Towards a Harmonised Digital Forensic Process Model
| Време | 28. новембар 2011. 19:00 |
|---|---|
| Предавач | Александар Ваљаревић, Hein S. Venter (speaker), Department of Computer Science, University of Pretoria, South Africa |
| Место | сала 61 |
Abstract
Digital forensics has gained significant importance in the modern world. This is due to the high dependence of the modern world on information technology and the high prevalence of incidents within information systems that require digital forensic investigation, including cybercrime, data leakages, system malfunctions etc.
There are many definitions of the digital forensic process. However, currently there is no international standard or recommendation that regulates and formalises the digital forensic process, nor does there exist a harmonised digital forensic process model.
It is against this background that the authors defined the problem statement. The problem is that there is currently no harmonised digital forensic process model that can be used as a standardised set of guidelines for digital forensic investigation.
A harmonised digital forensic process model is therefore proposed. The model is iterative and includes twelve phases (Preparation; Planning; Incident detection; First response; Incident scene documentation; Evidence identification; Evidence collection; Evidence transportation; Evidence storage; Evidence analysis; Presentation, and Conclusion) and six actions that run parallel with the phases (Obtaining authorisation; Documentation; Defining information flow; Preserving the chain of evidence, Preservation of evidence, and Interaction with the physical investigation).
The authors believe that the proposed model is comprehensive and that it harmonises existing digital forensic process models. Even more, they believe that the proposed model can lead to the standardisation of the digital forensics process.