Software Engineering Principles in Ensuring the Forensic Integrity of Digital Forensics - Research Paper Example

Use of Software Engineering Principles in Ensuring the Forensic Integrity of Digital Forensics Software engineers have a task of ensuring that software is secure. In order to develop secure software that ensures the forensic integrity of digital forensics, it is essential for developers to incorporate systematic approaches that support security methodologies. These methodologies are dependent on a situation. Software engineers should identify a methodology that suites the project. Software engineering works through the incorporation of distinct phases and activities, which focus on the improvement of planning and management of a development project. Methodologies and principles used in software engineering include deliverables and artifacts that are created and completed during the process of developing an application. Common methods used in software engineering are waterfall, prototyping, incremental and iterative development, spiral development and rapid application development. In the context of digital forensics, software is used to create and certify an image of a suspect. Software aids collection, examination, analysis and storage of digital evidence. This process requires the use of software and hardware that can preserve the integrity of the criminal justice system. Disk images created by software contain mechanisms that support internal verification in order to prove the accuracy of information and data. This expletory study will study existing approaches used in software engineering. The study will focus on best practices and publications. Outcomes of the study will be recommendations and suggestions of the best approaches for the development of software for digital forensic without compromising the system’s forensic integrity. Forensic integrity will refer to the non-ambiguity and consistency of data and information. Use of Software Engineering Principles in Ensuring the Forensic Integrity of Digital Forensics Technological developments have led to the easy acquisition or creation of information using computers and software. Information and communication developments have increasingly de-materialized information and supporting documents (Kara, 2012). As a result, information and data are generated and stored in digital format. This trend contrasts the attitudes that have seen paper documents continue to play crucial roles in the criminal justice system. Changes because of the adoption of information technology require criminal justice departments to transfer their documents from paper format to digital format. This creates instances were computer systems are targeted because they are huge repositories of evidence pertaining to different crimes. Software Engineering Principles Software engineering principles can ensure the forensic integrity of digital forensics. Principles in this case are the separation of concerns, modularity, and abstraction, anticipation of change, generality, incremental development and consistency. The principle of separation of concerns states that during software engineering, the behavior of data and information is dependent on two factors, support for data integrity and basic functionality (Yates & Chi, 2011). Separation of concerns is important because it supports software engineers to recognize complex values during the optimization of the quality of software. As a result, software engineers can separate different values by handling different values at different times during the software development process. It can also be achieved by structuring the software development design in order to assign the responsibility of achieving different values to different components. For instance, a software developer may encounter a value that frequently conflicts with other values. This may disrupt the run-time efficiency of the software and compromise the system’s forensic integrity (Gervais, Gomez & Weiss, 2004). In this case, the developer can deal with this issue as a separate concern. Later, the developer can design the software in order to meet other criteria. The software’s run-time is subject to analysis and checking in order to establish whether the time is spent effectively (Chahar, Chauhan & Das, 2012). In addition, the portions of codes that use the greatest portions of the run-time can be changed or modified in order to improve the software’s runtime. The principle of modularity specializes on the principle of separation of concerns. Modularity states that the software development process should be separated into components according to the component’s responsibilities and functionalities to the software. This means that the principle favors a responsibility driven software engineering. The principle of abstraction is similar to modularity because it also specializes on the separation of concerns. Abstraction approaches software engineering through the separation of the behaviors of the components of the software (Hofmeister & Kruchetn, 2007). Abstraction emphasizes on the importance of viewing software and its components based on the functions of the software and its functionality. The principle of anticipation of change views software as an automated solution to problems. These problems arise within the context of the familiarity of the user with the software. The context also defines the data and information that the user needs to input in the software, and