Abstract
The field of digital forensics seems at first glance quite separate from archival work and digital preservation. However, professionals in both fields are trusted to attest to the identity and integrity of digital documents and traces – they are regarded as experts in the acquisition, interpretation, description and presentation of that material. Archival science and digital forensics evolved out of practice and grew into established professional disciplines by developing theoretical foundations, which then returned to inform and standardize that practice. They have their roots in legal requirements and law enforcement. A significant challenge to both fields, therefore, is the identification of records (archival focus) and evidence (digital forensics focus) in digital systems, establishing their contexts, provenance, relationships, and meaning. This paper traces the development of digital forensics from practice to theory and presents the parallels with archival science.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Diplomatics is a discipline first developed in the seventeenth century to assess the authenticity of documents, taught in faculties of law and archival science in Europe, and subsequently applied to modern office documents and digital records (Duranti and Thibodeau, 2006).
References
Andrew, M. (2007). Defining a process model for forensic analysis of digital devices and storage media. In Northwest security institute and pacific northwest national laboratory (Eds.), SADFE 2007: Second International Workshop on Systematic Approaches to Digital Forensic Engineering: Proceedings: 10–12 April 2007, Seattle, Washington, USA, 16–30. Los Alamitos, Calif: IEEE Computer Society.
Association of Chief Police Officers (ACPO). (2012). Good practice guide for computer-based electronic evidence, v. 5. Retrieved from https://www.7safe.com/about-7Safe/downloads/acpo-guidelines.
Beebe, N., & Clark, J. G. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2), 147–167.
Blackwell, C. (2011). A framework for investigating questioning in incident analysis and response. In G. Peterson & S. Shenoi (Eds.), Advances in digital forensics VII (pp. 23–34). IFIP AICT 361. IFIP International Federation for Information Processing.
Carrier, B. (2003a). Defining digital forensic examination and analysis tools using abstraction layers. International Journal of Digital Evidence, 1(4), 1–12.
Carrier, B. (2003b). Open source digital forensics tools: The Legal Argument. www.digital-evidence.org/papers/opensrc_legal.pdf.
Carrier, B., & Spafford, E. (2003). Getting physical with the digital investigation process. International Journal of Digital Evidence, 2(2), 1–20.
Carrier, B., & Spafford, E. (2004). An event-based digital forensics investigative framework. Presented at DFRWS 2004, Baltimore, MD. http://www.digital-evidence.org/papers/dfrws_event.pdf. Accessed 6 Jan 2017.
Carrier, B., & Spafford E.H. (2006). Categories of digital investigation analysis techniques based on the computer history model. Digital Investigation, 3, (Supp 1), 121–130.
Casey, E. (2007). What does ‘forensically sound’ really mean? Digital Investigation, 4(2), 49–50.
Charters, I. (2009). The evolution of digital forensics: Civilizing the cyber frontier. http://www.guerilla-ciso.com/wp-content/uploads/2009/01/the-evolution-of-digital-forensics-ian-charters.pdf. Accessed 21 April, 2018.
Ciardhuáin, S. (2004). An extended model of cybercrime investigations. International Journal of Digital Evidence, 3(1), 1–22.
Cohen, F. (2011). Digital forensic evidence examination. 3rd ed. Livermore, CA: Fred Cohen & Associates.
Cohen, F. (2015). Digital Diplomatics and forensics: Going forward on a global basis. Records Management Journal, 25(1), 21–44. https://doi.org/10.1108/RMJ-03-2014-0016.
Collier, P. A., & Spaul, B. J. (1992). A forensic methodology for countering computer crime. Artificial Intelligence Review, 6, 203–215.
Diamond, E. (1994). The archivist as forensic scientist––seeing ourselves in a different way. Archivaria, 38, 139–154.
DiClemente, A., Horvath, M., & Pollitt, M. (2004). Digital evidence-a review: 2001–2004. Proceedings of the 14 th International Forensic Science Symposium, 412–549. Lyon, France. https://pdfs.semanticscholar.org/6d39/4c44dc354e90986ed14c56cbf13e66905a7d.pdf. Accessed 21 April, 2018.
