Reza Montasari

Computer Forensic Analysis of Private Browsing Modes

This paper investigates the effectiveness of the private browsing modes built into four major Internet browsers. In examining the phenomenon of the private browsing modes built into four widely used Internet browsers, this paper aims to determine whether one can identify when a private browsing mode has been utilized by a suspect to perform a criminal or illegal act and to what extent the forensic examination of a computer can expose evidence of private browsing use.

Integrated Computer Forensics Investigation Process Model (ICFIPM) for Computer Crime Investigations

Contrary to traditional crimes for which there exists deep-rooted standards, procedures and models upon which courts of law can rely, there are no formal standards, procedures nor models for digital forensics to which courts can refer. Although there are already a number of various digital investigation process models, these tend to be ad-hoc procedures. In order for the case to prevail in the court of law, the processes followed to acquire digital evidence and terminology utilised must be thorough and generally accepted in the digital forensic community. The proposed novel process model is aimed at addressing both the practical requirements of digital forensic practitioners and the needs of courts for a formal computer investigation process model which can be used to process the digital evidence in a forensically sound manner. Moreover, unlike the existing models which focus on one aspect of process, the proposed model describes the entire lifecycle of a digital forensic investigation.

A comprehensive digital forensic investigation process model

A formal process model is needed to enable digital forensic practitioners in following a uniform approach and to enable courts of law in determining the reliability of digital evidence presented to them. Such a model also needs to be generic in that it can be applicable in the different fields of digital forensics including law enforcement, corporates and incident response. There does not currently exist such a comprehensive process model that is both formal and generic. To address these shortcomings, this paper proposes a model that is formal in that it can enable the digital forensic practitioners in following a uniform approach when carrying out investigations and that is generic in that it can be applied in the different environments of digital forensics.

An ad hoc detailed review of digital forensic investigation process models

For the past decade, digital forensics has been the subject of scientific study, and as a result it has become an established research and application field. One of the foundational methods in which the researchers in the field have attempted to comprehend the scientific basis of this discipline has been to develop models which reflect their observations. Various process models have been developed describing the steps and processes to follow during a digital forensic investigation. This paper provides a detailed review of 11 published papers representing digital forensic process models. The aim of this review is to gain background knowledge of the existing research on the digital forensic investigation process models and the problems associated with those models.

Testing the Comprehensive Digital Forensic Investigation Process Model (the CDFIPM)

The Comprehensive Digital Forensic Investigation Process Model (the CDFIPM), presented in Montasari (IJESDF 8(4)285–301, 2016), provides guidelines for carrying out digital investigations in the UK jurisdiction in a forensically sound manner. The CDFIPM is comprehensive in that it covers the entire digital forensic investigative process; it is generic such that it can be applied in the three fields of law enforcement, incident response and commerce. The model is also formal in that it synthesises, harmonises and extends the existing digital forensic investigation process models. The CDFIPM also needs to be subjected to an evaluation process in order to determine ‘whether the model has been built right’ and ‘whether the right model has been built’. To this end, the CDFIPM is applied to a case study in this paper to determine whether the model meets the two components of ‘utility’ and ‘usability’.

Digital Evidence: Disclosure and Admissibility in the United Kingdom Jurisdiction

Digital forensics, originally known as computer forensics, first presented itself in the 1970s. During the first investigations, financial fraud proved to be the most common cause on suspects’ computers. Since then, digital forensics has grown in importance in situations where digital devices are used in the commission of a crime. The original focus of digital forensic investigations was on crimes committed through computers. However, over the past few years, the field has extended to include various other digital devices in which digitally stored information can be processed and used for different types of crimes. This paper explores how the admissibility of digital evidence is governed within the United Kingdom jurisdictions.

An Overview of Cloud Forensics Strategy: Capabilities, Challenges, and Opportunities

Cloud computing has become one of the most game changing technologies in the recent history of computing. It is gaining acceptance and growing in popularity. However, due to its infancy, it encounters challenges in strategy, capabilities, as well as technical, organizational, and legal dimensions. Cloud service providers and customers do not yet have any proper strategy or process that paves the way for a set procedure on how to investigate or go about the issues within the cloud. Due to this gap, they are not able to ensure the robustness and suitability of cloud services in relation to supporting investigations of criminal activity. Moreover, both cloud service providers and customers have not yet established adequate forensic capabilities that could assist investigations of criminal activities in the cloud. The aim of this chapter is to provide an overview of the emerging field of cloud forensics and highlight its capabilities, strategy, investigation, challenges, and opportunities. This paper also provides a detailed discussion in relation to strategic planning for cloud forensics.