the relationship between the software and the data. In some of the cases, software may be unable to solve a complex problem. In these instances, the user of the software will need a timely solution. In order to develop a timely solution, software engineers must identify the requirements of the software and the application of the software to the problem (Khan, 2010). Anticipation of change recognizes that complexities may arise during the development of a software or application of the software to a problem. The principle recommends the identification of preliminary requirements and the possibilities of making changes to the requirements while maintaining the integrity of the system. The principle of generality outlines the importance of designing software that is free from unnatural limitations and restrictions. The principle of incremental development provides insights to the incremental process of software development. This principle approaches software development as an incremental process that builds software from small units. This principle simplifies verification of the software and its functionality. This means that software that has been developed using the incremental process can be easily verified by targeting the added portions (Buschmann & Meunier, 2006). In case of errors, the developer can isolate the added portions and correct them. Incremental software development also helps in the handling of changes to the software. The principle of consistency recognizes that it is easier for software developers to code for software in a familiar context. This helps during the reading of the code and enables programmers to automate parts required for the entry of the code. Software Engineering Methodologies Software development methodologies refer to frameworks used to plan, structure and control the processes of software development. Over the last 50 years, these methodologies have evolved. Software development methodologies are identified by their weaknesses and strengths. Methodologies that have numerous strengths are not necessarily suited for all projects (Mishra & Dubey, 2013). Each methodology is only suited for a specific project, based on the project’s organization, technical abilities and team considerations. Software engineering methodologies outlined in this study were considered because of their application in digital forensics. The first software development methodology is the waterfall method, which follows a linear framework. This method begins with the initial investigation, definition of requirements and system design. These are followed by coding and testing, implementation and operational support. The waterfall software development method divides the software engineering project into different phases. Some of the phases may splash back or overlap. The method emphasizes on time schedules, planning, budget and implementation of the entire system (Mishra & Dubey, 2013). Waterfall ensures tight controls during the lifecycle of the project. The waterfall method has a number of strengths. One of the strengths is the method’s support for less experienced software development team, project teams and project managers. The method also uses an orderly sequence and strict controls in order to ensure the adequacy of design reviews and documentation. Additionally, this helps in ensuring the reliability, quality and maintainability of the final software. Waterfall also measures the progress of the software development and helps in the conservation of resources. The method also has a number of weaknesses. It is slow, costly and inflexible because of the significant tight controls and structures. In addition, the method only pushes the project forward without considerations for evaluating previous steps in the development process. Waterfall also has minimum room for using iteration. In addition, software problems are only discovered during the testing stage of the software (Center for Medicare and Medicaid Services, 2008). The performance of the system is tested only when the system has been fully coded. The second software development methodology is the prototyping method that also uses an iterative framework. Prototyping is not a standalone development method, but a complete development approach that handles selected portions of a larger development method such as rapid application development, incremental and spiral methodologies. This method attempts to reduce project risks by dividing projects into small segments (Mishra & Dubey, 2013). It also provides opportunities for changing software components during the development process. Users of the software are involved throughout the development stages. The strength of this approach is its ability to address the inabilities of users to define their information needs. In addition to this strength, the method is used in realistically modeling essential aspects of a system. It also improves user participation during the development stages. The weakness of the method is that it does not have sufficient balances and checks for software engineering (Center for Medicare and Medicaid Services, 2008). In addition, iterations add to the budget and schedules of the project. These added costs affect the potential benefits of the method. The method may lead to false conclusions and expectations. For instance a client may believe that the project has been completed when it is not, or the system may look good because it has user interfaces, but not truly