{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T15:53:25Z","timestamp":1775145205378,"version":"3.50.1"},"reference-count":270,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Open Access Funding provided by the Qatar National Library","award":["Open Access Funding provided by the Qatar National"],"award-info":[{"award-number":["Open Access Funding provided by the Qatar National"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3124262","type":"journal-article","created":{"date-parts":[[2021,10,29]],"date-time":"2021-10-29T19:21:56Z","timestamp":1635535316000},"page":"152476-152502","source":"Crossref","is-referenced-by-count":46,"title":["Digital Forensics Subdomains: The State of the Art and Future Directions"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0729-2654","authenticated-orcid":false,"given":"Arafat","family":"Al-Dhaqm","sequence":"first","affiliation":[{"name":"Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia (UTM), Johor, Malaysia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7355-2314","authenticated-orcid":false,"given":"Richard Adeyemi","family":"Ikuesan","sequence":"additional","affiliation":[{"name":"Department of Cybersecurity and Networking, School of Information Technology, Community College of Qatar, Doha, Qatar"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4071-4596","authenticated-orcid":false,"given":"Victor R.","family":"Kebande","sequence":"additional","affiliation":[{"name":"Department of Computer Science (DIDA), Blekinge Institute of Technology, Karlskrona, Sweden"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8824-6069","authenticated-orcid":false,"given":"Shukor Abd","family":"Razak","sequence":"additional","affiliation":[{"name":"Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia (UTM), Johor, Malaysia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3468-0182","authenticated-orcid":false,"given":"George","family":"Grispos","sequence":"additional","affiliation":[{"name":"School of Interdisciplinary Informatics, University of Nebraska at Omaha, Omaha, NE, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9208-5336","authenticated-orcid":false,"given":"Kim-Kwang Raymond","family":"Choo","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3048-5961","authenticated-orcid":false,"given":"Bander Ali Saleh","family":"Al-Rimy","sequence":"additional","affiliation":[{"name":"Faculty of Engineering, School of Computing, Universiti Teknologi Malaysia (UTM), Johor, Malaysia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7802-6628","authenticated-orcid":false,"given":"Abdulrahman A.","family":"Alsewari","sequence":"additional","affiliation":[{"name":"IBM Centre of Excellence, Faculty of Computing, Universiti Malaysia Pahang, Pahang, Malaysia"}]}],"member":"263","reference":[{"key":"ref270","first-page":"629","article-title":"A context-aware trigger mechanism for ransomware forensics","author":"singh","year":"2019","journal-title":"Proc Int Conf Cyber Warfare Secur"},{"key":"ref170","first-page":"64","article-title":"Digital forensic analysis on Android smartphones for handling cybercrime cases","volume":"7","author":"hikmatyar","year":"2018","journal-title":"Int J Inform Develop"},{"key":"ref172","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-7998-8545-0.ch001"},{"key":"ref171","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.04.009"},{"key":"ref174","doi-asserted-by":"publisher","DOI":"10.30534\/ijatcse\/2020\/333942020"},{"key":"ref173","doi-asserted-by":"publisher","DOI":"10.4018\/IJDCF.2020070105"},{"key":"ref176","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102226"},{"key":"ref175","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301169"},{"key":"ref178","author":"m\u00fcller","year":"2013","journal-title":"Applied Cryptography and Network Security"},{"key":"ref177","doi-asserted-by":"publisher","DOI":"10.14704\/WEB\/V18SI01\/WEB18006"},{"key":"ref168","doi-asserted-by":"publisher","DOI":"10.23919\/ISITA.2018.8664393"},{"key":"ref169","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3351029"},{"key":"ref39","article-title":"Oracle forensics. Part 5: Finding evidence of data theft in the absence of auditing","author":"litchfield","year":"2007"},{"key":"ref38","article-title":"Oracle forensics. Part 2: Locating dropped objects","author":"litchfield","year":"2007"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/B978-012088469-8.50046-2"},{"key":"ref32","first-page":"1","article-title":"Oracle database forensics using LogMiner","author":"wright","year":"2005","journal-title":"Proc Conf SANS Inst"},{"key":"ref31","author":"wong","year":"2005","journal-title":"System and method for investigating a data operation performed on a database"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2008.10.001"},{"key":"ref267","doi-asserted-by":"publisher","DOI":"10.1109\/AINS47559.2019.8968696"},{"key":"ref37","article-title":"Oracle