Digital Evidence Gathering For Relationship To Chain Of Custody Is Essential In Essay.

Digital Evidence Gathering and its Relationship to Chain of Custody (CoC)

Discuss about the Digital Evidence Gathering for Relationship to Chain of Custody.
 

With the introduction of modern technologies and advanced processes of communication through electronic medium, huge volumes of data are being generated at a high velocity each day. Various law enforcement officers face challenges with the extraction of the digital evidences from different types of data storage devices. The data gathered from any laptops, digital cameras, cellular phones, hard drives, computers and even game that are related to any offence are defined as Digital Evidence (Abalenkovs et al., 2012, p-2136). The digital evidences found in the electronic devices triggers investigation in any criminal case. During an investigation, both the physical and digital evidence plays important role in decision making procedure in courtroom.

With the advancement of technology, digital forensics utilizes several tools for the collection, security, analyzing, interpretation and presenting the digital evidence for the reconstruction of the series of events in a judicial process.  On the other hand, the Chain of Custody is defined as the legal procedure for documentation of the digital evidence in chronological manner.  Moreover, Ariffin et al., (2013, p-481) defined CoC (Chain of Custody) as in significant process for handing the evidences for investigation. The application of the CoC in the digital evidence allows in correlating the documents to the time, persons, place involved in each stage of the investigation.

Therefore, the need of forensic tool for gathering and evaluating the digital evidence has increased simultaneously. In any forensic cases, the digital evidence assists in demonstrating the truth and simultaneously its consequences. Damshenas et al., (2012, p-192) cited that the admissibility of the evidence is dependent upon the qualities as observed by the judge. Therefore, the validity of the evidences is directly connected to the ‘chain of custody’. The validity of the evidences in turn increases the reliability and efficiency of the procedure. Since, the digital evidences are away from the sensory perception; it cannot be submitted without a chain of custody.

This particular essay aims at evaluating the procedure of gathering digital evidence with the application of the Chain of Custody. Furthermore, the various components of the CoC are considered for evaluation and its importance while collecting crucial data related to investigation (Dezfoli et al., 2013, p-61). The essay assists in understanding the relationship between the Chain of custody and procedure for collecting digital evidence for investigation. 

To make a proper a prominent process of COC or chain of custody investigator need to follow-up with some basic components of COC. The components of COC are the some sort of standardized elements which are used to identify or measure the value of digital evidence in the circumstances of digitized investigation process (Ibrahim et al., 2012, p-254). Some of the necessary components or tenants are described below –

Main Components of CoC:

Evidence Collection time: Each and every evidence is comes with a time period and time span during the collection of evidence from the place of investigation which also include the evidence collection date (Lalla et al., 2012, p-248). The Collection date and time refer the time span of collected evidence so it can be relate to the crime incident. Date and time of digital evidence validate their circumstances with real world scenario.

Evidence Collection Spot: Investigation place may be differing by their location of crime spot because the evidence may found in some remote location which may not directly connected to the crime spot (Mishra at al., 2012, p-166). The document which are collected from the exact location of crime scene is can be classified as direct evidence and the evidence which are came from different area of investigation place can be classified as indirect source location of a digital evidence.

Investigation person or the Investigating authority: In the process of digital evidence collection and procurement service the main key role is played by its investigating officer. Each and every perspective of storing and preservation of data are run through a proper channel of authorization (Nasreldin et al., 2015, p-153). The main reason of this fragment is to secure the evidence collection base so, that one unknown entity (suspect) may not harm or contaminate the evidences which are acquired from the crime spot or investigation.

Type of Digital Media: The frame of the digital evidence procurement services also differs. The information which kept on digital media unit for the analysis collected evidence is needed to be ciphered by a strong cryptographic algorithm so that it cannot be accessible by the conventional media player (Shrivastava et al., 2013, p-532). This processes of conversion of format not only abstract the information it also maintained the privileged of information from the outsiders.

Media Owner Identification: If digital document or media is ceased from the investigation scene then it is necessary to identify or locate the person who owned the digital content. In a short way of description, it can say that the Identification process must conclude some investigation about the owner of the media (Simou et al., 2014, p-303).

