless attacks: compromising targets without malware. Netw. Secur. 2017(4), 7–11 (2017)
McKemmish, R.: What is forensic computing? Trends Issues Crime Criminal Just. 118, 1–6 (1999)
Mehedi Shamrat, F.J., Chakraborty, S., Billah, M.M., Das, P., Muna, J.N., Ranjan, R.: A comprehensive study on pre-pruning and post-pruning methods of decision tree classification algorithm. In: 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), pp. 1339–1345 (2021)
Menza Karie, N., Karume, S.M., et al.: Digital forensic readiness in organizations: issues and challenges. J. Digital Forens. Secur. Law 12(4), 5 (2017)
NIST: Computer forensics tool catalog (2021). https://toolcatalog.nist.gov/index.php. Accessed 07 Dec 2022
Park, S., Kim, Y., Park, G., Na, O., Chang, H.: Research on digital forensic readiness design in a cloud computing-based smart work environment. Sustainability 10(4), 1203 (2018)
Patrascu, A., Patriciu, V.V.: Beyond digital forensics. A cloud computing perspective over incident response and reporting. In: IEEE 8th International Symposium on Applied Computational Intelligence and Informatics, SACI 2013, Timisoara, Romania, 23–25 May 2013, pp. 455–460. IEEE (2013)
Raghavan, S.: Digital forensic research: current state of the art. CSI Trans. ICT 1(1), 91–114 (2013)
Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48(1), 9–26 (1990)
Saleem, S., Popov, O., Baggili, I.: A method and a case study for the selection of the best available tool for mobile device forensics using decision analysis. Digit. Investig. 16, 55–64 (2016)
Shafiee Hasanabadi, S., Habibi Lashkari, A., Ghorbani, A.A.: A survey and research challenges of anti-forensics: evaluation of game-theoretic models in simulation of forensic agents’ behaviour. Forensic Sci. Int. Dig. Invest. 35, 301024 (2020)
Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., Markakis, E.K.: A survey on the internet of things (IoT) forensics: challenges, approaches, and open issues. IEEE Commun. Surv. Tutor. 22(2), 1191–1221 (2020)
Tan, J.: Forensic readiness. Cambridge, MA:@ Stake 1 (2001)
Vaidya, O.S., Kumar, S.: Analytic hierarchy process: an overview of applications. Eur. J. Oper. Res. 169(1), 1–29 (2006)
Woodiss-Field, A., Johnstone, M.N., Haskell-Dowland, P.: Towards evaluating the effectiveness of botnet detection techniques. In: Wang, G., Choo, K.K.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds.) Ubiquitous Security. UbiSec 2021, pp. 292–308. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-0468-4_22
Wu, T., Breitinger, F., O’Shaughnessy, S.: Digital forensic tools: Recent advances and enhancing the status quo. Forensic Sci. Int. Dig. Invest. 34, 300999 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Friedl, S., Englbrecht, L., Böhm, F., Pernul, G. (2023). Support Tool Selection in Digital Forensics Training. In: Wang, G., Choo, KK.R., Wu, J., Damiani, E. (eds) Ubiquitous Security. UbiSec 2022. Communications in Computer and Information Science, vol 1768. Springer, Singapore. https://doi.org/10.1007/978-981-99-0272-9_1
Download citation
DOI: https://doi.org/10.1007/978-981-99-0272-9_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-0271-2
Online ISBN: 978-981-99-0272-9
eBook Packages: Computer ScienceComputer Science (R0)