The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review

  • Soltan Alharbi
  • Jens Weber-Jahnke
  • Issa Traore
Part of the Communications in Computer and Information Science book series (CCIS, volume 200)


Recent papers have urged the need for new forensic techniques and tools able to investigate anti-forensics methods, and have promoted automation of live investigation. Such techniques and tools are called proactive forensic approaches, i.e., approaches that can deal with digitally investigating an incident while it occurs. To come up with such an approach, a Systematic Literature Review (SLR) was undertaken to identify and map the processes in digital forensics investigation that exist in literature. According to the review, there is only one process that explicitly supports proactive forensics, the multicomponent process [1]. However, this is a very high-level process and cannot be used to introduce automation and to build a proactive forensics system. As a result of our SLR, a derived functional process that can support the implementation of a proactive forensics system is proposed.


Proactive Forensics Investigation Reactive Forensics Investigation Anti-forensics Systematic Literature Review and Automation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Grobler, C.P., Louwrens, C.P., von Solms, S.H.: A Multi-component View of Digital Forensics. In: ARES 2010 International Conference on Availability, Reliability, and Security, pp. 647–652 (2010)Google Scholar
  2. 2.
    Garfinkel, S.: Anti-forensics: Techniques, detection and countermeasures. In: 2nd International Conference on i-Warfare and Security, p. 77 (2007)Google Scholar
  3. 3.
    Garfinkel, S.L.: Digital forensics research: The next 10 years. Digital Investigation 7, S64–S73 (2010)CrossRefGoogle Scholar
  4. 4.
    Orebaugh, A.: Proactive forensics. Journal of Digital Forensic Practice 1, 37 (2006)CrossRefGoogle Scholar
  5. 5.
    Brereton, P., Kitchenham, B.A., Budgen, D., Turner, M., Khalil, M.: Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software 80, 571–583 (2007)CrossRefGoogle Scholar
  6. 6.
    Rowlingson, R.: A ten step process for forensic readiness. International Journal of Digital Evidence 2, 1–28 (2004)Google Scholar
  7. 7.
    Palmer, G.: A road map for digital forensics research-report from the first Digital Forensics Research Workshop (DFRWS), Utica, New York (2001)Google Scholar
  8. 8.
    Mark, R., Clint, C., Gregg, G.: An Examination of Digital Forensic Models. International Journal of Digital Evidence 1, 1–12 (2002)Google Scholar
  9. 9.
    Carrier, B., Spafford, E.: An event-based digital forensic investigation framework. In: Proceeding of the 4th Digital Forensic Research Workshop, pp. 11–13 (2004)Google Scholar
  10. 10.
    Baryamureeba, V., Tushabe, F.: The Enhanced Digital Investigation Process Model. Asian Journal of Information Technology 5, 790–794 (2006)Google Scholar
  11. 11.
    Kohn, M., Eloff, J., Olivier, M.: Framework for a digital forensic investigation. In: Proceedings of Information Security South Africa (ISSA) 2006 from Insight to Foresight Conference (2006)Google Scholar
  12. 12.
    Stephenson, P.: A comprehensive approach to digital incident investigation. Information Security Technical Report 8, 42–54 (2003)CrossRefGoogle Scholar
  13. 13.
    Stephenson, P.: Completing the Post Mortem Investigation. Computer Fraud & Security, 17–20 (2003)Google Scholar
  14. 14.
    Harrison, W.: The digital detective: An introduction to digital forensics. Advances in Computers 60, 75–119 (2004)CrossRefGoogle Scholar
  15. 15.
    Beebe, N.L., Clark, J.G.: A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation 2, 147–167 (2005)CrossRefGoogle Scholar
  16. 16.
    Ieong, R.S.C.: FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation 3, 29–36 (2006)CrossRefGoogle Scholar
  17. 17.
    Khatir, M., Hejazi, S.M., Sneiders, E.: Two-Dimensional Evidence Reliability Amplification Process Model for Digital Forensics. In: Third International Annual Workshop on Digital Forensics and Incident Analysis, WDFIA 2008, pp. 21–29 (2008)Google Scholar
  18. 18.
    Pollitt, M.M.: An Ad Hoc Review of Digital Forensic Models. In: Second International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2007, pp. 43–54 (2007)Google Scholar
  19. 19.
    Yong-Dal, S.: New Digital Forensics Investigation Procedure Model. In: Fourth International Conference on Networked Computing and Advanced Information Management, NCM 2008, pp. 528–531 (2008)Google Scholar
  20. 20.
    Billard, D.: An Extended Model for E-Discovery Operations. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, vol. 306, pp. 277–287. Springer, Boston (2009)CrossRefGoogle Scholar
  21. 21.
    Tanner, A., Dampier, D.: Concept Mapping for Digital Forensic Investigations. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, vol. 306, pp. 291–300. Springer, Boston (2009)CrossRefGoogle Scholar
  22. 22.
    Ruan, C., Huebner, E.: Formalizing Computer Forensics Process with UML. In: Yang, J., Ginige, A., Mayr, H.C., Kutsche, R.-D. (eds.) Information Systems: Modeling, Development, and Integration, vol. 20, pp. 184–189. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Slay, J., Lin, Y.-C., Turnbull, B., Beckett, J., Lin, P.: Towards a Formalization of Digital Forensics. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V, pp. 37–47. Springer, Boston (2009)CrossRefGoogle Scholar
  24. 24.
    Kizza, J.: Computer Crime Investigations-Computer Forensics. In: Ethical and Social Issues in the Information Age, pp. 343–358. Springer, London (2007)Google Scholar
  25. 25.
    Selamat, S., Yusof, R., Sahib, S.: Mapping process of digital forensic investigation framework. IJCSNS 8, 163 (2008)Google Scholar
  26. 26.
    Perumal, S.: Digital forensic model based on Malaysian investigation process. IJCSNS 9, 38 (2009)Google Scholar
  27. 27.
    Carrier, B., Spafford, E.: Getting physical with the digital investigation process. International Journal of Digital Evidence 2, 1–20 (2003)Google Scholar
  28. 28.
    Ciardhu∙in, S.: An extended model of cybercrime investigations. International Journal of Digital Evidence 3, 1–22 (2004)Google Scholar
  29. 29.
    Rogers, M., Goldman, J., Mislan, R., Wedge, T., Debrota, S.: Computer forensics field triage process model. Journal of Digital Forensics, Security and Law 1, 27–40 (2006)Google Scholar
  30. 30.
    Freiling, F., Schwittay, B.: A common process model for incident response and computer forensics. In: 3rd International Conference on IT-Incident Management and IT- Forensic (2007)Google Scholar
  31. 31.
    Kent, K., Chevalier, S., Grance, T., Dang, H.: "Guide to Integrating Forensic Techniques into Incident Response. NIST Special Publication 800-86 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Soltan Alharbi
    • 1
  • Jens Weber-Jahnke
    • 2
  • Issa Traore
    • 1
  1. 1.Electrical and Computer EngineeringUniversity of VictoriaCanada
  2. 2.Computer Science DepartmentUniversity of VictoriaCanada

Personalised recommendations