forensics. Part 1: Dissecting the redo logs","author":"litchfield","year":"2007"},{"key":"ref268","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.01.014"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/FGCN.2007.106"},{"key":"ref269","first-page":"742","article-title":"Description logics and axiom formation for a digital forensics ontology","author":"ellison","year":"2019","journal-title":"Proc Eur Conf Cyber Warfare Secur"},{"key":"ref35","article-title":"Oracle forensics. Part 4: Live response","author":"litchfield","year":"2007"},{"key":"ref34","article-title":"An infrastructure for database tamper detection and forensic analysis","author":"malmgren","year":"2007"},{"key":"ref181","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2875068"},{"key":"ref180","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.05.018"},{"key":"ref185","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-7998-5728-0.ch014"},{"key":"ref184","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-71017-0_26"},{"key":"ref183","doi-asserted-by":"publisher","DOI":"10.1109\/ICCIT-144147971.2020.9213739"},{"key":"ref182","doi-asserted-by":"publisher","DOI":"10.1145\/3190645.3190695"},{"key":"ref189","first-page":"584","article-title":"A case for a dynamic approach to digital forensic readiness in an SDN platform","author":"munkhondya","year":"2020","journal-title":"Proc Int Conf Cyber Warfare Secur"},{"key":"ref188","first-page":"296","article-title":"Digital forensic readiness framework for software-defined networks using a trigger-based collection mechanism","author":"lagrasse","year":"2020","journal-title":"Proc 15th Int Conf Cyber Warfare Secur (ICCWS)"},{"key":"ref187","first-page":"108","article-title":"Identifying critical features for network forensics investigation perspectives","volume":"10","author":"adeyemi","year":"2012","journal-title":"Int J Comput Sci Inf Secur"},{"key":"ref186","doi-asserted-by":"publisher","DOI":"10.4018\/jdcf.2013010101"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2016.03.003"},{"key":"ref27","first-page":"97","article-title":"On dimensions of reconstruction in database forensics","author":"fasan","year":"2012","journal-title":"Proc WDFIA"},{"key":"ref179","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2014.6813993"},{"key":"ref29","first-page":"27","article-title":"A framework for database forensic analysis","volume":"2","author":"khanuja","year":"2012","journal-title":"Int J Comput Sci Eng"},{"key":"ref20","article-title":"Procedure for undertaking systematic reviews","author":"kitchenham","year":"2004"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3000747"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3008696"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33962-2_19"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.11113\/jt.v78.9190"},{"key":"ref26","article-title":"A workflow to support forensic database analysis","author":"susaimanickam","year":"2010"},{"key":"ref25","article-title":"Database forensics: Investigating compromised database management systems","author":"beyers","year":"2014"},{"key":"ref50","first-page":"1","article-title":"An approach to examine the metadata and data of a database management system by making use of a forensic comparison tool","author":"beyers","year":"2011","journal-title":"Proc ISSSA"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2012.32014"},{"key":"ref154","doi-asserted-by":"publisher","DOI":"10.1109\/ICSSE.2013.6614664"},{"key":"ref153","article-title":"Forensic analysis of social networking application on iOS devices","author":"zhang","year":"2013","journal-title":"Proc 6th Int Conf Mach Vis (ICMV)"},{"key":"ref156","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-007-6516-0_96"},{"key":"ref155","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSACW.2013.20"},{"key":"ref150","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.03.007"},{"key":"ref152","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2013.25"},{"key":"ref151","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2013.58"},{"key":"ref146","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.50"},{"key":"ref147","doi-asserted-by":"publisher","DOI":"10.2991\/iccsee.2013.299"},{"key":"ref148","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.12.024"},{"key":"ref149","doi-asserted-by":"publisher","DOI":"10.1109\/WAINA.2013.40"},{"key":"ref59","first-page":"220","article-title":"On the completeness of reconstructed data for database forensics","author":"adedayo","year":"2012","journal-title":"Proc Int Conf Digit Forensics Cyber Crime"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2487259.2487264"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.24297\/ijct.v7i3.3446"},{"key":"ref56","first-page":"139","article-title":"Arguments