Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes

Existing digital forensics frameworks do not provide clear guidelines for conducting digital forensics investigation. However, had a framework existed, investigations based on known procedures and processes would follow strict prescribed standardisation. This should direct investigations following a set method for comparisons; ensuring future investigation is following one standard. Digital forensics lack confirmed and tested methods; this became obvious when we consider varied interpretations of the same case by participants using different investigation methods. Previous research covered several approaches to setting a forensics framework, which are mere adaptations of previous models. We found that only a few models present a framework that defines or delivers qualified likeness between the different disciplines. From this, possible pattern analysis from different disciplines is possible (Kohn, 2007). This underlines the need to standardise processes, to ensure proven and consistent results. Digital Forensics Science needs a new approach, defining and standardising investigation processes by affirming an investigation framework. Present research does not enough cover how existing forensic frameworks are used as guideline while conduct investigations. As a result, wide general interpretations are possible instead of following a set standard. Investigation processes and in particular how data confirmation is conducted during and after investigation becomes questionable as well. This also challenges data consistency and the legality of investigation processes when a non-standard framework is used without forming a sound theory based on proven models.

[1]  Michael C. Tanner,et al.  Automated diagnosis for computer forensics , 2002 .

[2]  Sundresan Perumal Digital Forensic Model Based On Malaysian Investigation Process , 2009 .

[3]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[4]  Jan H. P. Eloff,et al.  Framework for a Digital Forensic Investigation , 2006, ISSA.

[5]  Eugene H. Spafford,et al.  An Event-Based Digital Forensic Investigation Framework , 2004 .

[6]  Ricci S. C. Ieong,et al.  FORZA - Digital forensics investigation framework that incorporate legal issues , 2006, Digit. Investig..

[7]  Martin S. Olivier,et al.  On metadata context in Database Forensics , 2009, Digit. Investig..

[8]  Giovanni Vigna,et al.  Digital Forensic Reconstruction and the Virtual Security Testbed ViSe , 2006, DIMVA.

[9]  Carrie Morgan Whitcomb,et al.  An Historical Perspective of Digital Evidence: A Forensic Scientist's View , 2002 .

[10]  Lynn Margaret Batten,et al.  Reproducibility of Digital Evidence in Forensic Investigations , 2005, DFRWS.

[11]  Olga Angelopoulou ID Theft: A computer forensics' investigation framework , 2007 .

[12]  Jesse D. Kornblum Identifying almost identical files using context triggered piecewise hashing , 2006, Digit. Investig..

[13]  Cornelia Grobler,et al.  High-Level Integrated Vie of Digital Forensics , 2009, ISSA.

[14]  Brian D. Carrier Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers , 2003, Int. J. Digit. EVid..

[15]  L GarfinkelSimson Digital forensics research , 2010 .

[16]  Krishnun Sansurooah,et al.  Taxonomy of computer forensics methodologies and procedures for digital evidence seizure , 2006 .

[17]  Joseph A. Akinyele,et al.  Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis , 2008 .

[18]  Erin Kenneally Confluence of Digital Evidence and the Law: On the Forensic Soundness of Live-Remote Digital Evidence Collection. , 2005 .

[19]  Warren G. Kruse,et al.  Computer Forensics: Incident Response Essentials , 2001 .

[20]  Deborah A. Frincke,et al.  A Theoretical Framework for Organizational Network Forensic Readiness , 2007, J. Comput..

[21]  Ruibin Gong,et al.  Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework , 2005, Int. J. Digit. EVid..

[22]  Barry Irwin,et al.  A DIGITAL FORENSIC INVESTIGATIVE MODEL FOR BUSINESS ORGANISATIONS , 2006 .

[23]  Simson L. Garfinkel,et al.  Forensic Corpora: a Challenge for Forensic Research 1 Computer Forensics and Today's Forensic Tools , 2007 .

[24]  Paul Turner,et al.  Winning the Battles, Losing the War? Rethinking Methodology for Forensic Computing Research , 2006, Journal in Computer Virology.

[25]  Atif Ahmad,et al.  The forensic chain-of-evidence model: Improving the process of evidence collection in incident handling procedures , 2002 .

[26]  Karl N. Levitt,et al.  Automated analysis for digital forensic science: semantic integrity checking , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[27]  Dulal C. Kar,et al.  Computer forensics: a critical need in computer science programs , 2005 .

[28]  Paul Turner,et al.  Australian Forensic Computing Investigation Teams: Research on Competence , 2003, PACIS.

[29]  G. Richard,et al.  Breaking the Performance Wall: The Case for Distributed Digital Forensics , 2004 .

[30]  Shahrin Sahib,et al.  Mapping Process of Digital Forensic Investigation Framework , 2008 .

[31]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[32]  Jill Slay,et al.  Digital Forensics: Validation and Verification in a Dynamic Work Environment , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[33]  Jan H. P. Eloff,et al.  UML Modelling of Digital Forensic Process Models (DFPMs) , 2008, ISSA.

[34]  Richard Kissel,et al.  Security Considerations in the System Development Life Cycle , 2008 .

[35]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[36]  Corey Thuen,et al.  Understanding Counter-Forensics to Ensure a Successful Investigation , 2007 .

[37]  Felix C. Freiling,et al.  A Common Process Model for Incident Response and Computer Forensics , 2007, IMF.

[38]  Marcus K. Rogers,et al.  A cyber forensics ontology: Creating a new approach to studying cyber forensics , 2006, Digit. Investig..

[39]  Shirley M. Radack,et al.  Forensic Techniques: Helping Organizations Improve Their Responses to Information Security Incidents | NIST , 2006 .

[40]  Peter Stephenson A comprehensive approach to digital incident investigation , 2003, Inf. Secur. Tech. Rep..

[41]  Marcus K. Rogers The role of criminal profiling in the computer forensics process , 2003, Comput. Secur..

[42]  M. B. Mukasey,et al.  Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition , 2008 .

[43]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[44]  Simson L. Garfinkel,et al.  Bringing science to digital forensics with standardized forensic corpora , 2009, Digit. Investig..

[45]  Paul Turner,et al.  Computer Incident Investigations: e-forensic Insights on Evidence Acquisition , 2004 .

[46]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[47]  Marcus K. Rogers,et al.  Computer Forensics Field Triage Process Model , 2006, J. Digit. Forensics Secur. Law.

[48]  James Tetteh Ami-Narh,et al.  Digital forensics and the legal system: A dilemma of our times , 2008 .

[49]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[50]  Marilyn T. Miller,et al.  Henry Lee's Crime Scene Handbook , 2001 .