Development of National Digital Evidence Metadata

The industrial era 4.0 has caused tremendous disruption in many sectors of life. The rapid development of information and communication technology has made the global industrial world undergo a revolution. The act of cyber-crime in Indonesia that utilizes computer equipment, mobile phones are increasingly increasing. The information in a file whose contents are explained about files is called metadata. The evidence items for cyber cases are divided into two types, namely physical evidence, and digital evidence. Physical evidence and digital evidence have different characteristics, the concept will very likely cause problems when applied to digital evidence. The management of national digital evidence that is associated with continued metadata is mostly carried out by researchers. Considering the importance of national digital evidence management solutions in the cyber-crime investigation process the research focused on identifying and modeling correlations with the digital image metadata security approach. Correlation analysis reads metadata characteristics, namely document files, sounds and digital evidence correlation analysis using standard file maker parameters, size, file type and time combined with digital image metadata. nationally designed the highest level of security is needed. Security-enhancing solutions can be encrypted against digital image metadata (EXIF). Read EXIF Metadata in the original digital image based on the EXIF 2.3 Standard ID Tag, then encrypt and insert it into the last line. The description process will return EXIF decryption results in the header image. This can secure EXIF Metadata information without changing the image qualit

A Comparative Analysis of Forensic Methods Used on a Microsoft Surface Book

The research question being asked by this project is which tool is the most effective at dead forensics and which is the most effective at live forensics when working on time-sensitive cases that involve a Microsoft Surface Book? The Microsoft Surface series of products is an example of one of the new products containing a non-removable solid-state storage drive. These laptop computers are becoming very popular and offer something that most other tablets do not, a full size USB port capable of transferring data on and off the device. This port can allow connectivity of many different device and most simultaneously with the help of a hub. This port can finally allow investigators access to the internal storage of the device. Many techniques were attempted in order to recover data, however due to time constraints this project only tested a few open source techniques along with some commercially developed software. This project examined multiple tools, along with the knowledge and resources needed to perform data recovery. It was found that the Microsoft Surface Book has some form of encryption being utilized at all times even if the user has not enabled BitLocker. The only way this project was able to successfully recover data from the computer was by utilizing FTK Imager on a live system while logged into a profile. This new knowledge will help digital investigators to more effectively gather data both on-scene and in a lab environment

Privacy and trustworthiness management in moving object environments

The use of location-based services (LBS) (e.g., Intel\u27s Thing Finder) is expanding. Besides the traditional centralized location-based services, distributed ones are also emerging due to the development of Vehicular Ad-hoc Networks (VANETs), a dynamic network which allows vehicles to communicate with one another. Due to the nature of the need of tracking users\u27 locations, LBS have raised increasing concerns on users\u27 location privacy. Although many research has been carried out for users to submit their locations anonymously, the collected anonymous location data may still be mapped to individuals when the adversary has related background knowledge. To improve location privacy, in this dissertation, the problem of anonymizing the collected location datasets is addressed so that they can be published for public use without violating any privacy concerns. Specifically, a privacy-preserving trajectory publishing algorithm is proposed that preserves high data utility rate. Moreover, the scalability issue is tackled in the case the location datasets grows gigantically due to continuous data collection as well as increase of LBS users by developing a distributed version of our trajectory publishing algorithm which leveraging the MapReduce technique. As a consequence of users being anonymous, it becomes more challenging to evaluate the trustworthiness of messages disseminated by anonymous users. Existing research efforts are mainly focused on privacy-preserving authentication of users which helps in tracing malicious vehicles only after the damage is done. However, it is still not sufficient to prevent malicious behavior from happening in the case where attackers do not care whether they are caught later on. Therefore, it would be more effective to also evaluate the content of the message. In this dissertation, a novel information-oriented trustworthiness evaluation is presented which enables each individual user to evaluate the message content and make informed decisions --Abstract, page iii

