CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Review and Assessment of the Existing Digital Forensic Investigation Process Models

by Reza Montasari
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 147 - Number 7
Year of Publication: 2016
Authors: Reza Montasari
10.5120/ijca2016911194

Reza Montasari . Review and Assessment of the Existing Digital Forensic Investigation Process Models. International Journal of Computer Applications. 147, 7 ( Aug 2016), 41-49. DOI=10.5120/ijca2016911194

@article{ 10.5120/ijca2016911194,
author = { Reza Montasari },
title = { Review and Assessment of the Existing Digital Forensic Investigation Process Models },
journal = { International Journal of Computer Applications },
issue_date = { Aug 2016 },
volume = { 147 },
number = { 7 },
month = { Aug },
year = { 2016 },
issn = { 0975-8887 },
pages = { 41-49 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume147/number7/25668-2016911194/ },
doi = { 10.5120/ijca2016911194 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:51:18.314440+05:30
%A Reza Montasari
%T Review and Assessment of the Existing Digital Forensic Investigation Process Models
%J International Journal of Computer Applications
%@ 0975-8887
%V 147
%N 7
%P 41-49
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This review paper assesses the existing body of knowledge associated with digital forensic investigation process models. To this end, eleven of the existing models are critically reviewed and evaluated against an assessment criteria, namely the Daubert Test, to determine which models have taken the most scientific approach. This review and assessment reveal that the authors of these models have developed their models based on their own personal experience and on an ad-hoc basis. The critical review and assessment also reveal that there does not exist a comprehensive model encompassing the entire digital investigative process that is formal in that it synthesizes, harmonizes and extends the previous models, and that is generic in that it can be applied in the different fields of law enforcement, commerce and incident response.

