Abstract
Research in digital forensics has yet to focus on modeling case domain information involved in investigations. This paper shows how concept mapping can be used to create an excellent alternative to the popular checklist approach used in digital forensic investigations. Concept mapping offers several benefits, including creating replicable, reusable techniques, simplifying and guiding the investigative process, capturing and reusing specialized forensic knowledge, and supporting training and knowledge management activities. The paper also discusses how concept mapping can be used to integrate case-specific details throughout the investigative process.
Chapter PDF
Similar content being viewed by others
References
V. Baryamureeba and F. Tushabe, The enhanced digital investigation process model, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.
N. Beebe and J. Clark, A hierarchical, objectives-based framework for the digital investigation process, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.
A. Bogen, Selecting Keyword Search Terms in Computer Forensic Examinations using Domain Analysis and Modeling, Ph.D. Dissertation, Department of Computer Science and Engineering, Mississippi State University, Mississippi State, Mississippi, 2006.
A. Bogen and D. Dampier, Unifying computer forensics modeling approaches: A software engineering perspective, Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 27–39, 2005.
D. Brezinski and T. Killalea, RFC3227: Guideline for Evidence Collection and Archiving, Networking Working Group, Internet Engineering Task Force (www.ietf.org/rfc/rfc3227.txt), 2002.
B. Carrier and E. Spafford, An event-based digital forensic investigation framework, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.
S. Ciardhuain, An extended model of cybercrime investigations, International Journal of Digital Evidence, vol. 3(1), 2004.
M. Kramer, Using Concept Maps for Knowledge Acquisition in Satellite Design: Translating “Statement of Requirements on Orbit” to “Design Requirements,” Ph.D. Dissertation, Graduate School of Computer and Information Sciences, Nova Southeastern University, Fort Lauderdale-Davie, Florida, 2005.
W. Kruse and J. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley, Boston, Massachusetts, 2001.
M. Noblett, M. Pollitt and L. Presley, Recovering and examining computer forensic evidence, Forensic Science Communications, vol. 2(4), 2000.
J. Novak and A. Canas, The Theory Underlying Concept Maps and How to Construct and Use Them, Technical Report IHMC Cmap Tools 2006-01, Florida Institute for Human and Machine Cognition, Pensacola, Florida, 2006.
G. Palmer, A Road Map for Digital Forensic Research, DFRWS Technical Report, DTR-T001-01 Final, Air Force Research Laboratory, Rome, New York, 2001.
M. Pollitt, An ad hoc review of digital forensic models, Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 43–54, 2007.
G. Ruibin, T. Yun and M. Gaertner, Case-relevance information investigation: Binding computer intelligence to the current computer forensic framework, International Journal of Digital Evidence, vol. 4(1), 2005.
United States Department of Justice, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, Washington, DC (www.usdoj.gov/criminal/cybercrime/s&s manual2002.pdf), 2002.
J. Vacca, Computer Forensics: Computer Crime Scene Investigation, Charles River Media, Boston, Massachusetts, 2005.
J. Venter, Process flow diagrams for training and operations, in Advances in Digital Forensics II, M. Olivier and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 331–342, 2006.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Tanner, A., Dampier, D. (2009). Concept Mapping for Digital Forensic Investigations. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics V. DigitalForensics 2009. IFIP Advances in Information and Communication Technology, vol 306. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04155-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-04155-6_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04154-9
Online ISBN: 978-3-642-04155-6
eBook Packages: Computer ScienceComputer Science (R0)