and methods for database data model forensics","author":"beyers","year":"2012","journal-title":"Proc WDFIA"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2012.50"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2012.139"},{"key":"ref53","first-page":"5078","article-title":"Enriching forensic analysis process for tampered data in database","volume":"3","author":"abhonkar","year":"2012","journal-title":"Int J Comput Sci Inf Technol"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-011-0428-7"},{"key":"ref40","article-title":"Oracle forensics. Part 6: Examining undo segments, flashback and the Oracle recycle bin","author":"litchfield","year":"2007"},{"key":"ref167","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0176223"},{"key":"ref166","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2016.693"},{"key":"ref165","doi-asserted-by":"publisher","DOI":"10.1109\/INTECH.2016.7845142"},{"key":"ref164","first-page":"28","article-title":"A mobile forensic readiness model aimed at minimizing cyber bullying","volume":"140","author":"kebande","year":"2016","journal-title":"Int J Comput Appl"},{"key":"ref163","first-page":"4847","article-title":"The forensic process analysis of mobile device","volume":"6","author":"sai","year":"2015","journal-title":"Int J Comput Sci Inf Technol"},{"key":"ref162","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0138449"},{"key":"ref161","first-page":"1","article-title":"Generic process model for Android smartphones live memory forensics","author":"paul","year":"2014"},{"key":"ref160","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40861-8_38"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1002\/wfs2.1350"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1002\/wfs2.1372"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.18517\/ijaseit.8.1.2115"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2012.6320441"},{"key":"ref8","doi-asserted-by":"crossref","first-page":"198","DOI":"10.18517\/ijaseit.7.1.1383","article-title":"Leveraging human thinking style for user attribution in digital forensic process","volume":"7","author":"adeyemi","year":"2017","journal-title":"Int J Adv Sci Eng Inf Technol"},{"key":"ref159","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.04.003"},{"key":"ref7","first-page":"268","article-title":"Digital forensic readiness approach for potential evidence preservation in software-defined networks","volume":"268","author":"munkhondya","year":"2019","journal-title":"Proc 14th Int Conf Cyber Warfare Secur (ICCWS)"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22339-6_20"},{"key":"ref157","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-007-5860-5_84"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05487-8_5"},{"key":"ref158","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31600-5_28"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2010.152"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/CSA.2009.5404235"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24212-0_7"},{"key":"ref47","article-title":"Detecting database attacks using computer forensics tools","author":"fatima","year":"2011"},{"key":"ref42","author":"fowler","year":"2008","journal-title":"SQL Server Forensic Analysis"},{"key":"ref41","article-title":"Oracle forensics. Part 7: Using the Oracle system change number in forensic investigations","author":"litchfield","year":"2007"},{"key":"ref44","author":"basu","year":"2006","journal-title":"Forensic Tamper Detection in SQL Server"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1412331.1412342"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.12.002"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.05.013"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44966-0_19"},{"key":"ref70","first-page":"101","author":"adedayo","year":"2014","journal-title":"Reconstruction in database forensics"},{"key":"ref76","first-page":"1","article-title":"Database forensic analysis with DBCarver","author":"wagner","year":"2017","journal-title":"Proc CIDR"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0170793"},{"key":"ref74","article-title":"A methodology to test the richness of forensic evidence of database storage engine: Analysis Of MySQL update operation in InnoDB and MyISAM storage engines","author":"ogutu","year":"2016"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.19026\/rjaset.12.2377"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2762693"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/AINS.2018.8631468"},{"key":"ref60","first-page":"36","article-title":"Forensic analysis algorithm: By using the tiled bitmap with audit log mechanism","volume":"63","author":"gawali","year":"2013","journal-title":"Int J Comput