Article Preview
Top1. Introduction
The advancements in information and communication technologies have enormously impacted the information storage and sharing approaches in the current digital world. It provides a simple and cost-effective way of storing, transmitting, and sharing of digital data. Though digital technologies have enhanced the life of an ordinary person, they provide equal opportunities to the anti-social elements to use such technologies for many fraudulent activities. Nowadays, cybercriminals find digital technologies and tools to be most convenient and comfortable way for conducting cybercrimes. As a counter-measure, researchers have proposed various tools and techniques to recover digital data from deleted files, browsing history, cache entries, cookies, and registry in an automated manner to control cybercrimes and speed up the investigation process (Al-Rowaily et al., 2015; Yasin & Abulaish, 2013). A detailed discussion and comparative analysis of various digital forensics frameworks and tools can be found in (Abulaish & Haldar, 2018). Such tools and techniques play an important role and they can be used to analyze digital data and collect digital evidences to serve different spectrum of legal and industry purposes (Hibshi et al., 2011). However, usability and performance consistency are still critical issues, as misunderstanding of manuals and technical advancements may lead to false interpretations in the real-life cases. Moreover, a very few researchers in the area of digital forensics works toward the automation of the investigation process to minimize human effort and investigation time (Gupta, 2013).
Digital forensics is a promising research field, which aims to apply scientific techniques and tools to investigate digital devices of the crime suspects. It uses a number of valid and systematic processes to acquire and validate the digital evidences extracted from the crime-related digital devices. The objective of the digital forensics is to understand and reliably correlate the sequence of crime events supported by the data available in associated digital devices. In 2001, a digital forensic research workshop was initiated to provide a knowledge sharing platform where experts from academia and industries could share their knowledge and experiences related to the digital forensics science. In this venue, Palmer (2001) compiled the definition of digital forensics as “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations”. This is one of the highly popular and accepted definitions in the digital forensics research community. However, Willassen & Mjølsnes (2005) broadened this definition to suit more in the scope of digital forensics by excluding the specific terms such as “criminal events”, “unauthorized actions”, etc. This definition includes various definitions of digital forensics and also includes the commercial investigation forensics analysis (Kohn et al., 2013).
The primary target of digital forensics is to identify crime-related evidences such that an event can be reconstructed. It pursues a proper investigation process to relate digital evidences to establish legal information for judicial process and inspection. Such investigation process follows a number of steps to carry out an appropriate investigation practice. Some of the necessary steps are identification, preparation, collection, analysis, and presentation of findings. Most of the forensic investigation approaches differ in the process of data collection methods. Some methods acquire the full image of a digital device, whereas other extract selective data files in accordance with some practical guidelines (Williams, 2012). Though the investigation phases are almost similar in most of the famous process models, the investigation approaches may differ in some cases. Such disparity may occur due to the varieties in digital devices (mobile forensics, computer forensics, etc.), policies (organizational rules, country-based policies, etc.), and associated data types (email data, image, text, etc.).