A comprehensive model of cybercrime investigations is important for standardising terminology, defining requirements, and supporting the development of new techniques and tools for investigators. In this paper a model of investigations is presented which combines the existing models, generalises them, and extends them by explicitly addressing certain activities not included in them. Unlike previous models, this model explicitly represents the information flows in an investigation and captures the full scope of an investigation, rather than only the processing of evidence. The results of an evaluation of the model by practicing cybercrime investigators are presented. This new model is compared to some important existing models and applied to a real investigation.
[1]
Marilyn T. Miller,et al.
Henry Lee's Crime Scene Handbook
,
2001
.
[2]
Warren Harrison,et al.
A Lessons Learned Repository for Computer Forensics
,
2002,
Int. J. Digit. EVid..
[3]
Eoghan Casey,et al.
Digital Evidence and Computer Crime
,
2000
.
[4]
Hsinchun Chen,et al.
Using Coplink to Analyze Criminal-Justice Data
,
2002,
Computer.
[5]
Gregg H. Gunsch,et al.
An Examination of Digital Forensic Models
,
2002,
Int. J. Digit. EVid..
[6]
A. Patel,et al.
The impact of forensic computing on telecommunications
,
2000
.