Proposal / Submission Type

Peer Reviewed Paper

Location

Arlington, Virginia

Abstract

This paper presents a detailed digital forensics process model and the responsible teams to perform it. The discussed model presents three teams and a forensic leader who coordinate between the three teams; these teams are physical crime scene team, laboratory examination team and courtroom team. These teams are responsible of achieving the digital forensic model by applying five main phases which are preparation phase, physical forensics and investigation phase, digital forensics phase, reporting and presentation phase and closure phase.

Most of the existing models in this field are either theoretical that deals with data processing or based on a legal point of view. Although they gave good information to base on it a guide, but they are not detailed enough to describe fully the investigative process and do not define teams and their responsibilities for investigation in a way that can be used by investigators during investigation.

In this model the responsibilities and procedures of each team is represented given detailed steps for each team, so it can be used as guidance for the forensic investigators during investigation and assist their training.

Keywords: digital forensics, computer forensics, digital investigation, forensic model, reference framework, Forensic teams’ responsibilities.

Comments

Session Chair: Jigang Liu

 

Teams Responsibilities for Digital Forensic Process

Arlington, Virginia

This paper presents a detailed digital forensics process model and the responsible teams to perform it. The discussed model presents three teams and a forensic leader who coordinate between the three teams; these teams are physical crime scene team, laboratory examination team and courtroom team. These teams are responsible of achieving the digital forensic model by applying five main phases which are preparation phase, physical forensics and investigation phase, digital forensics phase, reporting and presentation phase and closure phase.

Most of the existing models in this field are either theoretical that deals with data processing or based on a legal point of view. Although they gave good information to base on it a guide, but they are not detailed enough to describe fully the investigative process and do not define teams and their responsibilities for investigation in a way that can be used by investigators during investigation.

In this model the responsibilities and procedures of each team is represented given detailed steps for each team, so it can be used as guidance for the forensic investigators during investigation and assist their training.

Keywords: digital forensics, computer forensics, digital investigation, forensic model, reference framework, Forensic teams’ responsibilities.