Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers by Carrier - Literature review Example

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers – Analysis Name: University: Date: Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers – Analysis Abstract The objective of this paper is to examine the research conducted by Carrier (2003). The author's central purpose and methods utilised to achieve this purpose will be examined. This will be achieved by systematically reviewing the observations and assessing the theories used. Besides that, the techniques used will be reviewed and how they were performed. This paper will also review the type of data Carrier (2003) attained using these techniques and how he interpreted the date. More importantly, this paper seeks to determine the objective evidence that was achieved from the efforts of the author and try to relate the interpreted results with the original problem. The paper will also seek to establish whether the research offered new understanding and reliable information regarding in the field of digital forensic examination. Introduction Carrier (2003) paper addresses a number of problems in the research; for instance, they utilise abstraction layers to identify where digital forensic tools can bring in errors and offer requirements which the tools have to follow. Besides that, the author defines the forensic analysis types’ categories in terms of abstraction layers. According to the author, the results generated by the existing digital forensic tools can be utilised successfully in prosecutions; however, they do not have designs which were formed with the needs of forensic science. Although they allow the investigator to access evidence, they do not offer access to techniques that could be used to verify the reliability of the evidence. Therefore, Carrier (2003) tries to provide a solution to these problems. The objectives that are expected from the research include: To offer tools that could be used to analyse data and extract evidence. To define the tools for digital forensic analysis and offer discussion regarding abstraction layers To describe how all data can be presented accurately at an abstraction layer and also provide a format which could be utilised effectively by the investigator in identifying evidence. To analyse the role of the tools while conducting digital forensic analysis The research assumption was rooted in the fundamental notion of abstraction layers. According to Carrier (2003), in every form of digital data there exists an abstraction layer; for that reason, the discussion of the error types, properties, and definitions of abstraction layers when utilising in the digital forensic examination is new. Background The author has provided a reference list with the objective of providing the readers adequate information that would enable them to locate as well as verify the sources that have been used. Clearly the author offered complete and accurate information for all sources that he has cited. To embed his own work in the related literature, the author has cited the related work in the text and has also listed all the references that have been cited at the end of his paper. He has followed the simple rule of research writing that all the cited sources have to be listed. By referencing his work, the author has acknowledged the other researchers and writers contribution in his work. The author used journal papers, conference papers, and workshop papers to offer evidence that supports his claims as well as assertions. He enables the readers to effectively trace the sources of the information used. The author sourced his data from eight sources; the first cited paper is a workshop paper by Brian Carrier which was published in Syracuse, New York in 2002. The second paper is a journal paper by Eoghan Casey published in the International Journal of Digital Evidence in the summer of 2002. The third paper is a conference paper by Peter Gutmann which was published in the 6th USENIX Security Symposium Proceedings that happened in San Jose, California in 1996. The fourth paper is a journal paper by Chet Hosmer that was also published in the International Journal of Digital Evidence in the spring of 2002. The fifth paper is a white paper from Microsoft Organization that was published in 2002. The sixth paper used by the author is an online article published in unspecific date by National Institute of Standards and Technology (NIST). The seventh paper is a technical paper from NIST that was published in Gaithersburg, Maryland in 2001. The last paper is a workshop paper by Gary Palmer that was published in Utica, New York in 2001. Additional references that were consulted to complete this assignment include a conference paper by Thorpe, Grandison, and Ray (2012); the authors utilise the theory of abstraction layers to enable cloud forensics while describing the goals and purpose of examination analysis tools for digital forensics. They utilise virtual machine (VM) abstraction as the layer of Meta abstraction to determine how forensic audit tools (VM log) through generalisation could bring about errors. Akin to Carrier (2003), the authors offer requirements which must be followed by such tools in order to steer clear of these errors. Another journal paper consulted is by Ademu, Imafidon, and Preston et al. (2011), which introduce a consistent as well as structured digital forensic investigation approach. According to the authors, the digital forensic science offer techniques, tools, as well as methods that are scientifically proven to obtain and examine the digital evidence. Their research objective was to identify activities which could improve and facilitate the process of digital forensic investigation. Another additional reference used is a journal paper by Kaur, Kaur, and Khurana (2016), which also examines the different forensic tools utilised to analyse the security flaws associated with digital forensics. Besides that, Kamble and Jain (2015, p.167) research paper was also consulted because it also discusses the challenges that investigators experience while trying to find digital evidence. Proposed Approach The type of research conducted by Carrier (2003) is more like a literature review, since he used previous studies such as conference proceedings, online articles, workshop papers and journal papers that are related to the research topic.  