Title: How to find exculpatory and inculpatory evidence using a circular digital forensics process model

Authors: Marjan Khatir, Seyed Mahmood Hejazi

Addresses: Department of Computer and Systems Sciences, Royal Institute of Technology (KTH), Forum 100, SE 164 40 Kista 164 40, Sweden. ' Computer Security Laboratory, CIISE, Concordia University, 1515 Ste-Catherine Street West, EV10 173, Montreal Quebec H3G 2W1, Canada

Abstract: With raising the number of cyber crimes, the need of having a proper digital forensic process also increases. Although digital forensics is practiced in recent years, there is still a big gap between previously suggested digital forensics processes and what is really needed to be done in real cases. Some problems with current processes are lack of flexible transition between phases, not having a clear method or a complete scenario for addressing reliable evidence, and not paying enough attention to management aspects and team roles. This article provides a process model by paying special attention to the team roles and management aspects as well as both exculpatory and inculpatory evidence.

Keywords: cyber crime; digital evidence; digital forensics; exculpatory evidence; inculpatory evidence; process modelling; team roles; management; teamwork.

DOI: 10.1504/IJESDF.2009.023877

International Journal of Electronic Security and Digital Forensics, 2009 Vol.2 No.1, pp.68 - 76

Published online: 17 Mar 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article