Appl"},{"key":"ref62","first-page":"947","article-title":"The method of recovery for deleted record in Oracle database","volume":"23","author":"choi","year":"2013","journal-title":"J Korea Inst Inf Secur Cryptol"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36818-9_30"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2013.02.006"},{"key":"ref64","first-page":"439","article-title":"Database tampering and detection of data fraud by using the forensic scrutiny technique","volume":"3","author":"gawali","year":"2013","journal-title":"Int J Emerg Technol Adv Eng"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2013.02.003"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.9.10.2294-2302"},{"key":"ref67","first-page":"457","article-title":"Role of metadata in forensic analysis of database attacks","author":"khanuja","year":"2014","journal-title":"Proc IEEE Int Adv Comput Conf (IACC)"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2014.6950506"},{"key":"ref69","doi-asserted-by":"crossref","first-page":"336","DOI":"10.1016\/j.diin.2014.09.003","article-title":"Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations","volume":"11","author":"fr\u00fchwirt","year":"2014","journal-title":"Journal of digital investigation"},{"key":"ref197","first-page":"177","article-title":"Distributed agent-based real time network intrusion forensics system architecture design","volume":"1","author":"ren","year":"2005","journal-title":"Proc 19th Int Conf Adv Inf Netw Appl (AINA)"},{"key":"ref198","doi-asserted-by":"publisher","DOI":"10.1109\/ICNC.2007.345"},{"key":"ref199","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.2.3.1-11"},{"key":"ref193","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.02.003"},{"key":"ref194","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38541-4_3"},{"key":"ref195","year":"0","journal-title":"On a Reference Model of Distributed Cooperative Network Forensics System"},{"key":"ref196","first-page":"11","article-title":"A framework of distributed agent-based network forensics system","author":"wei","year":"2004","journal-title":"Proc Digital Forensic Res Workshop"},{"key":"ref95","first-page":"191","article-title":"Forensic analysis of mobile phone internal memory","author":"willassen","year":"2005","journal-title":"Proc IFIP Int Conf Digit Forensics"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.11.007"},{"key":"ref190","first-page":"31","article-title":"Distributed network forensics framework: A systematic review","volume":"119","author":"chhabra","year":"2015","journal-title":"Int J Comput Appl"},{"key":"ref93","first-page":"1","article-title":"Forensics and the GSM mobile telephone system","volume":"2","author":"willassen","year":"2003","journal-title":"Int l J Digital Evidence"},{"key":"ref191","first-page":"163","article-title":"A simple framework for distributed forensics","author":"tang","year":"2005","journal-title":"Proc 25th IEEE Int Conf Distrib Comput Syst Workshops"},{"key":"ref92","article-title":"pdd: Memory imaging and forensic analysis of palm OS devices","author":"grand","year":"2002"},{"key":"ref192","doi-asserted-by":"publisher","DOI":"10.1109\/IMCCC.2011.215"},{"key":"ref91","article-title":"Forensic examination of a RIM (blackberry) wireless device","author":"burnette","year":"2002"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3014615"},{"key":"ref98","first-page":"1","article-title":"Data acquisition from cell phone using logical approach","volume":"26","author":"kim","year":"2007","journal-title":"World Acad Sci Eng Technol"},{"key":"ref99","article-title":"Introduction to mobile phone flasher devices and considerations for their use in mobile phone forensics","author":"al-zarouni","year":"2007"},{"key":"ref96","first-page":"1","article-title":"Forensics and SIM cards: An overview","volume":"5","author":"casadei","year":"2006","journal-title":"Int J Digit Evid"},{"key":"ref97","first-page":"1","article-title":"Acquisition of a Symbian smart phone's content with an on-phone forensic tool","volume":"8","author":"mokhonoana","year":"2007","journal-title":"Proc Southern Afr Telecommun Netw Appl Conf"},{"key":"ref82","first-page":"2499","article-title":"Glioma groups based on 1p\/19q, IDH, and TERT promoter mutations in tumors","volume":"372","author":"delfanti","year":"2018","journal-title":"New England J Med"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3052505"},{"key":"ref84","first-page":"83","article-title":"Efficient model for detection data and data scheme tempering with purpose of valid forensic analysis","author":"azemovi?","year":"2009","journal-title":"Proc Int Conf Comput Eng Appl"},{"key":"ref83","article-title":"Oracle forensics. Part 3: Isolating evidence of attacks against the authentication