Integrated digital forensic process model

The Information and Communications Technology (ICT) environment constitutes an integral part of our daily lives. Individual computer users and large corporate companies are increasingly dependent on services provided by ICT. These services range from basic communication to managing large databases with corporate client information. Within these ICT environments something is bound to go wrong for a number of reasons, which include an intentional attack on information services provided by an organisation. These organisations have in turn become interested in tracing the root cause of such an incident with the intent of successfully prosecuting a suspected malicious user. Digital forensics has developed signi cantly towards prosecuting such criminals. The volumes of information and rapid technological developments have contributed to making simple investigations rather cumbersome. In the digital forensics community a number of digital forensic process models have been proposed encapsulating a complete methodology for an investigation. Software developers have also greatly contributed toward the development of digital forensics tools. These developments have resulted in divergent views on digital forensic investigations. This dissertation presents the IDFPM - Integrated Digital Forensic Process Model. The model is presented after examining digital forensic process models within the current academic and law enforcement literature. An adapted sequential logic notation is used to represent the forensic models. The terminology used in the various models is examined and standardised to suit the IDFPM. Finally, a prototype supports a limited selection of the IDFPM processes, which will aid a digital forensic investigator.Dissertation (MSc)--University of Pretoria, 2012.Computer Scienceunrestricte

Integrated digital forensic process model

Digital forensics is an established research and application field. Various process models exist describing the steps and processes to follow during digital forensic investigations. During such investigations, it is not only the digital evidence itself that needs to prevail in a court of law; the process followed and terminology used should also be rigorous and generally accepted within the digital forensic community. Different investigators have been refining their own investigative methods, resulting in a variety of digital forensic process models. This paper proposes a standardized Digital Forensic Process Model to aid investigators in following a uniform approach in digital forensic investigations.http://www.elsevier.com/locate/cosehb201

Investigasi Bukti Digital Aplikasi We Chat Menggunakan Framework Integrated Digital Forensics Proses Model (IDFPM) Berbasis Sni 27037:2014

Social media is an alternative means of communication on smartphones, as many as 28% of the WeChat instant messenger application is used as a social interaction for the delivery of messages by senders and recipients, Cyberbullying on the WeChat application results in intimidation by users, so to deal with the crime of Cyberbullying applications WeChat on Smartphones requires a Mobile Forensic technique to identify digital evidence of verbal conversations on the WeChat ap-plication using the Framework In- tegrated Digital Forensics Process Model (IDFPM) method based on SNI 27037: 2014 which is carried out on Smartphones. WeChat application which was previously encrypted and hashing values of md5 and  sha1 are authentic, as well as metadata or timestamp in the WeChat application conversation mes- sages using the Mobileedit Forensic Express Tools, and successfully implemented Frame Work Inte- grated Digital Forensic Process Model (IDFPM) based on SNI 27037: 2014 on the forensic investiga- tion process using Android Smartphone media. Keywords: Cyberbullying, WeChat, Mobile Forensics, Framework, SNI 27037: 201

A Conceptual Cloud Forensic Investigation Process Model for Software as a Service(SaaS) Applications

This paper explore a structured and systematic approach cloud forensic investigation process model for SaaS applications, to  investigate the digital crimes in the cloud environment and contributing to enhanced security and privacy of acquired data during forensic investigation .The proposed model offers the distinctive characteristics of cloud environments and the varying levels of access and control within them. In this proposed model, the systematic forensic investigation process is detailed with microscopic details  with four phases namely the initial phase, the acquisition phase, the analysis phase, and the reporting phase in Cloud environment. Ultimately, this research aims to enhance the overall trustworthiness and reliability of SaaS applications forensic for fostering a safer and more secure cloud computing forensic investigation landscape by using the chain of custody

Methodology for the Automated Metadata-Based Classification of Incriminating Digital Forensic Artefacts

The ever increasing volume of data in digital forensic investigation is one of the most discussed challenges in the field. Usually, most of the file artefacts on seized devices are not pertinent to the investigation. Manually retrieving suspicious files relevant to the investigation is akin to finding a needle in a haystack. In this paper, a methodology for the automatic prioritisation of suspicious file artefacts (i.e., file artefacts that are pertinent to the investigation) is proposed to reduce the manual analysis effort required. This methodology is designed to work in a human-in-the-loop fashion. In other words, it predicts/recommends that an artefact is likely to be suspicious rather than giving the final analysis result. A supervised machine learning approach is employed, which leverages the recorded results of previously processed cases. The process of features extraction, dataset generation, training and evaluation are presented in this paper. In addition, a toolkit for data extraction from disk images is outlined, which enables this method to be integrated with the conventional investigation process and work in an automated fashion

Common investigation process model for database forensic investigation discipline

Current digital forensic process models are often found to be unsatisfactory due to the fact that they do not provide process model with opportunities to be actively involved database forensic investigation. This study presents common database forensic investigation process, which is proposed by reviewing a few particular digital investigation process models that have created and then identified the frequently common processes phases concentrates. Results of this study showed that with the determining of the frequently shared process, it could be easier for the new users to recognize the processes and also to serve as the basic fundamental concept for the improvement of a new set of processes. Thus, proposing this kind of process model may help to resolve the problems and difficulties associated with database forensic in general

Proposal for a Theoretical Framework in Digital Forensics

This short paper aims to introduce a theoretical framework in digital forensics based on \u201cPhilosophy of Information\u201d. After a preliminary clarification of its key concepts, some general issues concerning \u201cInformation Quality\u201d are outlined in digital and cloud forensics. At the end, I offer a few remarks on future researches\u2019 perspectives

Evaluation of Digital Forensic Process Models with Respect to Digital Forensics as a Service

The 16th European Conference on Cyber Warfare and Security (ECCWS 2017), Dublin, Ireland, 29-30 June 2017Digital forensic science is very much still in its infancy, but is becoming increasingly invaluable to investigators. A popular area for research is seeking a standard methodology to make the digital forensic process accurate, robust, and efficient. The first digital forensic process model proposed contains four steps: Acquisition, Identification, Evaluation and Admission. Since then, numerous process models have been proposed to explain the steps of identifying, acquiring, analysing, storage, and reporting on the evidence obtained from various digital devices. In recent years, an increasing number of more sophisticated process models have been proposed. These models attempt to speed up the entire investigative process or solve various of problems commonly encountered in the forensic investigation. In the last decade, cloud computing has emerged as a disruptive technological concept, and most leading enterprises such as IBM, Amazon, Google, and Microsoft have set up their own cloud-based services. In the field of digital forensic investigation, moving to a cloudbased evidence processing model would be extremely beneficial and preliminary attempts have been made in its implementation. Moving towards a Digital Forensics as a Service model would not only expedite the investigative process, but can also result in significant cost savings - freeing up digital forensic experts and law enforcement personnel to progress their caseload. This paper aims to evaluate the applicability of existing digital forensic process models and analyse how each of these might apply to a cloud-based evidence processing paradigm