A Standardised Data Acquisition Process Model for Digital Forensic Investigations

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

Similar to traditional evidence, courts of law do not assume that digital evidence is reliable if there is no evidence of some empirical testing regarding the theories and techniques pertaining to its production. Courts take a careful notice of the way in which digital evidence has been acquired and stored. In contrast with traditional crimes for which there are well-established standards and procedures upon which courts can rely, there are no formal procedures or models for digital data acquisition to which courts of law can refer. A standardised data acquisition process model is needed to enable digital forensic investigators to follow a uniform approach, and to assist courts of law in determining the reliability of digital evidence presented to them. This paper proposes a model that is standardised in that it can enable digital forensic investigators in following a uniform approach, and that is generic in that it can be applied in both law enforcement and corporate investigations. To carry out the research presented in the paper, the design science research process (DSRP) methodology proposed by Peffers et al. (2006) has been followed.
LanguageEnglish
Pages229-249
Number of pages21
JournalInternational Journal of Information and Computer Security
Volume9
Issue number3
DOIs
Publication statusPublished - 27 Jun 2017
Externally publishedYes

Fingerprint

Data acquisition
Crime
Law enforcement
Testing
Digital forensics

Cite this

@article{a1f5e04b18db4f978535e504f9fe09f6,
title = "A Standardised Data Acquisition Process Model for Digital Forensic Investigations",
abstract = "Similar to traditional evidence, courts of law do not assume that digital evidence is reliable if there is no evidence of some empirical testing regarding the theories and techniques pertaining to its production. Courts take a careful notice of the way in which digital evidence has been acquired and stored. In contrast with traditional crimes for which there are well-established standards and procedures upon which courts can rely, there are no formal procedures or models for digital data acquisition to which courts of law can refer. A standardised data acquisition process model is needed to enable digital forensic investigators to follow a uniform approach, and to assist courts of law in determining the reliability of digital evidence presented to them. This paper proposes a model that is standardised in that it can enable digital forensic investigators in following a uniform approach, and that is generic in that it can be applied in both law enforcement and corporate investigations. To carry out the research presented in the paper, the design science research process (DSRP) methodology proposed by Peffers et al. (2006) has been followed.",
keywords = "digital forensics, data acquisition, process model, standardised model, digital investigations, computer forensics, formal process",
author = "Reza Montasari",
year = "2017",
month = "6",
day = "27",
doi = "10.1504/IJICS.2017.085139",
language = "English",
volume = "9",
pages = "229--249",
journal = "International Journal of Information and Computer Security",
issn = "1744-1765",
publisher = "Inderscience Enterprises Ltd",
number = "3",

}

TY - JOUR

T1 - A Standardised Data Acquisition Process Model for Digital Forensic Investigations

AU - Montasari, Reza

PY - 2017/6/27

Y1 - 2017/6/27

N2 - Similar to traditional evidence, courts of law do not assume that digital evidence is reliable if there is no evidence of some empirical testing regarding the theories and techniques pertaining to its production. Courts take a careful notice of the way in which digital evidence has been acquired and stored. In contrast with traditional crimes for which there are well-established standards and procedures upon which courts can rely, there are no formal procedures or models for digital data acquisition to which courts of law can refer. A standardised data acquisition process model is needed to enable digital forensic investigators to follow a uniform approach, and to assist courts of law in determining the reliability of digital evidence presented to them. This paper proposes a model that is standardised in that it can enable digital forensic investigators in following a uniform approach, and that is generic in that it can be applied in both law enforcement and corporate investigations. To carry out the research presented in the paper, the design science research process (DSRP) methodology proposed by Peffers et al. (2006) has been followed.

AB - Similar to traditional evidence, courts of law do not assume that digital evidence is reliable if there is no evidence of some empirical testing regarding the theories and techniques pertaining to its production. Courts take a careful notice of the way in which digital evidence has been acquired and stored. In contrast with traditional crimes for which there are well-established standards and procedures upon which courts can rely, there are no formal procedures or models for digital data acquisition to which courts of law can refer. A standardised data acquisition process model is needed to enable digital forensic investigators to follow a uniform approach, and to assist courts of law in determining the reliability of digital evidence presented to them. This paper proposes a model that is standardised in that it can enable digital forensic investigators in following a uniform approach, and that is generic in that it can be applied in both law enforcement and corporate investigations. To carry out the research presented in the paper, the design science research process (DSRP) methodology proposed by Peffers et al. (2006) has been followed.

KW - digital forensics

KW - data acquisition

KW - process model

KW - standardised model

KW - digital investigations

KW - computer forensics

KW - formal process

U2 - 10.1504/IJICS.2017.085139

DO - 10.1504/IJICS.2017.085139

M3 - Article

VL - 9

SP - 229

EP - 249

JO - International Journal of Information and Computer Security

T2 - International Journal of Information and Computer Security

JF - International Journal of Information and Computer Security

SN - 1744-1765

IS - 3

ER -