Abstract
The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
AccessData (2016) Forensic toolkit (FTK). Available at http://accessdata.com/products/computer-forensics/ftk. Accessed 14 May 2018
ACPO (2012) ACPO good practice guide for digital evidence. U.K. Association of Chief Police Officers. Available at: http://www.digital-de-tective.net/digital-forensics-docu-ments/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf. Accessed 14 May 2018
Adams R (2012) The advanced data acquisition model (ADAM): a process model for digital forensic practice. PhD thesis. Murdoch University
Adams R, Hobbs V, Mann G (2014) The advanced data acquisition model (ADAM): a process model for digital forensic practice. J Digit Forensic Secur Law 8(4):25–48
Agarwal A, Gupta M, Gupta S, Gupta C (2011) Systematic digital forensic investigation model. Int J Comput Sci Secur 5(1):118–130
Armstrong C, Armstrong H (2010) Modeling forensic evidence systems using design science. IFIP WG 8.2/8.6 international working conference, pp 282–300
Ashcroft J (2001) Electronic crime scene investigation: a guide for first responders. U.S. Department of Justice. Available at: https://www.ncjrs.gov/pdffiles1/nij/187736.pdf. Accessed 10 June 2016
Baryamureeba V, Tushabe F (2004) The enhanced digital investigation process model. 4th digital forensic research workshop, 1–9
Beebe N, Clark J (2005) A hierarchical, objectives-based framework for the digital investigations process. Digit Investig 2(2):147–167
Bulbul H, Yavuzcan H, Ozel M (2013) Digital forensics: an analytical crime scene procedure model (ACSPM). Forensic Sci Int 233(1):244–256
Carlton H, Worthley R (2009) An evaluation of agreement and conflict among computer forensic experts. 42nd Hawaii international conference on system sciences, pp 1–10
Carrier B, Spafford E (2003) Getting physical with the digital in-vestigation process. Int J Digit Evid 2(2):1–20
Casey E (2011) Digital evidence and computer crime: forensic science, computers and the internet, 3rd edn. Elsevier Academic Press, New York
Ciardhuáin O (2004) An extended model of cybercrime investigations. Int J Digit Evid 3(1):1–22
Cohen F (2009) Digital forensic evidence examination, 2nd edn. Fred Cohen & Associates, Livermore
Cohen F (2010) Towards a science of digital forensic evidence examination. In 6th IFIP WG 11.9 international conference on digital forensics, pp 17–35
Cohen F (2011) Putting the science in digital forensics. J Digit Forensic Secur Law 6(1):7–14
Cohen F (2012) Update on the state of the science of digital evidence examination. In: Proceedings of the conference on digital forensics, security, and law, pp 7–18
Farrell M (1993) Daubert v. Merrell Dow Pharmaceuticals, Inc.: Epistemilogy and legal process. Cardozo L Rev 15:2183
Freiling C, Schwittay B (2007) A common process model for incident response and computer forensics, 3rd international conference on IT-incident management & IT-forensics, pp 19–40
Garfinkel S, Farrell P, Roussev V, Dinolt G (2009) Bringing science to digital forensics with standardized forensic corpora. Digit Investig 6:2–11
Garrie D (2014) Digital forensic evidence in the courtroom: understanding content and quality. Northwest J Technol Intellect Prop 12(2). [i]–128
Grobler CP, Louwrens CP, Solms SH (2010) A multi-component view of digital forensics. In: ARES’10 international conference on availability, reliability and security, pp 647–652
Guidance Software (2016) EnCase forensics. Available at https://www.guidancesoftware.com/encase-forensic. Accessed 14 May 2018
Harrison W, Heuston G, Morrissey M, Aucsmith D, Mocas S, Russelle S (2002) A lessons learned repository for computer forensics. Int J Digit Evid 1(3):1–9
Hauck R, Atabakhsh H, Ongvasith P, Gupta H, Chen H (2002) Using coplink to analyze criminal-justice data. IEEE Comput 35(3):30–37
Holder E, Robinson L, Rose K (2009) Electronic crime scene investigation: an on-the-scene reference for first responders, U.S. Department of Justice. Available at: https://www.ncjrs.gov/pdffiles1/nij/227050.pdf. Accessed 14 May 2018
Ieong R (2006) FORZA-digital forensics investigation framework that incorporate legal issues. Digit Investig 3:29–36
