An Enhanced Process of Digital Forensic to Support E-Crime Investigations Focusing on Evidence Handling in Malaysian Armed Forces
DOI:
https://doi.org/10.53840/myjict5-2-132Keywords:
Digital Forensic, Evidence Handling, Digital Evidence, ProcessAbstract
Digital Forensics Lab (DFL) in Malaysian Armed Forces (MAF) has been in operation since 2018, providing digital forensic services. The lab is in its maturing phase where the people and the process are still adjusting to the day-to-day operation. With the ease of the procured digital forensics tools, the analyst uses an explorative method to understand the tools’ function, operations and has been following basic procedures and guideline given by Scientific Working Group on Digital Evidence (SWGDE). Thus, the purpose of this study is to propose an enhanced digital forensic process for DFL. The need for a comprehensive process is to ease the operation inside DFL whereby the current process can be organized into groups so that it is easily followed and implemented. To do so, a pilot study has been done through the literature review where numerous processes were studied, and their phases were compared to find the gap process. The digital forensics processes that were proposed do not consider any specific environment, where the authors gave a general process such as preparing, identify, analysis, preservation and reporting to be used. There is no proper evidence handling steps in each of the existing digital forensic phase followed by DFL. Two main elements, that are the legal and environmental factors should be taken into consideration when proposing a process. To gather more data, the mix method was chosen where qualitative data (from the interview, observation and documentary analysis were performed) and quantitative data (from questionnaires) were collected. Analysis of the data collected aided in the formation of the newly enhanced digital forensic process for the DFL. The enhanced process benefits the personnel in DFL to follow the digital forensic steps and use it as the main reference in their daily operation. The enhanced process also can be referred by any government or private sectors that have a dedicated digital forensic laboratory on their own. This is because even though the enhanced process is developed based on the MAF management requirement, the steps of each phase can be used and adapted to other agencies as well. The process suits the daily operation in the army environment; therefore, the proposed process is expected to be practical, precise and easily followed by the current personnel and novices.
Downloads
References
AGARWAL, A., GUPTA, M., GUPTA, S. & GUPTA, S. C. 2011. Systematic digital forensic investigation model. International Journal of Computer Science and Security (IJCSS), 5, 118-131.
ANTWI-BOASIAKO, A. & VENTER, H. A model for digital evidence admissibility assessment. IFIP International Conference on Digital Forensics, 2017. Springer, 23-38.
BARYAMUREEBA, V. & TUSHABE, F. 2004. The enhanced digital investigation process model. Digital Investigation.
BEEBE, N. L. & CLARK, J. G. 2005. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2, 147-167.
CARRIER, B. & SPAFFORD, E. 2004. An event-based digital forensic investigation framework. Digital Investigation.
CIARDHUÁIN, S. Ó. 2004. An extended model of cybercrime investigations. International Journal of Digital Evidence, 3, 1-22.
FREILING, F. C. & SCHWITTAY, B. 2007. A common process model for incident response and computer forensics. IMF 2007: IT-Incident Management & IT-Forensics.
HALIM, N. B. A., GINSIM, S. & BAHARUDDIN, S. K. B. CASE STUDIES: ADMISSIBILITY OF DIGITAL RECORDS AS LEGAL EVIDENCE IN MALAYSIA.
HORSMAN, G. 2019. Tool testing and reliability issues in the field of digital forensics. Digital Investigation, 28, 163-175.
IEONG, R. S. 2006. FORZA–Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3, 29-36.
INVESTIGATION, N. I. O. J. T. W. G. F. E. C. S. 2001. Electronic crime scene investigation: A guide for first responders, US Department of Justice, Office of Justice Programs, National Institute of Justice.
KARIE, N., KEBANDE, V. & VENTER, H. A generic framework for digital evidence traceability. European Conference on Cyber Warfare and Security, 2016. Academic Conferences International Limited, 361.
KENT, K., CHEVALIER, S., GRANCE, T. & DANG, H. 2006. Guide to integrating forensic techniques into incident response. NIST Special Publication, 10, 800-86.
KHATIR, M., HEJAZI, S. M. & SNEIDERS, E. Two-dimensional evidence reliability amplification process model for digital forensics. 2008 Third International Annual Workshop on Digital Forensics and Incident Analysis, 2008. IEEE, 21-29.
KÖHN, M., OLIVIER, M. S. & ELOFF, J. H. Framework for a Digital Forensic Investigation. ISSA, 2006. Citeseer, 1-7.
PARKAVI, R. & DIVYA, K. 2020. Digital Crime Evidence. Critical Concepts, Standards, and Techniques in Cyber Forensics. IGI Global.
PERUMAL, S. 2009. Digital forensic model based on Malaysian investigation process. International Journal of Computer Science and Network Security, 9, 38-44.
PERUMAL, S. & NORWAWI, N. M. 2010. Integrated computer forensic investigation model based on Malaysian standards. International Journal of Electronic Security and Digital Forensics, 3, 108-119.
POLLITT, M. Computer forensics: An approach to evidence in cyberspace. Proceedings of the National Information Systems Security Conference, 1995. 487-491.
REITH, M., CARR, C. & GUNSCH, G. 2002. An examination of digital forensic models. International Journal of Digital Evidence, 1, 1-12.
RODGERS, K. D. 2020. Required Elements for Constructing a Highly Adoptable and Adaptive Digital Forensic Model. Capella University.
ROGERS, M. K., GOLDMAN, J., MISLAN, R., WEDGE, T. & DEBROTA, S. 2006. Computer forensics field triage process model. Journal of Digital Forensics, Security and Law, 1, 2.
SELAMAT, S. R., YUSOF, R. & SAHIB, S. 2008. Mapping process of digital forensic investigation framework. International Journal of Computer Science and Network Security, 8, 163-169.
STEPHENSON, P. 2003. A comprehensive approach to digital incident investigation. Information Security Technical Report, 8, 42-54.
VENTER, J. 2006. Process flows for cyber forensic training and operations.
YUSOFF, Y., ISMAIL, R. & HASSAN, Z. 2011. Common phases of computer forensics investigation models. International Journal of Computer Science & Information Technology, 3, 17-31.
