Digital Forensic Process via Parallel Data Acquisition Technic:
Experimental Case Study
Sarjimina,1*, Anton Yudhanab2
a Department of Informatics, Ahmad Dahlan University, Yogyakarta, 55164, Indonesia
b Department Electrical Engineering, Ahmad Dahlan University, Yogyakarta, 55164, Indonesia
1 [email protected]; 2 [email protected];
* corresponding autho
I. Introduction
Private browsing is a feature no leaves traces and information about what the user has done during a browsing session [1]. Browsing in private mode has some benefits. This feature improves user privacy as users claim no history is stored on the computer's hard disk or SSD. Users using the same device will not be able to peek the browsing activity conducted by previous users because the cache/logs are not saved and deleted when the browser is closed [2].
In contrast to its benefits, the private mode affects the process of digital forensics. The private mode will make difficult for investigators to obtain and identify evidence of web browsing.
Identification of web browsing evidence is one of the most important parts in the scope of digital forensic investigation [3] because DF investigation is a process of determining and relate extracted information and digital evidence to establish factual information as evidence in court [4].
DF is an essential tool for solving crimes committed with computers [5]. DF has been used for incidents such as fraud, money laundering, accessing or distributing porn images, harassment, industrial spying, and identity theft. [6]. DF covers more than just laptops and desktop computers.
Mobile devices, networks, and "cloud" systems are closely related within the discipline of DF [7].
ARTICLE INFO A B S T R A C T
Article history:
Received 01 March 2022 Revised 6 May 2022 Accepted 13 June 2022
Digital Forensics (DF) is an essential tool for solving cases of crimes committed. Based on the type of action performed, DF is classified into static forensics and live forensics. The limitations of static forensics in this method are that data collection is carried out on permanent storage media, while processes in the running system are not obtained. On the other hand, live forensics provides an opportunity to perform data retrieval on the ongoing process. Generally, live forensics is used to acquire Volatile Memory (RAM) data but can be extended on mobile devices, internet/LAN networks, and cloud systems. Browsing in private mode leaves no traces and information about what the user has done during the browsing session. This feature is often used by criminals to hide the crimes committed or at least to slow down the forensic process. To overcome this problem, it is important to do forensics on RAM and Network Forensics to obtain evidence of these crimes. This study aims to conduct DF to obtain potential evidence in criminal cases of misuse of private browsing. The evidence is expected to be used as evidence in court. The parties involved in the crime can be prosecuted in court through such evidence. This research offers Digital Forensics Process Via Parallel Data Acquisition Technic. Parallel data acquisition is a method for retrieving data on a computer or other smart device when the computer or other smart device is on through two different data sources. The first source is RAM and the second is Network Traffic. A case study on a criminal case of misuse of private browsing with Digital Forensics Process Via Parallel Data Acquisition Technic was able to obtain evidence in the form of the website visited, URL, traffic timestamp performed, source address, destination address, transmission protocol, length (size of the packet transmitted), source last node mac address, destination last node mac address, source port, destination port, and detail information. The evidence is expected to be used to reconstruct a crime of misuse of private browsing.
Copyright © 2017 International Journal of Artificial Intelegence Research.
All rights reserved.
Keywords:
Property Right, Intellectual, Bank, Credit Guaranty
RAM analysis is very crucial in the forensic process. It opens an opportunity to disclose information that can not be found in permanent memory [8]. This information includes objects related to running and stopped processes, open files, network activity, memory mappings, and more. This lack of information can make specific investigative scenarios impossible, such as when performing incident responses or analyzing advanced malware that does not interact with non-volatile storage.
[9]. The results of the forensic process on volatile Random Access Memory (RAM) can be used as evidence in court. The forensic process can also be used to analyze vulnerabilities to improve system security [10].
Live forensic analysis of volatile memory (RAM) is very important for private browsing investigations because private browsing data cannot be found on the hard disk. In addition, live forensic RAM analysis is very important to find evidence on computer objects found at the location of the crime scene.
Network forensics is a subcategory of DF. Network forensics plays an important aspect in the incident response process in a network or post-incident analysis [11]. Packet analysis is the main backtracking technique in network forensics, provided that the captured packet details are sufficiently detailed. Packet analysis can replay even entire network traffic for a given point in time; it can be used to find traces of malicious online behaviour, data breaches, unauthorized website access, malware infections, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc.
sent over the network [12].