A Concept for a Trustworthy Integration of Smartphones in Business Environments

Smartphones are commonly used within business environments nowadays. They provide sophisticated communicational means which go far beyond simple telephone capabilities. Email access and particular apps on the device are examples of their versatile abilities. While these features allow them to be used in a very flexible way, e.g. in different infrastructures, they impose new threats to their surrounding infrastructure. For example, if used in an environment which allows the installation of custom apps, malicious software may be placed on the device. In order to mitigate these threats, a detailed awareness combined with the possibility to enforce certain constraints on such devices need to be established. In detail, it is necessary to include such devices into a decision making process which decides about the policy compliance of such devices. The policy used in this process defines the rules which apply to the particular infrastructure, e.g. if custom apps are allowed or if a specific software version may not be allowed. However, even when relying on this process, there is one limitation as it does not include a trust-based evaluation. This leads to the problem that a malicious smartphone might compromise the information used for the decision making process which should determine the policy compliance of this device. This renders the overall approach ineffective as the decision wether a device is policy compliant or not may be false. Given that, the thesis presented here provides means to evaluate the trustworthiness of such information to allow a trustworthy decision making about the policy compliance. It therefore introduces two things: (1) a generic trust model for such environments and (2) a domain-specific extension called Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS). The trust model (1) allows to specify, to calculate and to evaluate trust for the information used by the decision making process. More in detail, the trust founding process of (1) is done by introducing so-called security properties which allow to rate the trustworthiness of certain aspects. The trust model does not limit these aspects to a particular type. That is, device-specific aspects like the number of installed apps or the current version of the operating system may be used as well as device independent aspects like communicational parameters. The security properties defined in (1) are then used to calculate an overall trust level, which provides an evaluable representation of trust for the information used by the decision making process. The domain-specific extension (2) uses the trust model and provides a deployable trust-aware decision making solution for smartphone environments. The resulting system, TCADS, allows not only to consider trust within the decisions about the policy compliance but also enables to base the decisions solely on the trust itself. Besides the theoretical specification of the trust model (1) and the domain-specific extension (2), a proof of concept implementation is given. This implementation leverages both, the abilities of the generic trust model (1) as well as the abilities of the TCADS system (2), thus providing a deployable set of programs. Using this proof of concept implementation, an assessment shows the benefits of the proposed concept and its practical relevance. A conclusion and an outlook to future work extending this approach is given at the end of this thesis.Smartphones sind in heutigen Unternehmensnetzen mittlerweile nicht