Indexing of Collected Evidence: Investigators are work on a very big geographic domain or area, so it is not possible to memories all the evidence which are collected from different sources. So For the purpose of proper storage utilization, indexing technique needs to collaborate with the evidence collection unit.

CoC’s Importance for Gathering Digital Evidence:

Device Description: For getting a flexible accessibility investigation process needs to accumulate a distinguish technology or method which can store information about device type, capacity, serial no, etc. (Wu et al., 2013, p-18).

Hash verification: All the information or the files are secured and processed by hash verification process for future reusability and data integrity. Hash value processing method creates a unique serial number which contain data file's cyclic redundancy information. And in any case of using the documents on an investigation purpose it is necessary to recalculate the hash value with the notation of previously captured hash value and if the new calculation process produce the same value the information is allowed for further verification (Hitchcock, Le-Khac, & Scanlon, 2016, p-81). 

Analytical Tools: The primary backbone of the entire digital forensic investigation system is the analytical tools which are used to determine the objective or the purpose of the evidence and its validity. The analytic or forensic tolls come in two type's format one is propriety, and another one is open source utility (Rani, Sultana, & Sravani, 2016, p-98). All the tools are differed by their functionality and area of action.

The above mentioned components and function are here to declare the process of forensic investigation over digital media.

 Establishment of the Chain of Custody for authentication of the digital evidence is crucial need before presenting the evidence in the courtroom. The transfer, storage and seizure of the evidence are accounted through the CoC. Pichan, Lazarescu, and Soh, (2015, p-43) cited that it is essential for the application CoC procedure for the admissible of digital evidence for investigation in court. 

Importance to the Investigators: The forensic data gathered from the digital devices allowed the investigators to view the metadata of the digital file but restricts the identification of the procedures the file was created. Since, some information about the gathered data are missing does not imply that the data have been compromised. Siegel, and Mirakovits, (2015, p-55) showed that the chain of custody allows the investigators to discover the location, process and creator of the acquired evidence.

Importance to the Courtroom: The presentation of the Chain of Custody allows the prosecutor or the attorney to dismiss or challenge the series of digital evidences produced in the courtroom. With the proper utilization of the Chain of Custody along with digital evidence like video and audio evidences provides admissibility and authenticity of the presented evidences in the court. De Marco, Ferrucci, and Kechadi, (2014, p-251) showed that the various new procedures for establishing the Chain of Custody are becoming popular in the legal procedures. Moreover, the online services available for recording the CoC of the digital evidence Nelson, Phillips, and Steuart, (2014, p-187). Further, the introduction f he cloud storage has significantly eliminated the need of the file transfer and presentation of the physical copies of the digital evidence. Elyas  et al., (2014, p-101) cited, that the standard procedure for backup, security measures and surveillance cameras are followed in the CoC that has impress the reliability of the digital evidences.  Apart from that, the Chain of Custody allows the investigator to track his steps whenever any wrong or improper evidence is found during the authentication procedure. During the case of doubt of the reliability of the evidences, the process of CoC allows to find the person responsible for the flaws with the backtracking process. 

Importance to the Investigation: The applicator of the Chain of Custody is the first crucial process for authenticating the video and audio evidences presented in courtroom. Identification of the Chain of Custody allows in determining whether the digital evidence has been coned or copied.  With the advancement of technology, the digital media has become more easily accessible for modification, alteration and editing. Most of the time, the physical evidences are directly not available during the time of seizure or acquisition. Prayudi, Ashari, and Priyambodo, (2014, p-61) cited, that in many cases, the digital media are obtained from the police or clients that are accompanied by series of other legal documents. The paper trial is the significant part of the timeline as it authenticated the source and destination of the file transfer. With the application of the CoC, the prosecutor can raise questions about the authenticity of the digital evidence in case of missing timeline in the investigation. Creating a Chain of Evidence with all the digital evidences in the investigation eliminated all the suspicious against the reliability and authenticity of evidences provided in the courtroom (Shridhar, Chandrakant, & Baburao, 2014, p-52). Furthermore, the Chain of Custody provides access to the administrative of retrieval, modification and date of access to the evidence.

The procedure of the chain of the custody the application of the forensic process is applied on the copy of the digital evidence while the original copy is kept intact. Therefore, the CoC also allows comparison of the examined file with the original one (Stirland et al., 2014, p-99). Therefore, maintaining a Chain of Custody is one of the crucial processes for proving proof for the authenticity of the evidence provided. 

