Explore the vast range of titles available.

The possession of smart devices has ingrained itself into daily life. Therefore, smart devices, such as IoT and smartphones, are crucial sources of evidence in instances where criminal activity occurs. Due to the challenges in traditional digital forensic techniques involving smart devices, it has been recently proposed in the literature to leverage electromagnetic side-channel analysis (EM-SCA) for the purpose. This paper identifies and discusses an important barrier that exists in the application of EM-SCA for digital forensics that hinders its successful use, namely, the issue of cross-device portability of machine learning (ML) models that are used for EM-SCA. Firstly, the paper empirically evaluates the possibility of using trained ML models to extract forensic insights from EM radiation data of IoT devices. During this empirical study, the inability to reuse a trained ML model across different devices is identified. Secondly, the paper surveys the literature in search of related work that has studied the use of EM-SCA to gather information from smart devices. The purpose of the survey is to identify whether any existing work has been able to introduce potential approaches to enable cross-device portability of ML models in EM-SCA. The findings of this survey point to the fact that the identified problem still exists and requires further studies opening the door to future research.

The Metaverse is currently becoming a massive technology platform and is considered to be the next significant development in global technology and business landscapes. The Metaverse is a digital platform that people can enter or transport virtual items with a device as a medium, implemented as virtual but very similar to the real world through the concept of the digital twin as used in smart cities. The Metaverse is currently in its infancy but is developing gradually. However, the potential threat of crime in this new world already has become a concern. As the Metaverse becomes more similar to the real world, the events that occur in it can affect the real world as well. Therefore, digital forensic research on the Metaverse is necessary to investigate crimes occurring in the Metaverse, such as money laundering, virtual burglaries, virtual theft, and fraud. In this paper, we present the conceptual architecture of the Metaverse and discuss what are termed metacrimes, crimes that may occur within the Metaverse, and address the need for research on digital forensic investigations of the Metaverse. Furthermore, we propose a Metaverse forensic framework for the first time; it consists of four phases based on the digital forensic guidance of NIST. These are data collection, examination and retrieval of evidence, analysis, and reporting. In the framework, we provide three different procedures in the data collection phase and examination phase by dividing them into three categories: user, service, and the Metaverse platform. Finally, we discuss the challenge of digital forensic investigations in the Metaverse from three standpoints: data possession, anti-forensics, and privacy.

Purpose Based on this holistic model, the authors propose and analyze seven key issues related to the admissibility of digital media in cross-border trials considering four Latin American countries. Design/methodology/approach The authors apply the modeling process of the soft systems methodology by Checkland in order to develop a holistic model focused on human situation problems involving digital media and information technology devices or systems. Findings The authors discuss the status of the identified key issues in each country and offer a perspective on the integration of cross-border work analyzing the contribution of these key issues to the collaboration between countries criminal cases or the use of foreign digital artifacts in domestic trials. Research limitations/implications In this study, the authors assumed that the problems of official interaction between agencies of different countries are considered solved. However, for future studies or research, the authors recommend that these issues can be considered as relevant, since they are related to cross-border cooperation topics that will necessarily require unavoidable official arrangements, agreements and formalities. Practical implications This work is aimed at defining and analyzing the key issues that can contribute to the application of current techniques and methodologies in digital forensics as a tool to support the legal framework of each country, considering cross-border trials. Finally, the authors highlight the implications of this study lie in the identification and analysis of the key issues that must be considered for digital forensics as a support tool for the admissibility of digital evidence in cross-border trials. Social implications The authors consider that digital forensic will have high demand in cross-border trials, and it will depend on the people mobility between the countries considered in this study. Originality/value This paper shows that the soft systems methodology allows elaborating a holistic model focused on social problems involving digital media and informatics devices.

The proliferation of Internet of Things (IoT) devices presents significant challenges for cybersecurity and digital forensics, particularly as these devices have become increasingly weaponised for malicious activities. This research focuses on the forensic analysis capabilities of Raspberry Pi devices configured with Kali Linux, comparing their forensic capabilities to conventional PC-based forensic investigations. The study identifies key gaps in existing IoT forensic methodologies, including limited tool compatibility, constrained data retention, and difficulties in live memory analysis due to architectural differences. The research employs a testbed-based approach to simulate cyberattacks on both platforms, capturing and analysing forensic artefacts such as system logs, memory dumps, and network traffic. The research findings reveal that while traditional PCs offer extensive forensic capabilities due to superior storage, tool support, and system logging, Raspberry Pi devices present significant forensic challenges, primarily due to their ARM architecture and limited forensic readiness. The study emphasises the need for specialised forensic tools tailored to IoT environments and suggests best practices to enhance forensic investigation capabilities in weaponised IoT scenarios. This research contributes to the field by bridging the gap between theoretical frameworks and real-world forensic investigations, offering insights into the evolving landscape of IoT forensics and its implications for digital evidence collection, analysis, and forensic readiness.