functional. The third software development method is the incremental method that uses a combination of iterative and linear frameworks. The basic principle in this method is the combination of iterative and linear system development methods. This combination ensures the reduction of inherent project risks. It also ensures that the project is broken down to segments that can be easily changed during the software engineering process. The strength of this method is that it has the potential to exploit knowledge that has been gained during the initial stages. This knowledge can be used for later development stages (Center for Medicare and Medicaid Services, 2008). In addition, the method ensures moderate control over the lifecycle of the project. The weakness of the method is that it pushes problems to the future in order to demonstrate the success of the software to the management. The method also fails to consider technical requirements and business problems. The spiral software methodology also combines iterative and linear frameworks. Spiral approach focus on risk assessment and the reduction of project risks. Software development projects are broken into segments in order to evaluate risks and evaluate project continuation. Each of the project segments progresses through similar sequences. The strength of this method is that it enhances risk avoidance and selects the most appropriate method for the development of software iteration (Mishra & Dubey, 2013). The method can also incorporate other methods such as prototyping, waterfall and incremental methodologies (Center for Medicare and Medicaid Services, 2008). The weakness of the method is that it is difficult to determine the composition of the development method. The method is also highly customized, which means that it is complex and limits reusability. Successful completion of the project requires input from an experienced and skilled project manager. Rapid application methodology is a software development method that uses the iterative framework. The main objective of this method is to develop and deliver high quality software at low cost. RAD attempts to minimize inherent risks by approaching project management using small segments of the project. RAD is able to provide high quality software because it uses iterative prototyping, computerized development tools and active user involvement (Mishra & Dubey, 2013). The main objective of this approach is to fulfill the business needs of a client. Project controls are focused on the prioritization of the development process and definition of delivery deadlines. The main strength of this method is that the operational version of the software is made available earlier than when using other development methods (Center for Medicare and Medicaid Services, 2008). It produces software and systems at a low cost and considers the input of stakeholders during the development process. It also concentrates on vital elements of the system based on the user’s viewpoint. The main weakness of this method is that the system or software is at risk of misalignment to the needs of clients. Related Work A number of studies on how software engineering principles can be used to ensure the forensic integrity of digital forensics have been completed. Sean Peisert, Matt Bishop, Laura Corriss and Steven Greenwald (2009) conducted a study on new paradigms for the analysis of security paradigms. According to these researchers, a single security paradigm does not guarantee maximum security to software (Peisert, Bishop, Corriss & Greenwald, 2010). Therefore, software engineers and digital forensics should incorporate more than one security feature in the software in order to reduce security risks. Security paradigms used by the criminal justice system may have self-imposed constraints. These paradigms may change or expand because of technological innovations, emergence of new experiences and generation of new data. In their study, Peisert et al (2009) presented a computer security problem that was caused by the use of different incompatible paradigms. These instance provided opportunities for compromising forensic integrity in a digital system. Peisert et al (2009) based their study on the numerous instances in which the integrity of an internet or information technology system was compromised. There are cases where these systems have been manipulated by a computer virus or bug. These instances show that computer based systems are not entirely secure. However, careful software engineering can help in the reduction of attacks. Peisert et al (2009) used a panel of diverse experts in their analysis of security paradigms. These panelists had different views and opinions on security systems used in an IT system. They evaluated a scenario based on problems experienced during an electronic voting. Information obtained from this evaluation showed that in order to maintain the forensic integrity of digital forensics, it is essential to recognize that other security paradigms exist, and they have a utility. In another study, Manual Delgado, Manuela Aparicio and Carlos Costa (2012) studied the nature of open source and their usefulness in digital forensic. This study focused on basic digital forensics within the context of crime. According to these researchers, computers and information technology systems are important tools for the collection of evidence that can be presented in court (Delgado, Aparicio & Costa, 2012). Most criminal cases can use