You are currently viewing a new version of our website. To view the old version click .
MDPIMDPI
Search all articles
Computers
Download PDF
  • Article
  • Open Access

11 December 2024

Unveiling the Dynamic Landscape of Digital Forensics: The Endless Pursuit

,
,
,
and
1
Department of Information Security, College of Signals, National University of Sciences and Technology (NUST), Islamabad 44000, Pakistan
2
Centre for Intelligent Healthcare, Coventry University, Northampton Square, Coventry CV1 5RW, UK
*
Authors to whom correspondence should be addressed.
Computers2024, 13(12), 333;https://doi.org/10.3390/computers13120333
This article belongs to the Special Issue Cyber Security and Privacy in IoT Era
Version Notes
Order Reprints

Abstract

The invention of transistors in the 1940s marked the beginning of a technological revolution that has impacted every aspect of our lives. However, along with the positive advancements, the malicious use of computing technologies has become a serious concern. The international community has been actively collaborating to develop digital forensics techniques to combat the unlawful use of these technologies. However, the evolution of digital forensics has often lagged behind the rapid developments in computing technologies. In addition to their harmful use, computing devices are increasingly involved in crime scenes and accidents, necessitating digital forensics to reconstruct events. This paper provides a comprehensive review of the development of computing technologies from the 1940s to the present, highlighting the trends in their malicious use and the corresponding advancements in digital forensics. The paper also discusses various institutes, laboratories, organizations, and training setups established at national and international levels for digital forensics purposes. Furthermore, it explores the initial legislations related to computer-related crimes and the standards associated with digital forensics. These reviews and discussions conclude at identifying the shortfalls in digital forensics and proposes an all-inclusive digital forensics process model meeting these shortfalls while complying to international standards and meeting regulatory and legal requirements of digital forensics.

1. Introduction

The National Institute of Standards and Technology (NIST) through its Computer Security Resource Centre (CSRC) defines digital forensics as “The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data” [,]. Although traditional forensics has developed in a structured and consistent manner from the scientific community, digital forensics has emerged from ad hoc techniques and tools derived from the experiences of law enforcement, system and network administrators, and computer enthusiasts. Consequently, its development has been inconsistent []. Essentially, the progress of digital forensics has closely followed the evolution and misuse of computing technologies []. Thus, to understand the development of digital forensics, it is essential to examine the evolution of computing technologies.
Before 1947, computing devices depended on electromechanical technology, including components such as vacuum tubes, relays, gears, shafts, belts, and cams (machine switches) []. The advent of transistors in 1947 represented a major milestone in computer development, enabling the rise of transistor-based computing systems []. However, until the mid-1970s, computer use was mainly confined to industries, government agencies, universities, and research institutions.
During the 1980s, the advent of personal computers revolutionized the computing world, becoming popular among both computer enthusiasts and the general public. The early 1990s saw the Internet’s arrival, which led to a significant surge in the use of personal computers. The 2000s were marked by the rise of Web 2.0 and portable computing devices, which signified major technological progress. Since 2010, new technological paradigms such as cloud computing, blockchain, and the Internet of Things (IoT) have emerged, further enhancing the capabilities and potential of computing technology.
The evolution of digital forensics paralleled significant advancements in computing technologies. Initially, these advancements began with basic security audits conducted by system administrators and the creation of data recovery tools. Gradually, this field evolved into computer forensics, characterized by improvements in forensic tools, the creation of international standards, and the acknowledgment of digital evidence.
The golden age of digital forensics spanned from 2000 to 2010, marked by advancements in forensic facilities, tools, and models, as well as the simplicity of operating systems and file formats, the lack of encryption, and the absence of robust security in devices. These elements fostered an environment favorable for digital forensic investigations. After 2010, new areas such as network forensics, cloud forensics, and IoT forensics began to emerge. Various international organizations significantly contributed to the development of digital forensics by creating international standards, developing forensic models and tools, and providing training. However, digital forensics is trailing behind due to fast paced development in computing technologies and international standards defined since the 2010s. Hence, a model for all-inclusive digital forensics process is needed, capable of meeting international standards and carrying out forensics of the latest computing technologies.
The main contributions of this paper are as follows.
  • An extensive analysis (the first of its kind, in our opinion) of the progression of computing, categorized into five distinct periods from the 1940s to the present day, grounded in significant technological advancements in Section 2.
  • The evolution of the malicious use of computing technologies and the advancements in forensic science to combat these threats across different periods are discussed in Section 3, including:
    (a)
    The evolution from simple security to evidence recovery, computer forensics, digital evidence, and digital forensics, along with its emerging dimensions.
    (b)
    The metamorphosis of forensics tools, techniques, trainings, and facilities.
    (c)
    Some of the most talked-about forensics models/frameworks.
    (d)
    International initiatives and bodies dealing with digital forensics.
  • The evolution of digital forensic approaches in various eras has been discussed in Section 4.
  • Proposing an all-inclusive digital forensics process model that meets international standards and regulatory/legal requirements in Section 5.
  • Identifying the shortfalls in previous forensic models/frameworks and drawing comparison with the proposed model in Section 6. Proposed model outperforms all the previous models.
The research for this paper has been carried out by examining existing literature from diverse sources, including contributions from the research community in prestigious journals and conferences. In addition, industry advancements have also been considered. To achieve a thorough understanding, prominent international initiatives in digital forensics have been reviewed, along with pertinent governmental, semi-governmental, and private organizations involved in the field. This methodology ensures that the article integrates a broad spectrum of viewpoints and the most current information from various reliable sources. Figure 1 illustrates the structure of the paper.
Figure 1. Layout of the Paper.

2. Advancement in Computing

The evolution of computing can be categorized into five distinct phases concerning the development of computing technologies.; Dawn of Computers (late 1940’s to early 1970s), Introduction of Personal Computers (late 1970s to late 1980s), Growth of Personal Computers (1990s), Introduction of Smart Phones/Devices (2000 to 2009) and Ubiquitous Networks and Services (2010 onward).

2.1. Dawn of Computers (Late 1940’s to Early 1970s)

The industrial computing era began with the transistor’s invention at Bell Laboratories in 1947 [,]. In 1949, Manchester University developed the first computer, Mark 1, which stored programs in electronic memory. Access to Mark 1 was restricted to scientists [,]. In 1959, integrated circuits (ICs) were created [], followed by the silicon-based Metal-Oxide Semiconductor Field-Effect Transistor (MOSFET) in 1960 []. These innovations led to the first microprocessor, Intel 4004, in 1971 []. In 1964, Douglas Engelbart created a prototype computer with a mouse and a graphical user interface (GUI) []. Many computers followed, but until the early 1980s, their use was mostly limited to industries, government, universities, and research institutions.

2.2. Introduction of Personal Computers (Late 1970s to Late 1980s)

In 1974, H. Edwards Roberts and MITS (Micro Instrumentation and Telemetry Systems) developed the first personal computer, Altair, based on Intel’s 8080 microprocessor, but it was produced on a limited scale []. In 1976, Steve Jobs and Steve Wozniak developed the Apple I [], a single-circuit board computer that was an instant hit, followed by the Apple II in 1977. In 1981, IBM launched its first personal computer, Acorn []. In the late 1980s, Compaq introduced the first laptop []. Personal computers gained popularity in the 1980s but were mainly used by hobbyists []. During this era, the Advanced Research Projects Agency Network (ARPAN) developed the first wide area network, ARPANet, with its first public demonstration in 1972 []. This later became the basis of the internet.

