Computer crimes are on the rise and unfortunately less than two percent of the reported cases result in conviction. The process (methodology and approach) one adopts
in conducting a digital forensics investigation is immensely crucial to the outcome of such an investigation. Overlooking one step or interchanging any of the steps may lead to incomplete or inconclusive results hence wrong interpretations and conclusions. A computer crime culprit may walk Scot-free or an innocent suspect may suffer negative consequences (both monetary and otherwise) simply on account of a forensics investigation that was inadequate or improperly conducted. In this paper, we present a brief overview of forensic models and propose a new model based on the Integrated Digital Investigation Model.
Computer forensics emerged in response to the escalation of crimes committed by the use of computer systems either as an object of crime, an instrument used to commit a crime or a repository of evidence related to a crime. Computer forensics can be traced back to as early as 1984 when the FBI laboratory and other law enforcement agencies begun developing programs to examine computer evidence. Research groups like the Computer Analysis and Response Team (CART), the Scientific Working Group on Digital Evidence (SWGDE), the Technical Working Group on Digital Evidence (TWGDE), and the National Institute of Justice (NIJ) have since been formed in order to discuss the computer forensic science as a 1 discipline including the need for a standardized approach to examinations.
Digital forensics has been defined as the use of scientifically derived and proven methods towards the preservation, collection, validation, identification, analysis, interpretation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal or helping to anticipate the unauthorized actions shown to be disruptive to planned operations . One important element of digital forensics is the credibility of the digital evidence. Digital evidence includes computer evidence, digital audio, digital video, cell phones, digital fax machines etc. The legal settings desire evidence to have integrity, authenticity, reproductivity, non-interference and minimization. Since computer forensics is a relatively new field compared to other forensic disciplines,
which can be traced back to the early 1920s, there are ongoing efforts to develop examination standards and to provide structure to computer forensic examinations. This paper attempts to address the methodology of a computer forensic investigation.