these systems to prove that criminal activities took place. However, prosecutors face challenges using information technology data and information to prove criminal activities pertaining to financial and economic crimes. In these cases, judges prefer to use verifiable data. These researchers based their study on their experiences while interacting with digital forensics during economic crime investigations. The researchers found that the criminal justice system favors the use of physical evidence, confessions and eyewitness accounts. Changing nature of economic crime and technological advancements has led to a change in nature of evidence used in economic crimes. Currently, most of the evidence is in digital or electronic format (Delgado, Aparicio & Costa, 2012). As a result, courts and prosecutors are required to legally possess the information technology systems used by perpetrators in order to extract information that can be used in the court process. In order to protect information stored in the computer disks, it is essential to develop methodologies and establish rules aimed at identifying parties responsible for the manipulation of data. Anton Uzunov, Katrina Falkner and Eduardo Fernandez (2014) supported this idea in their study of pattern-oriented approaches to engineering security methods. According to this study, software engineers need to develop software that is secure (Uzunov, Falkner & Fernandez, 2014). Technically, it is not feasible to use isolated security strategies to ensure secure communication, or secure parts and aspects of an IT system. According to Golden Richard and Vassil Roussev (2006), digital forensics faces a number of challenges. This may affect forensic integrity. These challenges emerge because of large turnaround of forensics target. As these targets become large, it will become increasingly important to transfer data reduction facilities in order to avoid overwhelming investigators with redundant data and avoid lengthy evidence duplication (Richard & Roussev, 2006). In the future, it will be impractical for digital forensics to capture complete bit-by-bit targets. Careful extraction of relevant evidence is very important because it reduces legal risks and instances of compromising forensic integrity. Richard et al (2006) also stated that one of the most pressing issues during the evidence acquisition stage is the issue of tools that can be used to facilitate live acquisition of information and data. This means that digital forensic investigators need software that will support them to acquire live data (Garcia & Moral-Rubio, 2014). Digital forensics is faced with the challenge of whether to seize computers from suspects for investigation. In some of the cases the seized computers may not be disturbed, which means that stored evidence in the computer’s drives will not be disturbed (Richard & Roussev, 2006). However, in most of the cases, the seizure of these computers may lead to the destruction of significant amounts of data and volatile evidence. In such a case, investigators may be faced with the complete loss of evidence or inaccessibility of evidence in the computer. Loss of RAM content may make stored evidence inaccessible in case the computer uses encryption software. Body of Paper Problem The research problem is to identify the most suitable software engineering methodology that can ensure the forensic integrity of digital forensics. The question that this research will seek to answer is, “what is the software engineering methodology’s ability to evaluate and design a software system and support forensic examination?” In order to solve this problem, the study will research and critique software engineering methods such as waterfall, prototyping, iterative and incremental development and spiral development. This will be followed by the identification of the best software engineering methodology and principle that can ensure the forensic integrity of digital forensics. Methodology This study is expletory and it will study existing software engineering methodologies and principles from best practices and published literature. All the publications used in this study are peer reviewed and published. Information from these publications is collected within a period of 3 weeks. Data analysis will begin after all the publications have been reviewed. The methods used to collect information and data will vary depending on the nature of the publication. For instance, some of the publications may use qualitative study designs while others use quantitative study designs. In these cases, secondary analysis of qualitative and quantitative data will be used. Quantitative deductive methods will be used because they are useful in measuring central phenomenon and patterns of software engineering methodologies. Qualitative inductive methods will also be used during the review of publications and best practices in order to understand the software engineering processes, methodologies and principles. A combination of these methods will be used in order to obtain information on the functionalities of these software development methodologies. Results Investigators acquire and process digital evidence in a legal system. This field uses digital forensic tools that are mainly based on information technology. Computer forensics examiners assess digital evidence by focusing on the case, available data and information. The acquisition of digital evidence is a fragile process because evidence can