2.3. Growth of Personal Computers (1990s)

In 1990, the World Wide Web (www) was developed at CERN in Geneva, Switzerland [], to facilitate global data sharing among scientists. The www spurred the explosive growth of personal computers, dominating the 1990s []. Other major developments included digital media (video/audio), digital fax machines, and compact cell phones (GSM 2G), further advancing computing technologies and integrating them into daily life.

2.4. Introduction of Smart Phones and Portable Devices (2000 to 2009)

Technologies like Bluetooth [], WiFi (802.11 g) [], 3G [], USB flash memory sticks [], broadband internet [], and faster processors led to portable devices like smartphones, PDAs, and portable storage. These devices revolutionized information access and interaction, creating the wireless web [], Web 2.0 (social media, blogs, etc.) [], and mobile commerce. The wireless Web allowed access to the Internet without fixed locations, while Web 2.0 enabled the creation and sharing of interactive content []. Mobile commerce facilitated convenient transactions via portable devices. These advancements improved the interconnectedness and accessibility of computing technologies in daily life.

2.5. Ubiquitous Networks and Services (2010 Onward)

From 2010 onward, IT systems offered more services and functionalities, but their management became more complex []. The exponential increase in data made local storage difficult. Faster wireless technologies such as 4G and 5G, together with cloud computing, addressed these issues, leading to a more connected cloud environment [,].
Technologies such as the Internet of Things (IoT) and Cyber-Physical Systems (CPS) are revolutionizing daily life, including health services, city management, industries, agriculture, and logistics []. Compared to traditional computers, the ubiquity of cloud computing and IoT has popularized tablets, smartphones, and wearable devices []. Cryptocurrencies, e-wallets, digital and online marketplaces, AI chat-bots, and recommender systems have transformed business and shopping, driving e-commerce growth []. Blockchain technology introduced secure online transactions [,]. Smartphones gain popularity yearly [].
The fish-bone diagram of the evolution of computing is shown in Figure 2.
Figure 2. Evolution of Computing.

4. Evolution of Digital Forensics Approaches

The evolution of digital forensics is elaborately covered in Section 3 and shown in Figure 16. However, evolution in digital forensics can further be classified as per the approaches it took. The summary of the approaches taken by digital forensics along with the stimulus is shown in Table 2. Details are given below.
Table 2. Summary-Evolution of Digital Forensics.

4.1. Forensics Through System Audits (1945–1975)

During the initial period, computers were used as standalone systems and forensic was considered to be done by audits system administrators only.

4.2. Forensics by Network Administrators (1975–1990)

From 1970s, concept of networked computing system emerged, specially for research & development institutes. To investigate cyber espionage attacks on these networked computers, which are carried out to steal proprietary and classified information, a trend of forensics by network administrators emerged, which was based on analysis of logs and network traffic.

4.3. Forensics Through Data Recovery Tools (1984–1990)

With increase in use of personal computers, the requirement to recover deleted data emerged, giving birth to a new dimension of forensics; Data recovery tools.

4.4. Introduction of Computer Forensics (1990 Onward)

With explosive growth in the use of personal computers, the need to standardize their forensic process, including acquiring, preserving, retrieving, and presenting data stored on computer media, emerged. Moreover, regulatory, reliability, integrity, and quality requirements, as applicable in other forensics sciences, also emerged for digital forensics. This led to the introduction of the science of computer forensics. Various related approaches also emerged in the 1990s, some of which are as follows.
  • Development of forensics tools, meeting the requirements of computer forensics, started in the 1990s, giving a new approach to the forensic process.
  • Computer forensics became a proper science, requiring handling by expert computer forensics investigators in specialized labs. In order to meet these requirements, specialized computer labs and training centres starting establishing from 1993 onward.
  • Following the footsteps of forensics science, efforts started in 1993 to standardize the procedures and techniques for computer forensics.
  • In order to meet various regulatory requirements and take standardization efforts a step further, work on Accreditation & Certifications started in 1995.

4.5. Digital Evidence and Digital Forensics (1998 Onward)

With emergence of various types of digital storage devices including cell phones, digital audio storage media for digital audio, video evidence, fax machines, etc., a new term of digital evidence emerged in 1998, replacing computer evidence. This gave birth to a new approach in 2001, termed digital forensics (explained in detail in Section 3.4).

4.6. Forensics Models (2000 Onward)

In 2000s, research community started proposing new approaches to carry out digital forensics while ensuring compliance with regulatory requirements and forensic standards (some of the noteworthy frameworks are discussed in Section 3.4.2).

4.7. eDiscovery (2006)

With increase in involvement of digital evidence in criminal cases, digital information was declared as a form of evidence and the eDiscovery (electronic discovery) system was introduced, defining the process of collecting, preparing, reviewing, and producing electronic documents (details in Section 3.4.4).

4.8. New Dimensions and Approaches of Digital Forensics (2010s Onward)

New paradigm of ubiquitous networks and services, embedded flash storage, growing size of storage media with increase in variety in hardware interfaces, cloud services, RAM-based malwares, variety of operating systems and file formats, and encryption gained popularity since the 2010s. These advancements in computing technologies led to the emergence of new approaches/branches in digital forensics, some of which are Network Forensics, Cloud Forensics, IoT Forensics and Smart Phones Forensics (details covered in Section 3.5.2).

5. An All-Inclusive Digital Forensics Process Model

The evolution of digital forensics has seen the emergence of various approaches and standards in different countries (covered in detail in Section 3). However, no comprehensive model, incorporating all these approaches and standards exists which can act as a reference model for further development in digital forensics and its new dimensions. Based on recommendations of various models and standards discussed in previous section, an all inclusive 11 phase digital forensics process model has been proposed in this Section. This proposed model is grouped under five distinct categories, based on activities; (1) Proactive, (2) Forensics Initialization/Evidence Collection, (3) Forensics Investigation, (4) Reporting and (5) Reactive/Review. Each category comprises various phases, and each phase contains various steps. The proposed model along with categories, phases, and steps is shown in Figure 17 and is discussed in detail in the following paragraphs.
Figure 17. An All Inclusive Digital Forensics Process Model.

5.1. Preparation and Readiness Phase

This proactive phase comprises the following steps.
i   
Initial assessment of the expected crime scene.
ii  
Obtaining search warrants to carry out the forensic investigation.
iii 
Obtaining the necessary authorizations and approvals from competent authorities.
iv  
Planning and strategy for carrying out the forensic investigation.
v   
Study of laws applicable to the investigation of digital forensics concerned.
vi  
Ensuring operational readiness of investigators to carry out digital forensic investigations.
vii 
Infrastructure readiness for conducting forensic investigations (aka forensic readiness).
viii
Ensuring requisite capabilities with investigators, like Honeypots and similar tools, to deal with booby trap and remote killing of computing machines.
ix 
Ensuring awareness amongst the investigators, as well as the entire organization.
x   
Issuance of notification regarding initialization of forensic investigations.

5.2. Securing Crime Scene Phase

Being part of Forensics Initialization/Evidence Collection activities, this phase comprises following steps.
Securing crime scene to avoid any contamination that may leads to compromise of integrity.
ii
Documenting the crime scene, to ensure availability of requisite information during next phases.

5.3. Survey & Recognition Phase

Being part of Forensics Initialization/Evidence Collection activities, this phase comprises the following steps.
i  
Identifying potential sources of evidences at crime scene.
ii 
Preserving potential sources of evidences from contamination, to avoid raising integrity issues.
iii
Formulating acquisition plan keeping in view the potential sources of evidence.

