Digital forensic Investigation Models

I discovered there are several proposed Digital Forensic Model that can be used to execute a Digital forensic Investigation.I want to know from my fellow Hands-on Practitioners in this field - Which is the MOST USED Digital Forensic Investigation Model in Practice? ?

Perhaps if you were to name them, with a short description of how they differ – or perhaps refer to the source you have been using – someone might venture an reply. (Note the guidelines for starting new topics …)

Personally, I'm not sure if what I do is according to any particular model and if it has a name – only that it is what goes for best practice where I work.

Bolajidiran,

I am not certain if I am on the right track with my response, but I am assuming that by “models” you are talking about how cases get handled as they come into the CCU. With that assumption, I have experience with vertical processing and ability based processing models. In my opinion the vertical processing model has best served the needs of my investigations, as these examinations are what we call “cradle to grave” examinations. The same examiner who collects/images the evidence, is the same examiner who examines, reports, and testifies to the evidence, regardless of the type of media. This works well as it keeps less hands off the evidence and alleviates any chain of custody concerns.

Thanks so much for your replies Athulin and JuicyCarp.
The "models" I'm referring to are how Digital Forensic cases get handled as they come into the CCU.
I am curious to know which one among the several models available does DF Investigators/Technicians MOST PREFER and WHY?

Actually, these were the models that I examined

1.Abstract Digital Forensics Model
2.Common Process Model for Incident and Computer Forensics
3.Computer Forensic Investigative Process
4.Computer Forensics Field Triage Process Model
5.DFRWS Investigative Model
6.Dual Data Analysis Process
7.End to End Digital Investigation
8.Enhanced Digital Investigation Process Model
9.Extended Model of Cybercrime Investigation
10.Framework for a Digital Forensic Investigation
11.Hierarchical, Objective-Based Framework for the Digital Investigations Process
12.Integrated Digital Investigation Model
13.Network Forensic Generic Process Model
14.Scientific Crime Scene Investigation Model
15.Digital Forensic Model based on Malaysian Investigation Process(DFMMIP)
16.Generic Computer Forensic Investigation Model (GCFIM)

I am curious to know which one among the several models available does DF Investigators/Technicians MOST PREFER and WHY?

Thank you

bolajidiran,
if I may, now that you have provided a listing of the models "titles" it's much better ) , but you might also want to provide links to the relative documentation/actual "model"/source.

I would presume that "Digital Forensic Model based on Malaysian Investigation Process(DFMMIP)" won't be very popular outside Malaysia, and more generally I doubt that many members are familiar with all those "models", and that however many of them have a lot of common points.

Member athulin may well (tomorrow wink ) publish a paper titled "WIUFFIAGE*, What I Use For Forensic Investigations Activities, Good Enough" 😯 .

Very likely this hypothetical paper will have anyway many points in common with a number of those "models" you listed, and making a "comparison chart" among those you listed (+ athulin's one) may be a good subject for a dissertation.

jaclaz

*Rhymes with TRIAGE

There are 16 investigation models? I'd have to study them all to determine which one ours would fall under the closest.

If you are serious about surveying the community - I'd suggest a table comparing all the models and which ones do what etc. and I'll click the radio button next to the one that comes closest to ours.

You are all wrong.

The actual answer is yes. That is the correct option.

mrgreen

The actual answer is yes. That is the correct option.

No, the correct answer is 42 wink , but "yes" is not a bad one.

jaclaz

Thank you so much for your comments and suggestion so far. Please check the link below for a brief description of the models I posted earlier.

http//airccse.org/journal/jcsit/0611csit02.pdf

However, I AM ALSO INTERESTED IN KNOWING THE PROCESS YOU FOLLOW IN CONDUCTING A DIGITAL FORENSIC INVESTIGATION.

Thank you

Thank you so much for your comments and suggestion so far. Please check the link below for a brief description of the models I posted earlier.

http//airccse.org/journal/jcsit/0611csit02.pdf

Nice paper. )
I have a ready adjective for it "academic", meanings 2 to 4
http//dictionary.reference.com/browse/academic

Among the various "models" proposed, I like the
3.6. Common Process Model for Incident and Computer Forensics (2007)

• Pre-Analysis Phase
• Analysis Phase
• Post-Analysis Phase

as it is simple, straightforward, and can be remembered easily.

That is a BDA (Before During After) approach that can be applied to many fields (i.e. it is not restricted to Digital Forensics at all) and that most likely was conceived in France in the early 16th century
http//en.wikipedia.org/wiki/Jacques_de_la_Palice

I admire the people that call them a "model" and can remain serious while calling it as such. 😯

jaclaz