The Chain of Custody provides the detailed record of items or digital evidence possessed by each individual in a particular instance of timeline for investigation. The Chain of custody of the digital data has the risks of alteration and comprised (Taylor, Fritsch, & Liederbach, 2014, p-252). The Chain of Custody for digital evidence begins from the collection phase, to evaluation phase till the presentation to the court for justice. The data stored in the database has the potential for getting altered, misplaced and compromised. The Chain of Custody can be compromised n various ways including the failure to indentify the digital data as evidence from the crime cite. Moreover, the failure to collect raw data from the investigation site before it has been manipulated with. The digital data need to be stored in safe and secure places for maintaining and securing the log of the people accessing the files. The storage capacity and technological devices has evolved exponentially with time (Bulbul, Yavuzcan, & Ozel, 2013, p-247). Moreover, the inefficiency in understanding the how the digital data can be authenticated fails to provide justification to the Chain of Custody.

The information stored and gathered during the Chain of Custody is essential for the verification and authentication of the digital information while presenting them to the courtroom. Since, the digital evidences are easy to manipulated, significant measures needs to be taken for preventing the data from being compromised. Arora, Bhatt, and Pant, (2012, p-52) cited that for preventing data manipulation, it is essential to identify the cause of the data manipulation in protecting the Chain of Custody.

Many times, the investigators examine the digital information on the file collected from the crime scenes. The changes made in the original files permanently change the digital evidences and cannot be recovered back (Goel, Tyagi, & Agarwal, 2012, p-340).  Collecting the digital files on an unsecure device has severe risk of manipulation from external entity.

The digital data gets word out with time. The optical disks that are used for storing data are subjected to fungi and the electromagnetic disks get worn out with time. The lack of maintenance of the IT infrastructure and system result in the loss of the digital data and evidences (Saxena, Shrivastava, & Sharma, 2012, p-68). Most of the cases, the digital data and the digital evidences are subjected to manipulation from the internal procedure of the organization. The lack of ethical considerations and procedure followed in the CoC results in the flaws in the digital evidences. Therefore, the officials in charge of the CoC authority often lead to the errors in the Chain of Custody (Hasan, Mahmood, & Raghav, 2012, p-402). The lack of following the procedure for marinating the log list every time any officials changes of access the digital evidences creates wrong timeline in analyzing the evidences in the Chain of Custody. 

Moreover, the digital evidences are stored in the CD’s hard drives, pen drives and database. The failure in the storage devices has can cause to the loss of the crucial data and information collected from the investigation site. Moreover, with the advancement of the technology, the hackers have also found various innovative ways to hack in to the account and manipulate the data (Marangos, Rizomiliotis, & Mitrou, 2012, p-777). The hackers found various ways of breaking the security measures and entering the database where the digital data are stored. The insecure computers, laptops used for the storage and analysis of the digital information can be easily manipulated. The hackers hack in to the information system, and changes the log details and audit in the Chain of Custody (Ariffin, Choo, & Slay, 2013, p-41). Moreover, the lack of security in the IT infrastructure in organization usually leads to the loss and manipulation of the digital data collected from the crime sites.

In case of Chain of Custody, the digital evidences are gathered, analysis and investigation, the evidences are stored in electronics devices. For maintain and preserving the Chain of Custody, the investigator needs to protect the digital evidence from the time of collection to the time of presentation in the courtroom for judgment (Homem, Dosis, & Popov, 2013, p-160). For ensuring the Chain of Custody, and to provide evidence that the digital evidences are kept intact, and unaltered, the investigator needs to guarantee that the evidences presented n the courtroom are same as the evidence recovered from the site of crime. Furthermore, the investigator needs to provide the exact date and time of the transfer of the digital evidences needs to be submitted (McMillan, Glisson, & Bromby, 2013, p-4901). In addition to that, the investigators will ensure that the digital evidences have not been tampered with while in the custody.

