{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T13:31:21Z","timestamp":1762176681234},"reference-count":33,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,4,1]]},"abstract":"<p>Digital forensics investigations are an important task for collecting evidence based on the artifacts left in computer systems for computer related crimes. The requirements of such investigations are often a neglected aspect in most of the existing models of digital investigations. Therefore, a formal and systematic approach is needed to provide a framework for modeling and reasoning about the requirements of digital investigations. In addition, anti-forensics situations make the forensic investigation process challenging by contaminating any stage of the investigation process, its requirements, or by destroying the evidence. Therefore, successful forensic investigations require understanding the possible anti-forensic issues during the investigation. In this paper, the authors present a new method for guiding digital forensics investigations considering the anti-forensics based on goal-driven requirements engineering methodologies, in particular KAOS. Methodologies like KAOS facilitate modeling and reasoning about goals, requirements and obstacles, as well as their operationalization and responsibility assignments. The authors believe that this new method will lead in the future to better management and organization of the various steps of forensics investigations in cyberspace as well as provide more robust grounds for reasoning about forensic evidence.<\/p>","DOI":"10.4018\/jdcf.2013040101","type":"journal-article","created":{"date-parts":[[2013,9,3]],"date-time":"2013-09-03T16:09:07Z","timestamp":1378224547000},"page":"1-22","source":"Crossref","is-referenced-by-count":7,"title":["A Framework for Digital Forensics and Investigations"],"prefix":"10.4018","volume":"5","author":[{"given":"Benjamin","family":"Aziz","sequence":"first","affiliation":[{"name":"School of Computing, University of Portsmouth, Portsmouth, UK"}]},{"given":"Clive","family":"Blackwell","sequence":"additional","affiliation":[{"name":"Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, UK"}]},{"given":"Shareeful","family":"Islam","sequence":"additional","affiliation":[{"name":"School of Architecture, Computing and Engineering, University of East London, London, UK"}]}],"member":"2432","reference":[{"key":"jdcf.2013040101-0","doi-asserted-by":"crossref","unstructured":"Aziz, B. (2012). Towards goal-driven digital forensics investigations. In Proceedings of the 2nd International Conference on Cybercrime, Security and Digital Forensics (Cyfor-12), London, UK.","DOI":"10.4018\/jdcf.2013040101"},{"key":"jdcf.2013040101-1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2005.04.002"},{"key":"jdcf.2013040101-2","doi-asserted-by":"crossref","unstructured":"Blackwell, C. (2009). A reasoning agent for credit card fraud on the internet using the event calculus. International Journal of Electronic Security and Digital Forensics, 2(1), Inderscience.","DOI":"10.1504\/IJESDF.2009.023878"},{"key":"jdcf.2013040101-3","unstructured":"Blackwell, C., Islam, S., & Aziz, A. (2013). Implementation of digital forensics investigations using a goal-driven approach for a questioned contract. In Proceedings of the 9th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, FL."},{"key":"jdcf.2013040101-4","doi-asserted-by":"crossref","unstructured":"Brezinski, D., & Killalea, T. (2002). Guidelines for evidence collection and archiving. RFC 3227.","DOI":"10.17487\/rfc3227"},{"key":"jdcf.2013040101-5","unstructured":"Broom, N. (2012). Declaration of Neil Broom, Ceglia v. Zuckerberg and Facebook, Inc. No. 1:10-cv-569-RJA-LGF, Technical Resource Center, Inc."},{"key":"jdcf.2013040101-6","unstructured":"Carrier, B. (2006). A hypothesis-based approach to digital forensic investigations. PhD thesis, CERIAS, Purdue University, CERIAS Tech Report 2006-06."},{"key":"jdcf.2013040101-7","unstructured":"Carrier, B. D., & Spafford, E. H. (2004). An event-based digital forensic investigation framework. In Proceedings of the 2004 Digital Forensics Research Workshop, Baltimore, MD."},{"key":"jdcf.2013040101-8","author":"E.Casey","year":"2011","journal-title":"Digital evidence and computer crime \u2013 Forensic science, computers and the internet"},{"key":"jdcf.2013040101-9","author":"E.Casey","year":"2010","journal-title":"Forensic discovery, handbook of digital forensics and investigation"},{"issue":"1","key":"jdcf.2013040101-10","article-title":"An extended model of cybercrime investigations.","volume":"3","author":"\u00d3Ciardhu\u00e1in","year":"2004","journal-title":"International Journal of Digital Evidence"},{"key":"jdcf.2013040101-11","author":"F.Cohen","year":"2009","journal-title":"Digital forensic evidence examination"},{"key":"jdcf.2013040101-12","doi-asserted-by":"crossref","unstructured":"Dahbur, K., & Mohammad, B. (2011). The anti-forensics challenge. In Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, ACM.","DOI":"10.1145\/1980822.1980836"},{"key":"jdcf.2013040101-13","doi-asserted-by":"crossref","unstructured":"Fernandez, E., Pelaez, J., & Larrondo-Petrie, M. (2007). Attack patterns: A new forensic and design tool. In Proceedings of the 3rd Annual IFIP WG 11.9 International Conference on Digital Forensics, Springer Advances in Digital Forensics III (pp 345-357), Orlando, FL.","DOI":"10.1007\/978-0-387-73742-3_24"},{"key":"jdcf.2013040101-14","unstructured":"Gladyshev, P. (2004). Formalising event reconstruction in digital investigations. Unpublished PhD thesis, Department of Computer Science, University College Dublin."