Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Formal Two Stage Triage Process Model (FTSTPM) for Digital Forensic Practice
Reza Montasari
Pages - 69 - 87     |    Revised - 30-04-2016     |    Published - 01-06-2016
Volume - 10   Issue - 2    |    Publication Date - June 2016  Table of Contents
MORE INFORMATION
KEYWORDS
Digital Forensics, Onsite Triage, Digital Investigation, Process Model, On-scene Examination, Formal Model.
ABSTRACT
Due to the rapid increase of digital based evidence, the requirement for the timely identification, examination and interpretation of digital evidence is becoming more essential. In certain investigations such as child abductions, pedophiles, missing or exploited persons, time becomes extremely important as in some cases, it is the difference between life and death for the victim. Moreover, the growing number of computer systems being submitted to digital forensic laboratories is creating a backlog of cases that can delay investigations and negatively affect public safety and the criminal justice system. To deal with these problems, there is a need for more effective ‘onsite’ triage methods to enable the investigators to acquire information in a timely manner, and to reduce the number of computer systems that are submitted to DFLs for analysis. This paper presents a Formal Two-Stage Triage Process Model fulfilling the needs of an onsite triage examination process.
1 CiteSeerX 
2 Scribd 
3 SlideShare 
4 PdfSR 
Adams, R., Hobbs, V. and Mann, G. (2014). ‘The advanced data acquisition model (ADAM): a process model for digital forensic practice’, Journal of Digital Forensics, Security and Law, 8 (4), pp.25–48.
Armstrong, C. and Armstrong, H. (2010) ‘Modeling Forensic Evidence Systems Using Design Science’, In Human Benefit through the Diffusion of Information Systems Design Science Research, pp. 282-300.
Association of Chief Police Officers (ACPO) (2012). ACPO Good Practice Guide for Computer-Based Evidence, Association of Chief Police Officers, London, UK.
Baldwin, J (1993) ‘Police Interview Techniques Establishing Truth or Proof?’, British Journal of Criminology, 33(3), pp. 325-352.
Black, I. (2014). The art of investigative interviewing (3rd ed.), Boston: Butterworth Heinemann.
Brown, C. (2009). Computer Evidence: Collection and Preservation (2nd ed.): Charles River Media.
Cambridge Dictionary Online (2016). ‘Triage’ Available at: http://dictionary.cambridge.org/dictionary/english/triage (Accessed: 25th February 2016).
Carrier, B. and Spafford, E (2003) ‘Getting Physical with the Digital Investigation Process’, International Journal of Digital Evidence, 2(2), pp. 1-20.
Casey, E, Ferraro, M. and Nguyen, L (2009). ‘Investigation delayed is justice denied: proposals for expediting forensic examinations of digital evidence’, Journal of Forensic Sciences, 54 (6), pp. 1353-1364.
Casey, E. (2011). Digital Evidence and Computer Crime Forensic Science Computers and The Internet (3rd ed.): California: Elsevier.
Ciardhuáin, O. (2004). ‘A hierarchical, objectives-based framework for the digital investigations process’, Digital Investigation, 2 (2), pp. 147- 167.
Ciardhuáin, O. (2004). ‘An extended model of cybercrime investigations’, International Journal of Digital Evidence, 3 (1), pp. 1- 22.
Farmer, D., Venema, W. (2005). Forensic Discovery. Boston, Addison- Wesley.
Hevner, A., and Chatterjee, S. (2010). Design Science Research in Information Systems, Springer, USA.
Hong, I., Yu, H., Lee, S. and Lee, K. (2013). ‘A new triage model conforming to the needs of selective search and seizure of electronic evidence’, Digital Investigation, 10(2), pp. 175-192.
ISO/IEC 27037 (2012). Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence.
ISO/IEC27043(2015).Incident Investigation Principles and Processes.
Jones, K., Bejtlich, R. and Rose, C. (2005). Real Digital Forensics: Computer Security and Incident Response: Addison-Wesley.
Kenneally, E. and Brown, C. (2005). ‘Risk sensitive digital evidence collection’, Digital Investigation, 2 (2), pp. 101-119.
Kent, K., Chevalier, S., Grance, T., and Dang, H. (2006). ‘Guide to integrating forensic techniques into incident response’, NIST Special Publication 800-86 Notes, pp. 1-20.
Kohn, M., Eloff, M. and Eloff, J. (2013). ‘Integrated digital forensic process model’, Computers and Security, Vol. 38, pp.103–115.
Marcella, A. and Menendez, D. (2007). Cyber Forensics: A Field Manual for Collecting, Examining and Preserving Evidence of Computer Crimes (2nd ed.): Auerbach Publications.
Memon, A., Vrij, A. and Bull, R. (2003) Psychology and law: Truthfulness, accuracy and credibility, John Wiley & Sons.
Mislan, R., Casey, E. and Kessler, G (2010). ‘The growing need for on- scene triage of mobile devices’, Digital Investigation, 6 (3), pp. 112- 124.
Montasari, R. and Peltola, P (2015). ‘Computer Forensic Analysis of Private Browsing Modes’, Proceedings of 10th International Conference on Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security, pp.96-109.
Montasari, R., Peltola, P. and Evans, D. (2015). ‘Integrated computer forensics investigation process model (ICFIPM) for computer crime investigations’, Proceedings of 10th International Conference on Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security, pp.83–95.
Nair, B.S.(2006). Digital Electronics and Logic Design, (6th ed.),Prentice Hall, New Delhi.
Orso, M (2009). ‘Cellular Phones, Warrantless Searches, and the New Frontier of Fourth Amendment Jurisprudence’, Santa Clara Law Review, 50, pp. 101-142.
Parsonage, H (2009). ‘Computer forensics Case Assessment and Triage’ Available at: http://computerforensics.parsonage.co.uk/triage/triage.htm (Accessed: 22nd February 2016).
Peffers, K., Tuunanen, T., Gengler, C., Rossi, M., Hui, W., Virtanen, V. and Bragge, J. (2006). ‘The Design Science Research Process: A Model for Producing and Presenting Information Systems Research’, The First International Conference on Design Science Research in Information Systems and Technology, pp. 83-106.
Rogers, M., Goldman, J., Mislan, R., Debrota, S. and Wedge, T. (2006). ‘Computer forensics field triage process model’, Conference on Digital Forensics, Security and Law, pp.1–14.
Roussev, V., Quates, C. and Martell, R (2013). ‘Real-time digital forensics and triage’, Digital Investigations, 10 (2), pp. 158-167.
Sammes, T. and Jenkinson, B (2007). Forensic Computing: A Practitioner's Guide (2nd ed.): Springer, London.
Shaw, A. and Browne, A. (2013). ‘A practical and robust approach to coping with large volumes of data submitted for digital forensic examination’, Digital Investigation, 10 (2), pp. 116-128.
Steel, C. (2006). Windows Forensics: The Field Guide for Conducting Corporate Computer Investigations: Wiley Publishing.
Valjarevic, A. and Venter, H (2015). ‘A comprehensive and harmonized digital forensic investigation process model’, Journal of Forensic Sciences, Vol. 60 (6), pp.1467–1483.
Wiles, J. and Reyes, A. (2007). The Best Damn Cybercrime and Digital Investigations Book Period: Syngress.
Yeschke, C. (2002). The art of investigative interviewing: A Human Approach to Testimonial Evidence (2nd ed.), Boston: Butterworth Heinemann.
Mr. Reza Montasari
University of Derby - United Kingdom
r.montasari@derby.ac.uk


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS