Towards a prototype for guidance and implementation of a standardized digital forensic investigation process

Abstract

Performing a digital forensic investigation requires a standardized and formalized process to be followed. There currently is neither an international standard formalizing such process nor does a global, harmonized digital forensic investigation process exist. Further, there exists no application that would guide a digital forensic investigator to efficiently implement such a process. This paper proposes the implementation of such a prototype in order to cater for this need. A comprehensive and harmonized digital forensic investigation process model has been proposed by the authors in their previous work and this model is used as a basis of the prototype. The prototype is in the form of a software application which would have two main functionalities. The first functionality would be to act as an expert system that can be used for guidance and training of novice investigators. The second functionality would be to enable reliable logging of all actions taken within the processes proposed in a comprehensive and harmonized digital forensic investigation process model. Ultimately, the latter functionality would enable the validation of use of a proper process. The benefits of such prototype include possible improvement in efficiency and effectiveness of an investigation due to the fact that clear guidelines will be provided when following the process for the course of the investigation. Another benefit includes easier training of novice investigators. The last, and possibly most important benefit, includes that higher admissibility of digital evidence as well as results and conclusions of digital forensic investigations will be possible due to the fact that it will be easier to show that the correct standardized process was followed.