A standardised data acquisition process model for digital forensic investigations

Similar to traditional evidence, courts of law do not assume that digital evidence is reliable if there is no evidence of some empirical testing regarding the theories and techniques pertaining to its production. Courts take a careful notice of the way in which digital evidence has been acquired and stored. In contrast with traditional crimes for which there are well-established standards and procedures upon which courts can rely, there are no formal procedures or models for digital data acquisition to which courts of law can refer. A standardised data acquisition process model is needed to enable digital forensic investigators to follow a uniform approach, and to assist courts of law in determining the reliability of digital evidence presented to them. This paper proposes a model that is standardised in that it can enable digital forensic investigators in following a uniform approach, and that is generic in that it can be applied in both law enforcement and corporate investigations. To carry out the research presented in the paper, the design science research process (DSRP) methodology proposed by Peffers et al. (2006) has been followed.

[1]  Mark Pollitt Applying Traditional Forensic Taxonomy to Digital Forensics , 2008, IFIP Int. Conf. Digital Forensics.

[2]  Sebastiaan H. von Solms,et al.  A Multi-component View of Digital Forensics , 2010, 2010 International Conference on Availability, Reliability and Security.

[3]  Russell G. Smith,et al.  Cyber Criminals on Trial: List of figures and tables , 2004 .

[4]  David Preston,et al.  A New Approach of Digital Forensic Model for Digital Forensic Investigation , 2011 .

[5]  V. David Hopkin,et al.  Verification and Validation of Complex Systems: Human Factors Issues , 1993 .

[6]  Jack Wiles,et al.  The Best Damn Cybercrime and Digital Forensics Book Period , 2007 .

[7]  Marcus Rogers,et al.  Dcsa: A Practical Approach to Digital Crime Scene Analysis , 2006 .

[8]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[9]  Ray Bull,et al.  Psychology and Law: Truthfulness, Accuracy and Credibility , 2000 .

[10]  Simson L. Garfinkel,et al.  Bringing science to digital forensics with standardized forensic corpora , 2009, Digit. Investig..

[11]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[12]  Ankit Agarwal,et al.  Systematic Digital Forensic Investigation Model , 2011 .

[13]  Expert Scientific Evidence in the Investigation and Prosecution of Child Sexual Abuse in Adversarial Jurisdictions , 2014 .

[14]  Shahrin Sahib,et al.  Mapping Process of Digital Forensic Investigation Framework , 2008 .

[15]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[16]  A. J. Sammes,et al.  Forensic Computing (Practitioner Series) , 2007 .

[17]  Zainuddin Hassan,et al.  COMMON PHASES OF COMPUTER FORENSICS INVESTIGATION MODELS , 2011 .

[18]  Frederick Cohen,et al.  The State of the Science of Digital Evidence Examination , 2011, IFIP Int. Conf. Digital Forensics.

[19]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[20]  Axel W. Krings,et al.  A Formalization of Digital Forensics , 2004, Int. J. Digit. EVid..

[21]  Ricci S. C. Ieong,et al.  FORZA - Digital forensics investigation framework that incorporate legal issues , 2006, Digit. Investig..

[22]  Jan H. P. Eloff,et al.  Integrated digital forensic process model , 2013, Comput. Secur..

[23]  Matthew Meyers,et al.  Computer Forensics: The Need for Standardization and Certification , 2004, Int. J. Digit. EVid..

[24]  Halil Ibrahim Bulbul,et al.  Digital forensics: an analytical crime scene procedure model (ACSPM). , 2013, Forensic science international.

[25]  Gary C. Kessler,et al.  Judges Awareness, Understanding, and Application of Digital Evidence , 2011, J. Digit. Forensics Secur. Law.

[26]  David A. Dampier,et al.  Unifying computer forensics modeling approaches: a software engineering perspective , 2005, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05).

[27]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[28]  Christopher L. T. Brown Computer Evidence: Collection and Preservation , 2009 .

[29]  Aleksandar Valjarevic,et al.  A Comprehensive and Harmonized Digital Forensic Investigation Process Model , 2015, Journal of forensic sciences.

[30]  Valerie Hobbs,et al.  The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice , 2013, J. Digit. Forensics Secur. Law.

[31]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[32]  Ewa Huebner,et al.  Formalizing Computer Forensics Process with UML , 2009, UNISCON.

[33]  Alan R. Hevner,et al.  Design Research in Information Systems: Theory and Practice , 2010 .

[34]  David Evans,et al.  Integrated Computer Forensics Investigation Process Model (ICFIPM) for Computer Crime Investigations , 2015, ICGS3.

[35]  Eoghan Casey,et al.  Digital Evidence and Computer Crime - Forensic Science, Computers and the Internet, 3rd Edition , 2011 .

[37]  David Llewellyn-Jones,et al.  Online social networks as supporting evidence: A digital forensic investigation model and its application design , 2011, 2011 International Conference on Research and Innovation in Information Systems.

[38]  Marc Rogers Digital forensics , 2006 .

[39]  Warren G. Kruse,et al.  Computer Forensics: Incident Response Essentials , 2001 .

[40]  Denis Trček,et al.  Advanced Framework for Digital Forensic Technologies and Procedures * , 2010, Journal of forensic sciences.