5.4. Acquisition Phase

Being part of Forensics Initialization/Evidence Collection activities, this phase comprises the following steps.
i  
Collecting evidences from potential sources.
ii 
If potential source is assumed to contain privileged information (encrypted or privacy data), filtering of source is to be carried out and its acquisition is to be carried out as per latest legislation/local laws e.g., obtain legal permission/warrant, if applicable, to collect evidence from said device (same may be added in Preparation and Readiness Phase). However, if legal permission/warrant is not available, evidences can not be collected from concerned sources.
iii
Ensuring integrity of evidence during acquisition of evidence from concerned sources.
iv 
Documenting each activity being performed on Evidence, to ensure maintenance of Chain of Custody of evidences.

5.5. Preservation Phase

Being part of Forensics Initialization/Evidence Collection activities, this phase comprises the following steps.
i  
Maintaining multiple copies of digital evidence and ensuring their integrity as per the latest legislation/local laws.
ii 
If privileged information (having encrypted or privacy data) is encountered during Acquisition Phase, then its preservation is to be carried out as per latest legislation/local laws, e.g., keeping evidence carrying privileged data, separate. If compliance to regulatory requirements is not possible due to technical limitations, it cannot be preserved/further processed.
iii
Ensuring appropriate labeling and packaging of evidence, to facilitate investigators in next phases.
iv
Ensuring safe transportation of evidence to avoid compromise of integrity during transportation.
v  
Ensuring safe storage of evidence to avoid compromise of its integrity.
vi 
Documenting each activity that is performed on evidence for the maintenance of the chain of custody.

5.6. Examination Phase

Being part of Forensic Investigation activities, this phase comprises the following steps.
Examining and extraction of information from evidences by forensic experts.
ii
Documenting each activity being performed on Evidence, for maintenance of Chain of Custody.

5.7. Analysis Phase

Being part of Forensic Investigation activities, this phase comprises the following steps.
Technical review of results of examination and reconstruction of cyber crime by investigators, to reach a conclusion as to what actually happened at the crime scene.
ii
Generating various hypothesis based on results.
Depending upon the type of evidence, requirement of forensic investigators, nature of investigation process, time constraints or any other compulsion, Analysis Phase may precede Examination Phase.

5.8. Information Sharing Phase

i
Being part of Forensics Investigation activities, this phase comprises sharing of information between law enforcement agencies, to obtain comprehensive criminal profile of the suspect/suspected activities.

5.9. Presentation Phase

Being part of reporting activities, this phase comprises following steps.
i  
Preparation of report carrying summary of investigation process and conclusions drawn during the investigation process. This report should use words and terms which can easily be understood by the court of concerned authority.
ii 
Testify before a court of law or concerned authority.
iii
Presenting proofs to defend the conclusions drawn during the investigation process.

5.10. Results Phase

Being part of Reactive/Review activities, this phase comprises the following steps.
i  
Documenting the result of presentation phase for future reference.
ii 
Archiving of the investigation process for future reference.
iii
Sharing of investigations with the concerned authorities to facilitate them in updating procedures and records.

5.11. Review Phase

Being part of Reactive/Review activities, this phase comprises the following steps.
Analysis of the investigation process and results to improve the investigation process for future use.
ii
Appropriate disposal of evidence, ensuring privacy, intellectual property rights, business secrets.

6. Findings/Discussion

The proposed model ensures a highly scientific and well-structured digital forensic investigations, which outperforms all existing notable models/frameworks (discussed in Section 3). Moreover, it also ensures compliance to various regulatory/legal requirements.
Summary of comparison of existing digital forensics models/frameworks with 11 phases of the proposed All-Inclusive Digital Forensics Process Model along with steps of each phase, is shown in Table 3 (only paragraph numbers of phases discussed in Section 5 have been referred in the top row of the table). The shortfalls of each of the previous models can be seen in this table, and none of the previous models/framework and approach meets all the phases/steps of the model proposed in this paper.
Table 3. Comparison-Proposed All-Inclusive Digital Forensics Process Model with Previous Models.
A detailed comparison is drawn in following paragraphs between the proposed model and the 2013 models of ESDFIM and HEIM, which address the limitations of earlier models.

6.1. Comparison with ESDFIM

ESDFIM meets most of the phases and steps of the proposed model. However, the proposed model outperforms it in the following.
  • ESDFIM misses the step regarding awareness of the incident and investigation amongst the investigators and the entire organization, and issuance of notification regarding start of investigation process, as included in Preparation and Readiness Phase of proposed model.
  • ESDFIM does not include the requirement to formulate an acquisition plan after identifying the potential sources of evidence at the crime scene. With the latest development in computing technologies and widespread adoption of technical gadgetry in daily life, investigators need to formulate an acquisition plan after the survey of crime scene, to cater for new devices which may not have been planned earlier. The same is covered in Survey & Recognition Phase of the proposed model.
  • ESDFIM is silent on handling of privileged information expected to be contained in potential source, as included in the Acquisition Phase of the proposed model. This has emerged as a critical requirement in the context of latest privacy-related standards and laws like GDPR, CCPA and CPRA (discussed in Section 3.5.2).
  • ESDFIM specifies the need to maintain the chain of custody when collecting evidence, yet it fails to guarantee this during transportation. This aspect is addressed in the Preservation Phase of the proposed model.
  • ESDFIM does not specify the requirement of sharing the results of investigations with other investigating bodies. Keeping in view the fast evolving nature of technologies, sharing of investigation results amongst investigation community can be of great benefit. Same has been covered in the Result Phase of the proposed model.
  • ESDFIM does not specify the disposal of evidence after completion of the investigation process. Since some of the evidence can contain privileged information (related to privacy, proprietary or business secrets etc), its secure disposal is a critical issue with legal bindings. The same has been covered in the Review Phase of the proposed model.

6.2. Comparison with HEIM

HEIM generally has similar steps as that of the proposed model, but phases and sequence of steps are not consistent with the proposed model. The proposed model outperforms HEIM in the following.
  • HEIM does not include numerous important steps of Preparation & Readiness Phases of the proposed model including initial assessment of expected crime scene, planning and strategy to carry out investigation, ensuring requisite capabilities with investigators to deal with booby traps and remote interference with potential evidence and awareness about investigation within organization.
  • Similar to ESDFIM, HEIM does not explicitly mandate the creation of an acquisition plan after determining potential evidence sources at a crime scene. This aspect is addressed in the Survey & Recognition phase of the proposed model.
  • Similar to ESDFIM, HEIM does not address how to manage privileged information likely to be present in potential sources, as outlined in the Acquisition and Preservation phases of the proposed model.
  • HEIM neither spells out the requirement to ensure integrity of evidence nor asks for maintenance of Chain of Custody in any step, which are a mandatory requirement and mentioned in the proposed model.
  • Obtaining and maintaining multiple copies of digital evidence are critical requirements in any forensic investigation process. HEIM does not include these steps. Same is covered in Preservation Phase of the proposed model.
  • Examination and analysis are two distinct activities, former to be carried out at crime scene and latter to be done under laboratory environments. HEIM has combined these activities into examination step. Moreover, reconstruction of crime also falls part of Analysis but HEIM has included it in conclusion step.
  • Sharing of forensic investigation activities with law enforcement agencies to obtain criminal profile of suspect mentioned in Information Sharing Phase of the proposed model, is missing on HEIM.
  • Similar to ESDFIM, HEIM does not specify the disposal of evidence after the completion of the investigation process. The same has been covered in the Review Phase of the proposed model.