The previous studies used by the author contain research objectives and problem, a review of the literature, assumptions, findings, and so forth. Basically, most of these studies cited by Carrier (2003) tested theory tenets, a certain hypothesis, or tried to answer a certain research question. Use of previous studies is important because it enabled the author to provide a recapitulation and comprehensive overview on the topic of digital forensics from the past and current studies; thus, enabling the reader to understand the direction of the research. The use of previous studies enabled the author to offer the tools that could be used to analyse data and extract evidence and also to offer a discussion with regard to abstraction layers. The objectives of Ademu, Imafidon, and Preston (2011, p.177) research was almost similar to that of Carrier (2003), but they adopted a four tier iteratve approach. According to the authors, the whole process of digital forensic investigation takes place iterativly in four distinctive stages; the preparation, collection and documentation, examination and analysis, as well as reviewing and reporting. Besides that, the used literature review to review the different tools that can be used to perform the digital forensic analysis. Carrying out a literature review enabled Ademu, Imafidon, and Preston (2011) to critically sum up the available understanding of the research topic and to effectively identify the strengths and weaknesses of the previous studies. Carrier’s (2003) use of previous studies offered the context through which to place his study. The solution developed by Carrier (2003) includes how layers of abstraction layers could be utilised in the contemporary digital systems. The author describes how tools of digital forensics analysis should be translated and offers an error value which could facilitate in finding the reliability level of the result. Clearly, there is no perfect software; for that reason, all analysis tools have some form of errors. The author tries to develop a common language to facilitate the discussion of the techniques and tools that are utilised in digital forensic examination and analysis. Carrier (2003) research has some limitations; for instance, the set of objectives he has proposed are arguably curtailed and the objective of proposing them was to encourage further development and discussion in the digital forensic examination and analysis. Besides that, the paper scope is limited in terms of phases of analysis as well as identification. There is the need for future work to make sure that the authors’ recommendations can be applied to the field of digital forensics. Furthermore, there is the need for collaborative inputs not just from the practitioner communities but also academic in order to increase rigour and robustness of the author’s findings. There is no specific type of experiment that has been carried out in the research since the authors did not adopt a scientific and systematic approach to the research. Furthermore, the researcher has not manipulated more than one variable in order to measure and control changes in the variables. Clearly, the author did not adopt experimental research since there was no specific phenomenon that had to be predicted. Normally, authors use experiments to explain different types of causation and to determine whether the independent variable has an effect on the dependent variable. For instance, Thorpe, Grandison, and Ray (2012) experimented with the virtual machine log forensic audit tools to determine how the investigator can present every data at the meta abstraction layer. Conclusion In conclusion, the author has provided a solid knowledge foundation in the area of digital forensic examination and analysis. More importantly, the author has cited previous studies to provide reliable findings and also to enable the readers to understand the source of the information. The author has utilised the abstraction layers theory to explain the goals and purpose of the tools used in digital forensic examination and analysis. By utilising the layers of abstraction, the author has successfully identified where the tools could bring in errors. For that reason, the author has offered requirements that have to be followed by the tools. The reliability and consistency of the research paper are attributed to dense and rich data cited from the previous studies and utilisation of systematic approach. Opinion on the Research Carried Out In my opinion, the research carried out is somewhat shallow and less reliable because it only provides theoretical evidence but does not have empirical evidence. For instance, Thorpe et al. (2012) and Kaur, Kaur, and Khurana (2016) study are almost similar to that of Carrier (2003) but they conducted experiment to determine whether their proposed model is feasible. Carrier (2003) propose definitions and types of error types related to abstraction layers but only provides theoretical evidence on how these layers can be expanded and refined by the investigators. There is no case study example that has been provided by the author on how the forensic investigator could gain from the digital forensic tools discussed in the paper. I believe that technological advancement in the field of digital forensics creates the need for a structured framework that could enable investigators to create standard operational procedures which could be effectively tested as well as validated swiftly. It is surprising that the research paper did not discuss how iterative structure as evidenced in Kamble and Jain (2015, p.167) study could be beneficial to the digital forensic practitioners in building a case that is forensically sound. Although the author tries to develop a simplified and consistent guide on digital forensic examination and analysis tools, he does not provide a case study to enable the reader to understand the role of the tools while conducting the digital forensic analysis. Besides that, the reliability of the research paper is put into question because the method used to collect data do not allow for the assessment of that could help ascertain the reliability and truthfulness of the data used. The author relied on previous studies to conduct his research and did not conduct an empirical study to ascertain the reliability of the cited references. Since there is no piece of empirical data gathered in this research, it is evident that the researcher did not design his research method carefully to ensure integrity, quality and accuracy, of information used in the study. References Ademu, I. O., Imafidon, C. O., & Preston, D. S. (2011). New Approach of Digital Forensic Model for Digital Forensic Investigation. International Journal of Advanced Computer Science and Applications, 2(12), 175-178. Carrier, B. (2003). Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers. International Journal of Digital Evidence, 1(4), 1-11. Kamble, D. R., & Jain, N. (2015). DIGITAL FORENSIC TOOLS: A COMPARATIVE APPROACH. International Journal of Advance Research In Science And Engineering, 4(2), 157-168. Kaur, M., Kaur, N., & Khurana, S. (2016). A Literature Review on Cyber Forensic and its Analysis tools. International Journal of Advanced Research in Computer and Communication Engineering, 5(1), 23-28. Thorpe, S., Grandison, T., & Ray, I. (2012). Cloud Computing Log Evidence Forensic Examination Analysis. Proceedings of the 2nd Cybercrime Security, and Digital Forensics Conference, (pp. 1-10). London, UK. Read More