Systematic Digital Forensic Investigation Model

In order to battle cyber criminals, law practitioners need a proper methodology of systematically searching digital devices for significant evidence. Explores development of digital forensics process model, compares digital forensic methodologies, and proposes a systematic procedure for uncovering evidence with digital forensics with the following advantages: a consistent and standardized process, a framework that works according to captured evidence, a mechanism according to country investigation technologies, and a generalized methodology judicial members can use to relate to non-technical observers. Three basic components of computer and network forensics are: acquiring evidence while ensuring that integrity is preserved, authenticating the validity of the extracted data as valid as the original, and analyzing data while keeping its integrity. The abstract digital forensics model consists of nine components: identification, preparation, approach strategy, preservation, collection, examination, analysis, presentation, and returning evidence. The Integrated Digital Investigation Model (IDIP) includes following phases: readiness, operations, infrastructure, deployment, physical crime scene investigation, and digital crime scene investigation. Key challenges: device diversity, video and rich media, wireless, virtualization, distributed evidence, volume of evidence, whole drive encryption, anti-forensics, live response, and usability and visualization.