Process Model of Digital Forensics Readiness Scheme (DFRS) as a Recommendation of Digital Evidence Preservation

2015 ◽  
Author(s):  
Ahmad Luthfi ◽  
Yudi Prayudi
Keyword(s):  
Process Model ◽  
Digital Forensics ◽  
Digital Evidence

scholarly journals The Emergence of Cloud Storage and the Need for a New Digital Forensic Process Model

2013 ◽  
pp. 79-104 ◽  
Author(s):  
Richard Adams
Keyword(s):  
Cloud Computing ◽  
Process Model ◽  
Digital Forensics ◽  
New Technology ◽  
Personal Data ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Standards Of Practice ◽  
High Level ◽  
Level Process

Cloud computing is just one of many recent technologies that have highlighted shortcomings in the development of formal digital forensic processes, which up until now have been focused on a particular group of practitioners, such as law enforcement, and have been too high-level to be of significant practical use, or have been too detailed and specific to accommodate new technology as it emerges. Because the tools and procedures employed by digital forensic practitioners are generally outside the knowledge and understanding of the courts, they need to be described in such a way that they can be understood by the layperson. In addition, they should also conform to some standards of practice and be recognised by other practitioners working in the field (Armstrong, 2003; Kessler, 2010). Unfortunately, as Cohen (2011) points out, the whole field of digital forensics lacks consensus in fundamental aspects of its activities in terms of methodology and procedures. There has been a lot of activity around different aspects of cloud computing, and in Australia this has centered on the protection of personal data (Solomon, 2010). On an international scale, there have been several articles written by lawyers (Gillespie, 2012; Hutz, 2012; Kunick, 2012) discussing other legal considerations of accessing data in the cloud; however, this chapter looks at the issues surrounding digital evidence acquisition and introduces a new high-level process model that can assist digital forensic practitioners when it comes to presenting evidence in court that originated in the cloud.

scholarly journals The Search and Seizure of Digital Evidence by Forensic Investigators in South Africa

2019 ◽  
Vol 22 ◽  
pp. 1-42 ◽  
Author(s):  
Jacobus Gerhardus Nortje ◽  
Daniel Christoffel Myburgh
Keyword(s):  
Information Technology ◽  
Police Officers ◽  
Digital Forensics ◽  
Legal Framework ◽  
Legal Aspects ◽  
Search And Seizure ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Chain Of Custody ◽  
Principles And Standards

The discipline of digital forensics requires a combination of skills, qualifications and knowledge in the area of forensic investigation, legal aspects and information technology. The uniqueness of digital evidence makes the adoption of traditional legal approaches problematic. Information technology terminology is currently used interchangeably without any regard to being unambiguous and consistent in relation to legal texts. Many of the information technology terms or concepts have not yet achieved legal recognition. The recognition and standardisation of terminology within a legal context are of the utmost importance to ensure that miscommunication does not occur. To provide clarity or guidance on some of the terms and concepts applicable to digital forensics and for the search and seizure of digital evidence, some of the concepts and terms are reviewed and discussed, using the Criminal Procedure Act 51 of 1977 as a point of departure. Digital evidence is often collected incorrectly and analysed ineffectively or simply overlooked due to the complexities that digital evidence poses to forensic investigators. As with any forensic science, specific regulations, guidelines, principles or procedures should be followed to meet the objectives of investigations and to ensure the accuracy and acceptance of findings. These regulations, guidelines, principles or procedures are discussed within the context of digital forensics: what processes should be followed and how these processes ensure the acceptability of digital evidence. These processes include international principles and standards such as those of the Association of Chiefs of Police Officers and the International Organisation of Standardisation. A summary is also provided of the most influential or best-recognised international (IOS) standards on digital forensics. It is concluded that the originality, reliability, integrity and admissibility of digital evidence should be maintained as follows: Data should not be changed or altered. Original evidence should not be directly examined. Forensically sound duplicates should be created. Digital forensic analyses should be performed by competent persons. Digital forensic analyses should adhere to relevant local legal requirements. Audit trails should exist consisting of all required documents and actions. The chain of custody should be protected. Processes and procedures should be proper, while recognised and accepted by the industry. If the ACPO (1997) principles and ISO/IEC 27043 and 27037 Standards are followed as a forensic framework, then digital forensic investigators should follow these standards as a legal framework.  

scholarly journals Evaluation of Integrated Digital Forensics Investigation Framework for the Investigation of Smartphones Using Soft System Methodology

2017 ◽  
Vol 7 (5) ◽  
pp. 2806 ◽  
Author(s):  
Ruuhwan Ruuhwan ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Conceptual Model ◽  
Real World ◽  
Digital Forensics ◽  
Digital Evidence ◽  
Soft System Methodology ◽  
Real Activity ◽  
The Real ◽  
Method Of Evaluation ◽  
System Methodology ◽  
Investigation Process

