Get Complete Project Material File(s) Now! »
What is Digital Forensics?
Digital forensics refers to the methodical recovery, storage, analysis and presentation of digital information [16]. According to the Council of Europe Electronic Evidence Guide [17], digital forensics is a branch of forensic science that deals with the acquisition, processing, analysis and reporting of evidence which is stored on computer systems, digital devices and other storage media with the aim of admissibility in court. Digital forensics has been recognised as a science in the research community. For example, Pollitt [15] defines digital forensics as ‘the application of science and engineering to the legal problem of digital evidence’. According to Pollitt’s assertion, digital forensics is essentially a synthesis of science and law.
Digital forensics is normally considered within the broad domain of forensic science. According to the American Academy of Forensic Sciences [18], forensic science has been in existence for the last three centuries. The Oxford Dictionary [19] traces the origin of forensics to the Latin word forēnsis, which it defines as the scientific process of collecting and examining information to be used as evidence in a court of law. Saferstein [20] makes references to several domains of forensics, including toxicology, chemistry and biology. He defines forensics as the application of science to the detection, examination and presentation of evidence in legal proceedings.
Practitioners and researchers have adopted different terminologies such as digital forensics, computer forensics and digital investigations to explain the scientific method of obtaining and applying digital evidence for the purpose of justice. While the term ‘computer forensics’ provides a narrow definition as presented by Gottschalk et al. [21] and Kuchta [22], the term ‘digital investigations’ is broader in scope and has been adopted by ISO in ISO/IEC 27043.
Locard’s Exchange Principle and Digital Forensics
Digital forensics as a scientific discipline is rooted in the classic forensic principles. The goal of any forensic scientific method is to trace the trails that offenders leave at crime scenes and to connect offenders to the commission of the crime. Forensics is employed to obtain tangible and compelling evidence relative to the commission of a crime. Locard’s Exchange Principle is the foundational principle of any forensic science discipline.
According to Locard’s Exchange Principle, contacts between two persons, items or objects will result in an exchange [3]. Edmond Locard, a 20th century French criminologist postulated this principle, which pioneered the development of modern forensic sciences. This principle applies to any contact at the scene of the crime, including between a perpetrator and victim, between a perpetrator and the tool used to commit the offence, and also a trace between the crime scene and the tool used to facilitate the crime. This exchange or transfer among entities involved in the commission of a crime occurs in the physical world for traditional crimes. In digital forensics, the exchange or transfer also occurs in the digital environment.
Digital forensics as a forensic science is proven by Locard’s Exchange Principle. A case example is presented below. For a device such as a laptop to be connected to a protected wireless network, it will need to make its Media Access Control address available to the wireless network administrator (router) before access is granted. An exchange occurs between these two devices and traces are left (the router keeps logs of the wireless internet access) after the connection. Generally, users of computer devices leave digital traces usually called digital footprints. Digital forensic examiners are able to identify suspects of computer crimes by identifying and analysing these digital footprints.
Casey [3] further expands Locard’s Exchange Principle by categorizing exchanges between suspects and crime scenes into class characteristics and individual characteristics. According to Casey’s argument, class characteristics are common traits among a similar group whereas individual characteristics are uniquely linked to a particular person or activity. According to Casey [3], the principle of individualization of crime scene transfers and exchanges applies to both traditional and digital crime investigations. Casey [3] further provides persuasive examples to substantiate his argument. In his view, a forensic examiner may be able to determine that a Microsoft Word document is fake because it may have been created using a version of Microsoft Word that was released after the purported creation date of the document in question. This is a typical example of class characteristics of evidence exchange. For individual characteristics, a forensic examiner may be able to link a Microsoft Word document to a suspect because the metadata of the document under investigation bears the unique details of the suspect.
Digital Forensics Categories
Digital forensics is undoubtedly the newest of the forensic sciences. New developments and evolution in the information technology environment have further widened the scope of digital forensics, leading to the emergence of a number of sub-branches. This implies that the current taxonomy in digital forensics is significantly influenced by the scope of a particular digital investigation. There is currently no standardised research-based classification for digital forensics. The researcher presents below the most common forms of digital forensics within the industry and the research community.