7. Conclusions

The evolution of digital forensics has followed an inconsistent path, closely tied to the development of computing technologies and their misuse trends. This paper analyzes prominent digital forensics models from the last two decades, identifying their shortcomings concerning the latest standards and regulatory/legal requirements. To address these gaps, the article proposes an all-inclusive digital forensics process model that aligns with international standards and the needs of the law enforcement community. However, despite the advancements in digital forensics, existing models, standards, and tools are not fully equipped to handle the latest developments in computing technologies, such as cloud computing, IoT, Cyber Physical System (CPS), blockchain, and cryptocurrency. Emerging dimensions like cloud forensics and IoT forensics require the development of relevant standards, tools, and techniques to effectively address the challenges posed by these technologies. Encryption and privacy have become critical challenges for digital forensics and remain major hurdles to overcome. The research community is actively working on developing appropriate digital forensics techniques and frameworks to address these challenges. In conclusion, digital forensics continues to evolve, driven by advancements in technology and the changing landscape of cybercrimes. Addressing the complexities brought about by new computing technologies, ensuring privacy, and handling encryption present ongoing research challenges for the digital forensics community.

Author Contributions

Conceptualization, M.S.Z., B.A. and S.T.; methodology, M.S.Z., B.A. and S.T.; investigation, M.S.Z., B.A., I.R. and F.K.; resources, B.A. and I.R.; writing—original draft preparation, M.S.Z.; writing—review and editing, B.A., S.T. and F.K.; visualization, M.S.Z., I.R. and F.K.; supervision, B.A., S.T. and I.R.; project administration, B.A. and I.R. All authors have read and agreed to the published version of the manuscript.

Funding

The authors did not receive support from any organization for the submitted work.

Data Availability Statement

No datasets were generated or analyzed during the current study.

Conflicts of Interest

The authors have no competing interests to declare that are relevant to the content of this article.

Correction Statement

This article has been republished with a minor correction to the document type. This change does not affect the scientific content of the article.

