View in EDS

Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials.

Saved in:
Bibliographic Details
Title: Structured Forensics Examination Planning with Domain Modeling: A Report of Three Experiment Trials.
Authors: Bogen, Alfred C., Dampier, David A., Vaughn, Rayford, Reese, Donna S., Allen, Edward B., Carver, Jeffrey C.
Source: Journal of Digital Forensic Practice; Jan2010, Vol. 3 Issue 1, p23-32, 10p, 1 Diagram, 7 Charts
Subject Terms: INVESTIGATIONS, METHODOLOGY, FORENSIC sciences, COMPUTER crimes, CRIMINAL investigation, COMPUTER simulation
Abstract: In any forensic investigation, planning and analysis activities are required in order to determine what digital media will be seized, what types of information will be sought in the examination, and how the examination will be conducted. Existing literature and suggested practices indicate that such planning should occur, but few tools provide support for such activities. Planning an examination may be an essential activity when investigators and technicians are faced with unfamiliar case types or unusually complex, large-scale cases. This article reports the results of empirical studies that evaluate two planning methods for planning computer forensics examinations: an experimental methodology that includes domain modeling and a typical planning method that does not include domain modeling. These studies were conducted to evaluate two research questions: Will the domain modeling of a computer forensics case during the planning phase result in an increased amount of evidence found in a digital forensics examination? Will an experimental “case domain modeling” methodology require a significant amount of additional effort when compared to a typical approach? Three experiment trials were conducted to evaluate the effectiveness of case domain modeling on simulated case scenarios. Analysis of the experiments indicates that case domain modeling in forensics planning requires an additional time investment and it can result in more evidence found during an examination and more effective keyword searches. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Digital Forensic Practice is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
Description
Abstract:In any forensic investigation, planning and analysis activities are required in order to determine what digital media will be seized, what types of information will be sought in the examination, and how the examination will be conducted. Existing literature and suggested practices indicate that such planning should occur, but few tools provide support for such activities. Planning an examination may be an essential activity when investigators and technicians are faced with unfamiliar case types or unusually complex, large-scale cases. This article reports the results of empirical studies that evaluate two planning methods for planning computer forensics examinations: an experimental methodology that includes domain modeling and a typical planning method that does not include domain modeling. These studies were conducted to evaluate two research questions: Will the domain modeling of a computer forensics case during the planning phase result in an increased amount of evidence found in a digital forensics examination? Will an experimental “case domain modeling” methodology require a significant amount of additional effort when compared to a typical approach? Three experiment trials were conducted to evaluate the effectiveness of case domain modeling on simulated case scenarios. Analysis of the experiments indicates that case domain modeling in forensics planning requires an additional time investment and it can result in more evidence found during an examination and more effective keyword searches. Additionally, experimental data indicates that case domain modeling is most useful when the evidence disk has a relatively high occurrence of text-based documents and when vivid case background details are available. [ABSTRACT FROM AUTHOR]
ISSN:15567281
DOI:10.1080/15567280903376896