Not all network information can be used in court, identifying the types of digital evidence that was carried out so that it can be used for the reconstruction process of the crimes committed. Identifying types of evidence private web browsing is one of the most important parts of digital forensic investigations because digital forensic investigation is the process of determining and linking the extracted information with the suspect of a crime [12]. Information extracted from network packets can be used as evidence either directly or indirectly. For example, some of the information contained in a packet, including the source IP address, destination IP address, port number, timestamp, etc., along with the data transferred, can be used directly or indirectly as evidence. Indirect information deduced from some packages can be used as evidence. This evidence includes patterns, such as large flows of ICMP packets sent from one host to another [12].
The results of the package analysis can provide forensic evidence directly or indirectly, such as time of user login, duration of user session, website visited, list of download files, suspect name, suspect credential (if not encrypted) [12], as seen in Figure 1.
Figure 1 Type of data from packet analyze
Browsing in Private mode complicates the DF investigation process to obtain digital evidence. The DF technique used has several limitations. Static forensics has limitations, only able to carry out forensic processes on permanent storage, the logs obtain by static forensics are post-event logs of a case. Live forensics is generally used to acquire running data, namely system processes running in RAM. The limitation of live forensics through RAM is that the data in RAM will be deleted if the system is turned off. The scope of live forensics can be extended to LAN/internet networks, this expansion benefits in the form of logs of network activities carried out by users. Live forensics via network is a solution to the lack of live forensic volatile storage (RAM). Live forensics has advantages in terms of retrieving data on a running system because the user is getting activity log data from user the network.
Browsing in private mode leaves no traces and information about what the user has done during the browsing session. This feature is often used by criminals to hide the crimes committed or at least
to slow down the forensic process. In order to solve this problem, it is important to do forensics on RAM and Network. RAM and Network includes information on the currently running sister. Handling volatile data in RAM must be handled carefully and carefully because in addition to data can be lost if the system is turned off, the use of tools is feared to leave footprints that may overwrite valuable evidence that exists in RAM. [13]. Log data in the router is important to keep because the network log stores network activity data. Network forensics makes it possible to freeze time and observe crimes in progress, even months after they occurred [5]. The data in RAM and Network is expected to be able to become evidence to detect the activity of perpetrators, find and identify possible malicious or illegal concessions made on the system and to uncover the perpetrators [14].
This research offers DF Process Via Parallel Data Acquisition Technic. Parallel data acquisition is a method for acquisition data on a computer or other smart device when the computer or other smart device is on through two different data sources. The first source is RAM and the second source is Network Traffic data on the router.
This research focuses on obtaining evidence on private browsing cases through live forensics via parallel data acquisition, analyzing and obtaining evidence to support the reconstruction of case evidence-based.
II. Methods
This study offers a DF process with parallel data acquisition techniques. This research also prepares a simulation process of browsing in a private mode which will be run in an experimental environment. The simulation process is needed to generate digital evidence data that will be lifted using parallel data acquisition techniques. The experimental environment is designed and set up as an infrastructure for the simulation process. After the digital evidence data is generated in the simulation process, the live forensic process is performed. The steps of these processes are as seen in figure 2.
The experimental environment framework offered in this study is seen in figure 2. The experimental steps include four main steps: 1) Simulation Preparation, 2) Setup of Experimental Environment, 3) Simulation Process, and 4) Live Forensic Process. The fourth step of the experimental environment: 1) Collecting data, 2) Examination, 3) Analysis and 4) Reporting, refer to the NIST framework [26].
Figure 2 Experimental Environment
The explanation of the experimental environment framework is as follows:
1 Simulation Preparation
Simulation Preparation determining the amount of website data to be accessed and the website's name. Determining the number of times access to a predetermined website. This step also determines the website's access time, in parallel (website access simultaneously) or sequentially (sequential website access).
2 Setup of Experimental Environment
Setup of Experimental Environment includes determining the simulation topology, designing virtual experiments with virtualization technology, number of virtual machines, software and used tools for experimentation.
3 Simulation Process
The simulation process is the step of performing a browsing simulation trial process or case simulation that has been determined in the previous step.
4 Live Forensic Process 1) Data Collection
Data Collection using Live Forensic Environment with Parallel Data Acquisition is the act of identifying and acquiring potential and relevant electronic and/or digital evidence related to crimes.
Data Collection is done by acquiring volatile data memory (RAM) and Network Traffic on the router, as seen in figure 3.
2) Examination
In this step, the researcher performs the extraction process of digital evidence with the tools have been prepared.
