Skip to main content

A Framework for Assessing the Core Capabilities of a Digital Forensic Organization

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 484)


This chapter describes a framework for building and managing the capabilities of digital forensic organizations. The framework employs equations that express the relationships between core capabilities, enabling the definition of digital forensic capabilities. Straussian grounded theory is used to create the theoretical framework that is grounded in the data. The framework is also grounded in the literature on digital forensic capabilities, specifically research related to digital forensic readiness, capability maturity models, digital forensic management frameworks and best practices for building and managing digital forensic laboratories. Thus, the framework is readily integrated with other theories; indeed, it can identify gaps existing in the theories and provides opportunities to extend the theories.


  • Digital forensic readiness
  • Grounded theory
  • Capability maturity model


  1. Al-Hanaei, E., Rashid, A.: DF-C2M2: a capability maturity model for digital forensic organizations. In: Proceedings of the IEEE Security and Privacy Workshops, pp. 57–60 (2014)

    Google Scholar 

  2. American Society of Crime Lab Directors/Laboratory Accreditation Board, Accreditation Programs, Garner, North Carolina (2016)

    Google Scholar 

  3. Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. Academic Press, Waltham (2011)

    Google Scholar 

  4. Corbin, J., Strauss, A.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications, Thousand Oaks (2008)

    CrossRef  Google Scholar 

  5. Creswell, J.: Research Design: Qualitative, Quantitative and Mixed Methods Approaches. Sage Publications, Thousand Oaks (2014)

    Google Scholar 

  6. Ellis, T., Levy, Y.: Towards a guide for novice researchers on research methodology: Review and proposed methods. Issues in Informing Science and Information Technology 6, 323–337 (2009)

    Google Scholar 

  7. Federal Bureau of Investigation: The accreditation decision. Forensic Science Communications, vol. 1(1) (1999)

    Google Scholar 

  8. Glaser, B., Strauss, A.: The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine Transaction, New Brunswick (2009)

    Google Scholar 

  9. Grobler, C.: A Digital Forensic Management Framework, Ph.D. Thesis, Department of Informatics, Faculty of Science, University of Johannesburg, Auckland Park, South Africa (2011)

    Google Scholar 

  10. Grobler, C., Louwrens, B.: Digital forensics: a multi-dimensional discipline. In: Proceedings of the Information Security South Africa from Insight to Foresight Conference (2006)

    Google Scholar 

  11. Jones, A., Valli, C.: Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility. Butterworth-Heinemann and Syngress Publishing, Burlington (2009)

    Google Scholar 

  12. Kerrigan, M.: A capability maturity model for digital investigations. Digital Investigation 10(1), 19–33 (2013)

    CrossRef  Google Scholar 

  13. Martin, P., Turner, B.: Grounded theory and organizational research. Journal of Applied Behavioral Science 22(2), 141–157 (1986)

    CrossRef  Google Scholar 

  14. Pollitt, M.: An ad hoc review of digital forensic models. In: Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 43–54 (2007)

    Google Scholar 

  15. Robson, C.: Real World Research. Blackwell Publishers, Malden (2002)

    Google Scholar 

  16. Rowlingson, R.: A ten-step process for forensic readiness. International Journal of Digital Evidence 2(3) (2004)

    Google Scholar 

  17. Rowlingson, R.: An Introduction to Forensic Readiness Planning, Technical Note 01/2005, National Infrastructure Security Co-ordination Centre, London, United Kingdom (2005)

    Google Scholar 

  18. Taylor, C., Endicott-Popovsky, B., Frincke, D.: Specifying digital forensics: A forensics policy approach. Digital Investigation 4(S), S101–S104 (2007)

    CrossRef  Google Scholar 

  19. Valjarevic, A., Venter, H.: A comprehensive and harmonized digital forensic investigation process model. Journal of Forensic Sciences 60(6), 1467–1483 (2015)

    CrossRef  Google Scholar 

  20. von Solms, S., Louwrens, C., Reekie, C., Grobler, T.: A control framework for digital forensics. In: Olivier, M.S., Shenoi, S. (eds.) DigitalForensics 2006. IAIC, vol. 222, pp. 343–355. Springer, Heidelberg (2006). doi:10.1007/0-387-36891-4_27

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Ahmed Almarzooqi .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 IFIP International Federation for Information Processing

About this paper

Cite this paper

Almarzooqi, A., Jones, A. (2016). A Framework for Assessing the Core Capabilities of a Digital Forensic Organization. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XII. DigitalForensics 2016. IFIP Advances in Information and Communication Technology, vol 484. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46278-3

  • Online ISBN: 978-3-319-46279-0

  • eBook Packages: Computer ScienceComputer Science (R0)