Nickson M. Karie

Toward a General Ontology for Digital Forensic Disciplines

Ontologies are widely used in different disciplines as a technique for representing and reasoning about domain knowledge. However, despite the widespread ontology‐related research activities and applications in different disciplines, the development of ontologies and ontology research activities is still wanting in digital forensics. This paper therefore presents the case for establishing an ontology for digital forensic disciplines. Such an ontology would enable better categorization of the digital forensic disciplines, as well as assist in the development of methodologies and specifications that can offer direction in different areas of digital forensics. This includes such areas as professional specialization, certifications, development of digital forensic tools, curricula, and educational materials. In addition, the ontology presented in this paper can be used, for example, to better organize the digital forensic domain knowledge and explicitly describe the disciplines semantics in a common way. Finally, this paper is meant to spark discussions and further research on an internationally agreed ontological distinction of the digital forensic disciplines. Digital forensic disciplines ontology is a novel approach toward organizing the digital forensic domain knowledge and constitutes the main contribution of this paper.

Taxonomy of challenges for digital forensics

Since its inception, over a decade ago, the field of digital forensics has faced numerous challenges. Despite different researchers and digital forensic practitioners having studied and analysed various known digital forensic challenges, as of 2013, there still exists a need for a formal classification of these challenges. This article therefore reviews existing research literature and highlights the various challenges that digital forensics has faced for the last 10 years. In conducting this research study, however, it was difficult for the authors to review all the existing research literature in the digital forensic domain; hence, sampling and randomization techniques were employed to facilitate the review of the gathered literature. Taxonomy of the various challenges is subsequently proposed in this paper based on our review of the literature. The taxonomy classifies the large number of digital forensic challenges into four well‐defined and easily understood categories. The proposed taxonomy can be useful, for example, in future developments of automated digital forensic tools by explicitly describing processes and procedures that focus on addressing specific challenges identified in this paper. However, it should also be noted that the purpose of this paper was not to propose any solutions to the individual challenges that digital forensics face, but to serve as a survey of the state of the art of the research area.

Building Ontologies for Digital Forensic Terminologies

Digital forensics (DF) is a relatively new discipline with a lot of technical and non-technical terminologies that can be hard to comprehend. During a timeintensive digital forensic investigation process, for example, investigators may at times encounter several new terminologies. In such a scenario, the time required to unearth and analyse the root cause of a potential security incident might be influenced by the complexity involved in resolving the meaning of new terminologies encountered. The difficulty lies in the lack of an approach in DF that can help investigators in resolving the meaning of terminologies or even how these terminologies are perceived by individuals especially when used in their domain of expertise. If existing digital forensic tools, for example, were to be designed in such a way as to allow investigators to automatically resolve or incorporate the meaning of new terminologies used or encountered during investigations, then the time required to unearth and analyse the root cause of a security incident might be reduced extensively. The main problem addressed in this paper therefore, is that, there exists no approaches in DF that have the ability to help investigators in reasoning with regard to the perceived meaning of different digital forensic terminologies encountered during a digital forensics investigation process. Existing tools thus needs to incorporate new approaches that can help in resolving or clarifying the meaning of new terminologies used during investigation processes. For this reason, this paper examines the concept of building ontologies for digital forensic terminologies and proposes an ontological approach to resolve the meaning of different digital forensic terminologies. Besides, ontologies are known to provide a form of knowledge in a given discipline of interest. In the authors’ opinion, thus, building ontologies for digital forensic terminologies can support the development of future investigative tools as well as new techniques to a degree of certainty.

A Framework for Integrating Multimodal Biometrics with Digital Forensics

Multimodal biometrics represents various categories of morphological and intrinsic aspects with two or more computerized biological characteristics such as facial structure, retina, keystrokes dynamics, voice print, retinal scans, and patterns for iris, facial recognition, vein structure, scent, hand geometry, and signature recognition. The objectives of Digital Forensics (DF), on the other hand, is to inspect digital media in a forensically sound manner with the essence of identifying, discovering, recovering, analysing the artifacts and presenting facts and suggestions about the discovered information to any court of law or civil proceedings. Because the accuracy of biometric indicators may rarely be investigated during a digital forensic investigation processes, integrating digital forensics with multimodal biometrics can enable effective digital forensic investigations on multiple captured physiological and behavioural characteristics. This paper, therefore, presents a self-adaptive approach for integrating digital forensics with multimodal biometrics. This is motivated by the fact that, as of the time of writing this paper, there is lack of effective and standardised methods for performing digital investigation across multimodal biometric indicators. In addition, there are also no proper digital forensic biometric management strategies in place. For this reason, to enable effective digital investigations on multiple captured physiological and behavioural characteristics, this paper aims at proposing a framework that is meant to facilitate the integration of DF and multimodal biometrics. The framework is also meant to enhance the analysis of potential digital evidence during investigations. Integrating multimodal biometrics and digital forensics using the proposed framework gives a promising approach to add value especially in enforcing security measures in different systems as well as a restricting factor to unauthorized access key discoveries. The integration of digital forensics with multimodal biometrics is the main focus of this paper.

A generic Digital Forensic Readiness model for BYOD using honeypot technology

Proliferation and mobility trends on digital devices has seen a significant realization of Bring Your Own Device (BYOD) which is a phenomenon that allows employees in an organizational enterprise network to access computing resources through their personal mobile devices irrespective of their location. This technology has enabled cost effectiveness in organizations through increased accessibility of digital devices in daily business activities. However, the development of this technology faces a number of security challenges due to lack of effective proactive security model with digital forensic capability that is able to plan and prepare before potential security incidents occur in an organization that has allowed BYOD. It is on this premise that the authors have proposed a generic Digital Forensic Readiness (DFR) model that uses honeypot technology to detect and trap potential security incidents. In this paper, therefore, a significant security model with DFR capability has been proposed. The model is aimed at harvesting, encrypting and digitally preserving potential digital evidence (PDE) based on the DFR processes and guidelines that have been highlighted in the ISO/IEC 27043: 2015 international standard for information technology, security techniques, incident investigation principles and processes. Finally, the proposed model is meant to reduce the effort required to conduct Digital Forensic Investigation (DFI) by capturing potential digital evidence and make it available when needed by digital forensic investigators which eventually saves cost and time. A generic DFR model for BYOD using honeypot technology is the main focus of this paper.