References

  1. Digital Forensics; Technical Report; Computer Security Resource Center: Gaithersburg, MD, USA, 2017.
  2. Kent, K.; Chevalier, S.; Grance, T. Guide to integrating forensic techniques into incident. In Guide to Integrating Forensic Techniques into Incident Response 800-86; NIST: Gaithersburg, MD, USA, 2006. [Google Scholar]
  3. Palmer, G.L. Forensic analysis in the Digital World. Int. J. Digit. Evid. 2002, 1, 1–6. [Google Scholar]
  4. Rohatgi, S.; Shrivastava, S. Combating Cybercrimes with Digital Forensics. In Advancements in Cybercrime Investigation and Digital Forensics; Apple Academic Press: Palm Bay, FL, USA, 2024; pp. 97–113. [Google Scholar]
  5. Goldstine, H.H.; Goldstine, A. The electronic numerical integrator and computer (eniac). Math. Tables Other Aids Comput. 1946, 2, 97–110. [Google Scholar] [CrossRef][Green Version]
  6. Brinkman, W.F.; Haggan, D.E.; Troutman, W.W. A history of the invention of the transistor and where it will lead us. IEEE J. Solid State Circuits 1997, 32, 1858–1865. [Google Scholar] [CrossRef]
  7. Pollitt, M. A history of digital forensics. In Proceedings of the IFIP International Conference on Digital Forensics, Hong Kong, China, 4–6 January 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 3–15. [Google Scholar]
  8. McPherson, S.S. Tim Berners-Lee: Inventor of the World Wide Web; Twenty-First Century Books, The Rosen Publishing Group, Inc.: New York, NY, USA, 2009. [Google Scholar]
  9. Porterfield, J. Tim Berners-Lee; The Rosen Publishing Group, Inc.: New York, NY, USA, 2015. [Google Scholar]
  10. Saxena, A.N. Invention of Integrated Circuits: Untold Important Facts; World Scientific: Singapore, 2009. [Google Scholar]
  11. Schulz, M. The end of the road for silicon? Nature 1999, 399, 729–730. [Google Scholar] [CrossRef]
  12. Betker, M.R.; Fernando, J.S.; Whalen, S.P. The history of the microprocessor. Bell Labs Tech. J. 1997, 2, 29–56. [Google Scholar] [CrossRef]
  13. Bardini, T. Bootstrapping: Douglas Engelbart, Coevolution, and the Origins of Personal Computing; Stanford University Press: Redwood City, CA, USA, 2000. [Google Scholar]
  14. Mims, F.M., III. The tenth anniversary of the Altair 8800. Comput. Electron. 1985, 23, 58–82. [Google Scholar]
  15. Green, S. Apple; Bellwether Media: Hopkins, MN, USA, 2015. [Google Scholar]
  16. Bride, E. The IBM Personal Computer: A Software-Driven Market. Computer 2011, 44, 34–39. [Google Scholar] [CrossRef]
  17. Leiner, B.M.; Cerf, V.G.; Clark, D.D.; Kahn, R.E.; Kleinrock, L.; Lynch, D.C.; Postel, J.; Roberts, L.G.; Wolff, S.S. The past and future history of the Internet. Commun. ACM 1997, 40, 102–108. [Google Scholar] [CrossRef]
  18. Berners-Lee, T.; Cailliau, R.; Luotonen, A.; Nielsen, H.F.; Secret, A. The world-wide web. Commun. ACM 1994, 37, 76–82. [Google Scholar] [CrossRef]
  19. Max Roser, H.R.; Ortiz-Ospina, E. Internet. Our World in Data. 2015. Available online: https://ourworldindata.org/internet (accessed on 26 June 2024).
  20. Zeadally, S.; Siddiqui, F.; Baig, Z. 25 years of bluetooth technology. Future Internet 2019, 11, 194. [Google Scholar] [CrossRef]
  21. Thomas, J. The History of WiFi. Available online: https://purple.ai/blogs/history-wifi/ (accessed on 25 May 2014).
  22. Dahlman, E.; Parkvall, S.; Skold, J.; Beming, P. 3G Evolution: HSPA and LTE for Mobile Broadband; Academic Press: Cambridge, MA, USA, 2010. [Google Scholar]
  23. Yu, A. USB Flash Disks: Say Goodbye to Floppy Disks. Available online: https://www.cityu.edu.hk/its/news/2003/12/31/usb-flash-disks-say-goodbye-floppy-disks (accessed on 10 December 2003).
  24. Kim, J.; Baratto, R.A.; Nieh, J. pTHINC: A thin-client architecture for mobile wireless web. In Proceedings of the 15th International Conference on World Wide Web, Scotland, UK, 23–26 May 2006; pp. 143–152. [Google Scholar]
  25. Murugesan, S. Understanding Web 2.0. IT Prof. 2007, 9, 34–41. [Google Scholar] [CrossRef]
  26. Shahid, M.; Ahmad, B.; Khan, M.R. English Language Learners as Digital Content Creators: An Exploration of Social Networking on the Perceived Development of Language Skills. Comput. Assist. Lang. Learn. Electron. J. 2024, 25, 46–63. [Google Scholar]
  27. Etemadi, M.; Abkenar, S.B.; Ahmadzadeh, A.; Kashani, M.H.; Asghari, P.; Akbari, M.; Mahdipour, E. A systematic review of healthcare recommender systems: Open issues, challenges, and techniques. Expert Syst. Appl. 2023, 213, 118823. [Google Scholar] [CrossRef]
  28. Satyanarayanan, M. A brief history of cloud offload: A personal journey from odyssey through cyber foraging to cloudlets. Getmobile Mob. Comput. Commun. 2015, 18, 19–23. [Google Scholar] [CrossRef]
  29. Wang, L.; Von Laszewski, G.; Younge, A.; He, X.; Kunze, M.; Tao, J.; Fu, C. Cloud computing: A perspective study. New Gener. Comput. 2010, 28, 137–146. [Google Scholar] [CrossRef]
  30. Zareen, M.S.; Tariq, M. Internet of things (IoT): The next paradigm shift but whats the delay? In Proceedings of the 17th IEEE International Multi Topic Conference 2014, Karachi, Pakistan, 8–10 December 2014; IEEE: New York, NY, USA, 2014; pp. 143–148. [Google Scholar]
  31. Carton, B.; Mongardini, J.; Li, Y. Smartphones Drive New Global Tech Cycle, but Is Demand Peaking? Available online: https://blogs.imf.org/2018/02/08/smartphones-drive-new-global-tech-cycle-but-is-demand-peaking/ (accessed on 8 February 2018).
  32. Guevarra, L.M. E-Commerce: The Past, Present, and Future. Available online: https://www.spiralytics.com/blog/past-present-future-ecommerce/ (accessed on 6 September 2018).
  33. Nofer, M.; Gomber, P.; Hinz, O.; Schiereck, D. Blockchain. Bus. Inf. Syst. Eng. 2017, 59, 183–187. [Google Scholar] [CrossRef]
  34. Makhdoom, I.; Abolhasan, M.; Abbas, H.; Ni, W. Blockchain’s adoption in IoT: The challenges, and a way forward. J. Netw. Comput. Appl. 2019, 125, 251–279. [Google Scholar] [CrossRef]
  35. Gartner. Gartner Forecasts Global Devices Installed Base to Reach 6.2 Billion Units in 2021 Gartner Forecasts Global Devices Installed Base to Reach 6.2 Billion Units in 2021. Available online: https://www.gartner.com/en/newsroom/press-releases/2021-04-01-gartner-forecasts-global-devices-installed-base-to-reach-6-2-billion-units-in-2021 (accessed on 1 April 2021).
  36. Whitcomb, C.M. An historical perspective of digital evidence: A forensic scientist’s view. Int. J. Digit. Evid. 2002, 1, 7–15. [Google Scholar]
  37. Nelson, B.; Phillips, A.; Steuart, C. Guide to Computer Forensics and Investigations; Cengage Learning: Boston, MA, USA, 2014. [Google Scholar]
  38. Sommer, P. The future for the policing of cybercrime. Comput. Fraud. Secur. 2004, 2004, 8–12. [Google Scholar] [CrossRef]
  39. About the High Technology Crime Investigation Association (HTCIA). Available online: https://htcia.org/about/ (accessed on 21 August 2024).
  40. Department of Homeland Security United States Secret Service. US Secret Service (USSS) Electronic Crimes Special Agent Program (ECSAP) Directives, 2010–2015. Available online: https://www.governmentattic.org/35docs/USSSecsapd_2010-2015.pdf (accessed on 14 December 2018).
  41. Seized Computer Evidence Recovery Specialist. Available online: https://www.fletc.gov/seized-computer-evidence-recovery-specialist (accessed on 23 May 2024).
  42. Jaishankar, K. Cyber victimology: A new sub-discipline of the twenty-first century victimology. In An International Perspective on Contemporary Developments in Victimology: A Festschrift in Honor of Marc Groenhuijsen; Springer: Berlin/Heidelberg, Germany, 2020; pp. 3–19. [Google Scholar]
  43. IACIS History. Available online: https://www.iacis.com/about/history/ (accessed on 28 February 2024).
  44. Collier, P.A.; Spaul, B.J. A forensic methodology for countering computer crime. Artif. Intell. Rev. 1992, 6, 203–215. [Google Scholar] [CrossRef]
  45. Stoll, C. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage; Simon and Schuster: New York, NY, USA, 2005. [Google Scholar]
  46. Garfinkel, S.L. Digital forensics research: The next 10 years. Digit. Investig. 2010, 7, S64–S73. [Google Scholar] [CrossRef]