3) Analysis
The data that has been extracted is then analyzed using methods and techniques that follow applicable rules. Digital evidence analysis performs by manual action. Investigators identifying for digital evidence and reconstruct cases of crimes that occurred.
4) Reporting
The Activity Data Collection, Examination, and Analysis must be well documented to make it easier to make detailed reports on technical and non-technical matters. The language used in reports must use language that other parties easily understand because the report's outcome becomes income for stakeholders such as prosecutors, law offices, judges, and others...
III. Result and Discussion
The simulation is used to get an overview of the cases that occur in actual reality. The simulation was chosen because it can be done at any time, even though there has not been a case before.
Furthermore, simulations can be repeated for different experimental settings and different tools. The topology of this research case is seen in figure 4.
A. Simulation Preparation
Website access testing in this study was done one-time access to the specified website. One-time access was aimed at testing website access, whether each might be found in RAM and Network Traffic. This study uses ten university websites that can be accessed publicly, as seen in table 1. Access to the website is done using Mozilla Firefox Browser Private Mode mode. Access websites perform serially from the first website to the last website.
Table 1 List Public Website No Sampel website Symbol
1 uksw.edu W1
2 unissula.ac.id W2
3 untagsmg.ac.id W3
4 unimma.ac.id W4
5 unisri.ac.id W5
6 unwiku.ac.id W6
7 ums.ac.id W7
8 utp.ac.id W8
9 unikal.ac.id W9
10 dinus.ac.id W10
Setup of Experimental Environment
This research case study was conducted with two computers. Computer 1 is the Investigator Computer and Computer 2 is a virtual computer running VirtualBox and GNS3. Computer 1 (investigator) uses operating system Windows 10, and the forensic tools Autopsy, Belkasoft, Magnet
Axiom, Wireshark, and Networkminer are installed. The second computer installed GNS3 and Virtualbox, as seen in figure 4.
Computer 2 is a Windows 10 64-bit PC and is connected to a LAN network. Mikrotik CHR is a Router that connects the LAN network to the internet. Mikrotik CHR acts as a router and a node to record network activity (network traffic logs), as seen in figure 4.
Figure 3 Live forensic environment with parallel data acquisition
Figure 4 Network Topology
This study uses several forensic tools that can be categorized as DF tools and network forensic tools. DF tools Autopsy, Magnet Axiom and Belkasoft were considered selected in this study because development on these tools is still ongoing and has been used by many researchers. The selected network forensic tools are Wireshark and Networkminer. Wireshark was chosen because it is the best network traffic capturing / sniffer tool developed as freeware for network traffic capture and analysis.
NetworkMiner is a very popular tool for automatic file extraction of package fetches. Networkminer is effective for identifying operating system, open ports, action concurrent sessions, hostname and putting no traffic on the network [27]. Wireshark and Networkminer support most operating systems and are network forensics tools with a desktop-based interface making it easy to operate by general users.
This research was carried out with 2 computers. Computer 1 is used as the Investigator's computer and Computer 2 is used as a simulation computer that runs the testing environment. Because researchers use simulations, researchers need a testing environment, this testing environment researchers use GNS3 and Virtualbox. Computer 1 (investigator) uses Windows 10 and the forensic tools Autopsy, Belkasoft, Magnet Axiom, Wireshark and Networkminer are installed. The second computer installed GNS3 and Virtualbox. GNS3 is an open source that can emulate router and switch hardware to create complex network simulations [28]. VirtualBox is an open source virtualization software for creating virtual environments.[29].
B. Simulation Process
The simulation begins with Actor 1 accessing the website in table 1 using Mozilla Firefox Private Mode. Access to the website in table 1 is done sequentially. At the same time Actor 1 accesses the website in table 1, the investigator captures the LAN network through the CHR Router, which is connected to the internet using Wireshark.
Figure 4 Simulation Environment Topology C. Live Forensic Process
The Live Forensic Process phase begins with data collection. Data collection of evidence is carried out in parallel, namely through RAM and network traffic. The second step is to test the data/image/log that has been obtained in the first step. The third step is to analyze the results/evidence obtained. The fourth step is reporting and explaining the evidence obtained.
1) Data Collection
The investigator will acquisition the computer's RAM data by executing Belkasoft RAM Capturer, as shown in figure 6. The RAM data image acquisition by Belkasoft RAM Capturer has a raw extension. The suspect computer must be disconnected from the outside network. The connection media commonly used on computer devices are Ethernet, Wireless and Bluetooth. This action protects data from changes or deletions made by other parties through the network.