mehr wegzudenken. Über einfache Telefonie-basierte Fähigkeiten hinaus bieten sie Eigenschaften wie zum Beispiel Email-Zugriff oder hohe Anpassbarkeit auf Basis von Apps. Obwohl diese Funktionalitäten eine vielseitige Nutzung solcher Smartphones erlauben, stellen sie gleichzeitig eine neuartige Bedrohung für die umgebende Infrastruktur dar. Erlaubt eine spezifische Umgebung beispielsweise die Installation von eigenen Apps auf dem Smartphone, so ist es über diesen Weg möglich, Schadprogramme auf dem Gerät zu platzieren. Um diesen Bedrohungen entgegenzuwirken, ist es zum einen nötig Smartphones in der jeweiligen Umgebung zu erkennen und zum anderen, Richtlinien auf den jeweiligen Geräten durchsetzen zu können. Die durchzusetzenden Richtlinien legen fest, welche Einschränkungen für die jeweilige Umgebung gelten, z.B. die Erlaubnis zur Installation von eigenen Apps oder die Benutzung einer bestimmten Softwareversion. Aber auch wenn eine entsprechende Lösung zur Einbeziehung von Smartphones in die Infrastruktur verwendet wird, bleibt ein Problem ungelöst: die Betrachtung der Vertrauenswürdigkeit von durch das Smartphone bereitgestellten Informationen. Diese Einschränkung führt zu dem Problem, dass ein entsprechend kompromittiertes Smartphone die Informationen, welche zur Entscheidungsfindung über die Richtlinienkonformität des Gerätes verwendet werden, in einer Art und Weise ändert, welche den gesamten Entscheidungsprozess ineffizient und somit wirkungslos macht. Die hier vorliegende Arbeit stellt daher einen neuen Ansatz vor um einen vertrauenswürdigen Entscheidungsprozess zur Regelkonformität des Gerätes zu ermöglichen. Im Detail werden dazu zwei Ansätze vorgestellt: (1) Ein generisches Modell für Vertrauensürdigkeit sowie eine (2) domänenspezifische Abbildung dieses Modells, welches als Trustworthy Context-related Signature and Anomaly Detection system for Smartphones (TCADS) bezeichnet wird. Das Modell für Vertrauenswürdigkeit (1) erlaubt die Definition, Berechnung und Auswertung von Vetrauenswürdigkeit für Informationen welche im Entscheidungsprozess verwendet werden. Im Detail basiert die Vertrauenswürdigkeitsbestimmung auf Grundfaktoren für Vertrauen, den sogenannten Sicherheitseigenschaften. Diese Eigenschaften bewerten die Vertrauenswürdigkeit anhand von bestimmten Aspekten die entweder gerätespezifisch und Geräteunabhängig sein können. Basierend auf dieser Bewertung wird dann eine Gesamtvertrauenswürdigkeit, der sogenannte Trust Level berechnet. Dieser Trust Level erlaubt die Berücksichtigung der Vertrauenswürdigkeit bei der Entscheidungsfindung. Teil (2) der Lösung stellt, basierend auf dem Modell der Vertrauenswürdigkeit, ein System zur vertrauensbasierten Entscheidungsfindung in Smartphone Umgebungen bereit. Mit diesem System, TCADS, ist es nicht nur möglich, Entscheidungen auf ihre Korrektheit bezüglich der Vertrauenswürdigkeit zu prüfen, sondern auch Entscheidungen komplett auf Basis der Vertrauenswürdigkeit zu fällen. Neben dem allgemeingültigen Modell (1) und dem daraus resultierenden domänenspezifischen System (2), stellt die Arbeit außerdem einen Tragfähigkeitsnachweis in Form einer Referenzimplementierung bereit. Diese Implementierung nutzt sowohl Fähigkeiten des Modells der Vertrauenswürdigkeit (1) als auch des TCADS Systems (2) und stellt ein nutzbares Set von Programmen bereit. Eine Evaluierung basierend auf diesem Tragfähigkeitsnachweis zeigt die Vorteile und die Praktikabilität der vorgestellten Ansätze. Abschließend findet sich eine Zusammenfassung der Arbeit sowie ein Ausblick auf weiterführende Fragestellungen

