Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
A Formal Two Stage Triage Process Model (FTSTPM) for Digital Forensic Practice
Reza Montasari
Pages - 69 - 87     |    Revised - 30-04-2016     |    Published - 01-06-2016
Volume - 10   Issue - 2    |    Publication Date - June 2016  Table of Contents
Digital Forensics, Onsite Triage, Digital Investigation, Process Model, On-scene Examination, Formal Model.
Due to the rapid increase of digital based evidence, the requirement for the timely identification, examination and interpretation of digital evidence is becoming more essential. In certain investigations such as child abductions, pedophiles, missing or exploited persons, time becomes extremely important as in some cases, it is the difference between life and death for the victim. Moreover, the growing number of computer systems being submitted to digital forensic laboratories is creating a backlog of cases that can delay investigations and negatively affect public safety and the criminal justice system. To deal with these problems, there is a need for more effective ‘onsite’ triage methods to enable the investigators to acquire information in a timely manner, and to reduce the number of computer systems that are submitted to DFLs for analysis. This paper presents a Formal Two-Stage Triage Process Model fulfilling the needs of an onsite triage examination process.
1 CiteSeerX 
2 Scribd 
3 SlideShare 
4 PdfSR 
1 Rogers, M., Goldman, J., Mislan, R., Debrota, S. and Wedge, T. (2006). ‘Computer forensics field triage process model’, Conference on Digital Forensics, Security and Law, pp.1–14.
2 Mislan, R., Casey, E. and Kessler, G (2010). ‘The growing need for on- scene triage of mobile devices’, Digital Investigation, 6 (3), pp. 112- 124.
3 Parsonage, H (2009). ‘Computer forensics Case Assessment and Triage’ Available at: http://computerforensics.parsonage.co.uk/triage/triage.htm (Accessed: 22nd February 2016).
4 Casey, E, Ferraro, M. and Nguyen, L (2009). ‘Investigation delayed is justice denied: proposals for expediting forensic examinations of digital evidence’, Journal of Forensic Sciences, 54 (6), pp. 1353-1364.
5 Montasari, R., Peltola, P. and Evans, D. (2015). ‘Integrated computer forensics investigation process model (ICFIPM) for computer crime investigations’, Proceedings of 10th International Conference on Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security, pp.83–95.
6 Shaw, A. and Browne, A. (2013). ‘A practical and robust approach to coping with large volumes of data submitted for digital forensic examination’, Digital Investigation, 10 (2), pp. 116-128.
7 Roussev, V., Quates, C. and Martell, R (2013). ‘Real-time digital forensics and triage’, Digital Investigations, 10 (2), pp. 158-167.
8 Hong, I., Yu, H., Lee, S. and Lee, K. (2013). ‘A new triage model conforming to the needs of selective search and seizure of electronic evidence’, Digital Investigation, 10(2), pp. 175-192.
9 Cambridge Dictionary Online (2016). ‘Triage’ Available at: http://dictionary.cambridge.org/dictionary/english/triage (Accessed: 25th February 2016).
10 Peffers, K., Tuunanen, T., Gengler, C., Rossi, M., Hui, W., Virtanen, V. and Bragge, J. (2006). ‘The Design Science Research Process: A Model for Producing and Presenting Information Systems Research’, The First International Conference on Design Science Research in Information Systems and Technology, pp. 83-106.
11 Armstrong, C. and Armstrong, H. (2010) ‘Modeling Forensic Evidence Systems Using Design Science’, In Human Benefit through the Diffusion of Information Systems Design Science Research, pp. 282-300.
12 Hevner, A., and Chatterjee, S. (2010). Design Science Research in Information Systems, Springer, USA.
13 Nair, B.S.(2006). Digital Electronics and Logic Design, (6th ed.),Prentice Hall, New Delhi.
14 Kohn, M., Eloff, M. and Eloff, J. (2013). ‘Integrated digital forensic process model’, Computers and Security, Vol. 38, pp.103–115.
15 Valjarevic, A. and Venter, H (2015). ‘A comprehensive and harmonized digital forensic investigation process model’, Journal of Forensic Sciences, Vol. 60 (6), pp.1467–1483.
16 Adams, R., Hobbs, V. and Mann, G. (2014). ‘The advanced data acquisition model (ADAM): a process model for digital forensic practice’, Journal of Digital Forensics, Security and Law, 8 (4), pp.25–48.
17 Sammes, T. and Jenkinson, B (2007). Forensic Computing: A Practitioner's Guide (2nd ed.): Springer, London.
18 Brown, C. (2009). Computer Evidence: Collection and Preservation (2nd ed.): Charles River Media.
19 Kent, K., Chevalier, S., Grance, T., and Dang, H. (2006). ‘Guide to integrating forensic techniques into incident response’, NIST Special Publication 800-86 Notes, pp. 1-20.
20 Marcella, A. and Menendez, D. (2007). Cyber Forensics: A Field Manual for Collecting, Examining and Preserving Evidence of Computer Crimes (2nd ed.): Auerbach Publications.
21 Wiles, J. and Reyes, A. (2007). The Best Damn Cybercrime and Digital Investigations Book Period: Syngress.
22 Steel, C. (2006). Windows Forensics: The Field Guide for Conducting Corporate Computer Investigations: Wiley Publishing.
23 ISO/IEC27043(2015).Incident Investigation Principles and Processes.
24 Casey, E. (2011). Digital Evidence and Computer Crime Forensic Science Computers and The Internet (3rd ed.): California: Elsevier.
25 Jones, K., Bejtlich, R. and Rose, C. (2005). Real Digital Forensics: Computer Security and Incident Response: Addison-Wesley.
26 Montasari, R. and Peltola, P (2015). ‘Computer Forensic Analysis of Private Browsing Modes’, Proceedings of 10th International Conference on Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security, pp.96-109.
27 Carrier, B. and Spafford, E (2003) ‘Getting Physical with the Digital Investigation Process’, International Journal of Digital Evidence, 2(2), pp. 1-20.
28 Black, I. (2014). The art of investigative interviewing (3rd ed.), Boston: Butterworth Heinemann.
29 Yeschke, C. (2002). The art of investigative interviewing: A Human Approach to Testimonial Evidence (2nd ed.), Boston: Butterworth Heinemann.
30 Memon, A., Vrij, A. and Bull, R. (2003) Psychology and law: Truthfulness, accuracy and credibility, John Wiley & Sons.
31 Baldwin, J (1993) ‘Police Interview Techniques Establishing Truth or Proof?’, British Journal of Criminology, 33(3), pp. 325-352.
32 Farmer, D., Venema, W. (2005). Forensic Discovery. Boston, Addison- Wesley.
33 Kenneally, E. and Brown, C. (2005). ‘Risk sensitive digital evidence collection’, Digital Investigation, 2 (2), pp. 101-119.
34 Association of Chief Police Officers (ACPO) (2012). ACPO Good Practice Guide for Computer-Based Evidence, Association of Chief Police Officers, London, UK.
35 ISO/IEC 27037 (2012). Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence.
36 Orso, M (2009). ‘Cellular Phones, Warrantless Searches, and the New Frontier of Fourth Amendment Jurisprudence’, Santa Clara Law Review, 50, pp. 101-142.
37 Ciardhuáin, O. (2004). ‘An extended model of cybercrime investigations’, International Journal of Digital Evidence, 3 (1), pp. 1- 22.
38 Ciardhuáin, O. (2004). ‘A hierarchical, objectives-based framework for the digital investigations process’, Digital Investigation, 2 (2), pp. 147- 167.
Mr. Reza Montasari
University of Derby - United Kingdom