The handling of digital evidence can become an evidence of a determination that crimes have been committed or may give links between crime and its victims or crime and the culprit. Soft System Methodology (SSM) is a method of evaluation to compare a conceptual model with a process in the real world, so deficiencies of the conceptual model can be revealed thus it can perform corrective action against the conceptual model, thus there is no difference between the conceptual model and the real activity. Evaluation on the IDFIF stage is only done on a reactive and proactive process stages in the process so that the IDFIF model can be more flexible and can be applied on the investigation process of a smartphone.

scholarly journals Application of Static Forensics Method for Extracting Steganographic Files on Digital Evidence Using the DFRWS Framework

2020 ◽  
Vol 4 (3) ◽  
pp. 576-583
Author(s):  
Sunardi ◽  
Imam Riadi ◽  
Muh. Hajar Akbar
Keyword(s):  
Digital Forensics ◽  
Digital Evidence ◽  
Hide Information ◽  
Research Workshop ◽  
Digital Crime ◽  
The Right ◽  
Original Information

Steganography is one of the anti-forensic techniques that allow criminals to hide information in other messages so that during the investigation, the investigator will experience problems and difficulty in getting evidence of original information on the crime. Therefore an investigator is required to have the ability to be able to find and extract (decoding) using the right tools when opening messages that have been inserted by steganography techniques. The purpose of this study is to analyze digital evidence using the static forensics method by applying the six stages to the Digital Forensics Research Workshop (DFRWS) framework and extracting steganography on files that have been compromised based on case scenarios involving digital crime. The tools used are FTK Imager, Autopsy, WinHex, Hiderman, and StegSpy. The results of extraction of 9 out of 10 files that were scanned by steganography files had 90% success and 10% of steganography files were not found, so it can be concluded that the extraction files in steganographic messages can be used as legal digital proofs according to law.  

Digital Evidence Object Model for Situation Awareness and Decision Making in Digital Forensics Investigation

2020 ◽  
pp. 1-1
Author(s):  
Sarunas Grigaliunas ◽  
Jevgenijus Toldinas ◽  
Algimantas Venckauskas ◽  
Nerijus Morkevicius ◽  
Robertas Damasevicius
Keyword(s):  
Decision Making ◽  
Situation Awareness ◽  
Digital Forensics ◽  
Digital Evidence ◽  
Object Model

Digital Forensics of Cybercrimes and the Use of Cyber Forensics Tools to Obtain Digital Evidence

2021 ◽  
pp. 45-68
Keyword(s):  
International Collaboration ◽  
Digital Forensics ◽  
Lessons Learned ◽  
Digital Evidence ◽  
Collaboration Networks ◽  
Forensic Evidence ◽  
Digital Ecosystems ◽  
Cyber Forensics ◽  
Chain Of Custody ◽  
New Strategies

This chapter evaluates the most relevant methodologies and best practices for conducting digital investigations, preserving digital forensic evidence and following chain of custody (CoC) of cybercrimes. Cybercriminals are assuming new strategies to launch their sophisticated cyberattacks within the ever-changing digital ecosystems. The authors recommend that digital investigations must continually shift to tackle cybercrimes and prosecute cybercriminals to increase international collaboration networks, to share prevention knowledge, and to analyze lessons learned. They also establish a cyber forensics model for miscellaneous ecosystems called cyber forensics model in digital ecosystems (CFMDE). This chapter also reviews the most important categories of tools to conduct digital investigations. Nevertheless, as the cybercrime sophistication keeps improving, it is also necessary to harden technologies, techniques, methodologies, and tools to acquire digital evidence in order to support and make cyber investigation cases stronger.

Digital Forensics and Data Mining

2020 ◽  
pp. 240-247
Author(s):  
Mohammad Suaib ◽  
Mohd. Akbar ◽  
Mohd. Shahid Husain
Keyword(s):  
Data Mining ◽  
Digital Forensics ◽  
Traditional Approach ◽  
Information Age ◽  
Digital Evidence ◽  
Law Enforcement Agencies ◽  
Cyber Forensics ◽  
Data Mining Techniques ◽  
Digital Forensic ◽  
Efficiency And Reliability

Digital forensic experts need to identify and collect the data stored in electronic devices. Further, this acquired data has to be analyzed to produce digital evidence. Data mining techniques have been successfully implemented in various applications across the domains. Data mining techniques help us to gain insight from a large volume of data. It helps us to predict the pattern, classify the data, and other various aspects of the data based on the users' perspective. Digital forensics is a sophisticated area of research. As the information age is revolutionizing at an inconceivable speed and the information stored in digital form is growing at a rapid rate, law enforcement agencies have a heavy reliance on digital forensic techniques that can provide timely acquisition of data, zero fault data processing, and accurate interpretation of data. This chapter gives an overview of the tasks involved in cyber forensics. It also discusses the traditional approach for digital forensics and how the integration of data mining techniques can enhance the efficiency and reliability of the existing systems used for cyber forensics.

Sign in / Sign up

Export Citation Format

Share Document