Harmonised digital forensic investigation process model

Digital forensics gained significant importance over the past decade, due to the increase in the number of information security incidents over this time period, but also due to the fact that our society is becoming more dependent on information technology. Performing a digital forensic investigation requires a standardised and formalised process to be followed. There is currently no international standard formalising the digital forensic investigation process, nor does a harmonised digital forensic investigation process exist that is acceptable in this field. This paper proposes a harmonised digital forensic investigation process model. The proposed model is an iterative and multi-tier model. The authors introduce the term “parallel actions”, defined as the principles which should be translated into actions within the digital forensic investigation process (i.e. principle that evidence´s integrity must be preserved through the process and that chain of evidence must be preserved). The authors believe that the proposed model is comprehensive and that it harmonises existing state-of-the-art digital forensic investigation process models. Furthermore, we believe that the proposed model can lead to the standardisation of the digital forensic investigation process.