be damaged, altered or destroyed in case of improper examination and handling. In order to preserve the integrity of information and data, it is essential for forensic experts and examiners to handle data using copies of the original evidence (Ashcroft, Daniels & Hart, 2004). Forensic examiners should acquire the original evidence using methods that preserves and protects the integrity of the evidence. After the evidence has been collected, forensic examiners extract and analyze the evidence. During the examination process, examiners use software to recover information from its media and analyze data by putting it into digital, logical and useful format. These interactions of examiners, software and evidence provide opportunities for compromising the forensic integrity of digital forensics. Software, which acts as mediums for collecting, analyzing, examining and storing information derived from collected evidence, should be developed in ways in which they ensure the forensic integrity of digital forensics. During the software development process, software engineers use software development lifecycle to develop software in a systematic manner. This increases the probability of completing a software development project within the required timeframe (Hug, Front & Rieu, 2009). It also enables developers to deliver high quality software. Software development lifecycle provides activities performed by system developers and designers. All software development processes follow logical stages, which enable software developers to organize their work. Each of these stages has implications on the forensic integrity of digital forensics. A single security system does not guarantee the forensic integrity of a digital forensic. Consequently, software developers need to use different security measures to protect their software. Multiple security measures should be designed in a way that the measures do not conflict (Mellado & Piattini, 2007). In order to address the issue of software integrity and forensic integrity, software developers need to utilize systematic approaches that develop security methodologies that combine different aspects and features. This will lead to the creation of fit-to-purpose software that suits the needs of a project or organization (Huang & Zhang, 2003). This means that there is a need to systematically engineer security methodologies. Security methodology is a systematic approach of using software with discipline. This ensures that the integrity of the software is maintained. Digital forensics is based on dynamic environments. In such environments, it is vital for a software engineering process to use multiple-agent systems in order to ensure forensic integrity (Xiao & XueYan, 2008). Multi-agent systems offer software engineers appropriate routes for the development of complex computational systems in a dynamic and open environment. This study found that there are different principles and methodologies that are used during the software development and engineering processes. These methodologies and principles have different impacts on the forensic integrity of digital forensics. Digital forensics is used to investigate computer-based crimes. This approach of investigation relies on the use of computers and software during the collection of evidence. Software used in these evidence collection processes is delicate. As a result, software engineers need to understand essential evidential standards of electronic forensic data. Software used in digital forensic should have the ability to deconstruct attacks and preserve evidence. They should also have the ability to prevent the manipulation of evidence, data and information in a computer system (Raspotnig & Opdahl, 2013). The most common software engineering methodologies are waterfall, prototyping, spiral development, and iterative and incremental software development methodologies. These methods have different levels of integrity. The waterfall method is considered as a top-down software development method because of its sequential approach to software engineering. In this case, the software development process flows through a number of steps. In the waterfall method, the first step is the initial investigation. This step is followed by the definition of requirements and design of the system. The software engineer then codes and tests the software and begins the implementation process. Software developers who use the waterfall methodology focus on controlling and planning the software development lifespan. This approach of software engineering is not suitable for the development of high quality software that maintain forensic integrity because it discourages revisiting or revising of the software development process. This method is applicable in different situations. It is applicable in case the project intends to develop a transaction-oriented or mainframe-based batch system. It is also suitable in cases where the project is complicated, large and expensive. Waterfall is also used in software engineering projects that have clear solutions and objectives, or projects that do not require immediate implementation. It is used in projects where project requirements are stated unambiguously, or projects that are stable throughout the system development (Mishra & Dubey, 2013). Software developers also use this method in cases where users are fully knowledgeable about the applications of the software. This method is not suitable in a number of situations. It