Explore the vast range of titles available.

The main purpose of anti-forensic computer techniques, in the broadest sense, is to hinder the investigation of a computer attack by eliminating traces and preventing the collection of data contained in a computer system. Nowadays, cyber-attacks are becoming more and more frequent and sophisticated, so it is necessary to understand the techniques used by hackers to be able to carry out a correct forensic analysis leading to the identification of the perpetrators. Despite its importance, this is a poorly represented area in the scientific literature. The disparity of the existing works, together with the small number of articles, makes it challenging to find one’s way around the vast world of computer forensics. This article presents a comprehensive review of the existing scientific literature on anti-forensic techniques, mainly DFIR (digital forensics incident response), organizing the studies according to their subject matter and orientation. It also presents key ideas that contribute to the understanding of this field of forensic science and details the shortcomings identified after reviewing the state of the art.

With the rapid development of information technology, fundamental changes have taken place in the way people work. However, computer crime has also become the main type of cases in the Internet era. Therefore, computer forensics technology has become an important research content of computer crime evidence collection. Firstly, this paper analyzes the relationship between computer forensics and data recovery. Then, this paper analyzes the steps of computer forensics. Finally, this paper analyzes the application of anti-forensics technology and computer forensics technology.

Due to the advancement of technology, cybercrime has increased considerably, making digital forensics essential for any organisation. One of the most critical challenges is to analyse and classify the information on devices, identifying the relevant and valuable data for a specific purpose. This phase of the forensic process is one of the most complex and time-consuming, and requires expert analysts to avoid overlooking data relevant to the investigation. Although tools exist today that can automate this process, they will depend on how tightly their parameters are tuned to the case study, and many lack support for complex scenarios where language barriers play an important role. Recent advances in machine learning allow the creation of new architectures to significantly increase the performance of information analysis and perform the intelligent search process automatically, reducing analysis time and identifying relationships between files based on initial parameters. In this paper, we present a bibliographic review of artificial intelligence algorithms that allow an exhaustive analysis of multimedia information contained in removable devices in a forensic process, using natural language processing and natural language understanding techniques for the automatic classification of documents in seized devices. Finally, some of the open challenges technology developers face when generating tools that use artificial intelligence techniques to analyse the information contained in documents on seized devices are reviewed.

Rapid technological advancement can have a substantial impact on the process of digital forensic investigation and presents numerous challenges to the investigator. With these challenges, it is imperative to have a standard framework for the digital forensic investigation to be implemented within most incidents. This induces a great stride to formulate a nonspecific framework that may be applied to most digital investigation procedures. The Next Generation Digital Forensic Investigation Model (NGDFIM) formalizes the framework to facilitates the practitioners in the investigation process. This framework could potentially generate more evidence during the incidence response through on-site triage as compared to conventional investigations process. Moreover, the framework diminishes the analysis time and provides the suspect with privacy protection by incorporating custom content imaging.

In a unique and systematic way, this book discusses the security and privacy aspects of the cloud, and the relevant cloud forensics.Cloud computing is an emerging yet revolutionary technology that has been changing the way people live and work. However, with the continuous growth of cloud computing and related services, security and privacy has become a critical issue. Written by some of the top experts in the field, this book specifically discusses security and privacy of the cloud, as well as the digital forensics of cloud data, applications, and services. The first half of the book enables readers to have a comprehensive understanding and background of cloud security, which will help them through the digital investigation guidance and recommendations found in the second half of the book.Part One of Security, Privacy and Digital Forensics in the Cloud covers cloud infrastructure security; confidentiality of data; access control in cloud IaaS; cloud security and privacy management; hacking and countermeasures; risk management and disaster recovery; auditing and compliance; and security as a service (SaaS). Part Two addresses cloud forensics – model, challenges, and approaches; cyberterrorism in the cloud; digital forensic process and model in the cloud; data acquisition; digital evidence management, presentation, and court preparation; analysis of digital evidence; and forensics as a service (FaaS).Thoroughly covers both security and privacy of cloud and digital forensicsContributions by top researchers from the U.S., the European and other countries, and professionals active in the field of information and network security, digital and computer forensics, and cloud and big dataOf interest to those focused upon security and implementation, and incident managementLogical, well-structured, and organized to facilitate comprehensionSecurity, Privacy and Digital Forensics in the Cloud is an ideal book for advanced undergraduate and master's-level students in information systems, information technology, computer and network forensics, as well as computer science. It can also serve as a good reference book for security professionals, digital forensics practitioners and cloud service providers.

The Metaverse is currently becoming a massive technology platform and is considered to be the next significant development in global technology and business landscapes. The Metaverse is a digital platform that people can enter or transport virtual items with a device as a medium, implemented as virtual but very similar to the real world through the concept of the digital twin as used in smart cities. The Metaverse is currently in its infancy but is developing gradually. However, the potential threat of crime in this new world already has become a concern. As the Metaverse becomes more similar to the real world, the events that occur in it can affect the real world as well. Therefore, digital forensic research on the Metaverse is necessary to investigate crimes occurring in the Metaverse, such as money laundering, virtual burglaries, virtual theft, and fraud. In this paper, we present the conceptual architecture of the Metaverse and discuss what are termed metacrimes, crimes that may occur within the Metaverse, and address the need for research on digital forensic investigations of the Metaverse. Furthermore, we propose a Metaverse forensic framework for the first time; it consists of four phases based on the digital forensic guidance of NIST. These are data collection, examination and retrieval of evidence, analysis, and reporting. In the framework, we provide three different procedures in the data collection phase and examination phase by dividing them into three categories: user, service, and the Metaverse platform. Finally, we discuss the challenge of digital forensic investigations in the Metaverse from three standpoints: data possession, anti-forensics, and privacy.

