Guideline Model for Digital Forensic Investigation

Salma Abdalla
Information Technology Industry Development Agency (ITIDA)
salma@mcit.gov.eg

Sherif Hazem
Faculty of Engineering, Arab Academy for Science and Technology
Information Technology Industry Development Agency (ITIDA)
Snoureldin@mcit.gov.eg

Sherif Hashem
Faculty of Engineering, Cairo University
Information Technology Industry Development Agency (ITIDA)

SHashem@mcit.gov.eg

 

ABSTRACT

This paper proposes a detailed guideline model for digital forensics; the proposed model consists of five main phases, Preparation phase, Physical Forensics and Investigation Phase, Digital Forensics Phase, Reporting and Presentation Phase, and Closure Phase.

Most of the existing models in this field do not cover all aspects of digital forensic investigations, as they focus mainly on the processing of digital evidence or on the legal points. Although they gave good information to base on it a guide, but they are not detailed enough to describe fully the investigative process in a way that can be used by investigators during investigation.

In this model detailed steps for each phase is given, so it can be used as guidance for the forensic investigators, and it can assist the development of new investigative tools and techniques.

Keywords: digital forensics, computer forensics, digital investigation, forensic model, reference framework.