With the growing intensity of global cybersecurity threats and the rapid advancement of attack techniques, strengthening enterprise information and communication technology (ICT) infrastructures and enhancing digital forensics have become critical imperatives. Cloud environments, in particular, present substantial challenges due to the limited availability of effective forensic tools and the pressing demand for impartial and legally admissible digital evidence. To address these challenges, we propose a proactive digital forensics mechanism (P-DFM) designed for emergency incident management in enterprise settings. This mechanism integrates a range of forensic tools to identify and preserve critical digital evidence. It also incorporates the MITRE ATT&CK framework with Security Information and Event Management (SIEM) and Managed Detection and Response (MDR) systems to enable comprehensive and timely threat detection and analysis. The principal contribution of this study is the formulation of a novel Proactive Digital Evidence Forensics Standard Operating Procedure (P-DEFSOP), which enhances the accuracy and efficiency of security threat detection and forensic analysis while ensuring that digital evidence remains legally admissible. This advancement significantly reinforces the cybersecurity posture of enterprise networks. Our approach is systematically grounded in the Digital Evidence Forensics Standard Operating Procedure (DEFSOP) framework and complies with internationally recognized digital forensic standards, including ISO/IEC 27035 and ISO/IEC 27037, to ensure the integrity, reliability, validity, and legal admissibility of digital evidence throughout the forensic process. Given the complexity of cloud computing infrastructures—such as Chunghwa Telecom HiCloud, Amazon Web Services (AWS), Google Cloud, and Microsoft Azure—we underscore the critical importance of impartial and standardized digital forensic services in cloud-based environments.

How can organisations be forensically ready? As organisations are bound to be criticised in the digitally developing world, they must ensure that they are forensically ready. The readiness of digital forensics ensures compliance in an organisation’s legal, regulatory, and operational structure. Several digital forensic investigative methods and duties are based on specific technological designs. The present study is the first to address the core principles of digital forensic studies, namely, reconnaissance, reliability, and relevance. It reassesses the investigative duties and establishes eight separate positions and their obligations in a digital forensics’ investigation. A systematic literature review revealed a gap in the form of a missing comprehensive direction for establishing a digital forensic framework for ethical purposes. Digital forensic readiness refers to the ability of a business to collect and respond to digital evidence related to security incidents at low levels of cost and interruption to existing business operations. This study established a digital forensic framework through a systematic literature review to ensure that organisations are forensically ready to conduct an efficient forensic investigation and to cover ethical aspects. Furthermore, this study conducted a focus group evaluation through focus group discussions to provide insights into the framework. Lastly, a roadmap was provided for integrating the system seamlessly into zero-knowledge data collection technologies.

Although digital forensics has traditionally been associated with law enforcement, the impact of new regulations, industry standards and cyber-attacks, combined with a heavy reliance on digital assets, has resulted in a more prominent role for digital forensics in organizations. Modern organizations, therefore, need to be forensically ready in order to maximize their potential to respond to forensic events and demonstrate compliance with laws and regulations. However, little research exists on the assessment of organizational digital forensic readiness. This paper describes a comprehensive approach to identifying the factors that contribute to digital forensic readiness and how these factors work together to achieve forensic readiness in an organization. We develop a conceptual framework for organizational forensic readiness and define future work towards the empirical validation and refinement of the framework.

PurposeThe purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.Design/methodology/approachThis paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.FindingsWhile threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.Originality/valueThe proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.

The surge in big data and analytics has catalysed the proliferation of cybercrime, largely driven by organisations’ intensified focus on gathering and processing personal data for profit while often overlooking security considerations. Hadoop and its derivatives are prominent platforms for managing big data; however, investigating security incidents within Hadoop environments poses intricate challenges due to scale, distribution, data diversity, replication, component complexity, and dynamicity. This paper proposes a big data digital forensics readiness framework and an incident response script for Linux–Hadoop environments, streamlining preliminary investigations. The framework offers a novel approach to digital forensics in the domains of big data and Hadoop environments. A prototype of the incident response script for Linux–Hadoop environments was developed and evaluated through comprehensive functionality and usability testing. The results demonstrated robust performance and efficacy.

This third edition provides the investigative framework that needs to be followed, along with information about how cyberspace works and the tools that reveal the who, where, what, when, why and how in the investigation of cybercrime.