Escolar Documentos
Profissional Documentos
Cultura Documentos
By
Sanya-Isijola, Ademuyiwa
36641
ABSTRACT
The race against criminals by law enforcement is never ending, law enforcement need to develop
tools and use a digital forensic methodology that covers all area of forensic analysis of digital
crime investigation. The digital investigation process can be driven using numerous digital
forensic investigation models.
This paper compares and contrasts different forensic methodology and discusses about the main
components any forensic investigation model should contain.
INTRODUCTION
The digital age has brought about the increase in the use of computers/internet as tools used to
increase productivity and efficiency in the governmental, commercial, educational and private
sectors of every economy.
In the same vein, these technologies have now become a criminal tool used to perpetrate
unlawful or unethical activities. The increase in use of the internet and computers has fostered
criminal activities because perpetrators now use their in depth technical knowledge, coupled with
anonymity to commit crimes. In order to apprehend cyber criminals, investigators must use well
defined and consistent forensic procedures. [1]
In this modern age, several types of digital devices, not just computers are used on a daily basis
and are constantly exploited for criminal activity. Computer forensics focus on extracting
evidence from a particular platform (Computer), digital forensic covers extracting evidence from
all forms of digital evidence. [1]
Digital forensics is the collection, preservation, analysis and presentation of digital evidence
extracted from any source of digital evidence that can be used to identify criminal activities or
other activity that constitutes violation. [2]
2.0 Lack of standardization
Presently there are several digital forensic investigation methodologies but there are no
consistent or standard digital forensic models, only set of procedures and tools built from the
experience of hackers, system administrators and law enforcement. The available models
concentrate on part of the investigative process (analysis, presentation) rather than provide a
general view for the entire investigation. Thus, many digital crimes are not investigated with a
standardized forensic methodology. [1]
A good digital investigation model must provide a consistent and standardized framework that
supports every stage of the investigation (technical and non-technical) regardless of the type of
crime. As new technologies unfold, they can be applied to the standardized model. [4]
“Digital forensic investigation is a process that uses science and technology to examine digital
objects and that develops and tests theories, which can be entered into a court of law, to answer
questions about events that occur”. [5]
Over the years, several digital forensic investigation models have been proposed, they include:
[3]
Kruse and Heiser stated that forensic investigation consists of 3 basic components:
Acquire evidence
Authenticate evidence
Analyzing data
The model proposed by America’s department of justice was very similar to that of Kruse and
Heiser, their proposed model only added a new component called Reporting. The model consists
of :
Collection
Examination
Analyzing
Report
Recognition
Identification
Individualization
Reconstruction
The steps proposed by Lee refer to only a part of the forensic investigation process i.e the
investigation stage (no preparation or presentation).
Is similar to that proposed by Lee, the 1st and last stages are the same. It focuses on processing
and examining digital evidence (focuses on investigation). The steps also include:
Recognition
Preservation
Classification
Reconstruction
3.15 Digital forensic Research working group (DFRW)
The DFRW model was developed between 2001 and 2003.The DFRW model includes crucial
stages of the investigation and also includes the Presentation stage. It consists of the following
stages:
Identification
Preservation
Collection
Examination
Analysis
Presentation
Decision
The Reith, Carr and Gunsch model (2002) included other components not found in the above
mentioned frameworks. It consists of:
Identification
Preparation
Approach
Strategy
Preservation
Collection
Examination
Analysis
Presentation
Returning evidence
Ciardhuain model is the most up to date and complete. The framework consists of the following:
Awareness
Authorization
Planning
Notification
Search and identify evidence
Collection
Transportation
Storage
Examinatioon
Hypothesis
Presentation
Proof/Defense
Dissemenation [3]
After cross examination of the above mentioned frameworks, it was noted that:
The main aim of these models is to produce sufficient evidence that is presentable in the court of
law but there needs to be a balance in the processes identified by these models to avoid derailing
from that aim.
During a forensic investigation, the framework chosen should not concentrate on a certain stage,
it should incorporate the basic components of forensic investigation which are: [6]
Preparation
Investigation
Presentation
CONCLUSION
Framework used for forensic investigation must not be stage specific i.e concentrate only on a
stage of the forensic investigation like Preparation. Any of the above models can be chosen and
easily modified or expanded so that it involves the main components of forensic investigation
(Preparation, investigation and Presentation). Whatever the framework used for investigation, it
must be applicable to all current digital crimes and those in the nearest future.
Reference
Mark Reith, Clint Carr, Gregg Gunsch, An examination of digital forensic models [1]
Bruce J. Nikkel, The role of digital forensics within a corporate organization [2]
Daniel A. Ray, Phillip G. Bradford, Models of models: Digital forensics and domain-
specific languages [3]
Séamus Ó Ciardhuáin, An extended model of cyber crime investigation [4]
www.cerias.purdue.edu [5]
Michael Kohn, JHP Eloff and MS Olivier, Framework for a digital forensic
investigation.[6]