Building an open framework for establishing and maintaining the chain of custody in forensic analysis of digital evidence

Krajnji cilj svake digitalne forenzičke istrage je zakonito pribavljen digitalni dokaz i prihvaćen od strane suda. To znači da svaki dokaz mora biti prikupljen kroz proces digitalne forenzičke istrage, a koji ne može početi bez naredbe suda, tužiteljstva ili uprave ukoliko se radi o internim istragama u poduzećima. U samom procesu digitalne forenzičke istrage mora se sačuvati i dokazati nepovredivost digitalnog dokaza kroz dokazivanje nepovredivosti lanca dokaza. To znači da se mora znati svakog trenutka, tko je, što, kada, kako, zašto i gdje dolazio u kontakt sa digitalnim dokazima. Ukoliko dođe do prekida lanca dokaza sud takve dokaze neće prihvatiti. Osnovni cilj ovoga rada je znanstveno istraživanje koje će dati uvid u pregled metoda održanja lanca digitalnih dokaza i metoda zaštite integriteta digitalnih dokaza, te pojašnjenje pojma životnog ciklusa digitalnih dokaza. Cilj je ukazati na nedostatke postojećih metoda i definiranja novih pravaca istraživanja u rješavanju problema lanca digitalnih dokaza primjenom ontologija digitalnih dokaza putem DEMF (engl. Digital Evidence Management Framework) kroz koji bi se u svakom trenutku digitalne istrage točno znao odgovor na sva bitna pitanja sudionika u procesu digitalne istrage, ali bi se i održavao lanac dokaza. Krajnji cilj je formalno opisati pojmove koji se javljaju u procesu upravljanja digitalnim dokazima, te izgraditi okvir koji bi pomogao sudcima i drugim osobama kojese bave prihvatljivošću digitalnih dokaza. U radu je izgrađena ontologija digitalnih dokaza i lanca dokaza, definirana su osnovna poslovna pravila (engl. if-then rules) a koja su glavni pokretač okvira koji omogućuje da se odredi koji je dokaz formalno prihvatljiv a koji ne. Urađena je i provjera valjanosti i vrednovanje izrađene ontologije, te su kreirane i instance koje su poslužile za testiranje okvira. U radu je pored toga po prvi puta prezentirano stanje u sudovima u Bosni i Hercegovini, gdje je urađeno preliminarno istraživanje uz pomoć metode anketiranja, a vezano za digitalne dokaze, dokazivanje nepovredivosti lanca dokaza, te konstrukt prihvatljivosti digitalnih dokaza.The ultimate goal of every digital forensic investigation is lawfully acquiredand by the court accepteddigital evidence. This means that all the evidence must be collected through the process of digital forensic investigation, which cannotbegin without the order of the court, prosecution or administrative case of internal investigations in enterprises.The integrity of digital evidence must be preserved and prove, on the way proving the inviolability of the chain of evidence. This means that weanytimemust: know, who, what, when, how, why and where they come into contact with digital evidence. If there is an interruption of the chain, the court will not accept theevidence. The main aim of this thesisis scientific research that will give insight into the methods of maintaining the chain of digital evidence, methods to provethe integrity of digital evidenceand clarification of the life cycle of digital evidence. The goal isto address the shortcomings of existing methods, and defining new directions of research in solving chain of digital evidence problems using the ontology of digital evidence through "DEMF" - Digital Evidence Management Framework. The reason is to exactly know answer all the important questions participants in the digital investigation, but would also maintain the chain of evidence. The ultimate goal is to formally describe concepts that occur in the process of managing digital evidence, and build a framework to help judges and other persons engaged in the admissibility of digital evidence. Ontology of digital evidence and the chain of evidence aredeveloped, basic business rules (if-then rules) are defined, which are the main driver framework that allows determiningwhich evidence is formally acceptable and which isnot. Validation and evaluation of ontologyare constructed, and few instances created, that were used for the framework testing.In addition, in this paperispresented, a preliminary research conducted atthe courts in Bosnia and Herzegovina, related to digital evidence, proving the inviolability of the chain of evidence, and construct the admissibility of digital evidence

Building an open framework for establishing and maintaining the chain of custody in forensic analysis of digital evidence