Maintaining the Chain of Custody for the digital evidences is more crucial than the physical evidences. Rajamaki, and Knuuttila, (2013, p-199) stated that the hackers are present everywhere for altering the digital evidence. The investigators and analyst needs to protect the evidence from login spoofing in the real time. Tampering with the initial phase of the evidence during investigation is only the beginning of the tampering. Therefore, digital evidences need to be protected from the time of collection from the crime site. Therefore, all the digital evidences needs to be collected using safe and secure devices and required to be stored in the hack proof devices and network (Yadav, Mishra, & Prakash, 2013, p-168). Since all the networks are ultimately connected to the Internet, securing the Chain of Custody has become more difficult with days.  Therefore, the investigator needs to follow and maintain various processes for securing the collected evidences and data.

The data collection procedure in forensic evidence is gathered through manual procedure and some through the electronic devices (Ajijola, Zavarsky, & Ruhl, 2014, p-71). The investigators need to audit files and used centralized logging techniques for storing the digital files. In case f both the manual and digital data collection, centralized login will provide static data that are kept out of reach of the hackers.

In many cases, the hackers used compromised login times and plants information misleading the investigation procedure. The manipulation of the log list will result in the violation and hampering of the chain of custody in maintaining the digital evidence. Therefore, the investigator needs to create a digital chain of custody for maintain the log list (Reichert, Richards, & Yoshigoe, 2014, p-726). This can be achieved with securing at least one computer used for storing the evidences.  Furthermore, the investigator needs to use safe and secure laptop and devices for extracting the digital evidences from the crime site. Therefore, for collecting the evidences in the unsecured environment, secure electronic devices needs to be used.

It is difficult to re-establish security if the digital data are being modified or tampered with within the organization. For preventing these issues, the investigator needs to secure and address the vulnerabilities present with the forensic organization. Therefore, the organization needs to analyze the security vulnerabilities before investigating the digital evidences. Therefore, the most essential procedure of securing the digital data is to secure the IT infrastructure where the digital data are being stored and analyzed (Valjarevic, Venter, & Ingles, 2014, p-7). For protecting the Chain of Custody the digital evidences needs to be protected from the hackers, manipulation and alteration. Apart from that, a log is maintained every time the evidence is transferred or taken out from the organization. Therefore, the digital logs keep a record of the persons and time whenever the digital evidences are transferred and are given access to any persons. Furthermore, the digital evidence is deposited by handing over the devices to the owner.  

Integrity of the digital evidence refers to the consistency and accuracy of the digital evidence collected for analysis form the crime scene. The data integrity in the forensic investigation procedure plays a significant role in the processing and analysis if the digital evidence. With the application of the Chain of Custody, the digital forensic investigators required to know the person, time and process of handling the digital information during an investigation process. If the Chain of Custody is compromised or altered the timeline of the evidence processing goes missing that affects the result of the investigation. The digital data are usually stored in hard drives, in the secure computers. The investigators must ensure that the digital evidences remains bit to bit as it was during the collection of the data evidences at the crime site (Bulbul, Yavuzcan, & Ozel, 2013, p-251). Therefore, the forensic data analyst ensures that digital evidences when presented at the court remains same after bypassing all the examination and procedures, after handing by all the staffs during the evidence processing.

The disadvantage of evaluating and working with the digital evidences is that they can be easily accessed and modified without noticing. The integrity of the digital evidence needs to be maintained for protecting the data confidentiality and security of the data (Reichert, Richards, & Yoshigoe, 2014, p-728). The methods and procedure for maintaining the integrity of the digital information is costly and requires much modification in the system for CoC. The investigation process deals with the both the systematic tools and techniques and systematic collection of the digital data.

The significant objective of the forensic investigation process is to create a focal point among the investigation area such that the investigators could identify the relevant information that are directly or indirectly connected the crime with the evidences acquired. All the forensic evidences rely upon the proper investigation and analysis of the collected digital data (McMillan, Glisson, & Bromby, 2013, p-4902). All the collected information required to be checked for cyclic redundancy error and hash code validation so that it cannot be changed or altered by an eternal entity during transmission. Another approach for better transportation of the digital evidences form one place to another in the process of CoC needs to be encrypted with the cryptographic processes (Ariffin, Choo, & Slay, 2013, p-45). The digital evidences stored in the database, digital signature needs to be employed for maintaining the integrity of the information in the system. 

