The standardised digital forensic investigation process model (SDFIPM)

Reza Montasari; Richard Hill; Victoria Carpenter; Amin Hosseinian-Far

doi:10.1007/978-3-030-11289-9_8

The standardised digital forensic investigation process model (SDFIPM)

Reza Montasari
, Richard Hill
, Victoria Carpenter
, Amin Hosseinian-Far

University of Bedfordshire

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

16 Citations (Scopus)

2 Downloads (Pure)

Abstract

The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.

Original language	English
Title of host publication	Advanced Sciences and Technologies for Security Applications
Editors	Hamid Jahankhani, Stefan Kendzierskyj, Arshad Jamal, Gregory Epiphaniou, Haider Al-Khateeb
Publisher	Springer
Pages	169-209
Number of pages	41
ISBN (Electronic)	9783030112899
ISBN (Print)	9783030112882
DOIs	https://doi.org/10.1007/978-3-030-11289-9_8
Publication status	Published - 9 Apr 2019

Publication series

Name	Advanced Sciences and Technologies for Security Applications
ISSN (Print)	1613-5113
ISSN (Electronic)	2363-9466

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 16 Peace, Justice and Strong Institutions

Keywords

Case management
Chain of custody
DFA
DFI
Digital forensics
Digital forensics investigation
Event reconstruction process
Information flow
Standardised digital forensic investigation process model
Survey digital crime scene phase
UML
Unified modelling language

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Safety Research
Political Science and International Relations
Computer Science Applications
Computer Networks and Communications
Health, Toxicology and Mutagenesis

Access to Document

10.1007/978-3-030-11289-9_8

Montasari_etal_Springer_2019_The_Standardised_Digital_Forensic_Investigation_Process_Model_SDFIPM_Accepted author manuscript, 851 KBLicence: CC BY-NC-ND

https://link.springer.com/chapter/10.1007/978-3-030-11289-9_8

Handle.net

Persistent link

Cite this

Montasari, R., Hill, R., Carpenter, V., & Hosseinian-Far, A. (2019). The standardised digital forensic investigation process model (SDFIPM). In H. Jahankhani, S. Kendzierskyj, A. Jamal, G. Epiphaniou, & H. Al-Khateeb (Eds.), Advanced Sciences and Technologies for Security Applications (pp. 169-209). (Advanced Sciences and Technologies for Security Applications). Springer. https://doi.org/10.1007/978-3-030-11289-9_8

Montasari, Reza ; Hill, Richard ; Carpenter, Victoria et al. / The standardised digital forensic investigation process model (SDFIPM). Advanced Sciences and Technologies for Security Applications. editor / Hamid Jahankhani ; Stefan Kendzierskyj ; Arshad Jamal ; Gregory Epiphaniou ; Haider Al-Khateeb. Springer, 2019. pp. 169-209 (Advanced Sciences and Technologies for Security Applications).

@inbook{01310c187d8d497abbceb3d7a6c7bede,

title = "The standardised digital forensic investigation process model (SDFIPM)",

abstract = "The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the {\textquoteleft}middle part{\textquoteright} of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.",

keywords = "Case management, Chain of custody, DFA, DFI, Digital forensics, Digital forensics investigation, Event reconstruction process, Information flow, Standardised digital forensic investigation process model, Survey digital crime scene phase, UML, Unified modelling language",

author = "Reza Montasari and Richard Hill and Victoria Carpenter and Amin Hosseinian-Far",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.",

year = "2019",

month = apr,

day = "9",

doi = "10.1007/978-3-030-11289-9\_8",

language = "English",

isbn = "9783030112882",

series = "Advanced Sciences and Technologies for Security Applications",

publisher = "Springer",

pages = "169--209",

editor = "Hamid Jahankhani and Stefan Kendzierskyj and Arshad Jamal and Gregory Epiphaniou and Haider Al-Khateeb",

booktitle = "Advanced Sciences and Technologies for Security Applications",

address = "Germany",

}

Montasari, R, Hill, R, Carpenter, V & Hosseinian-Far, A 2019, The standardised digital forensic investigation process model (SDFIPM). in H Jahankhani, S Kendzierskyj, A Jamal, G Epiphaniou & H Al-Khateeb (eds), Advanced Sciences and Technologies for Security Applications. Advanced Sciences and Technologies for Security Applications, Springer, pp. 169-209. https://doi.org/10.1007/978-3-030-11289-9_8

The standardised digital forensic investigation process model (SDFIPM). / Montasari, Reza; Hill, Richard; Carpenter, Victoria et al.
Advanced Sciences and Technologies for Security Applications. ed. / Hamid Jahankhani; Stefan Kendzierskyj; Arshad Jamal; Gregory Epiphaniou; Haider Al-Khateeb. Springer, 2019. p. 169-209 (Advanced Sciences and Technologies for Security Applications).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - The standardised digital forensic investigation process model (SDFIPM)

AU - Montasari, Reza

AU - Hill, Richard

AU - Carpenter, Victoria

AU - Hosseinian-Far, Amin

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019/4/9

Y1 - 2019/4/9

N2 - The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.

AB - The field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all the environments. This has hindered the development of a generic model that can be applied in all the three stated fields of digital forensics. To address these shortcomings, this chapter makes a novel contribution by proposing the Advanced Investigative Process Model (the SDFIPM) for Conducting Digital Forensic Investigations, encompassing the ‘middle part’ of the digital investigative process, which is formal in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three fields of law enforcement, commerce and incident response.

KW - Case management

KW - Chain of custody

KW - DFA

KW - DFI

KW - Digital forensics

KW - Digital forensics investigation

KW - Event reconstruction process

KW - Information flow

KW - Standardised digital forensic investigation process model

KW - Survey digital crime scene phase

KW - UML

KW - Unified modelling language

UR - https://www.scopus.com/pages/publications/85070499585

U2 - 10.1007/978-3-030-11289-9_8

DO - 10.1007/978-3-030-11289-9_8

M3 - Chapter

AN - SCOPUS:85070499585

SN - 9783030112882

T3 - Advanced Sciences and Technologies for Security Applications

SP - 169

EP - 209

BT - Advanced Sciences and Technologies for Security Applications

A2 - Jahankhani, Hamid

A2 - Kendzierskyj, Stefan

A2 - Jamal, Arshad

A2 - Epiphaniou, Gregory

A2 - Al-Khateeb, Haider

PB - Springer

ER -

Montasari R, Hill R, Carpenter V, Hosseinian-Far A. The standardised digital forensic investigation process model (SDFIPM). In Jahankhani H, Kendzierskyj S, Jamal A, Epiphaniou G, Al-Khateeb H, editors, Advanced Sciences and Technologies for Security Applications. Springer. 2019. p. 169-209. (Advanced Sciences and Technologies for Security Applications). doi: 10.1007/978-3-030-11289-9_8

The standardised digital forensic investigation process model (SDFIPM)

Abstract

Publication series

UN SDGs

Keywords

ASJC Scopus subject areas

Access to Document

Handle.net

Other files and links

Fingerprint

Cite this