Krajnji cilj svake digitalne forenzičke istrage je zakonito pribavljen digitalni dokaz i prihvaćen od strane suda. To znači da svaki dokaz mora biti prikupljen kroz proces digitalne forenzičke istrage, a koji ne može početi bez naredbe suda, tužiteljstva ili uprave ukoliko se radi o internim istragama u poduzećima. U samom procesu digitalne forenzičke istrage mora se sačuvati i dokazati nepovredivost digitalnog dokaza kroz dokazivanje nepovredivosti lanca dokaza. To znači da se mora znati svakog trenutka, tko je, što, kada, kako, zašto i gdje dolazio u kontakt sa digitalnim dokazima. Ukoliko dođe do prekida lanca dokaza sud takve dokaze neće prihvatiti. Osnovni cilj ovoga rada je znanstveno istraživanje koje će dati uvid u pregled metoda održanja lanca digitalnih dokaza i metoda zaštite integriteta digitalnih dokaza, te pojašnjenje pojma životnog ciklusa digitalnih dokaza. Cilj je ukazati na nedostatke postojećih metoda i definiranja novih pravaca istraživanja u rješavanju problema lanca digitalnih dokaza primjenom ontologija digitalnih dokaza putem DEMF (engl. Digital Evidence Management Framework) kroz koji bi se u svakom trenutku digitalne istrage točno znao odgovor na sva bitna pitanja sudionika u procesu digitalne istrage, ali bi se i održavao lanac dokaza. Krajnji cilj je formalno opisati pojmove koji se javljaju u procesu upravljanja digitalnim dokazima, te izgraditi okvir koji bi pomogao sudcima i drugim osobama kojese bave prihvatljivošću digitalnih dokaza. U radu je izgrađena ontologija digitalnih dokaza i lanca dokaza, definirana su osnovna poslovna pravila (engl. if-then rules) a koja su glavni pokretač okvira koji omogućuje da se odredi koji je dokaz formalno prihvatljiv a koji ne. Urađena je i provjera valjanosti i vrednovanje izrađene ontologije, te su kreirane i instance koje su poslužile za testiranje okvira. U radu je pored toga po prvi puta prezentirano stanje u sudovima u Bosni i Hercegovini, gdje je urađeno preliminarno istraživanje uz pomoć metode anketiranja, a vezano za digitalne dokaze, dokazivanje nepovredivosti lanca dokaza, te konstrukt prihvatljivosti digitalnih dokaza.The ultimate goal of every digital forensic investigation is lawfully acquiredand by the court accepteddigital evidence. This means that all the evidence must be collected through the process of digital forensic investigation, which cannotbegin without the order of the court, prosecution or administrative case of internal investigations in enterprises.The integrity of digital evidence must be preserved and prove, on the way proving the inviolability of the chain of evidence. This means that weanytimemust: know, who, what, when, how, why and where they come into contact with digital evidence. If there is an interruption of the chain, the court will not accept theevidence. The main aim of this thesisis scientific research that will give insight into the methods of maintaining the chain of digital evidence, methods to provethe integrity of digital evidenceand clarification of the life cycle of digital evidence. The goal isto address the shortcomings of existing methods, and defining new directions of research in solving chain of digital evidence problems using the ontology of digital evidence through "DEMF" - Digital Evidence Management Framework. The reason is to exactly know answer all the important questions participants in the digital investigation, but would also maintain the chain of evidence. The ultimate goal is to formally describe concepts that occur in the process of managing digital evidence, and build a framework to help judges and other persons engaged in the admissibility of digital evidence. Ontology of digital evidence and the chain of evidence aredeveloped, basic business rules (if-then rules) are defined, which are the main driver framework that allows determiningwhich evidence is formally acceptable and which isnot. Validation and evaluation of ontologyare constructed, and few instances created, that were used for the framework testing.In addition, in this paperispresented, a preliminary research conducted atthe courts in Bosnia and Herzegovina, related to digital evidence, proving the inviolability of the chain of evidence, and construct the admissibility of digital evidence