Figure 5 RAM Image acquisition using Belkasoft RAM Capturer
Investigators also take Network Traffic data from the router. Network traffic data collection on the router is carried out on an Ethernet Router connected to the internet, as seen in figure 7. The process of capturing network traffic with Wireshark is seen in figure 8. Wireshark captures all traffic carried out by Ethernet 1, as seen in figure 8.
Figure 6 Wireshark capturing network traffic 1) Examination
Examination and data extraction in RAM were carried out with Autopsy, Bekasoft, and Magnet Axiom software. Testing and Extraction of network traffic data is done with Wireshark and NetworkMiner.
Testing RAM image data with Autopsy tools found 10 websites that were searched. The number of log findings varies from one website to another. This is because of the number of logs left by the website in RAM during the browsing session, the number of logs found by Autopsy is shown in table 2. Autopsy was able to retrieve 695 website logs.
Testing RAM image data with Magnet Axiom found 10 websites that were searched. The amount of evidence found varies from one website to another. The number of logs a website leaves in RAM during browsing can vary. The number of logs found by Magnet Axiom is shown in table 2. Magnet Axiom was able to get 1907 website logs, and Magnet Axiom was able to get the most logs from three tools.
Testing the RAM image data with Belkasoft got 10 websites that were searched. The number of log findings varies from one website to another. The number of logs a website leaves in RAM during browsing can vary. The number of logs found by Belkasoft is shown in table 2. Belkasoft got 156 website logs, the log findings by Belkasoft were the least but got all the test websites.
Testing network traffic using Wireshark and NetworkMiner found several network logs that point to the sample domain of the W1-W10 website. The number of logs obtained varies between W1 to W10 depending on the number of requests and connections made by the sample website. Results data from the examination phase are shown in table 2:
No Sampel website Symbol Autopsy Belkasoft Magnet Axiom Jumlah Log network
1 uksw.edu W1 31 44 166 14.947
2 unissula.ac.id W2 52 11 231 8.317
3 untagsmg.ac.id W3 102 24 144 29.686
4 unimma.ac.id W4 71 39 236 3.675
5 unisri.ac.id W5 58 18 101 7.075
6 unwiku.ac.id W6 55 1 184 6.927
7 ums.ac.id W7 50 1 208 2.944
8 utp.ac.id W8 61 5 195 22.113
9 unikal.ac.id W9 117 6 195 4.726
10 dinus.ac.id W10 98 7 247 18.819
2) Analysis
The evidence of Image RAM and network traffic was performed manually by analyzing the logs in detail. Findings of browsing sessions to the dinus.ac.id website with Autopsy can be seen in Figure 9. Findings of browsing sessions to the dinus.ac.d website by Magnet Axiom can be seen in Figure 10. Findings of browsing sessions to the dinus.ac.id website with Belkasoft, as seen in Figure 11
Figure 7 Log dinus.ac.id found by Autopsy
Figure 8 Log dinus.ac.id found by Magnet Axiom
Figure 9 Log dinus.ac.id found by Belkasoft
Networkminer can read network traffic logs. Networkminer directly separates the network traffic log based on the criteria Hosts, Files in the network traffic, Images in the network traffic log, Messages, Credentials (Cookies stored in the network log), Session, DNS, Parameters in the traffic log, and search keywords. The IP Address and Hostname of the websites you have visited will be displayed in the Networkminer Host Window, as shown in Figure 12.
Figure 10 Networkminer
Wireshark can read all packets that pass through network traffic, Wireshark managed to get the timestamp of traffic done, source address, destination address, transmission protocol, length (the number of packets transmitted), source last node mac address, destination last node mac address, source port, destination port, and detailed information, can be seen in figure 13.
Figure 11 Wireshark 3) Reporting
Based on the RAM image analysis and Network Traffic, the types of evidence on private browsing are obtained, namely the website URL visited, keyword search, traffic timestamp performed, source address, destination address, transmission protocol, length (size of the transmitted packet), source last node mac address, destination last node mac address, source port, destination port, and detail information. Classification based on the origin of evidence can be seen in Figure 14.
Figure 12 Private browsing evidence.
IV. Conclusion
The DF Process via Parallel Data Acquisition Technic was successfully used to experiment in the case of private browsing. The Proposed DF Process via Parallel Data Acquisition Technic is not only limited to the scope of private browsing but can be used to experiment in other fields that require parallel data acquisition.
