A comprehensive and harmonized digital forensic investigation process model

Performing a digital forensic investigation (DFI) requires a standardized and formalized process. There is currently neither an international standard nor does a global, harmonized DFI process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of processes, the scope, the hierarchical levels and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of processes proposed by the existing models, including those aimed at achieving digital forensic readiness. The authors introduce a novel class of processes called concurrent processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-40292016-11-30hb201

Testing and Evaluating The Harmonised Digital Forensic Investigation Process in Post Mortem Digital Investigation

Existing digital forensic investigation process models have provided guidelines for identifying and preserving potential digital evidence captured from a crime scene. However, for any of the digital forensic investigation process models developed across the world to be adopted and fully applied by the scientific community, it has to be tested. For this reason, the Harmonized Digital Forensic Investigation Process (HDFIP) model, currently a working draft towards becoming an international standard for digital forensic investigations (ISO/IEC 27043), needs to be tested. This paper, therefore, presents the findings of a case study used to test the HDFIP model implemented in the ISO/IEC 27043 draft standard. The testing and evaluation process uses an anonymised real-life case to test each subprocess (grouped in classes) of the HDFIP model to show that it maintains a structured and precise logical flow that aims to provide acceptance, reliability, usability, and flexibility. The case study used also helps to analyse the effectiveness of the HDFIP model to ensure that the principles of validity and admissibility are fulfilled. A process with these properties would reduce the disparities within the field of digital forensic investigations and achieve global acceptance and standardization. Keywords: Digital forensics (DF), harmonized digital forensic investigation process (HDFIP), ISO/IEC 27043, investigation process

Digital Forensic Readiness in Organizations: Issues and Challenges

With the evolution in digital technologies, organizations have been forced to change the way they plan, develop, and enact their information technology strategies. This is because modern digital technologies do not only present new opportunities to business organizations but also a different set of issues and challenges that need to be resolved. With the rising threats of cybercrimes, for example, which have been accelerated by the emergence of new digital technologies, many organizations as well as law enforcement agencies globally are now erecting proactive measures as a way to increase their ability to respond to security incidents as well as create a digital forensic ready environment. It is for this reason that, this paper presents the different issues and challenges surrounding the implementation of digital forensic readiness in organizations. The main areas of concentration will be: the different proactive measures that organizations can embrace as a way to increase the ability to respond to security incidents and create a digital forensic ready environment. However, the paper will also look into the issues and challenges pertaining to data retention and disposition in organizations which may also have some effects on the implementation of digital forensic readiness. This is backed up by the fact that although the need for digital forensics and digital evidence in organizations has been explored, as has been the need for digital forensic readiness within organizations, decision-makers still need to understand what is needed within their organizations to ensure effective implementation of digital forensic readiness

Cloud Forensics Investigations Relationship: A Model And Instrument

Cloud computing is one of the most important advances in computing in recent history. cybercrime has developed side by side and rapidly in recent years. Previous studies had confirmed the existing gap between cloud service providers (CSPs) and law enforcement agencies (LEAs), and LEAs cannot work without the cooperation of CSPs. Their relationship is influenced by legal, organisational and technical dimensions, which affect the investigations. Therefore, it is essential to enhance the cloud forensics relationship between LEAs and CSPs. This research addresses the need for a unified collaborative model to facilitate proper investigations and explore and evaluate existing different models involved in the relationship between Omani LEAs and local CSPs as a participant in investigations. Further, it proposes a validated research instrument that can be cloud forensics survey. It can also be used as an evaluation tool to identify, measure, and manage cloud forensic investigations

Introduction of concurrent processes into the digital forensic investigation process

Performing a digital forensic investigation requires a formalized process to be followed. It also requires that certain principles are applied, such as preserving of digital evidence and documenting actions. The need for a harmonized and standardized digital forensic investigation process has been recognized in the digital forensics community and much scientific work has been undertaken to produce digital forensic investigation process models, albeit with many disparities within the different models. The problem is that these existing models do not include any processes dealing explicitly with concurrent digital forensic principles. This leaves room for human error and omissions, as there is a lack of clear guidelines on the implementation of digital forensic principles. This paper proposes the introduction of concurrent processes into the digital forensic investigation process model. The authors define concurrent processes as the actions which should be conducted in parallel with other processes within the digital forensic investigation process, with the aim to fulfill digital forensic investigation principles. The concept of concurrent processes is a novel contribution that aims to enable more efficient and effective digital forensic investigations, while reducing the risk of human error and omissions which result in digital evidence being contaminated.http://www.tandfonline.com/loi/tajf202016-07-06hb201

