Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM)

Reza Montasari*, Richard Hill, Victoria Carpenter, Amin Hosseinian-Far

*Corresponding author for this work

Research output: Contribution to Book/Report typesChapterResearchpeer-review

Abstract

The existing digital forensic investigation process models (DFIPMs) have often been developed by digital forensic practitioners (DFPs), based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of both scientific and generic processes that are urgently required within the different fields of law enforcement, commerce and incident response. Therefore, a novel model – the Standardised Digital Forensic Investigation Process Model (the ESDFIPM) – was developed to address these shortcomings. Following the selected research methodology, the Peffers et al.’s Design Science Research Process (DSRP), the ESDFIPM was also subjected to both Demonstration and Evaluation activities to determine how well it would support the solution to the stated research problem. Therefore, this paper presents the results of the Demonstration and Evaluation activities applied to the proposed model. Our study makes three significant and novel contributions to the field of Digital Forensics (DF): First, it implements a process model, the design of which is inclusive of all the advantages of the previous models through their synthesis, harmonisation and extension. No such a model previously existed in the literature. Second, the ESDFIPM is generic in that it can be applied within the three fields of law enforcement, commerce and incident response. Third, unlike the majority of the previous models, the effectiveness of which is unknown due to the lack of an evaluation process, the ESDFIPM’s efficacy is demonstrated in relation to both components of ‘utility’ and ‘usability.
Original languageEnglish
Title of host publicationCyber Security Practitioner's Guide
EditorsHamid Jahankhani
PublisherWorld Scientific
ISBN (Print)978-981-120-445-6
DOIs
Publication statusPublished - Oct 2019

Fingerprint

Law enforcement
Digital forensics
Demonstrations
Standardization

Keywords

  • Standardised Digital Forensic Investigation Process Model
  • Digital Forensic
  • Forensic

Cite this

Montasari, R., Hill, R., Carpenter, V., & Hosseinian-Far, A. (2019). Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM). In H. Jahankhani (Ed.), Cyber Security Practitioner's Guide World Scientific. https://doi.org/10.1142/11390
Montasari, Reza ; Hill, Richard ; Carpenter, Victoria ; Hosseinian-Far, Amin. / Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM). Cyber Security Practitioner's Guide. editor / Hamid Jahankhani. World Scientific, 2019.
@inbook{8580aae8d2784acfad30a4f39f9d14c2,
title = "Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM)",
abstract = "The existing digital forensic investigation process models (DFIPMs) have often been developed by digital forensic practitioners (DFPs), based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of both scientific and generic processes that are urgently required within the different fields of law enforcement, commerce and incident response. Therefore, a novel model – the Standardised Digital Forensic Investigation Process Model (the ESDFIPM) – was developed to address these shortcomings. Following the selected research methodology, the Peffers et al.’s Design Science Research Process (DSRP), the ESDFIPM was also subjected to both Demonstration and Evaluation activities to determine how well it would support the solution to the stated research problem. Therefore, this paper presents the results of the Demonstration and Evaluation activities applied to the proposed model. Our study makes three significant and novel contributions to the field of Digital Forensics (DF): First, it implements a process model, the design of which is inclusive of all the advantages of the previous models through their synthesis, harmonisation and extension. No such a model previously existed in the literature. Second, the ESDFIPM is generic in that it can be applied within the three fields of law enforcement, commerce and incident response. Third, unlike the majority of the previous models, the effectiveness of which is unknown due to the lack of an evaluation process, the ESDFIPM’s efficacy is demonstrated in relation to both components of ‘utility’ and ‘usability.",
keywords = "Standardised Digital Forensic Investigation Process Model, Digital Forensic, Forensic",
author = "Reza Montasari and Richard Hill and Victoria Carpenter and Amin Hosseinian-Far",
year = "2019",
month = "10",
doi = "10.1142/11390",
language = "English",
isbn = "978-981-120-445-6",
editor = "Hamid Jahankhani",
booktitle = "Cyber Security Practitioner's Guide",
publisher = "World Scientific",
address = "United States",

}

Montasari, R, Hill, R, Carpenter, V & Hosseinian-Far, A 2019, Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM). in H Jahankhani (ed.), Cyber Security Practitioner's Guide. World Scientific. https://doi.org/10.1142/11390

Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM). / Montasari, Reza; Hill, Richard; Carpenter, Victoria; Hosseinian-Far, Amin.

