As with other types of evidence, the courts make no presumption that digital evidence is reliable without some evidence of empirical testing in relation to the theories and techniques associated with its production. The issue of reliability means that courts pay close attention to the manner in which electronic evidence has been obtained and in particular the process in which the data is captured and stored. Previous process models have tended to focus on one particular area of digital forensic practice, such as law enforcement, and have not incorporated a formal description. We contend that this approach has prevented the establishment of generally-accepted standards and processes that are urgently needed in the domain of digital forensics. This paper presents a generic process model as a step towards developing such a generally-accepted standard for a fundamental digital forensic activity–the acquisition of digital evidence.


Adams, R. (2013). Doctoral Thesis. The Advanced Data Acquisition Model (ADAM): A process model fordigital forensic practice. Murdoch University. Retrieved from http://researchrepository.murdoch.edu.au/14422/2/02Whole.pdf

Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). Systematic digital forensic investigation model. International Journal of Computer Science and Security, 5(1), 118-130.

Baryamureeba, V., & Tushabe, F. (2004). The enhanced digital investigation process model. Paper presented at the Digital Forensic Research Workshop, Baltimore, Maryland, United States.

Beebe, N., & Clark, J. (2004). A hierarchical, objectives-based framework for the digital investigations process. Paper presented at the Digital Forensics Research Workshop 2004, Baltimore, Maryland, United States.

Bogan, A. C., & Dampier, D. A. (2005). Unifying computer forensic modeling approaches: A software engineering approach. Paper presented at the Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering, Taipei, Taiwan.

Buskirk, E. V., & Liu, V. T. (2006). Digital evidence: Challenging the presumption of reliability. Journal of Digital Forensic Practice, 1(1), 19-26. doi: 1080/15567280500541421

Carrier, B., & Spafford, E. H. (2003). Getting physical with the digital investigation process. International Journal of Digital Evidence, 2(2).

Ciardhuain, S. O. (2004). An extended model of cybercrime investigations. International Journal of Digital Evidence, 3(1).

Daubert v Merrell Dow Pharmaceuticals Inc. (1993). 509 US 579

Freiling, F. C., & Schwittay, B. (2007). A common process model for incident response and computer forensics. Paper presented at the Conference on IT Incident Management and IT Forensics, Germany.

Ieong, R. S. C. (2006). FORZA: Digital forensics investigation framework that incorporate legal issues. Digital Invetigation, 3, 29-36.

ISO/IEC. (2012). Guidelines for identification, collection, acquisition, and preservation of digital evidence CD 27037: ISO/IEC.

Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response. In National Institute of Standards and Technology (Ed.), (NIST SP 800-86): U.S. Department of Commerce.

Kessler, G. C. (2010). Doctoral Thesis. Judges’ awareness, understanding, and application of digital evidence, Nova Southeastern University.

Khatir, M., Hejazi, S. M., & Sneiders, E. (2008). Two-dimensional evidence reliability amplification process model for digital forensics. Paper presented at the Third International Annual Workshop on Digital Forensics and Incident Analysis, Malaga.

Kohn, M., Eloff, J., & Olivier, M. (2006). Framework for a digital forensic investigation. Paper presented at the Information Security South Africa Conference 2006 from Insight to Foresight, Sandton, South Africa. Presented on 5-7 July.

Kohn, M., Eloff, J. H. P., & Olivier, M. (2008). UML Modelling of Digital Forensic Process Models (DFPMs). Paper presented at the ISSA Innovative Minds Conference, Johannesburg, South Africa. Presented on 7-9 July.

Mann, P. (2004). Cybersecurity: the CTOSE project. Computer Law & Security Review, 20(2), 125-126.

Pace, D. K., & Sheehan, J. (2002). Subject Matter Expert (SME)/Peer use in M&S V&V. Paper presented at the Foundations for the V&V in the 21st Century workshop (Foundations 2002), John Hopkins University.

Palmer, G. (2001). A Road Map for Digital Forensic Research. Digital Forensics Research Workshop, Utica, New York.

Peffers, K., Tuunanen, T., Gengler, C., Rossi, M., Hui, W., Virtanen, V., & Bragge, J. (2006). The Design Science research process: a model for producing and presenting information systems research. Paper presented at the First International Conference on Design Science Research in Information Systems and Technology (DESRIST 2006), Claremont, CA.

Reith, M., Carr, C., & Gunsch, G. (2002). An examination of digital forensic models. International Journal of Digital Evidence, 1(3).

Rogers, M. K. (2006). DCSA: Applied Digital Crime Scene Analysis. In Tipton & Krause (Eds.), Information Security Management Handbook, 5 th ed. New York, NY: Auerbach.

Ruan, C., & Huebner, E. (2009). Formalizing computer forensics process with UML. Paper presented at the UNISCON 2009, Sydney.

Selamat, S. R., Yusof, R., & Sahib, S. (2008). Mapping process of digital forensic investigation framework. International Journal of Computer Science and Network Security, 8(10).

Stephenson, P. (2003). A comprehensive approach to digital incident investigation. Information Security Technical Report, 8(2), 42-54.

Trcek, D., Abie, H., Skomedal, A., & Starc, I. (2010). Advanced framework for digital forensic technologies and procedures. Journal of Forensic Sciences, 55(6), 1471-1479.

Venter, J. P. (2006). Process flows for cyber forensics training and operations. Retrieved from http:researchspace.csir.co.za/dspace/bitstream/10204/1073/1/Venter_2006.pdf

Wang, Z., & Yu, M. (2007). Modeling computer forensic process from workflow perspective. Journal of Communication and Computer, 4(1), 55-59.

Williams, J. (2012). Good practice guide for computer based evidence: Association of chief police officers of England, Wales & Northern Ireland.





To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.