Biometrics system reliability evaluation method

Biometrijski sustavi ulaze u sve češću i rašireniju uporabu od 2003. godine, kada naputak o primjeni istih, u domeni uporabe u svrhu jačanja nacionalne sigurnosti, biva ugrađen u strategiju nacionalne sigurnosti EU, SAD te mnogih drugih zemalja. Motivi za primjenu biometrijskih sustava, posebno u domeni mjera nacionalne sigurnosti, često otvaraju niz pitanja iz područja povjerenja u svrhu korištenja prikupljenih podataka čime se u mnogim situacijama zadire u sferu potencijalnog kompromitiranja i narušavanja privatnosti osoba. Procesi standardizacije biometrijskih antropometrijskih sustava, kao preduvjet za povećanje povjerenja korisnika sustava, aktualni posljednjih godina, uglavnom se fokusiraju na definiranje određenih tehničkih značajki sustava bez eksplicitnog definiranja zahtjeva kvalitete funkcioniranja samih biometrijskih sustava. Pouzdanost biometrijskih sustava jedan je od temeljnih parametara za ocjenu kvalitete istih te sukladno tomu prijedlog budućeg znanstvenog istraživanja biti će utemeljen na povezivanju postojećih saznanja glede evaluacije pouzdanosti biometrijskih sustava s aspekta tehnologije sustava, okoline uporabe te korisnika sustava s ciljem definiranja metode za evaluaciju pouzdanosti utemeljenoj na ontologiji. U radu je dan pregled postojećih modela evaluacije pouzdanosti te razvijen evaluacijski model OOEPBS (otvoreni okvir za evaluaciju pouzdanosti biometrijskih sustava) utemeljen na definiranoj metodi za evaluaciju pouzdanosti biometrijskih sustava. Na temelju evaluacijskog modela OOEPBS izgrađena je ontologija čija je krovna domena biometrijska znanost sa specijalizacijom koncepata koji pokrivaju problematike evaluacije pouzdanosti biometrijskih sustava. Realizirana je također i provjera valjanosti te vrednovanje izgrađene ontologije, te su kreirane i instance koje su poslužile za testiranje okvira.The widespread usage of biometric systems is gaining momentum after 2003., when their utilization, within enforcement national security process, has been ordered and built into security strategies of the E.U., U.S.A., and many other countries. The motives for the utilization of such systems with emphasis on preserving national security, often raises a number of questions in the domain of privacy concerns regarding the potential misuse of the collected data, thus often penetrating into the sphere of potential compromising of users privacy. On the other hand, biometric system's standardization processes, which should be a prerequisite for increasing the users' confidence into the systems, predominantly focuses on defining certain technical features, without explicitly defining quality requirements. Reliability of biometric system is one of the fundamental parameters for evaluating the quality of the same, followed by the proposal of future scientific research will be based on linking existing knowledge regarding the evaluation of the reliability of biometric systems in terms, customer motivation, motivation of use of technology, the environment, usability and performance evaluation parameters with the aim of defining method for evaluating reliability based on ontology. An overview of actual evaluation models is presented in this doctoral thesis and also is developed an evaluation model OOEPBS (open framework for reliability evaluation for biometric systems) based on the reliability evaluation method for biometric systems. OOEPBS evaluation model has served for the development of the ontology with domain in biometrical science and specialization of the concepts within the reliability evaluation area. Ontology is evaluated and tested by using an open framework testing instances