The DF Process via Parallel Data Acquisition Technic has succeeded in identifying evidence that can be used as evidence to prove a case of private web browsing. RAM analysis success got visited websites and URLs. Previous research has also obtained additional evidence, consist of: keyword search and website accounts via RAM analysis. Network traffic analysis produces several evidences, namely traffic timestamps, source address, destination address, transmission protocol, length (size of the transmitted packet), source last node MAC address, destination last node MAC address, source port, destination port and detailed information that can be obtained used as evidence to prove the case of private browsing.
This study does not discuss the use of anti-forensic tools such as Bleachbit or CCleaner as a tool to clear memory in RAM. The use of forensic tools needs to be investigate by further researchers
References
[1] F.-K. Hasan, K.-M. Sondos, H. Hussin J, and H. Ale J, ‘Forensic analysis of private browsing mechanisms: Tracing internet activities’, J. Forensic Sci. Res., vol. 5, no. 1, pp. 012–019, 2021, doi: 10.29328/journal.jfsr.1001022.
[2] N. A. Alomirah, ‘Forensics Analysis of Residual Artefacts Acquired During Normal and Private Web Browsing Sessions’, Auckland University of Technology, 2016.
[3] M. K. Rogers et al., ‘Computer Forensics Field Triage Process Model’, J. Digit. Forensics, Secur. Law, vol. 1, no. 2, pp. 1–21, 2006, doi: https://doi.org/10.15394/jdfsl.2006.1004.
[4] R. S. C. Ieong, ‘FORZA - Digital forensics investigation framework that incorporate legal issues’, Digit. Investig., vol. 3, no. SUPPL., pp. 29–36, 2006, doi: 10.1016/j.diin.2006.06.004.
[5] S. L. Garfinkel, ‘Digital forensics research: The next 10 years’, Digit. Investig., vol. 7, no.
SUPPL., pp. S64–S73, 2010, doi: 10.1016/j.diin.2010.05.009.
[6] M. Taylor, J. Haggerty, and D. Gresty, ‘The legal aspects of corporate computer forensic investigations’, Comput. Law Secur. Rev., vol. 23, no. 6, pp. 562–566, 2007, doi:
https://doi.org/10.1016/j.clsr.2007.09.002.
[7] J. Sammons, ‘Chapter 1 - Introduction’, J. B. T.-T. B. of D. F. (Second E. Sammons, Ed.
Boston: Syngress, 2015, pp. 1–14.
[8] H. Yang, J. Zhuge, H. Liu, and W. Liu, ‘Advances in Digital Forensics XII’, vol. 484, pp.
365–378, 2016, doi: 10.1007/978-3-319-46279-0.
[9] J. Sylve, A. Case, L. Marziale, and G. G. Richard, ‘Acquisition and analysis of volatile memory from android devices’, Digit. Investig., vol. 8, no. 3–4, pp. 175–184, 2012, doi:
10.1016/j.diin.2011.10.003.
[10] Y. Cheng, X. Fu, X. Du, B. Luo, and M. Guizani, ‘A lightweight live memory forensic approach based on hardware virtualization’, Inf. Sci. (Ny)., vol. 379, pp. 23–41, 2017, doi:
10.1016/j.ins.2016.07.019.
[11] K. Barik, S. Das, K. Konar, B. Chakrabarti Banik, and A. Banerjee, ‘Exploring user requirements of network forensic tools’, Glob. Transitions Proc., vol. 2, no. 2, pp. 350–354,
2021, doi: https://doi.org/10.1016/j.gltp.2021.08.043.
[12] L. F. Sikos, ‘Packet analysis for network forensics: A comprehensive survey’, Forensic Sci.
Int. Digit. Investig., vol. 32, p. 200892, 2020, doi:
https://doi.org/10.1016/j.fsidi.2019.200892.
[13] R. Umar, A. Yudhana, and M. Nur Faiz, ‘Analisis Kinerja Metode Live Forensics Untuk Investigasi Random Access Memory Pada Sistem Proprietary’, in Prosiding Konferensi Nasional Ke- 4 Asosiasi Program Pascasarjana Perguruan Tinggi Muhammadiyah (APPPTM), 2016, pp. 207–211.
[14] Z. A. Al-Sharif, M. I. Al-Saleh, L. M. Alawneh, Y. I. Jararweh, and B. Gupta, ‘Live forensics of software attacks on cyber–physical systems’, Futur. Gener. Comput. Syst., vol. 108, pp.
