Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
This consists of four basic phases: collection, examination, analysis and reporting (Shin, 2011). More specifically, stages of this digital forensic methodology are comprised of the following central aspects. Firstly, there is the obtaining of the data, followed by the forensic request; the preparation and extraction phases; identification and finally analysis and forensic reporting leading to case level analysis (DIGITAL FORENSIC ANALYSIS METHODOLOGY).
The preparation and extraction phase is characterized by the examiner's question as to whether there is sufficient information to proceed and to ensure that there is sufficient data available to answer the request or requests that might be made in the investigation (Carroll et al.). The duplication of forensic data is also part of this process, as well as the verification of its integrity. This process assumes that "....law enforcement has already obtained the data through appropriate legal process and created a forensic image" ( Carroll et al.). After verification and integrity testing, the process of extracting the data is begun.
The identification process refers to the rigorous identification of the forensic evidence in terms in the extracted data list. However, if the forensic examiner encounters incriminating items of evidence which are outside the original search warrant, the recommendation is that activity is halted and the authorities notified. (Carroll et al.). An example given is: "law enforcement might seize a computer for evidence of tax fraud, but the examiner may find an image of child pornography" (Carroll et al.). This is an important aspect as it indicates that this methodology is extremely flexible and takes into account context and content outside the initial prescribed parameters.
The analysis phase is all important to the forensic process. In this phase, "...examiners connect all the dots and paint a complete picture for the requester"(Carroll et al.). Part of this process is the correlating of relevant data with questions such as what was the original and other relevant questions that provide insight into the investigation. This phase has been critiqued in this methodology as being "... improperly defined and ambiguous" ( Shin, 2011).
3. Comparisons and Evaluations
Carrier's model or methodology plays considerable attention to data integrity. This is evident for instance the correlation process where data is correlated with various outside sourced in order to prevent forgery or inaccurate forensic data.
If we compare these two methodologies in terms of heading such as evidence integrity, management of lead information and evidential context, we find that
Carrier's Methodology is useful from a number of perspectives. Carrier places emphasis on the initial investigatory process and the identification and verification of data. As Carrier states in an article entitled Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers (2002), " As with any investigation, to find the truth one must identify data that: Verifies existing data and theories (Inculpatory Evidence), Contradicts existing data and theories (Exculpatory Evidence)" ( Carrier, 2002). This focuses on identification and analyse in this methodological model.
The United States Department of Justice's digital forensic analysis methodology is more broadly designed and seems to be more focused on procedural details and protocols and also tends to be more meticulous in terms of guidelines. This is evident in some degree in the preparation and extraction phase of the methodology. It could be argued that this methodology is therefore more effective and integrated in terms of management of information.
Another important difference that is evident in the literature on this methodology is that it could be argued that the USDOJ digital forensic analysis methodology tends to be more concerned with context. This is clear if we compare the identification process and the attention given to the extracted data list and to any other leads that may surface in the process of identification and in comparison to the extraction list. For example,
Depending on the stage of a case, extracted and identified relevant data may give the requester enough information to move the case forward, and examiners may not need to do further work. For example, in a child pornography case, if an examiner recovers an overwhelming number of child pornography images organized in user created directories...
(Carroll et al.).
A close comparison of the various aspects reveals as well that there are possibly more similarities than dissimilarities between the two methodologies.
Conclusion
As s has been noted by Shin (2011) above, it is asserted that many modern digital forensic methodologies are lacking with regard to the classification of cyber crime and in relation to psychological profiling investigation methods. This also refers to aspects of both methodologies that have been discussed. In summation however it should also be pointed out that both these methodologies adequately cover the field of computer and digital forensics and that both provide useful frameworks for collection data, data integrity, analysis and legal considerations.
We could suggest that Carrier's methodology and model tends to lean more towards the investigative and computer orientated...
Another suggestion is that the United States Department of Justice would be more expensive and time consuming to implement because of its extensive protocols and detailed procedures.
While both these methodologies may have shortcomings, they can be seen as part of the natural evolution towards as more comprehensive set of methods and parameters for contemporary digital forensic investigation and analysis. One should also take into account that there are a number of newer models and methodologies that have emerged which attempt to provide a more inclusive and comprehensive coverage of the different variables. Shin ( 2011) for example discusses a more comprehensive methodology . This proposed model contains the following phases.
a readiness phase consulting with profiler cyber crime classification
Investigation priority decision damaged cyber crime scene investigation analysis by crime profiler suspects tracking, cyber crime logical reconstruction report writing.