mechanism","author":"litchfield","year":"2007"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMTech.2018.8528177"},{"key":"ref89","first-page":"3","article-title":"Identification of digital evidence on Android's blackberry messenger using NIST mobile forensic method","volume":"15","author":"riadi","year":"2017","journal-title":"Int J Comput Sci Inf Secur"},{"key":"ref85","first-page":"3715","article-title":"SQL query recommendation using collaborative query log: A survey","volume":"2","author":"chopade","year":"2004","journal-title":"Int J Recent Innov Trends Comput Commun"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.11.001"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2976885"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2015.7335071"},{"key":"ref200","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15506-2_8"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-101"},{"key":"ref100","first-page":"168","article-title":"Mobile phone forensics tool testing: A database driven approach","volume":"6","author":"baggili","year":"2007","journal-title":"Int l J Digital Evidence"},{"key":"ref209","first-page":"2016","article-title":"A framework to increase the accuracy of collected evidences in network forensic by integrating IDS and firewall mechanisms","volume":"21","author":"saari","year":"2013","journal-title":"Proc Int Conf Syst Control Inform"},{"key":"ref203","article-title":"The modelling of a digital forensic readiness approach for wireless local area networks","author":"ngobeni","year":"2012"},{"key":"ref204","first-page":"1","article-title":"Social network forensics: Tapping the data pool of social networks","volume":"11","author":"mulazzani","year":"2012","journal-title":"Proc 8th Annu IFIP WG"},{"key":"ref201","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15766-0_21"},{"key":"ref202","article-title":"Network forensic readiness: A bottom-up approach for IPv6 networks","author":"ammann","year":"2012"},{"key":"ref207","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41148-9_16"},{"key":"ref208","article-title":"A generic process model for botnet forensic analysis","author":"thapliyal","year":"2013"},{"key":"ref205","first-page":"17","article-title":"Network forensic analysis with efficient preservation for SYN attack","volume":"46","author":"avasthi","year":"2012","journal-title":"Int J Comput Appl"},{"key":"ref206","first-page":"1","article-title":"Network forensics readiness and security awareness framework","author":"al-mahrouqi","year":"2014","journal-title":"Proc Int Conf Embedded Syst Telecommun Instrum"},{"key":"ref211","doi-asserted-by":"publisher","DOI":"10.1109\/WCCAIS.2014.6916615"},{"key":"ref210","first-page":"12","article-title":"Application of network forensics for detection of web attack using neural network","volume":"4","author":"parate","year":"2013","journal-title":"Networks"},{"key":"ref212","first-page":"1","article-title":"Securing network flow using network forensics","volume":"6","author":"mittal","year":"2016","journal-title":"Int J"},{"key":"ref213","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-5903-2_50"},{"key":"ref214","article-title":"Design of a wireless forensic readiness model (WFRM)","author":"ngobeni","year":"2009"},{"key":"ref215","doi-asserted-by":"publisher","DOI":"10.1109\/ITNAC46935.2019.9078005"},{"key":"ref216","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCBDA.2019.8725746"},{"key":"ref217","doi-asserted-by":"publisher","DOI":"10.17781\/P002558"},{"key":"ref218","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101675"},{"key":"ref219","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.03.042"},{"key":"ref220","doi-asserted-by":"publisher","DOI":"10.1109\/ICCISc52257.2021.9484865"},{"key":"ref222","doi-asserted-by":"publisher","DOI":"10.1109\/ICASERT.2019.8934707"},{"key":"ref221","first-page":"114","article-title":"A review of network forensics techniques for the analysis of web based attack","volume":"2","author":"parate","year":"2012","journal-title":"Int J Adv Comput Res"},{"key":"ref229","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3104052"},{"key":"ref228","doi-asserted-by":"publisher","DOI":"10.5220\/0006308703150324"},{"key":"ref227","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.293"},{"key":"ref226","doi-asserted-by":"publisher","DOI":"10.1109\/ICDIPC.2015.7323000"},{"key":"ref225","doi-asserted-by":"publisher","DOI":"10.1109\/UIC-ATC.2013.71"},{"key":"ref224","doi-asserted-by":"publisher","DOI":"10.1109\/NEXTCOMP.2017.8016176"},{"key":"ref223","doi-asserted-by":"publisher","DOI":"10.1109\/FiCloud.2016.57"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.08.003"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.01.001"},{"key":"ref125","article-title":"iPhone 3GS forensics: Logical analysis using Apple iTunes backup