{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T12:07:11Z","timestamp":1775736431730,"version":"3.50.1"},"reference-count":30,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2021,9,30]],"date-time":"2021-09-30T00:00:00Z","timestamp":1632960000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>As technology has become pivotal a part of life, it has also become a part of criminal life. Criminals use new technology developments to commit crimes, and investigators must adapt to these changes. Many people have, and will become, victims of cybercrime, making it even more important for investigators to understand current methods used in cyber investigations. The two general categories of cyber investigations are digital forensics and open-source intelligence. Cyber investigations are affecting more than just the investigators. They must determine what tools they need to use based on the information that the tools provide and how effectively the tools and methods work. Tools are any application or device used by investigators, while methods are the process or technique of using a tool. This survey compares the most common methods available to investigators to determine what kind of evidence the methods provide, and which of them are the most effective. To accomplish this, the survey establishes criteria for comparison and conducts an analysis of the tools in both mobile digital forensic and open-source intelligence investigations. We found that there is no single tool or method that can gather all the evidence that investigators require. Many of the tools must be combined to be most effective. However, there are some tools that are more useful than others. Out of all the methods used in mobile digital forensics, logical extraction and hex dumps are the most effective and least likely to cause damage to the data. Among those tools used in open-source intelligence, natural language processing has more applications and uses than any of the other options.<\/jats:p>","DOI":"10.3390\/jcp1040029","type":"journal-article","created":{"date-parts":[[2021,9,30]],"date-time":"2021-09-30T10:22:42Z","timestamp":1632997362000},"page":"580-596","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":42,"title":["Cyber Crime Investigation: Landscape, Challenges, and Future Research Directions"],"prefix":"10.3390","volume":"1","author":[{"given":"Cecelia","family":"Horan","sequence":"first","affiliation":[{"name":"Electrical Engineering and Computer Science, University of Kansas, Lawrence, KS 66045, USA"}]},{"given":"Hossein","family":"Saiedian","sequence":"additional","affiliation":[{"name":"Electrical Engineering and Computer Science, University of Kansas, Lawrence, KS 66045, USA"}]}],"member":"1968","published-online":{"date-parts":[[2021,9,30]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Billard, D. (2018, January 4\u20136). Weighted Forensics Evidence Using Blockchain. Proceedings of the 2018 International Conference on Computing and Data Engineering, Shanghai, China.","DOI":"10.1145\/3219788.3219792"},{"key":"ref_2","unstructured":"Zhang, L., Li, F., Wang, P., Su, R., and Chi, Z. (2021). A Blockchain-Assisted Massive IoT Data Collection Intelligent Framework. IEEE Internet Things, 15."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3177847","article-title":"Current and Future Trends in Mobile Device Forensics","volume":"51","author":"Barmpatsalou","year":"2018","journal-title":"ACM Comput. Surv."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Gu, Y., and Lin, Z. (2016, January 9\u201311). Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics. Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA.","DOI":"10.1145\/2857705.2857707"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1109\/MSP.2017.4251107","article-title":"Mobile Forensics: Advances, Challenges, and Research Opportunities","volume":"15","author":"Chernyshev","year":"2017","journal-title":"IEEE Secur. Priv."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/MSP.2017.4251117","article-title":"The future of digital forensics: Challenges and the road ahead","volume":"15","author":"Caviglione","year":"2017","journal-title":"IEEE Secur. Priv."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1191","DOI":"10.1109\/COMST.2019.2962586","article-title":"A survey on the Internet of things (IoT) forensics: Challenges, approaches, and open issues","volume":"22","author":"Stoyanova","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3361216","article-title":"A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions","volume":"52","author":"Manral","year":"2020","journal-title":"ACM Comput. Surv."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2906149","article-title":"Cloud Log Forensics: Foundations, State of the Art, and Future Directions","volume":"49","author":"Khan","year":"2016","journal-title":"ACM Comput. Surv."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Tavabi, N., Bartley, N., Abeliuk, A., Soni, S., Ferrara, E., and Lerman, K. (2019, January 13\u201317). Characterizing Activity on the Deep and Dark Web. Proceedings of the Companion of The 2019 World Wide Web Conference, San Francisco, CA, USA.","DOI":"10.1145\/3308560.3316502"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Celestini, A., Me, G., and Mignone, M. (2016). Tor marketplaces exploratory data analysis: The Drugs Case. Global Security, Safety and Sustainability\u2013The Security Challenges of the Connected World, Springer.","DOI":"10.1007\/978-3-319-51064-4_18"},{"key":"ref_12","unstructured":"(2021, September 12). Internet Organized Crime Threat Assessment. Available online: https:\/\/www.europol.europa.eu\/activities-services\/main-reports\/internet-organised-crime-threat-assessment-iocta-2020."