1217–1229, 2020, doi: 10.1016/j.future.2018.07.028.
[15] H. Said, N. Al Mutawa, I. Al Awadhi, and M. Guimaraes, ‘Forensic analysis of private browsing artifacts’, in 2011 International Conference on Innovations in Information Technology, Apr. 2011, pp. 197–202, doi: 10.1109/INNOVATIONS.2011.5893816.
[16] A. Nalawade, S. Bharne, and V. Mane, ‘Forensic analysis and evidence collection for web browser activity’, Int. Conf. Autom. Control Dyn. Optim. Tech. ICACDOT 2016, pp. 518–
522, 2017, doi: 10.1109/ICACDOT.2016.7877639.
[17] K. Hughes, P. Papadopoulos, N. Pitropakis, A. Smales, J. Ahmad, and W. J. Buchanan,
‘Browsers’ private mode: Is it what we were promised?’, Computers, vol. 10, no. 12, 2021, doi: 10.3390/computers10120165.
[18] E. S. Noorulla, ‘Web Browser Private Mode Forensics Analysis’, Rochester Institute of Technology, 2014.
[19] A. Ghafarian and S. Amin, ‘Analysis of Privacy of Private Browsing Mode through Memory Forensics’, Int. J. Comput. Appl., vol. 132, no. 16, pp. 27–34, 2015, doi:
10.5120/ijca2015907693.
[20] J. Oh, S. Lee, and S. Lee, ‘Advanced evidence collection and analysis of web browser activity’, Digit. Investig., vol. 8, pp. S62–S70, 2011, doi:
https://doi.org/10.1016/j.diin.2011.05.008.
[21] D. J. Ohana and N. Shashidhar, ‘Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions’, EURASIP J. Inf. Secur., vol. 2013, no. 1, p. 6, 2013, doi: 10.1186/1687-417X-2013- 6.
[22] T. Rochmadi, I. Riadi, and Y. Prayudi, ‘Live forensics for anti-forensics analysis on private portable web browser’, Int. J. Comput. Appl., vol. 164, no. 8, pp. 31–37, 2017, doi:
10.5120/ijca2017913717.
[23] T. Rochmadi, ‘Live Forensik Untuk Analisa Anti Forensik Pada Web Browser Studi Kasus Browzar’, Indones. J. Bus. Intell., vol. 1, no. 1, pp. 32–38, 2018, doi:
10.5120/ijca2017913717.
[24] X. Fernández-Fuentes, T. F. Pena, and J. C. Cabaleiro, ‘Digital forensic analysis methodology for private browsing: Firefox and Chrome on Linux as a case study’, Comput.
Secur., vol. 115, p. 102626, 2022, doi: https://doi.org/10.1016/j.cose.2022.102626.
[25] A. Marrington, I. Baggili, T. Al Ismail, and A. Al Kaf, ‘Portable web browser forensics’, 2012 Int. Conf. Comput. Syst. Ind. Informatics, ICCSII 2012, 2012, doi:
10.1109/ICCSII.2012.6454516.
[26] R. Ayers, W. Jansen, and S. Brothers, ‘Guidelines on mobile device forensics (NIST Special Publication 800-101 Revision 1)’, NIST Spec. Publ., vol. 1, no. 1, p. 85, 2014, doi:
10.6028/NIST.SP.800-101r1.
[27] M. Kumar, D. P. B D, P. Subramani, and S. Ullo, ‘Comparative Analysis to Identify Efficient Technique for Interfacing BCI System’, IOP Conf. Ser. Mater. Sci. Eng., vol. 925, p. 12062, Oct. 2020, doi: 10.1088/1757-899X/925/1/012062.
[28] J. C. Neumann, The book of GNS3: build virtual network labs using Cisco, Juniper, and more.
No Starch Press, 2015.
[29] A. Agarwal, S. K. S. Rao, and B. M. Mahendra, ‘Comprehensive Review of Virtualization Tools’, Int. Res. J. Eng. Technol., vol. 7, no. 6, 2020.
[30] A. G. Chofreh, F. A. Goni, J. J. Klemeš, M. N. Malik, and H. H. Khan, ‘Development of
guidelines for the implementation of sustainable enterprise resource planning systems’, J.
Clean. Prod., vol. 244, p. 118655, 2020, doi: https://doi.org/10.1016/j.jclepro.2019.118655.