utility","author":"bader","year":"2010"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-72"},{"key":"ref129","first-page":"27","article-title":"A simple cost-effective framework for iPhone forensic analysis","author":"husain","year":"2010","journal-title":"Proc Int Conf Digit Forensics Cyber Crime"},{"key":"ref128","author":"morrissey","year":"2011","journal-title":"iOS Forensic Analysis for IPhone IPad and IPod Touch"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.05.016"},{"key":"ref133","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24106-2_26"},{"key":"ref134","article-title":"Mobile cloud computing: Implications to smartphone forensic procedures and methodologies","author":"zhu","year":"2011"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.05.003"},{"key":"ref132","article-title":"Forensic analysis of geodata in Android smartphones","author":"maus","year":"2011"},{"key":"ref232","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622019"},{"key":"ref233","doi-asserted-by":"publisher","DOI":"10.1109\/SmartIoT.2018.00-19"},{"key":"ref230","doi-asserted-by":"publisher","DOI":"10.1109\/SmartCloud.2018.00040"},{"key":"ref231","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3233257"},{"key":"ref239","doi-asserted-by":"publisher","DOI":"10.1109\/ICEEST48626.2019.8981675"},{"key":"ref238","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2906946"},{"key":"ref235","doi-asserted-by":"publisher","DOI":"10.14257\/ijast.2018.117.11"},{"key":"ref234","doi-asserted-by":"publisher","DOI":"10.1109\/ECAI.2018.8679017"},{"key":"ref237","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS.2017.7916508"},{"key":"ref236","doi-asserted-by":"publisher","DOI":"10.18517\/ijaseit.8.2.2121"},{"key":"ref136","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35264-5_9"},{"key":"ref135","doi-asserted-by":"publisher","DOI":"10.1109\/MINES.2011.77"},{"key":"ref138","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.05.007"},{"key":"ref137","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSec.2012.6246108"},{"key":"ref139","first-page":"322","article-title":"Smartphone forensic investigation process model","volume":"6","author":"goel","year":"2012","journal-title":"Int J Comput Sci Secur"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.10.003"},{"key":"ref141","doi-asserted-by":"publisher","DOI":"10.1109\/WIFS.2012.6412634"},{"key":"ref142","first-page":"239","article-title":"Blackberry playbook backup forensic analysis","author":"marzougy","year":"2012","journal-title":"Proc Int Conf Digit Forensics Cyber Crime"},{"key":"ref143","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30436-1_21"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2010.62"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.5120\/11602-6965"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-101"},{"key":"ref145","article-title":"Forensic analysis of WhatsApp on Android smartphones","author":"thakur","year":"2013"},{"key":"ref241","doi-asserted-by":"publisher","DOI":"10.1007\/s12083-018-0708-3"},{"key":"ref242","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsir.2020.100117"},{"key":"ref243","doi-asserted-by":"publisher","DOI":"10.1109\/IS48319.2020.9200150"},{"key":"ref244","doi-asserted-by":"publisher","DOI":"10.37394\/23203.2020.15.24"},{"key":"ref240","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-23547-5_4"},{"key":"ref248","article-title":"Developing an IoT forensic methodology. A concept proposal","volume":"36","author":"g\u00f3mez","year":"2021","journal-title":"Forensic Sci Int Digit Invest"},{"key":"ref247","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-40305-8_32"},{"key":"ref246","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-020-00285-x"},{"key":"ref245","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-47131-6_3"},{"key":"ref249","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2021.01.086"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/IIH-MSP.2009.314"},{"key":"ref108","first-page":"16","article-title":"Issues in Symbian S60 platform forensics","volume":"6","author":"savoldi","year":"2009","journal-title":"J Commun Comput"},{"key":"ref107","article-title":"Hashing techniques for mobile device forensics","volume":"6","author":"danker","year":"2009","journal-title":"Stress"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2008.05.010"},{"key":"ref105","author":"zdziarski","year":"2008","journal-title":"iPhone Forensics Recovering Evidence Personal Data and Corporate Assets"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2008.341"},{"key":"ref103","first-page":"1941","article-title":"An integrated approach to recovering deleted files from NAND flash data","volume":"2","author":"luck","year":"2008","journal-title":"Small Scale Device Forensics Journal"},{"key":"ref102","first-page":"1","article-title":"Forensic data recovery from flash