Concept Mapping for Digital Forensic Investigations

  • April Tanner
  • David Dampier
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 306)


Research in digital forensics has yet to focus on modeling case domain information involved in investigations. This paper shows how concept mapping can be used to create an excellent alternative to the popular checklist approach used in digital forensic investigations. Concept mapping offers several benefits, including creating replicable, reusable techniques, simplifying and guiding the investigative process, capturing and reusing specialized forensic knowledge, and supporting training and knowledge management activities. The paper also discusses how concept mapping can be used to integrate case-specific details throughout the investigative process.


Concept mapping investigative process knowledge management 


  1. 1.
    V. Baryamureeba and F. Tushabe, The enhanced digital investigation process model, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.Google Scholar
  2. 2.
    N. Beebe and J. Clark, A hierarchical, objectives-based framework for the digital investigation process, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.Google Scholar
  3. 3.
    A. Bogen, Selecting Keyword Search Terms in Computer Forensic Examinations using Domain Analysis and Modeling, Ph.D. Dissertation, Department of Computer Science and Engineering, Mississippi State University, Mississippi State, Mississippi, 2006.Google Scholar
  4. 4.
    A. Bogen and D. Dampier, Unifying computer forensics modeling approaches: A software engineering perspective, Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 27–39, 2005.Google Scholar
  5. 5.
    D. Brezinski and T. Killalea, RFC3227: Guideline for Evidence Collection and Archiving, Networking Working Group, Internet Engineering Task Force (, 2002.Google Scholar
  6. 6.
    B. Carrier and E. Spafford, An event-based digital forensic investigation framework, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.Google Scholar
  7. 7.
    S. Ciardhuain, An extended model of cybercrime investigations, International Journal of Digital Evidence, vol. 3(1), 2004.Google Scholar
  8. 8.
    M. Kramer, Using Concept Maps for Knowledge Acquisition in Satellite Design: Translating “Statement of Requirements on Orbit” to “Design Requirements,” Ph.D. Dissertation, Graduate School of Computer and Information Sciences, Nova Southeastern University, Fort Lauderdale-Davie, Florida, 2005.Google Scholar
  9. 9.
    W. Kruse and J. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley, Boston, Massachusetts, 2001.Google Scholar
  10. 10.
    M. Noblett, M. Pollitt and L. Presley, Recovering and examining computer forensic evidence, Forensic Science Communications, vol. 2(4), 2000.Google Scholar
  11. 11.
    J. Novak and A. Canas, The Theory Underlying Concept Maps and How to Construct and Use Them, Technical Report IHMC Cmap Tools 2006-01, Florida Institute for Human and Machine Cognition, Pensacola, Florida, 2006.Google Scholar
  12. 12.
    G. Palmer, A Road Map for Digital Forensic Research, DFRWS Technical Report, DTR-T001-01 Final, Air Force Research Laboratory, Rome, New York, 2001.Google Scholar
  13. 13.
    M. Pollitt, An ad hoc review of digital forensic models, Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 43–54, 2007.Google Scholar
  14. 14.
    G. Ruibin, T. Yun and M. Gaertner, Case-relevance information investigation: Binding computer intelligence to the current computer forensic framework, International Journal of Digital Evidence, vol. 4(1), 2005.Google Scholar
  15. 15.
    United States Department of Justice, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, Washington, DC ( manual2002.pdf), 2002.Google Scholar
  16. 16.
    J. Vacca, Computer Forensics: Computer Crime Scene Investigation, Charles River Media, Boston, Massachusetts, 2005.Google Scholar
  17. 17.
    J. Venter, Process flow diagrams for training and operations, in Advances in Digital Forensics II, M. Olivier and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 331–342, 2006.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • April Tanner
  • David Dampier

There are no affiliations available

Personalised recommendations