Smart technologies, such as the Internet of Things (IoT), cloud computing, and artificial intelligence (AI), are being adopted in cities and transforming them into smart cities. In smart cities, various network technologies, such as the Internet and IoT, are combined to exchange real-time information, making the everyday lives of their residents more convenient. However, there is a lack of systematic research on cybersecurity and cyber forensics in smart cities. This paper presents a comprehensive review and survey of cybersecurity and cyber forensics for smart cities. We analysed 154 papers that were published from 2015 to 2022 and proposed a new framework based on a decade of related research papers. We identified four major areas and eleven sub-areas for smart cities. We found that smart homes and the IoT were the most active research areas within the cybersecurity field. Additionally, we found that research on cyber forensics for smart cities was relatively limited compared to that on cybersecurity. Since 2020, there have been many studies on the IoT (which is a technological component of smart cities) that have utilized machine learning and deep learning. Due to the transmission of large-scale data through IoT devices in smart cities, ML and DL are expected to continue playing critical roles in smart city research.

In the domain of computer forensics, ensuring the integrity of operations like preservation, acquisition, analysis, and documentation is critical. Discrepancies in these processes can compromise evidence and lead to potential miscarriages of justice. To address this, we developed a generic methodology integrating each forensic transaction into an immutable blockchain entry, establishing transparency and authenticity from data preservation to final reporting. Our framework was designed to manage a wide range of forensic applications across different domains, including technology-focused areas such as the Internet of Things (IoT) and cloud computing, as well as sector-specific fields like healthcare. Centralizing our approach are smart contracts that seamlessly connect forensic applications to the blockchain via specialized APIs. Every action within the forensic process triggers a verifiable transaction on the blockchain, enabling a comprehensive and tamper-proof case presentation in court. Performance evaluations confirmed that our system operates with minimal overhead, ensuring that the integration bolsters the judicial process without hindering forensic investigations.

Intrusion detection system (IDS) has been developed to protect the resources in the network from different types of threats. Existing IDS methods can be classified as either anomaly based or misuse (signature) based or sometimes combination of both. This paper proposes a novel misuse based intrusion detection system to detect five categories such as: Exploit, DOS, Probe, Generic and Normal in a network. Further, most of the related works on IDS are based on KDD99 or NSL-KDD 99 data set. These data sets are considered obsolete to detect recent types of attacks and have no significance. In this paper UNSW-NB15 data set is considered as the offline dataset to design own integrated classification based model for detecting malicious activities in the network. Performance of the proposed integrated classification based model is considerably high compared to other existing decision tree based models to detect these five categories. Moreover, this paper generates its own real time data set at NIT Patna CSE lab (RTNITP18) which acts as the working example of proposed intrusion detection model. This RTNITP18 dataset is considered as a test data set to evaluate the performance of the proposed intrusion detection model. The performance analysis of the proposed model with UNSW-NB15 (benchmark data set) and real time data set (RTNITP18) shows higher accuracy, attack detection rate, mean F-measure, average accuracy, attack accuracy, and false alarm rate in comparison to other existing approaches. Proposed IDS model acts as the dog watcher to detect different types of threat in the network.

The proliferation of cybercriminal activities from 2023 to 2025 has highlighted the critical role of digital forensics in legal proceedings; however, resource constraints often limit access to effective investigative capabilities. Despite the technical adequacy of open-source digital forensic tools, courts typically favor commercially validated solutions because of the absence of standardized validation frameworks for open-source alternatives, creating unnecessary financial barriers to high-quality forensic investigations. This study aims to validate and enhance the conceptual open-source digital forensic framework developed by Ismail et al. (2024) to ensure the legal admissibility of evidence acquired through open-source tools. Through a rigorous experimental methodology utilizing controlled testing environments, we conducted comparative analyses between commercial tools (FTK and Forensic MagiCube) and open-source alternatives (Autopsy and ProDiscover Basic) across three distinct test scenarios: preservation and collection of original data, recovery of deleted files through data carving, and targeted artifact searching. Each experiment was performed in triplicate to establish repeatability metrics, with error rates calculated by comparing the acquired artifacts with control references. Our findings demonstrate that properly validated open-source tools consistently produce reliable and repeatable results with verifiable integrity comparable to their commercial counterparts. The enhanced three-phase framework integrating basic forensic processes, result validation, and digital forensic readiness to satisfy Daubert Standard requirements while providing practitioners with a methodologically sound approach. This study contributes significantly to digital forensics by democratizing access to forensically sound investigative capabilities without compromising legal admissibility requirements, ultimately benefiting resource-constrained organizations while maintaining the evidentiary standards necessary for judicial acceptance.