Evaluation of the Standardised Digital Forensic Investigation Process Model (ESDFIPM)

The existing digital forensic investigation process models (DFIPMs) have often been developed by digital forensic practitioners (DFPs), based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of both scientific and generic processes that are urgently required within the different fields of law enforcement, commerce and incident response. Therefore, a novel model – the Standardised Digital Forensic Investigation Process Model (the ESDFIPM) – was developed to address these shortcomings. Following the selected research methodology, the Peffers et al.’s Design Science Research Process (DSRP), the ESDFIPM was also subjected to both Demonstration and Evaluation activities to determine how well it would support the solution to the stated research problem. Therefore, this paper presents the results of the Demonstration and Evaluation activities applied to the proposed model. Our study makes three significant and novel contributions to the field of Digital Forensics (DF): First, it implements a process model, the design of which is inclusive of all the advantages of the previous models through their synthesis, harmonisation and extension. No such a model previously existed in the literature. Second, the ESDFIPM is generic in that it can be applied within the three fields of law enforcement, commerce and incident response. Third, unlike the majority of the previous models, the effectiveness of which is unknown due to the lack of an evaluation process, the ESDFIPM’s efficacy is demonstrated in relation to both components of ‘utility’ and ‘usability.