Authors: Fahad Alanazi, Andrew Jones

Abstract:

Digital forensics seeks to achieve the successful investigation of digital crimes through obtaining acceptable evidence from digital devices that can be presented in a court of law. Thus, the digital forensics investigation is normally performed through a number of phases in order to achieve the required level of accuracy in the investigation processes. Since 1984 there have been a number of models and frameworks developed to support the digital investigation processes. In this paper, we review a number of the investigation processes that have been produced throughout the years and introduce a proposed digital forensic model which is based on the scope of the Saudi Arabia investigation process. The proposed model has been integrated with existing models for the investigation processes and produced a new phase to deal with a situation where there is initially insufficient evidence.

Keywords: Digital forensics, Process, Metadata, Traceback, Saudi Arabia.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1129015

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1953

References:

[1] Abbas, N. H. (2009). Quran ‘search for a concept' tool and website. Unpublished thesis, University of Leeds. Available at http://www.comp.leeds.ac.uk/nora/html/27-64.html. Last accessed 01/07/2016.
[2] Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). Systematic digital forensic investigation model. International Journal of Computer Science and Security (IJCSS), 5(1), 118-131.
[3] Al-Murjan, A., & Xynos, K. (2008, April). Network Forensic Investigation of Internal Misuse/Crime in Saudi Arabia: A Hacking Case. In Proceedings of the Conference on Digital Forensics, Security and Law (pp. 15-32).
[4] Baryamureeba, V., & Tushabe, F. (2004, August). The enhanced digital investigation process model. In Proceedings of the Fourth Digital Forensic Research Workshop (pp. 1-9).
[5] Bem, D., & Huebner, E. (2007). Computer forensic analysis in a virtual environment. International journal of digital evidence, 6(2), 1-13.
[6] Brill AE, Pollitt M. (2006). The evolution of computer forensic best practices: an update on programs and publications. Journal of Digital Forensic Practice, 1:3–11.
[7] Carrier, B., & Spafford, E. H. (2003). Getting physical with the digital investigation process. International Journal of digital evidence, 2(2), 1-20.
[8] Carrier, B. D. (2006). A Hypothesis-based Approach to Digital Forensic Investigations. CERIAS Tech Report 2006- 06, Purdue University, Center for Education and Research in Information Assurance and Security, West Lafayette.
[9] Ciardhuáin, S. Ó. (2004). An extended model of cybercrime investigations. International Journal of Digital Evidence, 3(1), 1-22.
[10] Dafiri, S. (2003), In-Depth Studying of the Law on Criminal Procedure in Saudi Arabia, Dar Tibah, Riyadh.
[11] Freiling, F. C., & Schwittay, B. (2007). A Common Process Model for Incident Response and Computer Forensics. IMF, 7, 19-40.
[12] Glaser, B., and Strauss, A. (1967). The discovery of grounded theory. Chicago: Aldine.
[13] Hong, I., Yu, H., Lee, S., & Lee, K. (2013). A new triage model conforming to the needs of selective search and seizure of electronic evidence. Digital Investigation, 10(2), 175-192.
[14] Köhn, M., Olivier, M. S., & Eloff, J. H. (2006, July). Framework for a Digital Forensic Investigation. In ISSA (pp. 1-7).
[15] Nicole Lang Beebe and Jan Guynes Clark. (2004). A Hierarchical, Objectives-Based Framework for the Digital Investigations Process. Available: http://www.dfrws.org/2004/day1/Beebe_Obj_Framework_for_DI.pdf. Last accessed 08 Jun 2012.
[16] M. G. Noblett, M. M. Pollitt & L. A. Presley, (2000) “Recovering and Examining Computer Forensic Evidence”, Forensic Science Communications, Vol. 2, No. 4.
[17] Myers, M. D., & Avison, D. (Eds.). (2002). Qualitative research in information systems: a reader. Sage.
[18] Perumal, S. (2009). Digital forensic model based on Malaysian investigation process. International Journal of Computer Science and Network Security, 9(8), 38-44.
[19] Pollitt, M. M. (2007, April). An ad hoc review of digital forensic models. InSystematic Approaches to Digital Forensic Engineering, 2007. SADFE 2007. Second International Workshop on (pp. 43-54). IEEE.
[20] Rogers, M. K., Goldman, J., Mislan, R., Wedge, T., & Debrota, S. (2006). Computer forensics field triage process model. Journal of Digital Forensics, Security and Law, 1(2), 19-38.
[21] Selamat, S. R., Yusof, R., & Sahib, S. (2008). Mapping process of digital forensic investigation framework. International Journal of Computer Science and Network Security, 8(10), 163-169.
[22] Stephenson, P. (2003). A comprehensive approach to digital incident investigation. Information Security Technical Report, 8(2), 42-54.
[23] Stephenson, P. (2003). Modeling of post-incident root cause analysis. International Journal of Digital Evidence, 2(2), 1-16.
[24] Yusoff, Y., Ismail, R., & Hassan, Z. (2011). Common phases of computer forensics investigation models. International Journal of Computer Science & Information Technology, 3(3), 17-31.