PART 1: INTRODUCTION
CHAPTER 1: INTRODUCTION
1.1 Introduction
1.2 Motivation for the Study
1.3 Problem Statement
1.4. Research Methodology
1.5 Terminologies and Acronyms
1.6 Thesis Layout
1.7 Conclusion
PART 2: RESEARCH BACKGROUND
CHAPTER 2: DIGITAL FORENSICS
2.1 Introduction
2.2 What is Digital Forensics?
2.3 Locard’s Exchange Principle and Digital Forensics
2.4 Digital Forensics Categories
2.5 Digital Forensics Models and Frameworks
2.5 Digital Forensics Readiness
2.6 Forensic-by-Design
2.7 Challenges with Digital Forensics
2.7 Conclusion
CHAPTER 3: DIGITAL EVIDENCE
3.1 Introduction
3.2 What is Digital Evidence?
3.3 Types and Sources of Digital Evidence
3.4 Traditional Evidence Vs. Digital Evidence
3.5 Principles of Digital Evidence
3.6 Admissibility of Digital Evidence and Admissibility Challenges
3.7 Conclusion
PART 3: INTRODUCTION AND VALIDATION OF THE HARMONISED MODEL FOR DIGITAL EVIDENCE ADMISSIBILITY ASSESSMENT (HM-DEAA)
CHAPTER 4: DETERMINANTS OF ADMISSIBILITY OF DIGITAL EVIDENCE
4.1 Introduction
4.2 Technical Determinants of Admissibility of Digital Evidence
4.3 Legal Determinants of Admissibility of Digital Evidence
4.4 Conclusion
CHAPTER 5: MODEL FOR DIGITAL EVIDENCE ADMISSIBILITY ASSESSMENT
5.1 Introduction
5.2 Towards Harmonisation of Technical and Legal Determinants
5.3 Framework for Digital Evidence Admissibility Assessment
5.4 Harmonised Model for Digital Evidence Admissibility Assessment (HM-DEAA)
5.5 Conclusion
CHAPTER 6: SURVEY ON DETERMINANTS FOR THE ADMISSIBILITY OF DIGITAL EVIDENCE
6.1 Introduction
6.2 Survey Objectives and Design
6.3 Survey Methodology, Sampling and Data Collection
6.4 Survey Findings and Discussions
6.5 Conclusion
PART 4: HM-DEAA IMPLEMENTATION
CHAPTER 7: IMPLEMENTATION OF THE HM-DEAA
7.1 Introduction
7.2 Flow Chart Representation of HM-DEAA Algorithm
7.3 Determination of Evidential Weight using Factor Analysis
7.4 HM-DEAA Algorithm Evaluation
7.5 Conclusion
CHAPTER 8: HM-DEAA EXPERT SYSTEM
8.1 Introduction
8.2 Case Scenario and Purpose of HM-DEAA Expert System
8.3 HM-DEEA Expert System Model
8.4 HM-DEAA ExP Algorithm and System Requirements
8.5 Operational Parameters for the HM-DEAA Expert System
8.6 Deployment and Evaluation of the HM-DEAA Expert System
8.7 Conclusion
CHAPTER 9: APPLICATION OF HM-DEAA EXPERT SYSTEM (HM-DEAA ExP)
9.1 Introduction
9.2 Application of the HM-DEAA Expert System in Judicial Decision Making
9.3 Conclusion
PART 5: EVALUATION
CHAPTER 10: EVALUATION
10.1 Introduction
10.2 Key Research Contributions
10.3 Research Drawbacks and Future Work
10.4 Conclusion
PART 6: CONCLUSION
CHAPTER 11: CONCLUSION
11.1 Introduction
11.2 Revisiting the Problem Statement and Research Implications
11.3 Conclusion
BIBLIOGRAPHY