The digital data and evidences have the potential for changing the result of the investigation. The judgment of any case mostly depends on the validity of the evidences presented to support any theory in the courtroom. The presence of digital evidences like video recording, or CCTV footage of the occurrence of the crime has the potential for changing the verdict of the judgment. If the digital evidence is tampered with during the storage, analyzing or presentation of the digital evidence on court, it can change the judgment of the investigation (McMillan, Glisson, & Bromby, 2013, p-4907). Therefore, the integrity of the digital evidence means preserving the authenticity and proof of the document and evidence provided in the courtroom. The integrity of the data means, during the investigation, the data is been preserves as it during the collection of the information from the investigation site. Therefore, the integrity of the digital information provides authentication and reliability of the evidences provided in the courtroom and ensures that the evidences presented are in true form and authentic as gathered.

There are several types of issues are related to the digital investigation process which can create a catastrophic impact over COC (Chain of Custody). The different types of circumstances which can affect the entire operation during the process of COC are also described in the context of this analysis. The digital forensic process of COC based investigation is diming with the vulnerability from the both side of investigation process where one side is infected by the victim’s another threat is come from the investigator’s side. Maybe this instinct is not the only thing which can harm a COC process. The contradiction between the investigator and the victim is happened in many ways some of them are like as follows -

The trust factor among the evidence supplier and the investigator, if the evidence supplier or the victim's loss their faith over the investigator then they might eliminate all evidence which may relate some confidential about himself or herself (Abalenkovs et al., 2012). The victims may accidently erase all the information about the confidential data. This situation is also caused by the investigator by using of improper guidelines during the evidence storage process. Apart from this issue of fault measurement, the information leakage issue is a bigger strike of evidence hampering the process (Reichert, Richards, & Yoshigoe, 2014, p-729). The leakage of information can be drawn from an internal factor of whistle blowing or an external entity. The problems do not only lie between the information leakage it will more hamper the entire process if they are broadcast over digital media.

The technical factors are more severe than the threat which comes from the operational approach of COC base evidence collection. Technical obstacles are broadly classified into two categories which can be noted as user-defined complexity and other one is system defined complexity. The user-defined complexity can give more hurdles towards the investigator because of its non-structured format of information protection (Ariffin, Choo, & Slay, 2013, p-44). The Suspect or victims may be loaded with the highly classified security measurement where the security provider does not exist in real world or identity of security provider is highly classified. In that case the chances of getting information from the digital source are become very low. Whereas the systematic complexity is less tough than the user-defined complexity but the chance of information extraction is also low and it varied from the different deviation of technology integration over the computing devices (Hasan, Mahmood, & Raghav, 2012, p-401). The process of systematic complexity is also divided into third party security module and default system module. In the history of forensic analysis it is been observed that the default security mechanism is easy to analyses because it have low level consent of privacy mechanism. But when it comes to third party security module integration then it is difficult to analyze (Abalenkovs et al., 2012, p-2271). Third party applications are used to provide the better security solution. So it is inconceivable to break the security measurement for a better forensic analysis.

The other issue which can restrain the limit of COC based digital forensic application is belongs to the ethical responsibility. The ethical responsibility issue can also create problems due the different types of privacy act, legal settlement and data collection procedure (McMillan, Glisson, & Bromby, 2013, p-4908). The ethical responsibility is standing to moralized the human concerns of privacy which also reduce the performance of digital investigation and its standard. 

Conclusion

The development of technology has tremendous effect on our society. Its drive our human race into the new phase of evolution. But the problem comes when the complexity arises. The digital forensic investigation by using of COC creates a new horizon towards the investigation of different type crime scene. The process of COC based investigation is spread out over the different layer of data storage unit, computing unit, mobile device etc. and there are several law and regulations are passed to establish the investigation framework.  The collection of the digital evidences and presenting them in after verification of the authenticity and reliability of the evidences has the significant potential to change the verdict of the judgment.  With the advancement of technology, the world is supporting more digital evidences in a legal investigation. For providing the digital evidences for investigation and supporting the fact, the digital evidences required to be authenticated on the reliability. One of the best practices followed for the collection, storage and analysis of the digital evidence is Chain of Custody. In change of custody, a series are standardized procedure is followed for the authentication and maintenance of the integrity of the data.