Cyber Security Practitioner's Guide. ed. / Hamid Jahankhani. World Scientific, 2019.

Research output: Contribution to Book/Report typesChapterResearchpeer-review

TY - CHAP

T1 - Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM)

AU - Montasari, Reza

AU - Hill, Richard

AU - Carpenter, Victoria

AU - Hosseinian-Far, Amin

PY - 2019/10

Y1 - 2019/10

N2 - The existing digital forensic investigation process models (DFIPMs) have often been developed by digital forensic practitioners (DFPs), based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of both scientific and generic processes that are urgently required within the different fields of law enforcement, commerce and incident response. Therefore, a novel model – the Standardised Digital Forensic Investigation Process Model (the ESDFIPM) – was developed to address these shortcomings. Following the selected research methodology, the Peffers et al.’s Design Science Research Process (DSRP), the ESDFIPM was also subjected to both Demonstration and Evaluation activities to determine how well it would support the solution to the stated research problem. Therefore, this paper presents the results of the Demonstration and Evaluation activities applied to the proposed model. Our study makes three significant and novel contributions to the field of Digital Forensics (DF): First, it implements a process model, the design of which is inclusive of all the advantages of the previous models through their synthesis, harmonisation and extension. No such a model previously existed in the literature. Second, the ESDFIPM is generic in that it can be applied within the three fields of law enforcement, commerce and incident response. Third, unlike the majority of the previous models, the effectiveness of which is unknown due to the lack of an evaluation process, the ESDFIPM’s efficacy is demonstrated in relation to both components of ‘utility’ and ‘usability.

AB - The existing digital forensic investigation process models (DFIPMs) have often been developed by digital forensic practitioners (DFPs), based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of both scientific and generic processes that are urgently required within the different fields of law enforcement, commerce and incident response. Therefore, a novel model – the Standardised Digital Forensic Investigation Process Model (the ESDFIPM) – was developed to address these shortcomings. Following the selected research methodology, the Peffers et al.’s Design Science Research Process (DSRP), the ESDFIPM was also subjected to both Demonstration and Evaluation activities to determine how well it would support the solution to the stated research problem. Therefore, this paper presents the results of the Demonstration and Evaluation activities applied to the proposed model. Our study makes three significant and novel contributions to the field of Digital Forensics (DF): First, it implements a process model, the design of which is inclusive of all the advantages of the previous models through their synthesis, harmonisation and extension. No such a model previously existed in the literature. Second, the ESDFIPM is generic in that it can be applied within the three fields of law enforcement, commerce and incident response. Third, unlike the majority of the previous models, the effectiveness of which is unknown due to the lack of an evaluation process, the ESDFIPM’s efficacy is demonstrated in relation to both components of ‘utility’ and ‘usability.

KW - Standardised Digital Forensic Investigation Process Model

KW - Digital Forensic

KW - Forensic

UR - http://www.mendeley.com/research/cyber-security-practitioners-guide-1

U2 - 10.1142/11390

DO - 10.1142/11390

M3 - Chapter

SN - 978-981-120-445-6

BT - Cyber Security Practitioner's Guide

A2 - Jahankhani, Hamid

PB - World Scientific

ER -

Montasari R, Hill R, Carpenter V, Hosseinian-Far A. Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM). In Jahankhani H, editor, Cyber Security Practitioner's Guide. World Scientific. 2019 https://doi.org/10.1142/11390