A Novel Process Framework for Digital Forensics Tools: Based on ISO/IEC 27037:2012

Abstract

Digital crime has reached unprecedented proportions nowadays. In order to assist digital forensics specialists, many digital forensics tools have been designed from open source programs or business software, which are based on law, policy and practice. Digital crime investigators often encounter a dilemma in choosing proper tools on the workflow of identifying, collecting, acquiring and preserving digital evidences. This study develops a novel process framework to examine some popular free or commercial tools, and proposes a standard evidential suite, which can be performed on the following three periods: prelusion, incident and aftermath. The nature of this framework suggests substantial benefits from using ISO/IEC 27037:2012 approach as a critical reference for cybercrime investigation. To ensure the quality of evidence collection, this framework may help to clarify the issue at hand, retain most of the useful information, and provide details of how this novel approach links evidence to a verifiable reconstruction of events at the crime scene. In this way, we believe that this framework allows for a stronger presentation of evidence in a cybercrime case.



Author Information
Da-Yu Kao, Central Police University, Taiwan
Guan-Jie Wu, Central Police University, Taiwan
Ying-Hsuan Chiu, Central Police University, Taiwan

Paper Information
Conference: ACBPP2014
Stream: Law of Intellectual Property

This paper is part of the ACBPP2014 Conference Proceedings (View)
Full Paper
View / Download the full paper in a new tab/window

Posted by amp21