},{"key":"jdcf.2013040101-15","unstructured":"Guidance Software. (2007). Guidance software response to iSEC xReport. Retrieved June 1, 2012, from http:\/\/www.securityfocus.com\/archive\/1\/474727"},{"key":"jdcf.2013040101-16","doi-asserted-by":"crossref","unstructured":"Harris, R. (2006). Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS06), Elsevier.","DOI":"10.1016\/j.diin.2006.06.005"},{"key":"jdcf.2013040101-17","unstructured":"Ieong, R. S. C. (2008). FORZA \u2013 Digital forensics investigation framework that incorporates legal issues. In Proceedings of the 8th Digital Forensic Research Workshop, Baltimore, MD."},{"key":"jdcf.2013040101-18","unstructured":"Islam, S. (2011). Software development risk management model \u2013 A goal-driven approach. Unpublished PhD thesis, Technische Universit\u00e4t M\u00fcnchen, Germany."},{"key":"jdcf.2013040101-19","doi-asserted-by":"crossref","unstructured":"Islam, S., & Houmb, S. H. (2010). Integrating risk management activities into requirements engineering. In Proceedings of the 4th IEEE Research International Conference on Research Challenges in Information Science (RCIS2010), France.","DOI":"10.1109\/RCIS.2010.5507389"},{"key":"jdcf.2013040101-20","unstructured":"Kessler, G. C. (2007). Anti-forensics and the digital investigator. In Proceedings of the 5th Australian Digital Forensics Conference, Perth, Australia."},{"issue":"2","key":"jdcf.2013040101-21","article-title":"a formalization of digital forensics.","volume":"3","author":"R.Leigland","year":"2004","journal-title":"International Journal of Digital Evidence"},{"key":"jdcf.2013040101-22","unstructured":"McKemmish, R. (1999). What is forensic computing? Trends and Issues in Crime and Criminal Justice, 118."},{"key":"jdcf.2013040101-23","unstructured":"MITRE Corporation. (n.d.). Common attack pattern enumeration and classification (CAPEC). Retrieved February 1, 2013, from http:\/\/capec.mitre.org"},{"key":"jdcf.2013040101-24","unstructured":"Palmer, G. (2001). A road map for digital forensic research (DFRWS Technical Report T001-01). Retrieved February 1, 2013, from http:\/\/www.dfrws.org\/2001\/dfrws-rm-final.pdf"},{"issue":"3","key":"jdcf.2013040101-25","article-title":"An examination of digital forensic models.","volume":"1","author":"M.Reith","year":"2002","journal-title":"International Journal of Digital Evidence"},{"key":"jdcf.2013040101-26","doi-asserted-by":"crossref","unstructured":"Rekhis, S., & Boudriga, N. (2012). A system for formal digital forensic investigation aware of anti-forensic attacks. IEEE Transactions on Information Forensics and Security, 7(2).","DOI":"10.1109\/TIFS.2011.2176117"},{"issue":"12","key":"jdcf.2013040101-27","first-page":"21","article-title":"Attack trees: Modeling security threats.","volume":"24","author":"B.Schneier","year":"1999","journal-title":"Dr. Dobb\u2019s Journal"},{"key":"jdcf.2013040101-28","unstructured":"Stroz Friedberg. (2012). Report of digital forensic analysis. In Paul D. Ceglia v. Mark Elliot Zuckerberg (Eds.), Individually, and Facebook, Inc. Civil Action No: 1:10-cv-00569-RJA. Retrieved March 26, 2012, from http:\/\/www.wired.com\/images_blogs\/threatlevel\/2012\/03\/celiginvestigation.pdf"},{"key":"jdcf.2013040101-29","doi-asserted-by":"crossref","unstructured":"van Lamsweerde, A. (2004). Elaborating security requirements by construction of intentional anti-models. In Proceedings of the 26th ACM-IEEE International Conference on Software Engineering (ICSE'04) (pp. 148-157). IEEE Press, Edinburgh, U.K.","DOI":"10.1109\/ICSE.2004.1317437"},{"key":"jdcf.2013040101-30","author":"A.van Lamsweerde","year":"2009","journal-title":"Requirements engineering: From system goals to UML models to software specifications"},{"key":"jdcf.2013040101-31","doi-asserted-by":"crossref","unstructured":"Vardi, M. Y. (2001). Branching vs. linear time: Final showdown. In Proceedings of the 7th International Conference On Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2001), Springer Lecture Notes in Computer Science 2031 (pp 1\u201322), Springer, Genoa, Italy.","DOI":"10.1007\/3-540-45319-9_1"},{"key":"jdcf.2013040101-32","unstructured":"Verizon Business (2009). 2009 data breach investigations report. A study conducted by the Verizon RISK Team in cooperation with the United States Secret Service."}],"container-title":["International Journal of Digital Crime and Forensics"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=83486","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,2]],"date-time":"2022-06-02T01:23:32Z","timestamp":1654133012000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jdcf.2013040101"}},"subtitle":["The Goal-Driven Approach"],"short-title":[],"issued":{"date-parts":[[2013,4,1]]},"references-count":33,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2013,4]]}},"URL":"https:\/\/doi.org\/10.4018\/jdcf.2013040101","relation":{},"ISSN":["1941-6210","1941-6229"],"issn-type":[{"value":"1941-6210","type":"print"},{"value":"1941-6229","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,4,1]]}}}