memory","volume":"1","author":"breeuwsma","year":"2007","journal-title":"Small Scale Device Forensics Journal"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2019.09.361"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1109\/ICUMT.2009.5345493"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10619-4_11"},{"key":"ref250","doi-asserted-by":"publisher","DOI":"10.18280\/isi.260309"},{"key":"ref251","doi-asserted-by":"publisher","DOI":"10.1145\/3460620.3460746"},{"key":"ref254","article-title":"Development of an advanced privacy-aware IoT forensics process model","author":"almolhis","year":"2021"},{"key":"ref255","doi-asserted-by":"publisher","DOI":"10.4108\/icst.collaboratecom.2013.254159"},{"key":"ref252","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.10.001"},{"key":"ref253","doi-asserted-by":"publisher","DOI":"10.1109\/ICSCEE50312.2021.9498045"},{"key":"ref257","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2020.100220"},{"key":"ref256","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2015.46"},{"key":"ref259","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2962586"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2013.6641063"},{"key":"ref258","doi-asserted-by":"publisher","DOI":"10.33436\/v31i2y202102"},{"key":"ref11","first-page":"617","article-title":"A defined digital forensic criteria for cybercrime reporting","author":"baror","year":"2020","journal-title":"Proc 15th Int Conf Cyber Warfare Secur (ICCWS)"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.07.003"},{"key":"ref13","first-page":"1","article-title":"A web-based mouse dynamics visualization tool for user attribution in digital forensic readiness","author":"ernsberger","year":"2017","journal-title":"Proc 9th EAI Int Conf Digit Forensics Cyber Crime"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/s13042-017-0748-7"},{"key":"ref15","first-page":"1","article-title":"Personality-print on the internet: Understanding online behavior","volume":"3","author":"adeyemi","year":"2016","journal-title":"Frontiers in ICT"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICIoT48696.2020.9089494"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.01.004"},{"key":"ref17","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/s42454-020-00010-2","article-title":"A new heuristic algorithm for identification of user initiated request in HTTP traffic for user identification","volume":"2","author":"adeyemi","year":"2020","journal-title":"Intelligent human systems integration"},{"key":"ref117","article-title":"Android forensics: Simplifying cell phone examinations","author":"lessard","year":"2010"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0166930"},{"key":"ref19","first-page":"725","article-title":"An improved ontology for knowledge management in security and digital forensics","author":"ellison","year":"2017","journal-title":"Proc Eur Conf Cyber Warfare Secur"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22365-5_6"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1109\/PACRIM.2009.5291378"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1109\/WNIS.2009.32"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1504\/IJESDF.2009.023872"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.02.001"},{"key":"ref120","first-page":"100","article-title":"Forensic analysis of the Android file system YAFFS2","author":"quick","year":"2011"},{"key":"ref121","article-title":"Acquisition and analysis of digital evidencein Android smartphones","author":"de sim\u00e3o","year":"2011"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32692-9_82"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.09.003"},{"key":"ref260","first-page":"909","article-title":"IoT forensics: A review on current trends, approaches and foreseen challenges","author":"surange","year":"2021","journal-title":"Proc 8th Int Conf Comput Sustain Global Develop (INDIACom)"},{"key":"ref261","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-33596-0_22"},{"key":"ref262","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-9317-8_2"},{"key":"ref263","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-60425-7_10"},{"key":"ref264","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-71017-0_25"},{"key":"ref265","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-74575-2_18"},{"key":"ref266","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301210"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09594835.pdf?arnumber=9594835","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,8]],"date-time":"2022-09-08T20:51:25Z","timestamp":1662670285000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9594835\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":270,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3124262","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}