The use of the Chain of Custody provides in providing evidential support and proves to the digital data provided as evidences for an investigation. The use of the computer forensic allows gathering, safeguarding and maintenance of the digital information gathered from the investigation sites. Although, the Chain of Custody follows an series of log in and metadata about who, when and where accessed the data, it can be easily be tampered and altered, therefore altering the CoC and timeline of investigation. Most of the cases, the alteration of the CoC has been found as the result of the lack of security in the devices and IT infrastructure of the organization that deals with the storage and analysis of the digital information. Therefore for maintaining the authenticity reliability and integrity of the data and digital information in forensic investigation, the forensic investigators and analyst required to introduces security measures like digital signature, cryptography and secure IT architecture so that the digital evidences cannot be easily modified and tampered. 

References

Abalenkovs, D., Bondarenko, P., Pathapati, V. K., Nordbø, A., Piatkivskyi, D., Rekdal, J. E., & Ruthven, P. B. (2012). Mobile forensics: Comparison of extraction and analyzing methods of ios and android (pp. 1422-2377), (Doctoral dissertation, Master Thesis, GjAyvik University College).

Ajijola, A., Zavarsky, P., & Ruhl, R. (2014, December). A review and comparative evaluation of forensics guidelines of NIST SP 800-101 Rev. 1: 2014 and ISO/IEC 27037: 2012. In Internet Security (WorldCIS), 2014 World Congress on (pp. 66-73). IEEE.

Ariffin, A., Choo, K. K. R., & Slay, J. (2013, January). Digital camcorder forensics. In Proceedings of the Eleventh Australasian Information Security Conference-Volume 138 (pp. 39-47). Australian Computer Society, Inc..

Ariffin, A., DOorazio, C., Choo, K. K. R., & Slay, J. (2013, September). iOS Forensics: How can we recover deleted image files with timestamp in a forensically sound manner?. In Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (pp. 375-382). IEEE.

Arora, A. S., Bhatt, S. C., & Pant, A. (2012). Forensics computing-technology to combat cybercrime. International journal of advanced research in Computer Science and software Engineering, 2(7), 42-64.

Bulbul, H. I., Yavuzcan, H. G., & Ozel, M. (2013). Digital forensics: an analytical crime scene procedure model (ACSPM). Forensic science international, 233(1), 244-256.

Damshenas, M., Dehghantanha, A., Mahmoud, R., & bin Shamsuddin, S. (2012, June). Forensics investigation challenges in cloud computing environments. In Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on (pp. 190-194). IEEE.

De Marco, L., Ferrucci, F., & Kechadi, T. (2014). Reference Architecture for a Cloud Forensic Readiness System, 256-646.

Dezfoli, F. N., Dehghantanha, A., Mahmoud, R., Sani, N. F. B. M., & Daryabar, F. (2013). Digital forensic trends and future. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), 48-76.

Elyas, M., Maynard, S. B., Ahmad, A., & Lonie, A. (2014). Towards a systemic framework for digital forensic readiness. Journal of Computer Information Systems, 54(3), 97-105.

Goel, A., Tyagi, A., & Agarwal, A. (2012). Smartphone forensic investigation process model. International Journal of Computer Science & Security (IJCSS), 6(5), 322-341.

Hasan, R., Mahmood, S., & Raghav, A. (2012, September). Overview on Computer Forensics tools. In Control (CONTROL), 2012 UKACC International Conference on (pp. 400-403). IEEE.

Hitchcock, B., Le-Khac, N. A., & Scanlon, M. (2016). Tiered forensic methodology model for Digital Field Triage by non-digital evidence specialists. Digital Investigation, 16, S75-S85.

Homem, I., Dosis, S., & Popov, O. (2013, December). LEIA: The Live Evidence Information Aggregator: Towards efficient cyber-law enforcement. In Internet Security (WorldCIS), 2013 World Congress on (pp. 156-161). IEEE.

Ibrahim, N. M., Al-Nemrat, A., Jahankhani, H., & Bashroush, R. (2012). Sufficiency of windows event log as evidence in digital forensics. In Global Security, Safety and Sustainability & e-Democracy (pp. 253-262). Springer Berlin Heidelberg.

Lalla, H., Flowerday, S., Sanyamahwe, T., & Tarwireyi, P. (2012, January). A log file digital forensic model. In IFIP International Conference on Digital Forensics (pp. 247-259). Springer Berlin Heidelberg.