International Organisation for Standardization (2005) ISO/IEC 17799:2005. In: Information technology – security techniques – code of practice for information security management. International Organization for Standardization, Geneva
International Organisation for Standardization (2011) ISO/IEC 27035:2011. In: Information technology – security techniques – information security incident management. International Organization for Standardization, Geneva
International Organisation for Standardization (2012) ISO/IEC 27037:2012. In: Information technology – security techniques – guidelines for identification, collection, acquisition and preservation of digital evidence. International Organization for Standardization, Geneva
International Organisation for Standardization (2013) ISO/IEC 27001:2013. In: Information technology – security techniques – information security management systems – requirements. International Organization for Standardization, Geneva
International Organisation for Standardization (2015) ISO/IEC 27043:2015. In: Information technology – security techniques – incident investigation principles and processes. International Organization for Standardization, Geneva
IP Location (2016) Where is geolocation of an IP address?. Available at: https://www.iplocation.net/. Accessed 14 May 2018
Karyda M, Mitrou L (2007) Internet forensics: legal and technical issues. 2nd international workshop on digital forensics and incident analysis, pp 3–12
Kent K, Chevalier S, Grance T, Dang H (2006) Guide to integrating forensic techniques into incident response. U.S. Department of Commerce. Available at: http://cybersd.com/sec2/800-86Summary.pdf. Accessed 16 June 2016
Kessler C (2010) Judges’ awareness, understanding, and application of digital evidence. PhD thesis, Nova Southeastern University
Khatir M, Hejazi M, Sneiders E (2008) Two-dimensional evidence reliability amplification process model for digital forensics. Third international annual workshop on digital forensics and incident analysis, pp 21–29
Kohn M, Eloff J, Olivier M (2006) Framework for a digital forensic investigation. In: Information security South Africa conference, pp 1–7
Kohn M, Eloff M, Eloff J (2013) Integrated digital forensic process model. Comput Secur 38:103–115
Leigland L, Krings A (2004) A formalization of digital forensics. Int J Digit Evid 3(2):1–32
Montasari R (2016a) The comprehensive digital forensic investigation process model (CDFIPM) for digital forensic practice. PhD thesis, University of Derby
Montasari R (2016b) A comprehensive digital forensic investigation process model. Int J Electron Secur Digit Forensics 8(4):285–302
Montasari R (2016c) An ad hoc detailed review of digital forensic investigation process models. Int J Electron Secur Digit Forensics 8(3):205–223
Montasari R (2016d) Formal two stage triage process model (FTSTPM) for digital forensic practice. Int J Comput Sci Electron Secur 10(2):69–87
Montasari R (2016e) Review and assessment of the existing digital forensic investigation process models. Int J Comput Appl 147(7):41–49
Montasari R (2017a) Digital evidence: disclosure and admissibility in the United Kingdom jurisdiction. In: Proceedings of the 11th international conference on global security, safety, and sustainability, London, UK, pp 42–52
Montasari R (2017b) A standardised data acquisition process model for digital forensic investigations. Int J Inf Comput Secur 9(3):229–249
Montasari R (2017c) An overview of cloud forensics strategy: capabilities, challenges, and opportunities. In: Hosseinian-Far A, Ramachandran M, Sarwar D (eds) Strategic engineering for cloud computing and big data analytics. Springer, Cham, pp 189–205
Montasari R (2018) Testing the comprehensive digital forensic investigation process model (the CDFIPM). In: Dastbaz M, Arabnia H, Akhgar B (eds) Technology for smart futures. Springer, Cham, pp 303–327
Montasari R, Peltola P (2015) Computer forensic analysis of private browsing modes. In: Proceedings of 10th international conference on global security, safety and sustainability: tomorrow’s challenges of cyber security, pp 96–109
Montasari R, Peltola P, Evans D (2015) Integrated computer forensics investigation process model (ICFIPM) for computer crime investigations. International conference on global security, safety, and sustainability, London, UK, pp 83–95