  47. Noblett, M.G.; Pollitt, M.M.; Presley, L.A. Recovering and examining computer forensic evidence. Forensic Sci. Commun. 2000, 2, 1–13. [Google Scholar]
  48. Snyder, K.V. The Development of Current Digital Forensics Policies and Federal Legislation. Ph.D. Thesis, University of Colorado at Denver, Denver, CO, USA, 2021. [Google Scholar]
  49. Pollitt, M.M. The very brief history of digital evidence standards. In Proceedings of the Working Conference on Integrity and Internal Control in Information Systems, Bonn, Germany, 11–12 November 2002; Springer: Berlin/Heidelberg, Germany, 2002; pp. 137–143. [Google Scholar]
  50. Citeseer. Report on Digital Evidence. In Proceedings of the 13th INTERPOL Forensic Science Symposium, Lyon, France, 16–19 October 2001. [Google Scholar]
  51. Horsman, G. ACPO principles for digital evidence: Time for an update? Forensic Sci. Int. Rep. 2020, 2, 100076. [Google Scholar] [CrossRef]
  52. About Us. Available online: https://www.npcc.police.uk/About-Us/about-us/ (accessed on 26 September 2024).
  53. National Institute of Justice. Technical Working Group for Electronic Crime Scene Investigation. In Electronic Crime Scene Investigation: A Guide for First Responders; US Department of Justice, National Institute of Justice (U.S.): Washington, DC, USA, 2001. [Google Scholar]
  54. European Committee on Crime Problems (CDPC) Bureau (CDPC-BU)-Strasbourg, 21–22 November 1996, Meeitng Report. Available online: https://rm.coe.int/09000016804d6d2d (accessed on 25 November 2023).
  55. SWGDE. Digital Evidence: Standards and Principles Scientific Working Group on Digital Evidence (SWGDE) International Organization on Digital Evidence (IOCE). Available online: https://archives.fbi.gov/archives/about-us/lab/forensic-science-communications/fsc/april2000/swgde.htm (accessed on 23 October 1999).
  56. FSAB. About the FSAB. Available online: http://thefsab.org (accessed on 24 January 2024).
  57. Jones, G.R. Forensic Accreditation Board: An Accreditation Program for Forensic Specialty Programs. Available online: https://nij.ojp.gov/library/publications/forensic-accreditation-board-accreditation-program-forensic-specialty-programs (accessed on 3 December 2003).
  58. Sanju. F.A.C.T. (The Forensic Association of Computer Technologists). Available online: https://www.hiox.org/3300-fact.php (accessed on 28 May 2024).
  59. ASCLD/LAB. Guidelines for Forensics Laboratory Management Practices; Technical Report; American Society of Crime Laboratory Directors (ASCLD): Garner, NC, USA, 1994. [Google Scholar]
  60. Computer Technology Investigators Network. Available online: https://ctin.org (accessed on 12 July 2024).
  61. Specht, J. The Origins and Evolution of DC3; Technical Report; Office of Special Investgations: Quantico, VA, USA, 2020. [Google Scholar]
  62. DC3 HISTORY. Available online: https://www.dc3.mil/About-DC3/History/ (accessed on 12 June 2023).
  63. DC3 Chronological History. Available online: https://www.dc3.mil/Portals/100/Documents/DC3/DC3_Home/About_History/History (accessed on 28 May 2019).
  64. SafeBack3.0. Available online: http://www.forensics-intl.com/safeback.html (accessed on 15 April 2023).
  65. EnCase Forensic. Available online: https://security.opentext.com/encase-forensic (accessed on 25 April 2023).
  66. Jones, G.M.; Winster, S.G. An Insight into Digital Forensics: History, Frameworks, Types and Tools; Cyber Security and Digital Forensics: Hoboken, NJ, USA, 2022; pp. 105–125. [Google Scholar]
  67. Pollitt, M.M. Principles, practices, and procedures: An approach to standards in computer forensics. In Proceedings of the Second International Conference on Computer Evidence, Montreal, QC, Canada, 14–16 August 1995; pp. 10–15. [Google Scholar]
  68. Stoyanova, M.; Nikoloudakis, Y.; Panagiotakis, S.; Pallis, E.; Markakis, E.K. A survey on the internet of things (IoT) forensics: Challenges, approaches, and open issues. IEEE Commun. Surv. Tutorials 2020, 22, 1191–1221. [Google Scholar] [CrossRef]
  69. Palmer, G. A road map for digital forensic research. In Proceedings of the First Digital Forensic Research Workshop, Utica, NY, USA, 7–8 August 2001; pp. 27–30. [Google Scholar]
  70. About Us. Available online: https://dfrws.org/about-us/ (accessed on 26 April 2023).
  71. Brill, A.E.; Pollitt, M.; Morgan Whitcomb, C. The evolution of computer forensic best practices: An update on programs and publications. J. Digit. Forensic Pract. 2006, 1, 3–11. [Google Scholar] [CrossRef]
  72. NIST. National Software Reference Library (NSRL). Available online: https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl (accessed on 18 November 2019).
  73. ITL History Timeline 1950-Present. Available online: https://www.nist.gov/itl/about-itl/itl-history-timeline (accessed on 18 August 2020).
  74. NIST. Computer Forensics Tool Testing Program (CFTT). Available online: https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt (accessed on 15 November 2019).
  75. IFIP. Factsheet WG 11.9 Digital Forensics; Technical Report; International Federation for Information Processing: Laxenburg, Austria, 2006. [Google Scholar]
  76. Kruse, W.G., II; Heiser, J.G. Computer Forensics: Incident Response Essentials; Pearson Education: Quarry Bay, Hong Kong, 2001. [Google Scholar]
  77. Reith, M.; Carr, C.; Gunsch, G. An examination of digital forensic models. Int. J. Digit. Evid. 2002, 1, 1–12. [Google Scholar]
  78. Carrier, B.; Spafford, E.H. Getting physical with the digital investigation process. Int. J. Digit. Evid. 2003, 2, 1–20. [Google Scholar]
  79. Carrier, B.; Spafford, E. An event-based digital forensic investigation framework. In Digital Investigation; Center for Education and Research in Information Assurance and Security: West Lafayette, IN, USA, 2004. [Google Scholar]
  80. Baryamureeba, V.; Tushabe, F. The enhanced digital investigation process model. In Proceedings of the Digital Forensic Research Conference, Baltimore, MD, USA, 11–13 August 2004. [Google Scholar]
  81. Mohay, G.M. Computer and Intrusion Forensics; Artech House: Norwood, MA, USA, 2003. [Google Scholar]
  82. Ciardhuáin, S.Ó. An Extended Model of Cybercrime Investigations. Int. J. Digit. Evid. 2004, 3, 1–22. [Google Scholar]
  83. Rogers, M.K.; Goldman, J.; Mislan, R.; Wedge, T.; Debrota, S. Computer forensics field triage process model. J. Digit. Forensics Secur. Law 2006, 1, 2. [Google Scholar] [CrossRef]
  84. Freiling, F.C.; Schwittay, B. A common process model for incident response and computer forensics. In IMF 2007: IT-Incident Management & IT-Forensics; Bastian Schwittay Symantec (Deutschland) GmbH: Gelsenkirchen, Germany, 2007. [Google Scholar]
  85. Perumal, S. Digital Forensic Model based on Malaysian Investigation Process. Int. J. Comput. Sci. Netw. Secur. 2009, 9, 38–44. [Google Scholar]
  86. OpenText Security Overview. Available online: https://security.opentext.com (accessed on 25 April 2023).
  87. Sommer, P. Forensic science standards in fast-changing environments. Sci. Justice 2010, 50, 12–17. [Google Scholar] [CrossRef] [PubMed]
  88. Wiki, F. Helix LiveCD. Available online: https://forensics.fandom.com/wiki/Helix_LiveCD (accessed on 25 April 2023).
  89. History of The Sleuthkit. Available online: http://www.sleuthkit.org/sleuthkit/history.php (accessed on 25 April 2023).
  90. Sleuthkit/Sleuthkit. Available online: https://github.com/sleuthkit/sleuthkit/releases?after=sleuthkit-3.1.2 (accessed on 25 April 2023).
  91. Sleuthkit/Autopsy. Available online: https://github.com/sleuthkit/autopsy/releases?after=autopsy-3.0.0 (accessed on 25 April 2023).
  92. History of Autopsy. Available online: http://www.sleuthkit.org/autopsy/history.php (accessed on 25 April 2023).
  93. Daniel, L.E.; Daniel, L.E. Chapter 5-Overview of Digital Forensics Tools. In Digital Forensics for Legal Professionals; Daniel, L.E., Daniel, L.E., Eds.; Syngress: Boston, MA, USA, 2012; pp. 33–39. [Google Scholar] [CrossRef]
  94. Rothstein, B.J.; Hedges, R.J.; Wiggins, E.C. Managing Discovery of Electronic Information: A Pocket Guide for Judges; Federal Judicial Center Publication: Ottawa, ON, Canada, 2007. [Google Scholar]
