A Cost-Effective Model for Digital Forensic Investigations

  • Richard Overill
  • Michael Kwan
  • Kam-Pui Chow
  • Pierre Lai
  • Frank Law
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 306)


Because of the way computers operate, every discrete event potentially leaves a digital trace. These digital traces must be retrieved during a digital forensic investigation to prove or refute an alleged crime. Given resource constraints, it is not always feasible (or necessary) for law enforcement to retrieve all the related digital traces and to conduct comprehensive investigations. This paper attempts to address the issue by proposing a model for conducting swift, practical and cost-effective digital forensic investigations.


Investigation model Bayesian network 


  1. 1.
    S. Brin and L. Page, The anatomy of a large-scale hypertextual web search engine, Computer Networks and ISDN Systems, vol. 30(1-7), pp. 107–117, 1998.CrossRefGoogle Scholar
  2. 2.
    B. Carrier and E. Spafford, Defining event reconstruction of digital crime scenes, Journal of Forensic Sciences, vol. 49(6), pp. 1291–1298, 2004.CrossRefGoogle Scholar
  3. 3.
    E. Casey, Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet, Academic Press, London, United Kingdom, 2004.Google Scholar
  4. 4.
    Joint Committee on Human Rights, Counter-Terrorism Policy and Human Rights: Terrorism Bill and Related Matters, Third Report of Session 2005-06, HL Paper 75-I, HC 561-I, House of Lords, House of Commons, London, United Kingdom, 2005.Google Scholar
  5. 5.
    Kaspersky Lab, Free online virus scanner, Woburn, Massachusetts ( Scholar
  6. 6.
    M. Kwan, K. Chow, F. Law and P. Lai, Reasoning about evidence using Bayesian networks, in Advances in Digital Forensics IV, I. Ray and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 275–289, 2008.CrossRefGoogle Scholar
  7. 7.
    S. Lloyd, Measures of complexity: A non-exhaustive list, IEEE Control Systems, vol. 21(4), pp. 7–8, 2001.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Richard Overill
  • Michael Kwan
  • Kam-Pui Chow
  • Pierre Lai
  • Frank Law

There are no affiliations available

Personalised recommendations