Next Article in Journal
Fine Characterization Method of Concrete Internal Cracks Based on Borehole Optical Imaging
Next Article in Special Issue
The Role of Privacy Fatigue in Privacy Paradox: A PSM and Heterogeneity Analysis
Previous Article in Journal
Detection of Mineralization Zones Using Aeromagnetic Data
Previous Article in Special Issue
Blockchain Applications in Agriculture: A Scoping Review
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 12
Issue 18
10.3390/app12189077
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Investigating Proactive Digital Forensics Leveraging Adversary Emulation

Appl. Sci. 2022, 12(18), 9077; https://doi.org/10.3390/app12189077
by Valentine Machaka 1 and Titus Balan 2,*
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3:
Vinayakumar Ravi
Appl. Sci. 2022, 12(18), 9077; https://doi.org/10.3390/app12189077
Submission received: 3 August 2022 / Revised: 4 September 2022 / Accepted: 5 September 2022 / Published: 9 September 2022
(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

Round 1

Reviewer 1 Report

The paper should also discuss which type of forensics can be used in classified systems, some of the presented aspects cannot be applied in military or critical infrastructure systems (isolated). 

Please elaborate on the HIDS system and its reference to desktop, mobile or web clients - it is crucial while discussing possible technologies and strategies for managing the hosts. 

Please specify in form of diagram the relations and responsibilities of used tools and applications - it would help to verify the process and most of all establish the responsibilities of software components. 

The paper has the forma of technical report rather than a research paper there is no research thesis and its argumentation. The paper should present a set of quantifiable features which can be used for the thesis verification and justification. There is no need to present appendixes - the discussion and conclusion should be based on models and obtain experimentation results. 

The discussion should cover real-time scenarios in which the tools and implemented methods, with direct reference to existing similar solutions and if there are none - state that claim. 

For activity (process models) a UML activity diagram should be used - Fig.1 The same remark to Fig.2 which should be formalised as a Deployment or COmponent diagram (more suitable to specify relations between physical deployment environment and software components). 

When describing the attack scenario a sequence or activity diagram could help to clarify the responsibilities of each and every participant (component). 

 The virtualised environment does not refer to a real-world scenario in which we need to collect data from heterogeneous endpoints. The authors did not specify the types of system events that are being used by the decision node. 

 

 

 

Author Response

Dear Reviewer 1,

We would like to express our gratitude for your valuable recommendations and comments that helped us to significantly improve the quality of our paper. Based on the received review comments we have made important changes in the paper, throughout all its sections and we have introduced new details and explanations to better describe our implementations results and contributions.

 

We have carefully revised the manuscript according to the received review reports. In the new uploaded manuscript, we have highlighted the changes in different colors, according to different reviewers' suggestions:

  • Cyan (light blue) for Revision 1.
  • Yellow for Revision 2.
  • Green for Revision 

Point-by-point response to each of your suggestions and comments are included in the attached file. 

Author Response File: Author Response.docx

Reviewer 2 Report

In this research, the researchers put the idea of proactive digital forensics to the test and came to the conclusion that it is a vital tool for ubiquitous and cloud computing environments as a response to the many challenges currently faced.

The text inside Fig 4,5 and 6 are difficult to read.

In this work, the author had initiated a study or investigation but not a proposed model or tool. 

The implementation details of type to type2 hypervisor mentioned in section 4.1 is not clear. Is here, the word 'implemented' means used or untilised?

In section 4.3 also, the authors claiming that they had implemented adversary emulation tools, but not clearly mentioned how they had implemented. Is here, the word 'implemented' means used or untilised?

As this is an analysis and not a design or implemetation there are much limitations in asking questions or asking about the clarity of results. The authors had done some analysis based on available tools.

 

Author Response

Dear Reviewer 2,

We would like to express our gratitude for your valuable recommendations and comments that helped us to significantly improve the quality of our paper. Based on the received review comments we have made important changes in the paper, throughout all its sections and we have introduced new details and explanations to better describe our implementations results and contributions.

We have carefully revised the manuscript according to the received review reports. In the new uploaded manuscript, we have highlighted the changes in different colors, according to different reviewers' suggestions:

  • Cyan (light blue) for Revision 1.
  • Yellow for Revision 2.
  • Green for Revision 

Point-by-point response to each of your suggestions and comments are included in the attached file. 

Author Response File: Author Response.docx

Reviewer 3 Report

1) Authors are suggested to introduce the problem, motivate the problem and summarize the main contributions of the proposed work in detail.

2) In literature survey, instead of summarizing the exsisting paper, it is better to discuss the advatages and limitations

3) At the end of literature survey, discuss the exsisting approach limitations and how the proposed approach overcomes these limitations

4) Comapre the proposed approach with atleast exsisting three works

5) Add the level of trust of the proposed method in conclusion

6) Discuss the proposed method advatages and limitations.

7) Add the future work directions of the proposed method

Author Response

Dear Reviewer 3,

We would like to express our gratitude for your valuable recommendations and comments that helped us to significantly improve the quality of our paper. Based on the received review comments we have made important changes in the paper, throughout all its sections and we have introduced new details and explanations to better describe our implementations results and contributions.

We have carefully revised the manuscript according to the received review reports. In the new uploaded manuscript, we have highlighted the changes in different colors, according to different reviewers' suggestions:

  • Cyan (light blue) for Revision 1.
  • Yellow for Revision 2.
  • Green for Revision 3.

Point-by-point response to each of your suggestions and comments are included in the attached file. 

Author Response File: Author Response.docx

Back to TopTop