is not suitable in situations that require large projects that are changing because of changing expectations, external influences, technological changes or budgetary changes. The method is also not used in the development of web information systems because of the pressure of implementing a project quickly. It is not suitable in this case because of the continual evolution of the requirements of the project. Waterfall cannot be used in event-driven systems, real-time systems and leading-edge applications. This study also found that the prototyping software development method is a bottom-up approach that focuses on activities carried out during the development process. This methodology creates software through the development of prototypes or incomplete versions of the target software. The method begins by performing initial investigations of the application of the software. This is followed by a cyclic stage where the developer defines the requirements of the software, performs system design, and codes and tests the software. This cyclic process is performed until the developer is confident that the software can perform its functions with minimum risks to users. Thereafter, the software developer implements the software and performs maintenance throughout the system’s lifecycle. Prototyping is used in software development projects for online systems that need user dialog and decision support system. This method is also applicable in development projects that are large and have many users, functions and interrelationships (Mishra & Dubey, 2013). In these situations, prototyping helps in the reduction of project risks relating to the definition of requirements. Prototyping is also used in situations where project objectives are not clear and there is the immediate need for the implementation of the software. It is also used in development situations characterized by changes in the functional requirements of the software, or users are not fully knowledgeable. In addition to prototyping and waterfall, software engineers can also use the iterative and incremental software development approach. This approach is linear and it uses different methods for the combination of iterative and linear system. The main objective of iterative and incremental software development is to minimize inherent risks in the project through the breakdown of the project into small segments. Small project segments help software engineers and developers to make appropriate changes to the software before problems, faults and errors become developmental disasters and challenges. Incremental software engineering methodology is useful in projects that are large and constantly changing because of external pressures, budget changes, changing expectations and technological changes (Mishra & Dubey, 2013). It is also applicable in leading-edge applications, event-driven system and web information systems. However, it is not applicable in small projects that have short lifespan or duration. Iterative and incremental software development is not used in systems that have low architectural and integration risks. The methodology is least appropriate in projects that are highly interactive and project data already exists. Spiral software development combines different methodologies during the software development process. This formal development approach may combine methods such as waterfall and prototyping in order to develop software that has minimum risks to users. As a result of this combination, the methodology harnesses the advantages of the top-down and bottom up concepts. It also focuses on critical areas of the software development process that have been neglected by other software development methodologies. For instance, the methodology focuses the engineer and final software product to risk analysis and management, which is suited for projects that are large and complex. Spiral software development methodology is appropriate to systems that are real time or systems that are safety critical (Mishra & Dubey, 2013). It is also appropriate in cases where risk avoidance is critical and high priority. Software engineers can use the spiral methodology in projects where project requirements need strong documentation control and approval. Most importantly, this method is used in projects that require high degrees of accuracy. Rapid application development is a method that favors iterative software development. This approach discourages software developers from planning the development process. The methodology is focused on the fast development and delivery of high quality software at low costs. RAD is used in projects that are small and the scope of development is focused. It is also used in software applications that are highly interactive and software that have defined user groups. RAD is also used in software where the functionality of the system is visible at the user’s interface or systems that have unknown requirements (Mishra & Dubey, 2013). These software engineering methodologies have been used to develop digital forensic tools such as EnCase and FTK Imager. EnCase is a digital forensic tool used during investigations by private companies and law enforcement agencies. This tool is used in the acquisition, analysis and reporting of evidence. EnCase creates image files during the acquisition of hard drives. In this case, investigators conduct a logical or physical acquisition. Physical acquisition images the entire drive and reveals data