Digital crime has reached unprecedented proportions nowadays. In order to assist digital forensics specialists, many digital forensics tools have been designed from open source programs or business software, which are based on law, policy and practice. Digital crime investigators often encounter a dilemma in choosing proper tools on the workflow of identifying, collecting, acquiring and preserving digital evidences. This study develops a novel process framework to examine some popular free or commercial tools, and proposes a standard evidential suite, which can be performed on the following three periods: prelusion, incident and aftermath. The nature of this framework suggests substantial benefits from using ISO/IEC 27037:2012 approach as a critical reference for cybercrime investigation. To ensure the quality of evidence collection, this framework may help to clarify the issue at hand, retain most of the useful information, and provide details of how this novel approach links evidence to a verifiable reconstruction of events at the crime scene. In this way, we believe that this framework allows for a stronger presentation of evidence in a cybercrime case.
Da-Yu Kao, Central Police University, Taiwan
Guan-Jie Wu, Central Police University, Taiwan
Ying-Hsuan Chiu, Central Police University, Taiwan
Stream: Law of Intellectual Property
This paper is part of the ACBPP2014 Conference Proceedings (View)
View / Download the full paper in a new tab/window