References
  1. Garfinkel, S. (2010). ‘Digital forensics research: The next 10 years’, Digital Investigation, 7, pp. 64–73.
  2. Casey, E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. 3rd edn. New York: Elsevier Academic Press.
  3. Nance, K., Hay, B. and Bishop, M. (2009). ‘Digital Forensics: Defining a Research Agenda’, 42nd Hawaii International Conference on System Sciences, pp.1–6.
  4. Ieong, R. (2006). ‘FORZA - Digital forensics investigation framework that incorporate legal issues’, Digital Investigation, 3, pp. 29–36.
  5. Cohen, F. (2010). ‘Towards a Science of Digital Forensic Evidence Examination’, 6th IFIP WG 11.9 International Conference on Digital Forensics, pp. 17-35.
  6. Freiling, C. and Schwittay, B. (2007). ‘A Common Process Model for Incident Response and Computer Forensics’, 3rd International Conference on IT-Incident Management & IT-Forensics, pp. 19–40.
  7. Rowlingson, R. (2004). ‘A Ten Step Process for Forensic Readiness’, International Journal of Digital Evidence, 2(3), pp. 1-28.
  8. Agarwal, A., Gupta, M., Gupta, S. and Gupta, C. (2011). ‘Systematic digital forensic investigation model’, International Journal of Computer Science and Security, 5(1), pp.118–130.
  9. Wojcik, M., Venter, H., Eloff, J. and Olivier, M. (2006). ‘Applying Machine Trust Models to Forensic Investigations’, IFIP international Conference on Advances in Digital Forensics, pp. 55-65.
  10. Ciardhua´in, O. (2004). ‘An Extended Model of Cybercrime Investigations’, International Journal of Digital Evidence, 3(1), pp. 1-22.
  11. International Organisation for Standardization. (2012). ISO/IEC 27037:2012. Information technology -- Security techniques -- Guidelines for identification, collection, acquisition and preservation of digital evidence. Geneva, Switzerland: International Organization for Standardization.
  12. ACPO. (2012). ACPO Good Practice Guide for Digital Evidence. U.K. Association of Chief Police Officers. Available at: http://www.digital-detective.net/digital-forensics- documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf (Accessed: 10 June 2016).
  13. International Organisation for Standardization. (2015). ISO/IEC 27043:2015. Information technology -- Security techniques -- Incident investigation principles and processes. Geneva, Switzerland: International Organization for Standardization.
  14. Valjarevic, A. and Venter, H. (2015). ‘A Comprehensive and Harmonized Digital Forensic Investigation Process Model’, Journal of Forensic Sciences, 60(6), pp. 1467- 1483.
  15. von Solms, S., Louwrens, C., Reekie, C. and Grobler, T. (2006). ‘A Control Framework for Digital Forensics’, IFIP International Conference on Advances in Digital Forensics, pp. 343-355.
  16. Rogers, M., Goldman, J., Mislan, R., Wedge, T. and Debrota, S. (2006). ‘Computer Forensics Field Triage Process Model’, Conference on Digital Forensics, Security and Law, pp. 27-40.
  17. Beebe, N. and Clark, J. (2005). ‘A Hierarchical, Objectives-Based Framework for the Digital Investigations Process’, Digital Investigation, 2(2), pp.147–167.
  18. Kruse, W. and Heiser, J. (2001). Computer Forensics: Incident Response Essentials. Boston: Addison-Wesley.
  19. Grobler, C.P., Louwrens, C.P. and Solms, S.H. (2010). ‘A Multi-Component View of Digital Forensics’, ARES '10 International Conference on Availability, Reliability and Security, pp. 647-652.
  20. Carrier, B. and Spafford, E. (2003). ‘Getting Physical with the Digital Investigation Process’, International Journal of Digital Evidence, 2(2), pp.1–20.
  21. Mandia, K., Prosise, C. and Pepe, M. (2003). Incident Response and Computer Forensics. 2nd edn. Emeryville: McGraw-Hill/Osborne.
  22. Kohn, M., Eloff, M. and Eloff, J. (2013). ‘Integrated digital forensic process model’, Computers & Security, 38, pp. 103–115.
  23. Adams, R. (2012). The Advanced Data Acquisition Model (ADAM): A Process Model for Digital Forensic Practice. PhD thesis. Murdoch University.
  24. Adams, R., Hobbs, V. and Mann, G. (2014). ‘The advanced data acquisition model (ADAM): a process model for digital forensic practice’, Journal of Digital Forensics, Security and Law, 8(4), pp.25–48.
  25. U.S. Courts. (2015). Federal Rules of Evidence. Administrative Office of the U.S. Courts. Available at: http://federalevidence.com/rules-of-evidence (Accessed: 21 June 2016).
  26. Sommer, P. (2008). Directors’ and Corporate Advisors' Guide to Digital Investigations and Evidence. U.K. Information Assurance Advisory Council. Available at: https://www.ucisa.ac.uk/~/media/Files/members/activities/ist/DigitalInvestigationsGuide.ashx (Accessed: 17 June 2016).
  27. Farrell, M. (1993). Daubert v. Merrell Dow Pharmaceuticals, Inc.: Epistemilogy and Legal Process. Cardozo L. Rev., 15, p. 2183.
  28. Kessler, C. (2010). Judges’ Awareness, Understanding, and Application of Digital Evidence. PhD thesis, Nova Southeastern University.
  29. Rothstein, B., Hedges, R. and Wiggins, E. (2007). Managing Discovery of Electronic Information: A Pocket Guide for Judges. Available at: https://bulk.resource.org/courts.gov/fjc/eldscpkt.pdf (Accessed: 21 June 2016).
  30. Meyers, M. and Rogers, M. (2006). ‘Digital Forensics: Meeting the Challenges of Scientific Evidence’, IFIP International Conference on Advances in Digital Forensics, pp. 43-50.
  31. Noblett, M., Pollitt, M. and Presley, L. (2000). ‘Recovering and Examining Computer Forensic Evidence’, Forensic Science Communication, 2(4), pp. 1-13.
  32. Reith, M., Carr, C. and Gunsch, G. (2002). ‘An Examination of Digital Forensic Models’, International Journal of Digital Evidence, 1(3), pp. 1-12.
  33. Palmer, G. (2001). ‘A Road Map for Digital Forensic Research’, 1st Digital Forensic Research Workshop (DFRWS), pp.27–30.
  34. Montasari, R (2016, a). ‘An Ad Hoc Detailed Review of Digital Forensic Investigation Process Models’, International Journal of Electronic Security and Digital Forensics (IJESDF), 8 (3), pp. 205-223.
  35. Montasari, R. (2016, b). ‘A Comprehensive Digital Forensic Investigation Process Model’, International Journal of Electronic Security and Digital Forensics (IJESDF), 8 (4), pp. 285-301.
  36. Montasari, R., Peltola, P. and Evans, D. (2015). ‘Integrated Computer Forensics Investigation Process Model (ICFIPM) for Computer Crime Investigations’, Proceedings of 10th International Conference on Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security, pp. 83-95.
  37. Boddington, R., Hobbs, V. and Mann, G. (2008). ‘Validating digital evidence for legal argument’, 6th Australian Digital Forensics Conference, pp. 1-16.
  38. Peisert, S., Bishop, M. and Marzullo, M. (2008). ‘Computer Forensics in Forensics’, Third International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 102-122.
  39. Selamat, S., Yusof, R. and Sahib, S. (2008). ‘Mapping Process of Digital Forensic Investigation Framework’, International Journal of Computer Science and Network Security, 8(10), pp. 163-169.
  40. Baryamureeba, V. and Tushabe, F. (2004). ‘The Enhanced Digital Investigation Process Model’, 4th Digital Forensic Research Workshop, pp. 1-9.
  41. Mercuri, R. (2005). ‘Challenges in forensic computing’, Communications of the ACM, 48(12), pp. 17-21.
  42. Montasari, R. and Peltola, P. (2015). ‘Computer Forensic Analysis of Private Browsing Modes’, Proceedings of 10th International Conference on Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security, pp. 96-109.
  43. Saferstein, R. (2010). Criminalistics: An Introduction to Forensic Science. 10th edn. Prentice Hall.
  44. Ashcroft, J. (2001). Electronic Crime Scene Investigation: A Guide for First Responders. U.S. Department of Justice. Available at: https://www.ncjrs.gov/pdffiles1/nij/187736.pdf (Accessed: 10 June 2016).
  45. Kent, K., Chevalier, S., Grance, T. and Dang, H. (2006). Guide to Integrating Forensic Techniques into Incident Response. U.S. Department of Commerce. Available at: http://cybersd.com/sec2/800-86Summary.pdf (Accessed: 16 June 2016).
  46. Khatir, M., Hejazi, M. and Sneiders, E. (2008). ‘Two-dimensional evidence reliability amplification process model for digital forensics’, Third International Annual Workshop on Digital Forensics and Incident Analysis, pp.21–29.
  47. Montasari, R (2016, c). ‘A Formal Two Stage Triage Process Model (FTSTPM) for Digital Forensics Practice’, International Journal of Computer Science and Security (IJCSS), 10 (2), pp. 69-87.
Index Terms

Computer Science
Information Sciences

Keywords

Digital investigation Process Models Daubert Test Digital Forensics

Powered by PhDFocusTM