( Shin, 2011) .
In the final analysis, while there may be more comprehensive emerging methodologies, those put forward Carrier and the United States Department of Justice should be seen as valuable contribution to the advancement and evolution of forensic methods of investigation and legal procedure.
References
. Brian Carrier ( 2002) Defining Digital Forensic Examination and Analysis Tools Using
Abstraction Layers. Retrieved from http://www.digital-evidence.org/papers/opensrc_legal.pdf
This study discusses the link between digital forensic analysis tools and their use in a legal setting. The article provides insight into the necessary methodologies used to meet evidentiary and legal demands.
DIGITAL FORENSIC ANALYSIS METHODOLOGY. Retrieved from http://www.cybercrime.gov/forensics_chart.pdf
Retrieved from http://www.digital-evidence.org/papers/opensrc_legal.pdf
Carrier B. ( 2005) File System Forensic Analysis. Retrieved from http://dubeiko.com/development/FileSystems/BOOKS/FileSystemAnalysis.pdf
Carrier B. ( 2006). Basic Digital Forensic Investigation Concepts. Retrieved from http://www.digital-evidence.org/di_basics.html
Cohen F. Fundamentals of Digital Forensic Evidence. Retrieved from http://all.net/ForensicsPapers/HandbookOfCIS.pdf
UNITED STATES ATTORNEYS ' BULLETIN. Retrieved from http://www.justice.gov/usao/eousa/foia_reading_room/usab5601.pdf
Retrieved from http://www.nij.gov/pubs-sum/199408.htm
http://www.scribd.com/doc/53037178/computer-forensics
Analysis Methodology. Retrieved from http://www.justice.gov/usao/eousa/foia_reading_room/usab5601.pdf
Sansurooah K. (2006).Taxonomy of computer forensics methodologies and procedures for digital evidence seizure. Retrieved from http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1031&context=adf
Journal of Next Generation Information Technology, 2(2).Retrieved from http://www.aicit.org/jnit/ppl/1_JNIT_MAY.pdf
Forensics and Digital Evidence Forensics is a discipline which uses standardized techniques to pull apart an event, analyze what happened, and find a more accurate conclusion to the data analysis than just witness testimony. For centuries, lacking even rudimentary techniques like fingerprinting or blood type analysis, the legal system relied on confessions and witness testimony. We may turn to Ancient Greece for one of the first recorded examples of a type
Benchmarking Keyloggers for Gathering Digital Evidence on Personal Computers Keyloggers refers to the hardware or software programs, which examine keyboard and mouse activity on a computer in a secretive manner so that the owner of the computer is not aware that their actions are monitored. The keyloggers accumulate the recorded keystrokes for later recovery or remotely convey it to the person employing them. Keyloggers aimed to serve as spyware and currently
The rapid development of predictive routing algorithms that seek to anticipate security breaches are also becoming more commonplace (Erickson, 2009). Evidence acquisition through digital forensics seeks to also define preservation of all patterns of potential crime, regardless of the origination point (Irons, 2006). The collaboration that occurs in the open source forensic software industry acts as a catalyst of creativity specifically on this point. There are online communities that
Digital forensic can be described as a branch of forensic science surrounding the recovery as well as investigation of materials which are found within digital devices, in many occasion regarding computer crime. Originally the term was always used as a synonym for computer forensics; however it has spread out to be used in investigations of the entire devices with capability of storing digital data. Having its grounds in the personal
Forensics in Criminal Investigations Exploring the Use of Forensics in Criminal Investigations Forensic Science and Technology This paper explores the role of forensic science and technology in modern criminal investigations. It first examines the nature and role of physical evidence in regards to how it is uncovered, preserved, and analyzed within forensics today. Physical evidence is described in the varying types and categories. Then, the paper moves to evaluating different types of forensic
Hash Values in Digital Forensics Introduction Hash values denote condensed representations of digitized or binary content within digital material; however, they offer no additional information pertaining to the contents of any material interpretable by an individual. Moreover, the hash function is algorithms that convert variable-sized text quantities into hash values (which are fixed-sized outputs). Also called “cryptographic hash functions,” they facilitate the development of digital signatures, short textual condensations, and hash tables