An Enhanced Process of Digital Forensic to Support E-Crime Investigations Focusing on Evidence Handling in Malaysian Armed Forces

Abstract

Digital Forensics Lab (DFL) in Malaysian Armed Forces (MAF) has been in operation since 2018, providing digital forensic services. The lab is in its maturing phase where the people and the process are still adjusting to the day-to-day operation. With the ease of the procured digital forensics tools, the analyst uses an explorative method to understand the tools’ function, operations and has been following basic procedures and guideline given by Scientific Working Group on Digital Evidence (SWGDE). Thus, the purpose of this study is to propose an enhanced digital forensic process for DFL. The need for a comprehensive process is to ease the operation inside DFL whereby the current process can be organized into groups so that it is easily followed and implemented. To do so, a pilot study has been done through the literature review where numerous processes were studied, and their phases were compared to find the gap process. The digital forensics processes that were proposed do not consider any specific environment, where the authors gave a general process such as preparing, identify, analysis, preservation and reporting to be used. There is no proper evidence handling steps in each of the existing digital forensic phase followed by DFL. Two main elements, that are the legal and environmental factors should be taken into consideration when proposing a process. To gather more data, the mix method was chosen where qualitative data (from the interview, observation and documentary analysis were performed) and quantitative data (from questionnaires) were collected. Analysis of the data collected aided in the formation of the newly enhanced digital forensic process for the DFL. The enhanced process benefits the personnel in DFL to follow the digital forensic steps and use it as the main reference in their daily operation. The enhanced process also can be referred by any government or private sectors that have a dedicated digital forensic laboratory on their own. This is because even though the enhanced process is developed based on the MAF management requirement, the steps of each phase can be used and adapted to other agencies as well. The process suits the daily operation in the army environment; therefore, the proposed process is expected to be practical, precise and easily followed by the current personnel and novices.