Dietrich, D., & Adelstein, F. (2015). Archival science, digital forensics, and new media art. Digital Investigation, 14, 137–145. https://doi.org/10.1016/j.diin.2015.05.004.
Duranti, L. (1996). Archival science. Encyclopedia of Library and Information Science (pp. 1–19). New York, Basel, Hong Kong: Marcel Dekker.
Duranti, L. (2009). From digital Diplomatics to digital records forensics. Archivaria, 68, 39–66.
Duranti, L., & Endicott-Popovsky, B. (2010). Digital records forensics: A new science and academic program for forensic readiness. Journal of Digital Forensics, Security and Law, 5(2), 1–12.
Duranti, L., & Giovanni, M. (2015). The archival method: Rediscovering a research tradition. In A. Gilliland, S. McKemmish, & A. Lau (Eds.), Research in the archival multiverse (pp. 75–95). Melbourne: Monash Publishing.
Duranti, L., & Thibodeau, K. (2006). The concept of record in interactive, experiential and dynamic environments: The view of InterPARES. Archival Science, 6(1), 13–68.
Eastwood, T. (1994). What is archival theory and why is it important? Archivaria, 37, 122–130.
Garfinkel, S. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, 64–73. https://doi.org/10.1016/j.diin.2010.05.009.
Hama, G., & Pollitt, M. (1996, August). Data reduction - refining the sieve. Presented at International Conference on Computer Evidence. Melbourne, Australia: IOCE. www.digitalevidencepro.com/Resources/Sieve1.pdf. Accessed 21 April, 2018.
Ieong, R. (2006). FORZA – Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3(1), 29–36.
Internet / Home - INTERPOL. (n.d.). Accessed March 1, 2018. https://www.interpol.int/.
Irons, A. (2006). Computer forensics and records management – compatible disciplines. Records Management Journal, 16(2), 102–112. https://doi.org/10.1108/09565690610677463.
John, J. (2012). Digital forensics and preservation. Digital preservation coalition. http://www.dpconline.org/component/docman/doc_download/810-dpctw12-03pdf. Accessed 21 April, 2018.
Kenneally, E. (2001). Gatekeeping out of the box: Open source software as a mechanism to assess reliability for digital evidence. Virginia Journal of Law and Technology, 13, www.vjolt.net/vol6/issue3/v6i3-a13-Kenneally.html.
Kirschenbaum, M., Ovenden, R., & Redwine, G. (2010). Digital forensics in born digital cultural heritage collections. Washington, D.C.: Council on Library and Information resources.
Lee, C. (2012). Archival application of digital forensics methods for authenticity, description and access provision. Comma, 2012(2), 133–140. https://doi.org/10.3828/comma.2012.2.14.
MacNeil, H. (1995). Metadata strategies and archival description: Comparing apples to oranges. Archivaria, 39, 22–31.
MacNeil, H. (2005). Picking our text: Description, authenticity, and the archivist as editor. The American Archivist, 68(2), 264–278.
Marsico, C. (2005). Computer evidence v. Daubert: The coming conflict. Purdue University. https://www.cerias.purdue.edu/apps/reports_and_papers/view/2819/.
Menne-Haritz, A. (1994). Appraisal or documentation: Can we appraise archives by selecting content? The American Archivist, 57(3), 528–542.
Millar, L. (2006). An obligation of trust: Speculations on accountability and description. The American Archivist, 69(1), 60–78.
Mocas, S. (2004). Building theoretical underpinnings for digital forensics research. Digital Investigation, 1(1), 61–68.
Noblett, M. G., Pollitt, M., & Presley, L. A. (2000). Recovering and examining computer forensic evidence. Forensic Science Communications, 2(4) http://www.ncjrs.gov/App/publications/abstract.aspx?ID=186015. Accessed 16 Feb 2019.
