International Conference on Global Security, Safety, and Sustainability

ICGS3 2015: Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security pp 83-95 | Cite as

Integrated Computer Forensics Investigation Process Model (ICFIPM) for Computer Crime Investigations

  • Reza Montasari
  • Pekka Peltola
  • David Evans
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 534)


Contrary to traditional crimes for which there exists deep-rooted standards, procedures and models upon which courts of law can rely, there are no formal standards, procedures nor models for digital forensics to which courts can refer. Although there are already a number of various digital investigation process models, these tend to be ad-hoc procedures. In order for the case to prevail in the court of law, the processes followed to acquire digital evidence and terminology utilised must be thorough and generally accepted in the digital forensic community. The proposed novel process model is aimed at addressing both the practical requirements of digital forensic practitioners and the needs of courts for a formal computer investigation process model which can be used to process the digital evidence in a forensically sound manner. Moreover, unlike the existing models which focus on one aspect of process, the proposed model describes the entire lifecycle of a digital forensic investigation.


Computer forensics Digital forensic investigations Process model Computer crime Formal framework Incident response 


  1. 1.
    Adams, R., Hobbs, V., Mann, G.: The advanced data acquisition model (ADAM): a process model for digital forensic practice. J. Digit. Forensics Secur. Law 8(4), 25–48 (2014)Google Scholar
  2. 2.
    Bulbul, H., Yavuzcan, H., Ozel, M.: Digital forensics: an analytical crime scene procedure model (ACSPM). Forensic Sci. Int. 233(1), 244–256 (2013)CrossRefGoogle Scholar
  3. 3.
    Agarwal, A., Gupta, M., Gupta, S., Gupta, C.: Systematic digital forensic investigation model. Int. J. Comput. Sci. Secur. 5(1), 118–130 (2011)MathSciNetGoogle Scholar
  4. 4.
    Ieong, R.S.C.: FORZA–digital forensics investigation framework that incorporate legal issues. Digit. Investig. 3, 29–36 (2006)CrossRefGoogle Scholar
  5. 5.
    Grobler, C.P., Louwrens, C.P., Sebastiaan, von Solms, H.: A multi-component view of digital forensics. In: ARES 2010 International Conference on Availability, Reliability, and Security. IEEE (2010)Google Scholar
  6. 6.
    Ademu, I., Imafidon, C., Preston, D.: A new approach of digital forensic model for digital forensic investigation. Int. J. Adv. Comput. Sci. Appl. 2(12), 175–178 (2011)Google Scholar
  7. 7.
    Cohen, F.: Putting the science in digital forensics. J. Digit. Forensics Secur. Law 6(1), 7–14 (2011)Google Scholar
  8. 8.
    Cohen, F.: Update on the State of the Science of Digital Evidence Examination. In: Proceedings of the Conference on Digital Forensics, Security & Law, pp. 7–18 (2012)Google Scholar
  9. 9.
    Kohn, M., Eloff, M., Eloff, J.: Integrated digital forensic process model. Comput. Secur. 38, 103–115 (2013)CrossRefGoogle Scholar
  10. 10.
    Zainudin, N., Merabti, M., Liwellyn-Jones, D.: Online social networks as supporting evidence: a digital forensic investigation model and its application design. In: International conference on Research and Innovation in Information Systems (ICRIIS), Kuala Lumpur, 23–24 November, pp. 1–6. IEEE (2011)Google Scholar
  11. 11.
    Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digit. Investig. 6, S2–S11 (2009)CrossRefGoogle Scholar
  12. 12.
    Carlton, H., Worthley, R.: An evaluation of agreement and conflict among computer forensic experts. In: 42nd Hawaii International Conference on System Sciences (HICSS), Hawaii, 5–8 January. IEEE, Hawaii (2009)Google Scholar
  13. 13.
    Pollitt, M.: Applying traditional forensic taxonomy to digital forensics. In: Ray, I., Shenoi, S. (eds.) Advances in Digital Forensics IV, vol. 285, pp. 17–26. Springer, New York (2008)CrossRefGoogle Scholar
  14. 14.
    Leigland, L., Krings, A.: A formalization of digital forensics. Int. J. Digit. Evid. 3(2), 1–32 (2004)Google Scholar
  15. 15.
    Carrier, B.: Defining digital forensic examination and analysis tools using abstraction layers. Int. J. Evid. 1(4), 1–12 (2003)MathSciNetGoogle Scholar
  16. 16.
    Stanfield, A.: Computer Forensics, Electronic Discovery and Electronic Evidence. LexisNexis Butterworths, Chatswood (2009)Google Scholar
