DF-C2M2: A Capability Maturity Model for Digital Forensics Organisations

The field of digital forensics has emerged as one of the fastest changing and most rapidly developing investigative specialisations in a wide range of criminal and civil cases. Increasingly there is a requirement from the various legal and judicial authorities throughout the world, that any digital evidence presented in criminal and civil cases should meet requirements regarding the acceptance and admissibility of digital evidence, e.g., Daubert or Frye in the US. There is also increasing expectation that digital forensics labs are accredited to ISO 17025 or the US equivalent ASCLD-Lab International requirements. On the one hand, these standards cover general requirements and are not geared specifically towards digital forensics. On the other hand, digital forensics labs are mostly left with costly piece-meal efforts in order to try and address such pressing legal and regulatory requirements. In this paper, we address these issues by proposing DF-C²M², a capability maturity model that enables organisations to evaluate the maturity of their digital forensics capabilities and identify roadmaps for improving it in accordance with business or regulatory requirements. The model has been developed through consultations and interviews with digital forensics experts. The model has been evaluated by using it to assess the digital forensics capability maturity of a lab in a law enforcement agency.