Proposal / Submission Type
Peer Reviewed Paper
Location
Richmond, Virginia
Start Date
28-5-2014 3:20 PM
Abstract
Existing digital forensic investigation process models have provided guidelines for identifying and preserving potential digital evidence captured from a crime scene. However, for any of the digital forensic investigation process models developed across the world to be adopted and fully applied by the scientific community, it has to be tested. For this reason, the Harmonized Digital Forensic Investigation Process (HDFIP) model, currently a working draft towards becoming an international standard for digital forensic investigations (ISO/IEC 27043), needs to be tested.
This paper, therefore, presents the findings of a case study used to test the HDFIP model implemented in the ISO/IEC 27043 draft standard. The testing and evaluation process uses an anonymised real-life case to test each subprocess (grouped in classes) of the HDFIP model to show that it maintains a structured and precise logical flow that aims to provide acceptance, reliability, usability, and flexibility. The case study used also helps to analyse the effectiveness of the HDFIP model to ensure that the principles of validity and admissibility are fulfilled. A process with these properties would reduce the disparities within the field of digital forensic investigations and achieve global acceptance and standardization.
Keywords: Digital forensics (DF), harmonized digital forensic investigation process (HDFIP), ISO/IEC 27043, investigation process.
Scholarly Commons Citation
Mumba, Emilio R. and Venter, H. S., "Testing and Evaluating The Harmonised Digital Forensic Investigation Process in Post Mortem Digital Investigation" (2014). Annual ADFSL Conference on Digital Forensics, Security and Law. 3.
https://commons.erau.edu/adfsl/2014/wednesday/3
Included in
Aviation Safety and Security Commons, Computer Law Commons, Defense and Security Studies Commons, Forensic Science and Technology Commons, Information Security Commons, National Security Law Commons, OS and Networks Commons, Other Computer Sciences Commons, Social Control, Law, Crime, and Deviance Commons
Testing and Evaluating The Harmonised Digital Forensic Investigation Process in Post Mortem Digital Investigation
Richmond, Virginia
Existing digital forensic investigation process models have provided guidelines for identifying and preserving potential digital evidence captured from a crime scene. However, for any of the digital forensic investigation process models developed across the world to be adopted and fully applied by the scientific community, it has to be tested. For this reason, the Harmonized Digital Forensic Investigation Process (HDFIP) model, currently a working draft towards becoming an international standard for digital forensic investigations (ISO/IEC 27043), needs to be tested.
This paper, therefore, presents the findings of a case study used to test the HDFIP model implemented in the ISO/IEC 27043 draft standard. The testing and evaluation process uses an anonymised real-life case to test each subprocess (grouped in classes) of the HDFIP model to show that it maintains a structured and precise logical flow that aims to provide acceptance, reliability, usability, and flexibility. The case study used also helps to analyse the effectiveness of the HDFIP model to ensure that the principles of validity and admissibility are fulfilled. A process with these properties would reduce the disparities within the field of digital forensic investigations and achieve global acceptance and standardization.
Keywords: Digital forensics (DF), harmonized digital forensic investigation process (HDFIP), ISO/IEC 27043, investigation process.