  95. Reporting from the EDRM Mid-Year Meeting-CloudNine. Available online: https://cloudnine.com/ediscoverydaily/electronic-discovery/reporting-from-the-edrm-mid-year-meeting/ (accessed on 24 August 2021).
  96. EDRM Model|EDRM. Available online: https://edrm.net/edrm-model/ (accessed on 18 August 2021).
  97. Billard, D. An extended model for e-discovery operations. In Proceedings of the IFIP International Conference on Digital Forensics, Orlando, FL, USA, 26–28 January 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 277–287. [Google Scholar]
  98. Conrad, J.G. E-Discovery revisited: The need for artificial intelligence beyond information retrieval. Artif. Intell. Law 2010, 18, 321–345. [Google Scholar] [CrossRef]
  99. Conrad, J.G. E-Discovery Revisited: A Broader Perspective for Ir Researchers; Research & Development Thomson Legal & Regulatory: St. Paul, MN, USA, 2007. [Google Scholar]
  100. Grobler, C.; Louwrens, C.; von Solms, S.H. A multi-component view of digital forensics. In Proceedings of the 2010 International Conference on Availability, Reliability and Security, Krakow, Poland, 15–18 February 2010; IEEE: New York, NY, USA, 2010; pp. 647–652. [Google Scholar]
  101. Alharbi, S.; Weber-Jahnke, J.; Traore, I. The proactive and reactive digital forensics investigation process: A systematic literature review. In Proceedings of the International Conference on Information Security and Assurance, Brno, Czech Republic, 15–17 August 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 87–100. [Google Scholar]
  102. Agarwal, A.; Gupta, M.; Gupta, S.; Gupta, S.C. Systematic digital forensic investigation model. Int. J. Comput. Sci. Secur. (IJCSS) 2011, 5, 118–131. [Google Scholar]
  103. National Institute of Justice; U.S. Department of Justice. Forensic Examination of Digital Evidence: A Guide for Law Enforcement; Technical Report; U.S. Department of Justice: Washington, DC, USA, 2004.
  104. Kyei, K.; Zavarsky, P.; Lindskog, D.; Ruhl, R. A review and comparative study of digital forensic investigation models. In Proceedings of the International Conference on Digital Forensics and Cyber Crime, Lafayette, IN, USA, 25–26 October 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 314–327. [Google Scholar]
  105. Ademu, I.O.; Imafidon, C.O.; Preston, D.S. A new approach of digital forensic model for digital forensic investigation. Int. J. Adv. Comput. Sci. Appl. 2011, 2, 175–178. [Google Scholar]
  106. Martini, B.; Choo, K.K.R. An integrated conceptual digital forensic framework for cloud computing. Digit. Investig. 2012, 9, 71–80. [Google Scholar] [CrossRef]
  107. Vlachopoulos, K.; Magkos, E.; Chrissikopoulos, V. A model for hybrid evidence investigation. Int. J. Digit. Crime Forensics (IJDCF) 2012, 4, 47–62. [Google Scholar] [CrossRef]
  108. Kohn, M.D.; Eloff, M.M.; Eloff, J.H. Integrated digital forensic process model. Comput. Secur. 2013, 38, 103–115. [Google Scholar] [CrossRef]
  109. Lee, J.; Hong, D. Pervasive forensic analysis based on mobile cloud computing. In Proceedings of the 2011 Third International Conference on Multimedia Information Networking and Security, Shanghai, China, 4–6 November 2011; IEEE: New York, NY, USA, 2011; pp. 572–576. [Google Scholar]
  110. Pilli, E.S.; Joshi, R.; Niyogi, R. A generic framework for network forensics. Int. J. Comput. Appl. 2010, 1, 11. [Google Scholar] [CrossRef]
  111. Caviglione, L.; Wendzel, S.; Mazurczyk, W. The future of digital forensics: Challenges and the road ahead. IEEE Secur. Priv. 2017, 15, 12–17. [Google Scholar] [CrossRef]
  112. Herman, M.; Iorga, M.; Salim, A.M.; Jackson, R.H.; Hurst, M.R.; Leo, R.; Lee, R.; Landreville, N.M.; Mishra, A.K.; Wang, Y.; et al. NIST Cloud Computing Forensic Science Challenges; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2020; pp. 10–70.
  113. Zareen, M.S.; Waqar, A.; Aslam, B. Digital forensics: Latest challenges and response. In Proceedings of the 2013 2nd National Conference on Information Assurance (NCIA), Rawalpindi, Pakistan, 11–12 December 2013; IEEE: New York, NY, USA, 2013; pp. 21–29. [Google Scholar]
  114. Alex, M.E.; Kishore, R. Forensics framework for cloud computing. Comput. Electr. Eng. 2017, 60, 193–205. [Google Scholar] [CrossRef]
  115. Khan, A.A.; Shaikh, A.A.; Laghari, A.A.; Rind, M.M. Cloud forensics and digital ledger investigation: A new era of forensics investigation. Int. J. Electron. Secur. Digit. Forensics 2023, 15, 1–23. [Google Scholar] [CrossRef]
  116. Zhang, W.E.; Sheng, Q.Z.; Mahmood, A.; Tran, D.H.; Zaib, M.; Hamad, S.A.; Aljubairy, A.; Alhazmi, A.A.F.; Sagar, S.; Ma, C. The 10 Research Topics in the Internet of Things. In Proceedings of the 2020 IEEE 6th International Conference on Collaboration and Internet Computing (CIC), Atlanta, GA, USA, 1–3 December 2020; pp. 34–43. [Google Scholar] [CrossRef]
  117. Ryan, P.J.; Watson, R.B. Research Challenges for the Internet of Things: What Role Can or Play? Systems 2017, 5, 24. [Google Scholar] [CrossRef]
  118. Alenezi, A.; Atlam, H.; Alsagri, R.; Alassafi, M.; Wills, G. IoT forensics: A state-of-the-art review, callenges and future directions. In Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019), Heraklion, Greece, 2–4 May 2019. [Google Scholar]
  119. Oriwoh, E.; Jazani, D.; Epiphaniou, G.; Sant, P. Internet of Things Forensics: Challenges and approaches. In Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Austin, TX, USA, 20–23 October 2013; pp. 608–615. [Google Scholar] [CrossRef]
  120. Janarthanan, T.; Bagheri, M.; Zargari, S. IoT Forensics: An Overview of the Current Issues and Challenges. In Digital Forensic Investigation of Internet of Things (IoT) Devices; Montasari, R., Jahankhani, H., Hill, R., Parkinson, S., Eds.; Springer International Publishing: Cham, Switzerland, 2021; pp. 223–254. [Google Scholar] [CrossRef]
  121. Do, Q.; Martini, B.; Choo, K.K.R. Cyber-physical systems information gathering: A smart home case study. Comput. Netw. 2018, 138, 1–12. [Google Scholar] [CrossRef]
  122. Awasthi, A.; Read, H.O.; Xynos, K.; Sutherland, I. Welcome pwn: Almond smart home hub forensics. Digit. Investig. 2018, 26, S38–S46. [Google Scholar] [CrossRef]
  123. Dorai, G.; Houshmand, S.; Baggili, I. I know what you did last summer: Your smart home Internet of Things and your iPhone forensically ratting you out. In Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany, 27–30 August 2018; pp. 1–10. [Google Scholar]
  124. Guidelines on Mobile Device Forensics. Available online: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-101r1.pdf (accessed on 14 September 2024).
  125. Tamma, R.; Skulkin, O.; Mahalik, H.; Bommisetty, S. Practical Mobile Forensics: Forensically Investigate and Analyze IOS, Android, and Windows 10 Devices; Packt Publishing: Birmingham, UK, 2020. [Google Scholar]
  126. BlackBerry 10 and BlackBerry OS Services FAQ—End of Life. Available online: https://www.blackberry.com/us/en/support/devices/end-of-life (accessed on 24 September 2024).
  127. Fernando, V. Cyber Forensics Tools: A Review on Mechanism and Emerging Challenges. In Proceedings of the 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 19–21 April 2021; IEEE: New York, NY, USA, 2021; pp. 1–7. [Google Scholar]
  128. Lwin, H.H.; Aung, W.P.; Lin, K.K. Comparative analysis of Android mobile forensics tools. In Proceedings of the 2020 IEEE Conference on Computer Applications (ICCA), Yangon, Myanmar, 27–28 February 2020; IEEE: New York, NY, USA, 2020; pp. 1–6. [Google Scholar]
  129. Al-Dhaqm, A.; Abd Razak, S.; Ikuesan, R.A.; Kebande, V.R.; Siddique, K. A review of mobile forensic investigation process models. IEEE Access 2020, 8, 173359–173375. [Google Scholar] [CrossRef]
  130. ISO/IEC. ISO/IEC 29100:2024; Information Technology–Security Techniques–Privacy Framework. International Organization for Standardization and International Electrotechnical Commission: Geneva, Switzerland, 2024. Available online: https://www.iso.org/standard/85938.html (accessed on 11 October 2024).
