The Standardised Digital Forensic Investigation Process Model (SDFIPM)

Reza Montasari, Richard Hill, Victoria Carpenter, Amin Hosseinian-Far

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.
Original languageEnglish
Title of host publicationBlockchain and Clinical Trial
EditorsHamid Jahankhani, Stefan Kendzierskyj, Arshad Jamal, Gregory Epiphaniou, Haider Al-Khateeb
Place of PublicationCham
PublisherSpringer, Cham
Chapter8
Pages169-209
Number of pages41
Edition1st
ISBN (Electronic)9783030112899
ISBN (Print)9783030112882, 3030112888
DOIs
Publication statusPublished - 18 Apr 2019

Publication series

NameAdvanced Sciences and Technologies for Security Applications
PublisherSpringer, Cham
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466

Fingerprint

law enforcement
commerce
incident
lack
experience

Cite this

Montasari, R., Hill, R., Carpenter, V., & Hosseinian-Far, A. (2019). The Standardised Digital Forensic Investigation Process Model (SDFIPM). In H. Jahankhani, S. Kendzierskyj, A. Jamal, G. Epiphaniou, & H. Al-Khateeb (Eds.), Blockchain and Clinical Trial (1st ed., pp. 169-209). (Advanced Sciences and Technologies for Security Applications). Cham: Springer, Cham. https://doi.org/10.1007/978-3-030-11289-9_8
Montasari, Reza ; Hill, Richard ; Carpenter, Victoria ; Hosseinian-Far, Amin. / The Standardised Digital Forensic Investigation Process Model (SDFIPM). Blockchain and Clinical Trial. editor / Hamid Jahankhani ; Stefan Kendzierskyj ; Arshad Jamal ; Gregory Epiphaniou ; Haider Al-Khateeb. 1st. ed. Cham : Springer, Cham, 2019. pp. 169-209 (Advanced Sciences and Technologies for Security Applications).
@inbook{ffb7baaa777e415280467bc9ac2dc2f8,
title = "The Standardised Digital Forensic Investigation Process Model (SDFIPM)",
abstract = "The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.",
keywords = "Digital forensics, Standardised digital forensic investigation process model, Survey digital crime scene phase, Digital forensics investigation, DFI, DFA, Event reconstruction process, UML, Unified modelling language, Chain of custody, Information flow, Case management",
author = "Reza Montasari and Richard Hill and Victoria Carpenter and Amin Hosseinian-Far",
year = "2019",
month = "4",
day = "18",
doi = "10.1007/978-3-030-11289-9_8",
language = "English",
isbn = "9783030112882",
series = "Advanced Sciences and Technologies for Security Applications",
publisher = "Springer, Cham",
pages = "169--209",
editor = "Hamid Jahankhani and Stefan Kendzierskyj and Arshad Jamal and Gregory Epiphaniou and Haider Al-Khateeb",
booktitle = "Blockchain and Clinical Trial",
edition = "1st",

}

Montasari, R, Hill, R, Carpenter, V & Hosseinian-Far, A 2019, The Standardised Digital Forensic Investigation Process Model (SDFIPM). in H Jahankhani, S Kendzierskyj, A Jamal, G Epiphaniou & H Al-Khateeb (eds), Blockchain and Clinical Trial. 1st edn, Advanced Sciences and Technologies for Security Applications, Springer, Cham, Cham, pp. 169-209. https://doi.org/10.1007/978-3-030-11289-9_8

The Standardised Digital Forensic Investigation Process Model (SDFIPM). / Montasari, Reza; Hill, Richard; Carpenter, Victoria; Hosseinian-Far, Amin.

Blockchain and Clinical Trial. ed. / Hamid Jahankhani; Stefan Kendzierskyj; Arshad Jamal; Gregory Epiphaniou; Haider Al-Khateeb. 1st. ed. Cham : Springer, Cham, 2019. p. 169-209 (Advanced Sciences and Technologies for Security Applications).

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - The Standardised Digital Forensic Investigation Process Model (SDFIPM)

AU - Montasari, Reza

AU - Hill, Richard

AU - Carpenter, Victoria

AU - Hosseinian-Far, Amin

PY - 2019/4/18

Y1 - 2019/4/18

N2 - The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.

AB - The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.

KW - Digital forensics

KW - Standardised digital forensic investigation process model

KW - Survey digital crime scene phase

KW - Digital forensics investigation

KW - DFI

KW - DFA

KW - Event reconstruction process

KW - UML

KW - Unified modelling language

KW - Chain of custody

KW - Information flow

KW - Case management

U2 - 10.1007/978-3-030-11289-9_8

DO - 10.1007/978-3-030-11289-9_8

M3 - Chapter

SN - 9783030112882

SN - 3030112888

T3 - Advanced Sciences and Technologies for Security Applications

SP - 169

EP - 209

BT - Blockchain and Clinical Trial

A2 - Jahankhani, Hamid

A2 - Kendzierskyj, Stefan

A2 - Jamal, Arshad

A2 - Epiphaniou, Gregory

A2 - Al-Khateeb, Haider

PB - Springer, Cham

CY - Cham

ER -

Montasari R, Hill R, Carpenter V, Hosseinian-Far A. The Standardised Digital Forensic Investigation Process Model (SDFIPM). In Jahankhani H, Kendzierskyj S, Jamal A, Epiphaniou G, Al-Khateeb H, editors, Blockchain and Clinical Trial. 1st ed. Cham: Springer, Cham. 2019. p. 169-209. (Advanced Sciences and Technologies for Security Applications). https://doi.org/10.1007/978-3-030-11289-9_8