Biometrics system reliability evaluation method

Biometrijski sustavi ulaze u sve češću i rašireniju uporabu od 2003. godine, kada naputak o primjeni istih, u domeni uporabe u svrhu jačanja nacionalne sigurnosti, biva ugrađen u strategiju nacionalne sigurnosti EU, SAD te mnogih drugih zemalja. Motivi za primjenu biometrijskih sustava, posebno u domeni mjera nacionalne sigurnosti, često otvaraju niz pitanja iz područja povjerenja u svrhu korištenja prikupljenih podataka čime se u mnogim situacijama zadire u sferu potencijalnog kompromitiranja i narušavanja privatnosti osoba. Procesi standardizacije biometrijskih antropometrijskih sustava, kao preduvjet za povećanje povjerenja korisnika sustava, aktualni posljednjih godina, uglavnom se fokusiraju na definiranje određenih tehničkih značajki sustava bez eksplicitnog definiranja zahtjeva kvalitete funkcioniranja samih biometrijskih sustava. Pouzdanost biometrijskih sustava jedan je od temeljnih parametara za ocjenu kvalitete istih te sukladno tomu prijedlog budućeg znanstvenog istraživanja biti će utemeljen na povezivanju postojećih saznanja glede evaluacije pouzdanosti biometrijskih sustava s aspekta tehnologije sustava, okoline uporabe te korisnika sustava s ciljem definiranja metode za evaluaciju pouzdanosti utemeljenoj na ontologiji. U radu je dan pregled postojećih modela evaluacije pouzdanosti te razvijen evaluacijski model OOEPBS (otvoreni okvir za evaluaciju pouzdanosti biometrijskih sustava) utemeljen na definiranoj metodi za evaluaciju pouzdanosti biometrijskih sustava. Na temelju evaluacijskog modela OOEPBS izgrađena je ontologija čija je krovna domena biometrijska znanost sa specijalizacijom koncepata koji pokrivaju problematike evaluacije pouzdanosti biometrijskih sustava. Realizirana je također i provjera valjanosti te vrednovanje izgrađene ontologije, te su kreirane i instance koje su poslužile za testiranje okvira.The widespread usage of biometric systems is gaining momentum after 2003., when their utilization, within enforcement national security process, has been ordered and built into security strategies of the E.U., U.S.A., and many other countries. The motives for the utilization of such systems with emphasis on preserving national security, often raises a number of questions in the domain of privacy concerns regarding the potential misuse of the collected data, thus often penetrating into the sphere of potential compromising of users privacy. On the other hand, biometric system's standardization processes, which should be a prerequisite for increasing the users' confidence into the systems, predominantly focuses on defining certain technical features, without explicitly defining quality requirements. Reliability of biometric system is one of the fundamental parameters for evaluating the quality of the same, followed by the proposal of future scientific research will be based on linking existing knowledge regarding the evaluation of the reliability of biometric systems in terms, customer motivation, motivation of use of technology, the environment, usability and performance evaluation parameters with the aim of defining method for evaluating reliability based on ontology. An overview of actual evaluation models is presented in this doctoral thesis and also is developed an evaluation model OOEPBS (open framework for reliability evaluation for biometric systems) based on the reliability evaluation method for biometric systems. OOEPBS evaluation model has served for the development of the ontology with domain in biometrical science and specialization of the concepts within the reliability evaluation area. Ontology is evaluated and tested by using an open framework testing instances

A Comprehensive Digital Forensic Investigation Model and Guidelines for Establishing Admissible Digital Evidence

Information technology systems are attacked by offenders using digital devices and networks to facilitate their crimes and hide their identities, creating new challenges for digital investigators. Malicious programs that exploit vulnerabilities also serve as threats to digital investigators. Since digital devices such as computers and networks are used by organisations and digital investigators, malicious programs and risky practices that may contaminate the integrity of digital evidence can lead to loss of evidence. For some reasons, digital investigators face a major challenge in preserving the integrity of digital evidence. Not only is there no definitive comprehensive model of digital forensic investigation for ensuring the reliability of digital evidence, but there has to date been no intensive research into methods of doing so. To address the issue of preserving the integrity of digital evidence, this research improves upon other digital forensic investigation model by creating a Comprehensive Digital Forensic Investigation Model (CDFIM), a model that results in an improvement in the investigation process, as well as security mechanism and guidelines during investigation. The improvement is also effected by implementing Proxy Mobile Internet Protocol version 6 (PMIPv6) with improved buffering based on Open Air Interface PIMIPv6 (OAI PMIPv6) implementation to provide reliable services during handover in Mobile Node (MN) and improve performance measures to minimize loss of data which this research identified as a factor affecting the integrity of digital evidence. The advantage of this is to present that the integrity of digital evidence can be preserved if loss of data is prevented. This research supports the integration of security mechanism and intelligent software in digital forensic investigation which assist in preserving the integrity of digital evidence by conducting experiments which carried out two different attack experiment to test CDFIM. It found that when CDFIM used security mechanism and guidelines with the investigation process, it was able to identify the attack and also ensured that the integrity of the digital evidence was preserved. It was also found that the security mechanism and guidelines incorporated in the digital investigative process are useless when the security guidelines are ignored by digital investigators, thus posing a threat to the integrity of digital evidence