Mukasey M, Sedgwick J, Hagy D (2008) Electronic crime scene investigation: a guide for first responders. U.S. Department of Justice. Available at: https://www.ncjrs.gov/pdffiles1/nij/219941.pdf. Accessed: 14 May 2018
Mumba E, Venter H (2014) Testing and evaluating the harmonized digital forensic investigation process in post mortem digital investigations. ADFSL conference on digital forensics, security and law, pp 83–97
Nance K, Hay B, Bishop M (2009) Digital forensics: defining a research agenda. 42nd Hawaii international conference on system sciences, pp 1–6
NIST (2015) Computer forensics tool testing handbook. U.S. Department of Commerce. Available at: http://www.cftt.nist.gov/CFTT-Booklet-08112015.pdf. Accessed 14 May 2018
Palmer G (2001) A road map for digital forensic research. 1st digital forensic research workshop (DFRWS), pp 27–30
Pollitt M (2008) Applying traditional forensic taxonomy to digital forensics. In: Advances in digital forensics IV. Springer, New York, pp 17–26
Reith M, Carr C, Gunsch G (2002) An examination of digital forensic models. Int J Digit Evid 1(3):1–12
Rogers M (2004) DCSA: a practical approach to digital crime scene analysis, vol 3, 5th edn. Purdue University, West Lafayette
Rogers M, Goldman J, Mislan R, Wedge T, Debrota S (2006) Computer forensics field triage process model. Conference on digital forensics, security and law, pp 27–40
Selamat S, Yusof R, Sahib S (2008) Mapping process of digital forensic investigation framework. Int J Comput Sci Netw Secur 8(10):163–169
Sherman S (2006) A digital forensic practitioner’s guide to giving evidence in a court of law. Proceedings of the 4th Australian Digital Forensics conference, 1–7
Sommer P (2008) Directors’ and corporate advisors’ guide to digital investigations and evidence. U.K. Information assurance advisory council. Available at: https://www.ucisa.ac.uk/~/media/Files/members/activities/ist/DigitalIn vestigationsGuide.ashx. Accessed 14 May 2018
Stanfield A (2009) Computer forensics, electronic discovery and electronic evidence. LexisNexis Butterworths, Chatswood
Trcek D, Abie H, Skomedal A, Starc I (2010) Advanced frame-work for digital forensic technologies and procedures. J Forensic Sci 55(6):1471–1480
Turnbull B (2008) The adaptability of electronic evidence acquisition guides for new technologies. In: Proceedings of the 1st international conference on forensic applications and techniques in telecommunications, Information and Multimedia and Workshop
US-CERT (2012) Computer forensics. U.S. Department of Homeland Security. Available at: https://www.us-cert.gov/security-publica-tions/computer-forensics. Accessed 14 May 2018
Valjarevic A, Venter H (2012) Harmonised digital forensic investigation process model. In: Proceedings of information security for South Africa, pp 1–10
Valjarevic A, Venter H (2015) A comprehensive and harmonized digital forensic investigation process model. J Forensic Sci 60(6):1467–1483
Venter J (2006) Process flow for cyber forensics training and operations. Available at: http://researchspace.csir.co.za/dspace/handle/10204/1073. Accessed 17 June 2015
WhatIsMyIPAddress (2016) How you connect to the world. Available at:http:/whatismyipaddress.com/. Accessed: 14 May 2018
Yusoff Y, Ismail R, Hassan Z (2011) Common phases of computer forensics investigation models. Int J Comput Sci Inf Technol 3(3):17–31
Zainudin N, Merabti M, Llewellyn-Jones D (2011) Online social networks as supporting evidence: a digital forensic investigation model and its application design. International conference on research and innovation in information systems, pp 1–6
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Montasari, R., Hill, R., Carpenter, V., Hosseinian-Far, A. (2019). The Standardised Digital Forensic Investigation Process Model (SDFIPM). In: Jahankhani, H., Kendzierskyj, S., Jamal, A., Epiphaniou, G., Al-Khateeb, H. (eds) Blockchain and Clinical Trial. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-11289-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-11289-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11288-2
Online ISBN: 978-3-030-11289-9
eBook Packages: Computer ScienceComputer Science (R0)