Integrated digital forensic process model

Digital forensics is an established research and application field. Various process models exist describing the steps and processes to follow during digital forensic investigations. During such investigations, it is not only the digital evidence itself that needs to prevail in a court of law; the process followed and terminology used should also be rigorous and generally accepted within the digital forensic community. Different investigators have been refining their own investigative methods, resulting in a variety of digital forensic process models. This paper proposes a standardized Digital Forensic Process Model to aid investigators in following a uniform approach in digital forensic investigations.

[1]  Ruibin Gong,et al.  Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework , 2005, Int. J. Digit. EVid..

[2]  Sundresan Perumal Digital Forensic Model Based On Malaysian Investigation Process , 2009 .

[3]  Scott Lobdell,et al.  Identity Theft , 2006 .

[4]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[5]  Ewa Huebner,et al.  Computer forensics: past, present and future , 2003, Inf. Secur. Tech. Rep..

[6]  Frank Adelstein,et al.  Live forensics: diagnosing your system without killing it first , 2006, CACM.

[7]  Lawrence A. Presley,et al.  Recovering and Examining Computer Forensic Evidence , 2000 .

[8]  Eoghan Casey,et al.  Handbook of Computer Crime Investigation: Forensic Tools and Technology , 2001 .

[9]  William H. Allen Computer Forensics , 2005, IEEE Secur. Priv..

[10]  The Zachman Framework For Enterprise Architecture and Rational Best Practices and Products , 2001 .

[11]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .

[12]  A.D. Irons,et al.  Digital Investigation as a distinct discipline: A pedagogic perspective , 2009, Digit. Investig..

[13]  Eugene H. Spafford,et al.  Categories of digital investigation analysis techniques based on the computer history model , 2006, Digit. Investig..

[14]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[15]  Keith J. Jones,et al.  Real Digital Forensics: Computer Security and Incident Response , 2005 .

[16]  Shahrin Sahib,et al.  Mapping Process of Digital Forensic Investigation Framework , 2008 .

[17]  Nahid Shahmehri,et al.  A systematic evaluation of disk imaging in EnCase® 6.8 and LinEn 6.1 , 2009, Digit. Investig..

[18]  Jan H. P. Eloff,et al.  UML Modelling of Digital Forensic Process Models (DFPMs) , 2008, ISSA.

[19]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[20]  M. S. Olivier,et al.  An Open-Source Forensics Platform , 2007 .

[21]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[22]  Johann Hershensohn IT Forensics: the collection of and presentation of digital evidence , 2005, ISSA.

[23]  Eugene H. Spafford,et al.  Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence , 2005, DFRWS.

[24]  M. P. F. C. A. J. Sammes BSc,et al.  Forensic Computing , 2000, Practitioner Series.

[25]  Marcus K. Rogers,et al.  Computer Forensics Field Triage Process Model , 2006, J. Digit. Forensics Secur. Law.

[26]  Caroline Linda Allinson Legislative and security requirements of audit material for evidentiary purpose , 2004 .

[27]  Robert F. Erbacher,et al.  Computer Forensics : Training and Education , 2002 .

[28]  Eugene H. Spafford,et al.  An Event-Based Digital Forensic Investigation Framework , 2004 .

[29]  Ricci S. C. Ieong,et al.  FORZA - Digital forensics investigation framework that incorporate legal issues , 2006, Digit. Investig..

[30]  Paul Turner,et al.  Forensic Computing Theory & Practice: Towards developing a methodology for a standardised approach to Computer misuse , 2003, Australian Computer, Network & Information Forensics Conference.

[31]  Noureddine Boudriga,et al.  DigForNet: Digital Forensic in Networking , 2008, SEC.

[32]  Ahmed Patel,et al.  Formalising Event Time Bounding in Digital Investigations , 2005, Int. J. Digit. EVid..

[33]  Marcus K. Rogers,et al.  The future of computer forensics: a needs analysis survey , 2004, Comput. Secur..

[34]  Dahli Gray,et al.  Forensic Accounting and Auditing: Compared and Contrasted to Traditional Accounting and Auditing. , 2008 .

[35]  Peter Stephenson Modeling of Post-Incident Root Cause Analysis , 2003, Int. J. Digit. EVid..

[36]  M. B. Mukasey,et al.  Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition , 2008 .

[37]  Brian D. Carrier,et al.  Open Source Digital Forensics Tools The Legal Argument 1 , 2003 .

[38]  L GarfinkelSimson Digital forensics research , 2010 .

[39]  Abhi Shelat,et al.  Remembrance of Data Passed: A Study of Disk Sanitization Practices , 2003, IEEE Secur. Priv..

[40]  F. Cohen Digital Forensic Evidence Examination , 2009 .

[41]  Lilian Mitrou,et al.  Smartphone Forensics: A Proactive Investigation Scheme for Evidence Acquisition , 2012, SEC.

[42]  Martin S. Olivier,et al.  Sequenced Release of Privacy Accurate Call Data Record Information in a GSM Forensic Investigation , 2006, ISSA.

[43]  Mathew Hannan,et al.  To Revisit: What is Forensic Computing? , 2004, Australian Computer, Network & Information Forensics Conference.

[44]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[45]  Noureddine Boudriga,et al.  A Temporal Logic-Based Model for Forensic Investigation in Networked System Security , 2005, MMM-ACNS.

[46]  Jan H. P. Eloff,et al.  Framework for a Digital Forensic Investigation , 2006, ISSA.

[47]  Axel W. Krings,et al.  A Formalization of Digital Forensics , 2004, Int. J. Digit. EVid..

[48]  Jan H. P. Eloff,et al.  Analysis of Web Proxy Logs , 2006, IFIP Int. Conf. Digital Forensics.

[49]  Eoghan Casey,et al.  Digital Evidence and Computer Crime , 2000 .

[50]  Golden G. Richard,et al.  Forensic discovery auditing of digital evidence containers , 2007, Digit. Investig..

[51]  Mark Pollitt,et al.  A History of Digital Forensics , 2010, IFIP Int. Conf. Digital Forensics.

[52]  Warren G. Kruse,et al.  Computer Forensics: Incident Response Essentials , 2001 .

[53]  Sebastiaan H. von Solms,et al.  A Control Framework for Digital Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[54]  Karl N. Levitt,et al.  Automated analysis for digital forensic science: semantic integrity checking , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[55]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[56]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[57]  Marilyn T. Miller,et al.  Henry Lee's Crime Scene Handbook , 2001 .

[58]  Fred Cohen,et al.  Toward a Science of Digital Forensic Evidence Examination , 2010, IFIP Int. Conf. Digital Forensics.

[59]  Jan H. P. Eloff,et al.  Applying Machine Trust Models to Forensic Investigations , 2006, IFIP Int. Conf. Digital Forensics.

[60]  Martin S. Olivier,et al.  Isolating Instances in Cloud Forensics , 2012, IFIP Int. Conf. Digital Forensics.

[61]  Rico Valdez,et al.  Adversary Modeling to Develop Forensic Observables , 2004 .

[62]  Stuart McClure,et al.  Hacking Exposed; Network Security Secrets and Solutions , 1999 .

[63]  A. Patel,et al.  The impact of forensic computing on telecommunications , 2000 .

[64]  Graham C. Lilly Principles of Evidence , 2006 .

[65]  Henry B. Wolfe Computer forensics , 2003, Comput. Secur..

[66]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[67]  Brian D. Carrier,et al.  Defining event reconstruction of digital crime scenes. , 2004, Journal of forensic sciences.

[68]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[69]  I. Maurice Wormser,et al.  Principles of the Criminal Law , 1913 .