Digital Forensics Abstract digital forensics model (ADFM) and the DFRWS investigative model

December 31, 2022
Digital Forensics Abstract digital forensics model (ADFM) and the DFRWS investigative model

Abstract digital forensics model (ADFM)

Because the Identification phase of this model presupposes that the incident type has already been correctly identified and defined, this step is crucial because all subsequent processes depend on it. It is then followed by the action of preparation, which is the first phase that has been presented and consists of preparing tools, methods, search warrants, monitoring authorization, and management support. The action of the introduction of the second step then follows this step. Approach Strategy this stage is intended to optimize the evidence gathering while minimizing the impact on the victim by devising various methods and processes to follow.

This step aims to collect as much evidence as possible without hurting the victim. In the next step, called Preservation, all the data obtained has to be compartmentalized and protected so that it may remain in its original form. During the Collection phase, all digital evidence obtained is copied, and a recording is made of the physical scene. These activities are carried out according to established protocols and are conducted as part of the phase.

The following step is called an Examination, and during this phase, an in-depth systemic study is carried out to hunt for evidence related to the present case. During the Analysis phase, the probative value of the evidence that is being evaluated is determined. The next stage is a Presentation, where a process summary is made. After that comes the third step, Returning Evidence, when the investigative process is finished by returning any physical or digital evidence to its rightful owner.

DFRWS investigative model

This model was the foundation for further improvements since it was consistent and standardized. The stages of this model were as follows: identification, preservation, collection, examination, analysis, and presentation (then an additional pseudo step: Decision). At each stage, we test a variety of potential approaches or procedures. The first step is called Identification, and it includes things like the identification of events or crimes, the resolution of signatures, the detection of anomalies, system monitoring, audit analysis, and so on. Next comes the process of preservation, a guarded concept that occurs throughout all phases of forensic work. During this step, proper case management is established, imaging technologies are used, and all measurements are collected to guarantee an exact and appropriate chain of custody.

The next stage, collection, follows immediately after, during which relevant data is gathered based on validated methodologies, software, and hardware; during this step, we use several data recovery techniques and lossless compression. The next step is to perform data mining and create a timeline, both exciting and critical phases that come after this step. Examination and Analysis are the two phases that come after this step.

The examination is the phase in which evidence traceability and pattern matching are guaranteed. The analysis is the phase in which confidential data must be discovered and extracted. The Presentation phase is the most recent step in this approach. Documentation, clarification, an impact statement on the mission, recommendations on what countermeasures should be implemented, and expert testimony are the tasks associated with this stage.

Visit https://www.cybercert.ca or call 416 471 4545 to enroll in the Security+/CEH/CISSP training course.

Recent Posts

Best Cybersecurity Practices for Small Businesses
January 27, 2023

Best Cybersecurity Practices for Small Businesses

Small businesses are increasingly susceptible to cyberattacks since their security procedures are frequently inferior to those of larger corporations. According to the National Cyber Security Alliance, 43 percent of cyberattacks are directed at small enterprises. To protect your small business from cyber dangers, you must employ the greatest security procedures. Here are some essential measures […]

Read More
What should you understand about Cyber Risk Management?
January 27, 2023

What should you understand about Cyber Risk Management?

Cyber-risk management is the process of finding, evaluating, and ranking potential risks to an organization’s information and technology systems, as well as taking steps to reduce or eliminate those risks. Cyber-risk management has never been more critical than now, as businesses are increasingly dependent on technology. One of the essential parts of cyber risk management […]

Read More
What is Applied Cryptography?
January 27, 2023

What is Applied Cryptography?

Applied cryptography is the practice of using cryptographic techniques and protocols to protect information and keep communication safe. It involves putting in place and using different cryptographic algorithms and protocols to protect sensitive data like financial transactions, personal information, and private communications. There are several subfields in the field of applied cryptography, such as: In […]

Read More