A Digital Forensic Investigation and Verification Model for Industrial Espionage

  • Jieun Dokko
  • Michael Shin
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 259)


This paper describes a digital forensic investigation and verification model for industrial espionage (DEIV-IE) focusing on insider data thefts at the company level. This model aims to advance the state-of practice in forensic investigation and to verify evidence sufficiency of industrial espionage cases by incorporating the crime specific features and analysis techniques of digital evidence. The model is structured with six phases: file reduction, file classification, crime feature identification, evidence mapping, evidence sufficiency verification, and documentations. In particular, we focus on characterizing crime features that have multiple aspects of commonalities in crime patterns in industrial espionage; and the evidence sufficiency verification that is a verification procedure for digital evidence sufficiency for court decision using these crime features. This model has been developed based on analysis of five industrial espionage cases and the literature review, being validated with three additional cases in terms of the effectiveness of the model.


Digital forensic investigation Digital evidence verification Evidence prioritization Behavioral evidence analysis Digital forensics triage Industrial espionage 


  1. 1.
    Montasari, R.: Review and assessment of the existing digital forensic investigation process models. Int. J. Comput. Appl. 147, 7 (2016)Google Scholar
  2. 2.
    Boddington, R., Hobbs, V., Mann, G.: Validating digital evidence for legal argument. In: Australian Digital Forensics Conference (2008)Google Scholar
  3. 3.
    Karie, N.M., Venter, H.S.: Towards a framework for enhancing potential digital evidence presentation. In: Information Security for South Africa. IEEE (2013)Google Scholar
  4. 4.
    Ieong, R.S.C.: FORZA–digital forensics investigation framework that incorporate legal issues. Digit. Investig. 3, 29–36 (2006)CrossRefGoogle Scholar
  5. 5.
    Søilen, K.S.: Economic and industrial espionage at the start of the 21st century–Status quaestionis. J. Intell. Stud. Bus. 6, 3 (2016)Google Scholar
  6. 6.
    Marturana, F., et al.: A quantitative approach to triaging in mobile forensics. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE (2011)Google Scholar
  7. 7.
    McClelland, D., Marturana, F.: A digital forensics triage methodology based on feature manipulation techniques. In: IEEE International Conference on Communications Workshops (ICC). IEEE (2014)Google Scholar
  8. 8.
    Cantrell, G., et al.: Research toward a partially-automated, and crime specific digital triage process model. Comput. Inf. Sci. 5(2), 29 (2012)Google Scholar
  9. 9.
    James, J.I., Gladyshev, P.: A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview. Digit. Invest. 10(2), 148–157 (2013)CrossRefGoogle Scholar
  10. 10.
    Karie, N., Venter, H.: A generic framework for enhancing the quality digital evidence reports. In: 13th European Conference on Cyber Warfare and Security ECCWS-2014 the University of Piraeus Piraeus, Greece (2014)Google Scholar
  11. 11.
    Karie, N.M., Venter, H.S.: Towards a framework for enhancing potential digital evidence presentation. In: Information Security for South Africa 2013. IEEE (2013)Google Scholar
  12. 12.
    Mohamed, I.A., Manaf, A.B.: An enhancement of traceability model based-on scenario for digital forensic investigation process. In: Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec). IEEE (2014)Google Scholar
  13. 13.
    Karie, N., Kebande, V., Venter, H.: A generic framework for digital evidence traceability. In: European Conference on Cyber Warfare and Security. Academic Conferences International Limited (2016)Google Scholar
  14. 14.
    National Institute of Standards and Technology (NIST) (2002). The National Software Reference Library (NSRL). Accessed 24 Jan 2018
  15. 15.
    Holt, T.J., Bossler, A.M., Seigfried-Spellar, K.C.: Cybercrime and Digital Forensics: An Introduction. Routledge, Abingdon (2015)CrossRefGoogle Scholar
  16. 16.
    Bruce, C., Santos, R.B.: Crime Pattern Definitions for Tactical Analysis (2011)Google Scholar
  17. 17.
    Raghavan, S., Raghavan, S.V.: A study of forensic & analysis tools. In: Eighth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE). IEEE (2013)Google Scholar
  18. 18.
    Teppler, S.W.: Testable reliability: a modernized approach to ESI admissibility. Ave Maria L. Rev. 12, 213 (2014)Google Scholar
  19. 19.
    Legal Information Institute (Hearsay 2017). Accessed May 2017
  20. 20.
    United States v. Hamilton, 413 F.3d 1138, 1142 (10th Cir. 2005)Google Scholar
  21. 21.
    Records of Regularly Conducted Activity, Rule 803(6), Federal Rule of EvidenceGoogle Scholar
  22. 22.
    Carvey, H.: Windows forensic analysis DVD toolkit. Syngress, Amsterdam (2009)Google Scholar
  23. 23.
    United States v. Washington, 498 F.3d 225, 233 (4th Cir. 2007)Google Scholar
  24. 24.
    Casey, E.: Error, uncertainty, and loss in digital evidence. Int. J. Digit. Evid. 1(2), 1–45 (2002)Google Scholar
  25. 25.
    Sinha, S.: Understanding industrial espionage for greater technological and economic security. IEEE Potentials 31(3), 37–41 (2012)CrossRefGoogle Scholar
  26. 26.
    Wright, L.: People, risk, and security: How to Prevent Your Greatest Asset from Becoming your Greatest Liability. Springer, London (2017). Scholar
  27. 27.
    EC-Council: Computer Forensics: Investigating Network Intrusions and Cyber Crime. Nelson Education (2009)Google Scholar
  28. 28.
    Carrier, B., Spafford, E.H.: An event-based digital forensic investigation framework. In: Digital Forensic Research Workshop (2004)Google Scholar
  29. 29.
    Bhatti, H.J., Alymenko, A.: A Literature Review: Industrial Espionage (2017)Google Scholar
  30. 30.
    EC-Council: Computer Forensics: Hard disk and Operating Systems. Nelson Education (2009)Google Scholar
  31. 31.
    Hultquist, J.: Distinguishing cyber espionage activity to prioritize threats. In: 13th European Conference on Cyber Warfare and Security ECCWS-2014, The University of Piraeus Piraeus, Greece (2014)Google Scholar
  32. 32.
    Tun, T., et al.: Verifiable limited disclosure: reporting and handling digital evidence in police investigations. In: IEEE International Conference on Requirements Engineering Conference Workshops (REW). IEEE (2016)Google Scholar
  33. 33.
    Chung, H., et al.: Digital forensic investigation of cloud storage services. Digit. Investig. 9(2), 81–95 (2012)CrossRefGoogle Scholar
  34. 34.
    Sammons, J.: The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Elsevier, Waltham (2012)Google Scholar
  35. 35.
    Al Mutawa, N., et al.: Forensic investigation of cyberstalking cases using behavioural evidence analysis. Digit. Investig. 16, S96–S103 (2016)CrossRefGoogle Scholar
  36. 36.
    Al Mutawa, N., et al.: Behavioural evidence analysis applied to digital forensics: an empirical analysis of child pornography cases using P2P networks. In: 10th International Conference on Availability, Reliability and Security (ARES) 2015. IEEE (2015)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceTexas Tech UniversityLubbockUSA
  2. 2.Supreme Prosecutors’ OfficeSeoulRepublic of Korea

Personalised recommendations