A model for validation and verification of disk imaging in computer forensic investigation

Abstract

In digital forensic investigation practices, there are numerous digital forensics preservation tools that have been used by practitioners all over the world. Tool development continues as the practitioner’s demands increases. It is important to have right specialized tools in order to ensure that all the collected evidence is processed correctly, completely and in a timely manner, computer forensic practitioners have to employ consistent and well-defined forensic guidelines to validate and verify the computer forensic tools. Moreover, guideline of validation and verification in computer forensic tools provides a great opportunity for computer forensic practitioners to remove necessity for developing individual tests for tools. Since computer forensic practitioners’ in Malaysia are not aware of the significant of validation and verification of disk imaging and there is no standard guideline for disk imaging process, thus a guideline model for validation and verification for disk imaging has been created. A qualitative research method was adopted as a research strategic methodology to examine and review the level of acceptance towards proposed guideline for validation and verification of disk imaging. Thirty seven respondents participated in the survey as the questionnaires are only targeted at the forensic experts in Malaysia. The survey result has shown majority of the respondents do agree with the proposed guideline. The survey results provide indication on the process of developing guideline of validation and verification of disk imaging in Malaysia and manage to produce a new conceptual model to validate and verify the disk imaging tools in computer forensic environment. This conceptual model is emphases more on the management element which encompasses three supporting elements that are documentation, maintenance of tools and monitoring. The internal layer are consists of technical elements which are divided into checklist of mandatory features, checklist of optional features and report writing.