  17. 17.
    Smith, R., Grabosky, P., Urbas, G.: Cyber Criminals on Trial. Cambridge University Press, Cambridge (2009)Google Scholar
  18. 18.
    Mason, S.: Electronic Evidence: Disclosure, Discovery & Admissibility. LexisNexis Butterworths, London (2007)Google Scholar
  19. 19.
    Kessler, C.: Judges’ awareness, understanding, and application of digital evidence. Ph.D. thesis. Nova Southeastern University (2010)Google Scholar
  20. 20.
    Casey, E.: Digital Evidence and Computer Crime Forensic Science, Computers and the Internet, 3rd edn. Elsevier, San Diego (2011)Google Scholar
  21. 21.
    The Law Reform: The Admissibility of Expert Evidence in Criminal Proceedings in England and Wales (2009). Accessed 20 Jan. 2015
  22. 22.
    Wiles, J. (ed.): The Best Damn Cybercrime and Digital Investigations Book Period: Syngress Publishing Palmer, Gary (2001). A road map for digital forensic research. First Digital Forensic Research Workshop, Utica, New York (2007)Google Scholar
  23. 23.
    Turnbull, B.: The adaptability of electronic evidence acquisition guides for new technologies. In: Proceedings of the 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia and WorkshopGoogle Scholar
  24. 24.
    Calhoun, C.: Scientific Evidence in Court: Daubert or Frye, 15 Years Later, vol. 23(37). Legal Backgrounder, Washington, DC (2008)Google Scholar
  25. 25.
    Peisert, S., Bishop, M., Marzullo, K.: Computer Forensics. In: Forensis’, Third International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, California, USA (2008)Google Scholar
  26. 26.
    Meyers, M., Rogers, M.: Computer forensics: the need for standardization and certification. Int. J. Digit. Evid. 3(2), 1–11 (2004)Google Scholar
  27. 27.
    Carrier, B.: Open source digital forensic tools: the legal argument’ (2002). Accessed 6 Jan 2014
  28. 28.
    US-CERT: Computer Forensics (2012).
  29. 29.
    Yussoff, Y., Roslan, I., Zainuddin, H.: Common phases of computer forensics investigation models. Int. J. Comput. Sci. Inf. Technol. 3(3), 17–31 (2011)Google Scholar
  30. 30.
    Trcek, D., Abie, H., Skomedal, A., Starc, I.: Advanced framework for digital forensic technologies and procedures. J. Forensic Sci. 55(6), 1471–1479 (2010)CrossRefGoogle Scholar
  31. 31.
    Beebe, N., Clark, J.: A hierarchical, objectives-based framework for the digital investigations process. Digit. Investig. 2(2), 147–167 (2005)CrossRefGoogle Scholar
  32. 32.
    Ciardhuáin, O.: An extended model of cybercrime investigations. Int. J. Digit. Evid. 3(1), 1–22 (2004)Google Scholar
  33. 33.
    Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digit. Evid. 1(3), 1–12 (2002)Google Scholar
  34. 34.
    Karyda, M., Mitrou, L.: Internet forensics: legal and technical issues. In: 2nd International Workshop on Digital Forensics and Incident Analysis, Samos (Greece), pp. 3–12 (2007)Google Scholar
  35. 35.
    Baryamureeba, V., Florence, T.: The enhanced digital investigation process model. In: Proceedings of the Fourth Digital Forensic Research Workshop (2004)Google Scholar
  36. 36.
    Armstrong, C., Armstrong, H.: Modeling forensic evidence systems using design science. In: IFIP WG 8.2/8.6 International Working Conference, Perth, Western Australia (2010)Google Scholar
  37. 37.
    Hevner, A., Chatterjee, S.: Design Research in Information Systems. Springer, New York (2010)CrossRefGoogle Scholar
  38. 38.
    Peffers, K., Tuunanen, T., Gengler, C., Rossi, M., Hui, W., Virtanen, V., Bragge, J.: The design science research process: a model for producing and presenting information systems research. In: Design Science Research in Information Systems and Technology (DESRIST 2006), 24–25 February, Claremont, CA (2006)Google Scholar
  39. 39.
    Rogers, M., Goldman, J., Mislan, R., Debrota, S., Wedge, T.: Computer forensics field triage process model. In: Conference on Digital Forensics, Security and Law (2006)Google Scholar
  40. 40.
    Nair, B.S.: Digital Electronics and Logic Design, 6th edn. Prentice Hall, New Delhi (2006)Google Scholar
  41. 41.
    Rowlingson, R.: A ten step process for forensic readiness. Int. J. Digit. Evid. 2(4), 1–28 (2004)Google Scholar
  42. 42.
    Tan, J.: Forensic Readiness (2001). Accessed 20 Jan 2015

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Derby UniversityDerbyUK
  2. 2.Nottingham UniversityNottinghamUK

Personalised recommendations