Palmer, G. (2001). A road map for digital forensic research. DFRWS Technical Report. http://www.dfrws.org/2001/dfrws-rm-final.pdf.
Pollitt, M. (1995a). Principles, practices, and procedures: An approach to standards in computer forensics. Presented at Second International Conference on Computer Evidence. Baltimore, Maryland: IOCE. www.digitalevidencepro.com/Resources/Principles.pdf. Accessed May 17, 2018.
Pollitt, M. (1995b). Computer forensics: An approach to evidence in cyberspace. In Wakid, S. and Davis, J., Eds. Proceedings of the 18 th International Systems Security Conference, (pp. 487–91). Baltimore, Maryland: NIST. https://csrc.nist.gov/CSRC/media/Publications/conference-paper/1995/10/10/proceedings-of-the-18th-nissc-1995/documents/1995-18th-NISSC-proceedings-vol-1.pdf. Accessed 21 April 21, 2018.
Pollitt, M. (2001). Report on digital evidence. Lyon, France. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.304.8748&rep=rep1&type=pdf. Access 21 April, 2018.
Pollitt, M. (2003). Who Is SWGDE and what is the history? https://www.swgde.org/pdf/2003-01-22%20SWGDE%20History.pdf. Accessed 21 April, 2018.
Pollitt, M. (2010). A history of digital forensics. IFIP Advances in Information and Communication Technology, 337, 3–15. https://doi.org/10.1007/978-3-642-15506-2_1.
Reedy, P. Diplock, B., & Dunlop, M. (2007). Digital evidence-a review: 2004–2007. Fifteenth International Forensic Science Symposium (pp. 414-36). Lyon, France.
Reith, M., Carr, C., & Gunsch, G. (2002). An examination of digital forensic models. International Journal of Digital Evidence 1(3). https://utica.edu/academic/institutes/ecii/publications/articles/A04A40DC-A6F6-F2C1-98F94F16AF57232D.pdf. Accessed 21 April, 2018.
Rogers, C. (2010, June). Digital records forensics: Preliminary findings. Presented at the Association of Canadian Archivists. Canada: Halifax.
Rogers, C. (2013). Digital records forensics: Integrating archival science into a general model of the digital forensics process. Proceedings of the Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns, C. Blackwell (Ed.), 4–21. Oxford, UK: Oxford Brookes University.
Rogers, C., & John, J. (2013). Shared perspectives, common challenges: A history of Digital Forensics & Ancestral Computing for digital heritage. In In The Memory of the World in the Digital Age: Digitization and Preservation (pp. 314–36). Vancouver, BC: UNESCO http://iibi.unam.mx/archivistica/UNESCO%202013%20MOW%20vancouver%20declaration.pdf. Accessed 21 April, 2018.
Selamat, S., Yusof, R., & Sahib, S. (2008). Mapping process of digital forensic investigation framework. IJCSNS International Journal of Computer Science and Network Security, 8(10), 163–169.
Stoll, C. (1989). The cuckoo’s egg: Tracking a spy through the maze of computer espionage. Doubleday. http://bayrampasamakina.com/tr/pdf_stoll_4_1.pdf. Accessed 21 April, 2018.
SWGDE, & IOCE. (2000). Digital evidence: Standards and principles. Forensic Science Communications 2(2). http://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/april2000/swgde.htm/. Accessed 21 April, 2018.
Whitcomb, C. (2002). An historical perspective of digital evidence: A forensic Scientist’s view. International Journal of Digital Evidence 1(1). http://www.utica.edu/academic/institutes/ecii/publications/articles/9C4E695B-0B78-1059-3432402909E27BB4.pdf. Accessed 21 April, 2018.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Rogers, C. From time theft to time stamps: mapping the development of digital forensics from law enforcement to archival authority. Int J Digit Humanities 1, 13–28 (2019). https://doi.org/10.1007/s42803-019-00002-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s42803-019-00002-y