that is hidden or deleted. During logical acquisition, the image is viewed as a computer file system (Shah & Paradise, 2014). The functionality of EnCase shows that the software is developed using the Spiral software development methodology. Investigators using this software are highly critical of risk avoidance. Analysis of images and computer files is also dependent on the software’s high degree of accuracy, which is a characteristic of the spiral principle to software engineering. FTK Imager is forensic imaging software that also creates images from storage devices and hard drives. These images are created in different file formats, Raw, AFF, SMART and E01. The images can be analyzed as a single file, or split into segments for later construction (Shah & Paradise, 2014). The fact that the tool creates images in four different formats shows that it is subject to changes from external pressures. This is a characteristic of the incremental software engineering methodology. Summary and Future Work A single security measure does not guarantee the forensic integrity of digital forensic. In digital forensics, computer forensics examiners use software in different stages of collecting, analyzing, examining and storing digital evidence. It is essential that the software used in these stages ensure the forensic integrity of the processes. Software engineering principles can be used to ensure the forensic integrity of these processes. The most suitable principle is the spiral software development methodology. This method has the ability to combine different software development methodologies in order to harness their advantages. In addition, it can be used with security methodologies, which will increase the security of the software. Future works in this field will be focused on the use of software engineer principles in the presentation of digital evidence in a court of law. There are complex issues associated with the presentation of digital evidence and examination of the digital evidence in a legal system. Future works will focus on this field in order to ensure that software engineering principles are used in the development of software that is applicable in legal systems. References Ashcroft, J., Daniels, D., & Hart, S. (2004). Forensic Examination of Digital Evidence: A Guide for Law Enforcement. National Institute Of Justice. U.S Department of Justice. Buschmann, F., & Meunier, R. (2006). Pattern-Oriented Software Architecture. A System of Patterns. Vol. 1. Center for Medicare and Medicaid Services. (2008). Selecting A Development Approach. Office of Information Services. Department Of Health And Human Services-USA. Chahar, C., Chauhan, V. & Das, M. (2012). Code Analysis For Software And System Security Using Open Source Tools. Information Security Journal: A Global Perspective. Vol. 21. Delgado, M., Aparicio, M., & Costa, C. (2012). Using Open Source for Forensic Purpose. OSDOC. ACM 978-1-4503-1284-4. Garcia, A., & Moral-Rubio, S. (2014). Enterprise Security Pattern: A Model Driven Architecture Instance. Computer Stand Interfaces, 36. Gervais, M., Gomez, J., & Weiss, G. (2004). A Survey on Agent-Oriented Software Engineering Researches. Methodologies And Software Engineering For Agent Systems. Kluwer, New York. Hofmeister, C., & Kruchetn, P. (2007). A General Model Of Software Architecture Design Derived From Five Industrial Approaches. Journal of Systems and Software, 80. Huang, H., & Zhang, S. (2003). Hierarchical Process Patterns: Construct Software Processes in a Stepwise Way. Proceedings of the 2003 IEEE International Conference on Systems, Man and Cybernetics. IEEE. Hug, C., Front, A., & Rieu, D. (2009). A Method To Build Information Systems Engineering Process Meta-models. Journal of Systems and Software, 82. Kara, M. (2012). Review on Common Criteria as a Secure Software Development Model. International Journal of Computer Science and Information Technology, 4. Khan, R. (2010). Secure Software Development: A Prescriptive Framework. Computer Fraud and Security, 12 (20). Mellado, D., & Piattini. F. (2007). A Common Criteria Based Security Requirements Engineering Process For The Development Of Secure Information Systems. Computer Standards and Interfaces, 29. Mishra, A., & Dubey, D. (2013). A Comparative Study of Different Software Development Life Cycle Models in Different Scenarios. International Journal of Advance Research in Computer Science and Management Studies, 1, (5). Peisert, S., Bishop, M., Corriss, L., & Greenwald, S. (2010). A New Paradigm for Analyzing Security Paradigm. NSPW. ACM 978-1-60558-845-2/09/09. Raspotnig, C., & Opdahl, A. (2013). Comparing Risk Identification Techniques For Safety And Security Requirements. Journal of Systems and Software, 86. Richard, G., & Roussev, V. (2006). Next-Generation Digital Forensics. Communications of the ACM. Vol. 49, (2). Shah, M., & Paradise, D. (2014). Tool Comparison. The Senator Patrick Leahy Center For Digital Investigation. Champlain College. Uzunov, A., Falkner, K., & Fernandez, E. (2014). A Comprehensive Pattern-Oriented Approach to Engineering Security Methodologies. Information and Software Technology. INFSOF 5518. Xiao, X., & XueYan, Z. (2008). The Method Engineering Process For Multi-Agent System Development. E-Forensics. ICST 978-963-9799-19-6. Yates, M., & Chi, H. (2011). A Framework for Designing Benchmarks of Investigating Digital Forensics Tools for Mobile Devices. ACM Southeast Conference. ACM 978-1-4503-0686-7/11/03. Read More