RESUMO
The evolution of digital media has increased the number of crimes committed using digital equipment. This has led to the evolution of the computer forensics area to digital forensics (DF). Such an area aims to analyze information through its main phases of identification, collection, organization, and presentation (reporting). As this area has evolved, many techniques have been developed, mainly focusing on the formalization of terminologies and concepts for providing a common vocabulary comprehension. This has demanded efforts on several initiatives, such as the definition of ontologies, which are a means to identify the main concepts of a given area. Hence, the existing literature provides several ontologies developed for supporting the DF area. Therefore, to identify and analyze the existing ontologies for DF, this paper presents a systematic literature review (SLR) in which primary studies in the literature are studied. This SLR resulted in the identification of ontology building methodologies, ontology types, feasibility points, evaluation/assessment methods, and DF phases and subareas ontologies have supported. These results were based on the analysis of 29 ontologies that aided in answering six research questions. Another contribution of this paper is a set of recommendations on further ontology-based support of DF investigation, which can guide researchers and practitioners in covering existing research gaps.
Assuntos
Ciências Forenses , Humanos , Ciências Forenses/métodos , Tecnologia Digital , Terminologia como Assunto , Vocabulário ControladoRESUMO
Digital forensics (DF) is becoming one of the most prestigious research areas in computer science due to its inherent nature of providing a means to acquire, examine, analyze, and report evidence to be used in legal processes. To successfully perform it, novel techniques, approaches, and tools have been proposed, experimented on, and evaluated by researchers. However, the experimentation process is not a trivial task in this area as substantial evidence is not accepted in court. Therefore, the experimentation process has to be improved in DF, especially its documentation and data sharing to enable its reproducibility. The objective of this paper is to characterize the state-of-the-art research on DF experiments. We conducted a Systematic Mapping Study (SMS), analyzing 107 primary studies reporting DF experiments. We demonstrate that DF experimentation somehow fails at documenting the most essential elements of an experiment, such as hypothesis, variables, design, instrumentation, validity evaluation, setup, training, datasets and benchmarks, statistical techniques (descriptive, hypothesis, and effect-size test), limitations, and data sharing. In this work, we also propose a set of recommendations to improve experimentation in DF, especially regarding its replication and reproducibility. DF experimentation should evolve if the community intends to provide reliable and reproducible studies. By embracing this, both academicians and practitioners might benefit from such experiments and evidence.