Marangos, N., Rizomiliotis, P., & Mitrou, L. (2012, December). Digital forensics in the cloud computing era. In 2012 IEEE Globecom Workshops (pp. 775-780). IEEE.

McMillan, J. E. R., Glisson, W. B., & Bromby, M. (2013, January). Investigating the increase in mobile phone evidence in criminal activities. InSystem Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 4900-4909). IEEE.

Mishra, A. K., Matta, P., Pilli, E. S., & Joshi, R. C. (2012, December). Cloud forensics: State-of-the-art and research challenges. In Cloud and Services Computing (ISCOS), 2012 International Symposium on (pp. 164-170). IEEE.

Nasreldin, M. M., El-Hennawy, M., Aslan, H. K., & El-Hennawy, A. (2015). Digital Forensics Evidence Acquisition and Chain of Custody in Cloud Computing. International Journal of Computer Science Issues (IJCSI), 12(1), 153.

Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and investigations. Cengage Learning, 120-286.

Pichan, A., Lazarescu, M., & Soh, S. T. (2015). Cloud forensics: technical challenges, solutions and comparative analysis. Digital Investigation, 13, 38-57.

Prayudi, Y., Ashari, A., & Priyambodo, T. K. (2014). Digital Evidence Cabinets: A Proposed Framework for Handling Digital Chain of Custody.International Journal of Computer Applications, 107(9), 56-72.

Rajamaki, J., & Knuuttila, J. (2013, August). Law Enforcement Authorities' Legal Digital Evidence Gathering: Legal, Integrity and Chain-of-Custody Requirement. In Intelligence and Security Informatics Conference (EISIC), 2013 European (pp. 198-203). IEEE.

Rani, D.R., Sultana, S.N. & Sravani, P.L. (2016). Challenges of Digital Forensics in Cloud Computing Environment. Indian Journal of Science and Technology, 9(17), 90-100.

Reichert, Z., Richards, K., & Yoshigoe, K. (2014, October). Automated forensic data acquisition in the cloud. In 2014 IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems (pp. 725-730). IEEE.

Saxena, A., Shrivastava, G., & Sharma, K. (2012). Forensic investigation in cloud computing environment. The International Journal of forensic computer science, 2, 64-74.

Shridhar, G. A., Chandrakant, P. R., & Baburao, J. (2014). Network/Cyber forensics. International Journal of Computer Science and Management Research (pp. 24-74). https://www. ijcsmr. org/eetecme2013/paper9. pdf 18th November.

Shrivastava, A. K., Payal, N., Rastogi, A., & Tiwari, A. (2013, September). Digital Forensic Investigation Development Model. In Computational Intelligence and Communication Networks (CICN), 2013 5th International Conference on (pp. 532-535). IEEE.

Siegel, J. A., & Mirakovits, K. (2015). Forensic science: the basics. (pp. 50-60). CRC Press.

Simou, S., Kalloniatis, C., Kavakli, E., & Gritzalis, S. (2014, June). Cloud forensics solutions: a review. In International Conference on Advanced Information Systems Engineering (pp. 299-309). Springer International Publishing.

Stirland, J., Jones, K., Janicke, H., & Wu, T. (2014). Developing cyber forensics for SCADA industrial control systems. In The International Conference on Information Security and Cyber Forensics (InfoSec2014) (pp. 98-111). The Society of Digital Information and Wireless Communication.

Taylor, R.W., Fritsch, E.J. & Liederbach, J. (2014). Digital crime and digital terrorism. (pp. 245-268), Prentice Hall Press.

Valjarevic, A., Venter, H. S., & Ingles, M. (2014, August). Towards a prototype for guidance and implementation of a standardized digital forensic investigation process. In 2014 Information Security for South Africa (pp. 1-8). IEEE.

Wu, T., Disso, J. F. P., Jones, K., & Campos, A. (2013, September). Towards a SCADA forensics architecture. In Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013(pp. 12-21). BCS.

Yadav, D., Mishra, M., & Prakash, S. (2013, September). Mobile Forensics Challenges and Admissibility of Electronic Evidences in India. InComputational Intelligence and Communication Networks (CICN), 2013 5th International Conference on (pp. 237-242). IEEE.