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"405","DOI":"10.1109\/TBIOM.2021.3078073","article-title":"Writer Identification Using Microblogging Texts for Social Media Forensics","volume":"3","author":"Belvisi","year":"2021","journal-title":"IEEE Trans. Biom. Behav. Identity Sci."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"171796","DOI":"10.1109\/ACCESS.2020.3024198","article-title":"Evolution of dark web threat analysis and detection: A systematic approach","volume":"8","author":"Nazah","year":"2020","journal-title":"IEEE Access"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1145\/2811403","article-title":"A Systematic Survey of Online Data Mining Technology Intended for Law Enforcement","volume":"48","author":"Edwards","year":"2015","journal-title":"ACM Comput. Surv."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"8133","DOI":"10.1109\/JIOT.2020.3004376","article-title":"Emotion Detection in Online Social Networks: A Multilabel Learning Approach","volume":"7","author":"Zhang","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Liao, X., Yuan, K., Wang, X.F., Li, Z., Xing, L., and Beyah, R. (2016, January 24\u201328). Acing the IoC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.","DOI":"10.1145\/2976749.2978315"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"567","DOI":"10.1007\/s12027-020-00602-0","article-title":"Criminal justice, artificial intelligence systems, and human rights","volume":"20","year":"2020","journal-title":"ERA Forum"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1109\/MSEC.2019.2925649","article-title":"Artificial Intelligence for Law Enforcement: Challenges and Opportunities","volume":"17","author":"Raaijmakers","year":"2019","journal-title":"IEEE Secur. Priv."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"4262","DOI":"10.1109\/JIOT.2018.2845412","article-title":"Data Driven Feature Selection for Machine Learning Algorithms in Computer Vision","volume":"5","author":"Zhang","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Du, X., Hargreaves, C., Sheppard, J., Anda, F., Sayakkara, A., Le-Khac, N.-A., and Scanlon, M. (2020, January 25\u201328). SoK: Exploring the state of the art and the future potential of artificial intelligence in digital forensic investigation. Proceedings of the 15th International Conference on Availability, Reliability and Security, Virtual Event, Ireland.","DOI":"10.1145\/3407023.3407068"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"222310","DOI":"10.1109\/ACCESS.2020.3041951","article-title":"A Survey on Machine Learning Techniques for Cyber Security in the Last Decade","volume":"8","author":"Shaukat","year":"2020","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"181302","DOI":"10.1109\/ACCESS.2020.3028420","article-title":"Comparison of Machine Learning Algorithms for Predicting Crime Hotspots","volume":"8","author":"Zhang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"184560","DOI":"10.1109\/ACCESS.2020.3029280","article-title":"Artificial intelligence security threat, crime, and forensics: Taxonomy and open issues","volume":"8","author":"Jeong","year":"2020","journal-title":"IEEE Access"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"558","DOI":"10.1016\/j.future.2016.12.032","article-title":"Digital forensic intelligence: Data subsets and Open-Source Intelligence (DFINT+OSINT): A timely and cohesive mix","volume":"78","author":"Quick","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"172","DOI":"10.1016\/j.jpdc.2019.12.017","article-title":"A semantic-based methodology for digital forensics analysis","volume":"138","author":"Amatoa","year":"2020","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1361-3723(15)30045-2","article-title":"Digital forensics: The missing piece of the Internet of Things promise","volume":"2016","author":"Watson","year":"2016","journal-title":"Comput. Fraud. Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1016\/S0167-4048(03)00404-8","article-title":"Evidence analysis","volume":"22","author":"Wolfe","year":"2003","journal-title":"Comput. Secur."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Louw, D. (2015). Forensic psychology. International Encyclopedia of the Social & Behavioral Sciences, Elsevier. [2nd ed.].","DOI":"10.1016\/B978-0-08-097086-8.21074-X"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"292","DOI":"10.1016\/S0167-4048(03)00405-X","article-title":"The role of criminal profiling in the computer forensics process","volume":"22","author":"Rogers","year":"2003","journal-title":"Comput. Secur."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/1\/4\/29\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:07:40Z","timestamp":1760166460000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/1\/4\/29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,30]]},"references-count":30,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,12]]}},"alternative-id":["jcp1040029"],"URL":"https:\/\/doi.org\/10.3390\/jcp1040029","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,30]]}}}