A generic database forensic investigation process model

Database Forensic investigation is a domain which deals with database contents and their metadata to reveal malicious activities on database systems. Even though it is still new, but due to the overwhelming challenges and issues in the domain, this makes database forensic become a fast growing and much sought after research area. Based on observations made, we found that database forensic suffers from having a common standard which could unify knowledge of the domain. Therefore, through this paper, we present the use of Design Science Research (DSR) as a research methodology to develop a Generic Database Forensic Investigation Process Model (DBFIPM). From the creation of DBFIPM, five common forensic investigation processes have been proposed namely, the i) identification, ii) collection, iii) preservation, iv) analysis and v) presentation process. From the DBFIPM, it allows the reconciliation of concepts and terminologies of all common databases forensic investigation processes. Thus, this will potentially facilitate the sharing of knowledge on database forensic investigation among domain stakeholders

Computer Forensics: Dark Net Forensic Framework and Tools Used for Digital Evidence Detection

As the development of technology increases and its use becomes increasingly more widespread, computer crimes grow. Hence, computer forensics research is becoming more crucial in developing good forensic frameworks and digital evidence detection tools to deter more cyber-attacks. In this paper, we explore the science of computer forensics, a dark web forensic framework, and digital evidence detection tools

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. The prototype is deployed and executed in cloud instances hosted on OpenStack: the operational cloud environment. The experiments performed in this study show that it is viable to attain DFR in an operational cloud platform. Further observations show that the prototype is capable of harvesting digital data from cloud instances and store the data in a forensic sound database. The prototype also prepares the operational cloud environment to be forensically ready for digital forensic investigations without alternating the functionality of the OpenStack cloud architecture by leveraging the ISO/IEC 27043 guidelines on security monitoring.https://wileyonlinelibrary.com/journal/spy2Computer Scienc

A Review on Digital Forensic Investigation Frameworks and Real World Cyber Crime Cases

At this modern phase of technology now it has turned out to be potential for public with fairly low practical talents to pinch thousands of pounds in a time in staying their homes. Therefore, all manufacturing firms, the competent commercial method governed through horizontal split-up of production developments, expert services and sales channels etc., (each requiring specialized skills and resources), in addition to that a good deal of business at expenses set by the market forces of quantity and claim. Accordingly, Cybercrime is no different; where it claims a floating worldwide market for skills, tools and finished product. Even it consumes its own money. The augmentation of cybercrime is in distinguishably associated to the ubiquity of credit card dealings and also for the online bank accounts. Cybercrime has developed a business and the demographic of the distinctive cybercriminal is fluctuating promptly, from bedroom-bound weed to the form of structured mobster more conventionally connected with drug-trafficking, coercion and currency decontaminating. The existing research hosts an organized and reliable methodology for digital criminological examination. As a result, the digital forensic science affords the tools, methods and technically upheld approaches that can be castoff to procure and explore the digital evidence. The digital forensic analysis need to be rescued to acquire the signals that will be recognized in the court of law. This study highlights on a organized and unswerving method to digital forensic analysis. In further, this research target sin categorizing the actions that enable and advance the digital forensic investigation practices. The top most cybercrime and prevailing digital forensic framework will be appraised and then the investigation will be assembled

Blockchain based digital forensics investigation framework in the internet of things and social systems

The decentralised nature of blockchain technologies can well match the needs of integrity and provenances of evidences collecting in digital forensics across jurisdictional borders. In this work, a novel blockchain based digital forensics investigation framework in the Internet of Things (IoT) and social systems environment is proposed, which can provide proof of existence and privacy preservation for evidence items examination. To implement such features, we present a block enabled forensics framework for IoT, namely IoT forensic chain (IoTFC), which can offer forensic investigation with good authenticity, immutability, traceability, resilience, and distributed trust between evidential entitles as well as examiners. The IoTFC can deliver a gurantee of traceability and track provenance of evidence items. Details of evidence identification, preservation, analysis, and presentation will be recorded in chains of block. The IoTFC can increase trust of both evidence items and examiners by providing transparency of the audit train. The use case demonstrated the effectiveness of proposed method