STEPS TOWARD DEVELOPING CYBER FORENSIC MODEL PART II

Dear Readers,

We would like to present you second, final, part of eBook series dedicated to Developing a Computer Forensic Model to Investigate Cyber Crimes written by our contributor and friend Bryan Soliman.

In part I in the series of this topic, we investigated different processes and forensic tools implemented cyber forensics in an effort to develop a computer forensic Selection Criteria. These processes are used to obtain the digital evidence during digital forensic investigations. The developed Selection Criteria used in creating a Cyber Forensic Model entails various options of procedures, as well as forensic tools used by many organizations to build their own cyber forensic model. The Cyber Forensic Model will be dedicated to the Windows environment for cyber investigations.

 Introduction

The forensic model implements the processes that cover the investigation procedures from the collection of digital evidence to the presentation of such evidence in the court of law. During the investigation of cyber crimes cases, the collection, analysis, preservation and transportation of digital evidence are vital processes that aim to ensure cyber crime cases are presentable in court. The cyber investigation processes include standard procedures to collect and extract evidence from digital media that promotes the best practices.
The existing solutions of the computer forensics field are largely based on the ad-hoc processes and procedures, and as such; there is a need for a meticulous framework of forensics models that can promote and outlines qualities of their processes. As a result of the ad-hoc information gathered, these systems record too much of the wrong data (false positives) that makes the analysis of the evidence difficult, and in many cases even impossible. Implementing the right forensic model helps balancing the logged data and auditing of such data to ensure the quality of the forensic analysis. The traditional forensic analysis model has traded off accuracy with the amount of the data recorded, such an approach jeopardized the quality of the analysis, and accurate results (Peisert and Marzullo, 2007).
The above statement indicated that there is a need for implementing a quality forensic model that can create accurate results, and be based on outlined recommended qualities that can adhere to the forensic principles of accuracy, and high quality data. It is also important to measure the quality of the forensic model based on specific recommended quality that ensures that the forensic model can deliver the quality, and the results expected based on the previously determined abilities.
There is also a need for automated software systems that can assist in the cyber crime evidence collection, and these software systems used to extracting data and information from the computer’s storage media. Such software should guarantee reliability and accuracy in the evidence collection process.
During the forensic investigation, handling electronic documents imposes challenges since such documents can be copied or modified. For example, if a blackmailing letter was created and stored in a computer, it is easy for the suspect to argue that such file was planted into his/her computer after the computer had been seized by the cyber crime investigators or law enforcement agency, and also an argument can be raised that such document has been modified (Chow and Chan, 2005).
For the above reasons, it’s important to implement cyber crimes software systems within the forensic model processes that can verify the file system integrity, and also ensure the reliability, and the validity of the electronic evidence.
In this article, the developed Cyber Forensic Model will be based on the developed Selection Criteria (Part I of series of this article) where different options of procedures and software forensic tools will be implemented, offering choices to organizations to in building their own forensic models.