  131. General Data Protection Regulation (GDPR)—Official Legal Text. Available online: https://gdpr-info.eu/ (accessed on 11 December 2021).
  132. CCPA and CPRA—iapp.org. Available online: https://iapp.org/resources/topics/ccpa-and-cpra/ (accessed on 13 November 2021).
  133. Goldman, E. An introduction to the california consumer privacy act (ccpa). In Santa Clara University Legal Studies Research Paper; Santa Clara University: Santa Clara, CA, USA, 2020. [Google Scholar]
  134. Morgenstern, M.; Fähndrich, J.; Honekamp, W. Ontology in the Digital Forensics Domain: A Scoping Review. In Proceedings of the INFORMATIK 2022, Virtual Event, 22–23 November 2022; Demmler, D., Krupka, D., Federrath, H., Eds.; Gesellschaft für Informatik: Bonn, Germany, 2022; pp. 71–80. [Google Scholar] [CrossRef]
  135. Mohammad, R.M. A neural network based digital forensics classification. In Proceedings of the 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA), Aqaba, Jordan, 28 October–1 November 2018; IEEE: New York, NY, USA, 2018; pp. 1–7. [Google Scholar]
  136. Tallón-Ballesteros, A.J.; Riquelme, J.C. Data mining methods applied to a digital forensics task for supervised machine learning. In Computational Intelligence in Digital Forensics: Forensic Investigation and Applications; Springer: Berlin/Heidelberg, Germany, 2014; pp. 413–428. [Google Scholar]
  137. de Andrade Silva, J.; Hruschka, E.R. An experimental study on the use of nearest neighbor-based imputation algorithms for classification tasks. Data Knowl. Eng. 2013, 84, 47–58. [Google Scholar] [CrossRef]
  138. Bhushan, H.H.B.; Florance, S.M. An overview on handling anti forensic issues in android devices using forensic automator tool. In Proceedings of the 2022 IEEE International Conference on Signal Processing, Informatics, Communication and Energy Systems (SPICES), Thiruvananthapuram, India, 10–12 March 2022; IEEE: New York, NY, USA, 2022; Volume 1, pp. 425–430. [Google Scholar]
  139. Zhang, Q.; Yang, L.T.; Chen, Z.; Li, P. A survey on deep learning for big data. Inf. Fusion 2018, 42, 146–157. [Google Scholar] [CrossRef]
  140. Al Neaimi, M.; Al Hamadi, H.; Yeun, C.Y.; Zemerly, M.J. Digital forensic analysis of files using deep learning. In Proceedings of the 2020 3rd International Conference on Signal Processing and Information Security (ICSPIS), Dubai, United Arab Emirates, 25–26 November 2020; IEEE: New York, NY, USA, 2020; pp. 1–4. [Google Scholar]
  141. Krizhevsky, A.; Sutskever, I.; Hinton, G.E. ImageNet classification with deep convolutional neural networks. Commun. ACM 2017, 60, 84–90. [Google Scholar] [CrossRef]
  142. Hasan, R.; Raghav, A.; Mahmood, S.; Hasan, M.A. Artificial intelligence based model for incident response. In Proceedings of the 2011 International Conference on Information Management, Innovation Management and Industrial Engineering, Shenzhen, China, 26–27 November 2011; IEEE: New York, NY, USA, 2011; Volume 3, pp. 91–93. [Google Scholar]
  143. Du, X.; Le, Q.; Scanlon, M. Automated artefact relevancy determination from artefact metadata and associated timeline events. In Proceedings of the 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Dublin, Ireland, 15–19 June 2020; IEEE: New York, NY, USA, 2020; pp. 1–8. [Google Scholar]
  144. Toraskar, T.; Bhangale, U.; Patil, S.; More, N. Efficient computer forensic analysis using machine learning approaches. In Proceedings of the 2019 IEEE Bombay Section Signature Conference (IBSSC), Mumbai, India, 26–28 July 2019; IEEE: New York, NY, USA, 2019; pp. 1–5. [Google Scholar]
  145. Mosli, R.; Li, R.; Yuan, B.; Pan, Y. Automated malware detection using artifacts in forensic memory images. In Proceedings of the 2016 IEEE Symposium on Technologies for Homeland Security (HST), Waltham, MA, USA, 10–11 May 2016; IEEE: New York, NY, USA, 2016; pp. 1–6. [Google Scholar]
  146. Lashkari, A.H.; Li, B.; Carrier, T.L.; Kaur, G. Volmemlyzer: Volatile memory analyzer for malware classification using feature engineering. In Proceedings of the 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS), Hamilton, ON, Canada, 18–19 May 2021; IEEE: New York, NY, USA, 2021; pp. 1–8. [Google Scholar]
  147. Liew, S.P.; Ikeda, S. Detecting adversary using Windows digital artifacts. In Proceedings of the 2019 IEEE International Conference on Big Data (Big Data), Los Angeles, CA, USA, 9–12 December 2019; IEEE: New York, NY, USA, 2019; pp. 3210–3215. [Google Scholar]
  148. Känzig, N.; Meier, R.; Gambazzi, L.; Lenders, V.; Vanbever, L. Machine learninģ-based detection of C&C channels with a focus on the locked shields cyber defense exercise. In Proceedings of the 2019 11th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 28–31 May 2019; IEEE: New York, NY, USA, 2019; Volume 900, pp. 1–19. [Google Scholar]
  149. Ali, R.R.; Mohamad, K.M.B.; Mostafa, S.A.; Zebari, D.A.; Jubair, M.A.; Alouane, M.T.H. A meta-heuristic method for reassemble bifragmented intertwined JPEG image files in digital forensic investigation. IEEE Access 2023, 11, 111789–111800. [Google Scholar] [CrossRef]
  150. Dimitriadis, A.; Lontzetidis, E.; Kulvatunyou, B.; Ivezic, N.; Gritzalis, D.; Mavridis, I. Fronesis: Digital forensics-based early detection of ongoing cyber-attacks. IEEE Access 2022, 11, 728–743. [Google Scholar] [CrossRef]
  151. Tankard, C. Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011, 2011, 16–19. [Google Scholar] [CrossRef]
  152. ISO/IEC 27050-1:2019; Information Technology—Electronic Discovery—Part 1: Overview and Concepts. International Organization for Standardization and International Electrotechnical Commission: Geneva, Switzerland, 2019. Available online: https://www.iso.org/standard/78647.html (accessed on 26 September 2021).
  153. ISO/IEC 27043:2015; Information Technology—Security Techniques—Incident Investigation Principles and Processes. International Organization for Standardization and International Electrotechnical Commission: Geneva, Switzerland, 2015. Available online: https://www.iso.org/standard/44407.html (accessed on 26 September 2024).
  154. SANS Digital Forensics and Incident Response Blog|Consortium of Digital Forensic Specialists Is Launched; Will Focus on Standards and Advocacy|SANS Institute. Available online: https://www.sans.org/blog/consortium-of-digital-forensic-specialists-is-launched-will-focus-on-standards-and-advocacy/ (accessed on 26 September 2024).
  155. CDFS-Advocacy. Available online: https://cdfs.org/advocacy (accessed on 26 September 2024).
  156. Turchi, F.; Giardiello, G. Developing a Judicial Cross-Check System for Case Searching and Correlation Using a Standard for the Evidence. In European Law Enforcement Research Bulletin; CEPOL: Budapest, Hungary, 2023; p. Nr–6. [Google Scholar]
  157. Casey, E.; Back, G.; Barnum, S. Leveraging CybOX™ to standardize representation and exchange of digital forensic information. Digit. Investig. 2015, 12, S102–S110. [Google Scholar] [CrossRef]
  158. Casey, E.; Barnum, S.; Griffith, R.; Snyder, J.; van Beek, H.; Nelson, A. Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language. Digit. Investig. 2017, 22, 14–45. [Google Scholar] [CrossRef] [PubMed]
  159. Jones, J.P.; Getz, A.; Sirk, D. Organization of Scientific Area Committees (OSAC) for Forensic Science. In Encyclopedia of Forensic Sciences, 3rd ed.; Houck, M.M., Ed.; Elsevier: Oxford, UK, 2023; pp. 17–33. [Google Scholar] [CrossRef]
  160. Casey, E.; Barnum, S.; Griffith, R.; Snyder, J.; van Beek, H.; Nelson, A. The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form; Number 39, Handling and Exchanging Electronic Evidence Across Europe; Springer: New York, NY, USA, 2018. [Google Scholar] [CrossRef]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Article Metrics

Citations

Article Access Statistics

Journal Statistics
Multiple requests from the same IP address are counted as one view.
Download PDF
A Coordination Approach to Support Crowdsourced Software-Design Process
Previous
Player Performance Analysis in Table Tennis Through Human Action Recognition
Next