Formalising investigative decision making in digital forensics: Proposing the Digital Evidence Reporting and Decision Support (DERDS) framework

Abstract In the field of digital forensics it is crucial for any practitioner to possess the ability to make reliable investigative decisions which result in the reporting of credible evidence. This competency should be considered a core attribute of a practitioner’s skill set and it is often taken for granted that all practitioners possess this ability; in reality this is not the case. A lack of dedicated research and formalisation of investigative decision making models to support digital forensics practitioner’s is an issue given the complexity of many digital investigations. Often, the ability to make forensically sound decisions regarding the reliability of any findings is arguably an assumed trait of the practitioner, rather than a formally taught competency. As a result, the digital forensic discipline is facing increasing recent scrutiny with regards to the quality and validity of evidence it’s practitioners are producing. This work offers the Digital Evidence Reporting and Decision Support (DERDS) framework, designed to help the practitioner assess the reliability of their ‘inferences, assumptions of conclusions’ in relation to any potentially evidential findings. The structure and application of the DERDS framework is discussed, demonstrating the stages of decision making a practitioner must undergo when evaluating the accuracy of their findings, whilst also recognising when content may be deemed unsafe to report.

[1]  J. Collie Digital forensic evidence-Flaws in the criminal justice system. , 2018, Forensic science international.

[2]  Nina Sunde Non-technical sources of errors when handling digital evidence within a criminal investigation , 2017 .

[3]  Mark Pollitt,et al.  A Framework for Harmonizing Forensic Science Practices and Digital/Multimedia Evidence , 2018 .

[4]  Mark John Taylor,et al.  Forensic investigation of cloud computing systems , 2011, Netw. Secur..

[5]  Matthew Meyers,et al.  Computer Forensics: The Need for Standardization and Certification , 2004, Int. J. Digit. EVid..

[6]  Brett A. Becker,et al.  Current Challenges and Future Research Areas for Digital Forensic Investigation , 2016, ArXiv.

[7]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[8]  Angi M. Christensen,et al.  Error and its Meaning in Forensic Science , 2014, Journal of forensic sciences.

[9]  Jan H. P. Eloff,et al.  Integrated digital forensic process model , 2013, Comput. Secur..

[10]  Joshua James,et al.  A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview , 2013, Digit. Investig..

[11]  Nhien-An Le-Khac,et al.  Tiered Forensic Methodology Model for Digital Field Triage by Non-Digital Evidence Specialists , 2016, ArXiv.

[12]  Peter Sommer,et al.  Accrediting digital forensics: What are the choices? , 2018, Digit. Investig..

[13]  Eoghan Casey,et al.  Transdisciplinary strategies for digital investigation challenges , 2018, Digit. Investig..

[14]  Hein S. Venter,et al.  Guidelines for procedures of a harmonised digital forensic process in network forensics , 2012, 2012 Information Security for South Africa.

[15]  Graeme Horsman,et al.  Framework for Reliable Experimental Design (FRED): A research framework to ensure the dependable interpretation of digital data for digital forensics , 2018, Comput. Secur..

[16]  Joshua James,et al.  Challenges with Automation in Digital Forensic Investigations , 2013, ArXiv.

[17]  Hein S. Venter,et al.  Harmonised digital forensic investigation process model , 2012, 2012 Information Security for South Africa.

[18]  Eoghan Casey,et al.  Clearly conveying digital forensic results , 2018, Digit. Investig..