Concept Mapping for Digital Forensic Investigations

Research in digital forensics has yet to focus on modeling case domain information involved in investigations. This paper shows how concept mapping can be used to create an excellent alternative to the popular checklist approach used in digital forensic investigations. Concept mapping offers several benefits, including creating replicable, reusable techniques, simplifying and guiding the investigative process, capturing and reusing specialized forensic knowledge, and supporting training and knowledge management activities. The paper also discusses how concept mapping can be used to integrate case-specific details throughout the investigative process.

[1]  H. Marshall Jarrett,et al.  Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations , 1979 .

[2]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[3]  Sujeet Shenoi,et al.  Advances in Digital Forensics XII , 2007, IFIP Advances in Information and Communication Technology.

[4]  John R. Vacca,et al.  Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series) , 2005 .

[5]  Warren G. Kruse,et al.  Computer Forensics: Incident Response Essentials , 2001 .

[6]  David A. Dampier,et al.  Unifying computer forensics modeling approaches: a software engineering perspective , 2005, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05).

[7]  Jacobus Venter Process Flow Diagrams for Training and Operations , 2006, IFIP Int. Conf. Digital Forensics.

[8]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[9]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[10]  David A. Dampier,et al.  Selecting keyword search terms in computer forensics examinations using domain analysis and modeling , 2006 .

[11]  Ruibin Gong,et al.  Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework , 2005, Int. J. Digit. EVid..

[12]  Mark Pollitt,et al.  An Ad Hoc Review of Digital Forensic Models , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[13]  Sumitra Mukherjee,et al.  Using concept maps for knowledge acquisition in satellite design: translating statement of requirements on orbit to design requirements , 2006 .

[14]  Lawrence A. Presley,et al.  Recovering and Examining Computer Forensic Evidence , 2000 .

[15]  Eugene H. Spafford,et al.  An Event-Based Digital Forensic Investigation Framework , 2004 .