StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

A Hierarchical, Objectives-Based Framework for the Digital Investigations Process - Research Paper Example

Cite this document
Summary
The paper "A Hierarchical, Objectives-Based Framework for the Digital Investigations Process" wanted to find out what kind of information is available to police officers in ferreting out and solving crimes, and how well or how poorly such available information is collected. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.9% of users find it useful
A Hierarchical, Objectives-Based Framework for the Digital Investigations Process
Read Text Preview

Extract of sample "A Hierarchical, Objectives-Based Framework for the Digital Investigations Process"

Research Empirical Studies Table of Contents PART 1a- s of Studies 3 Study Information, Apprehension, and Deterrence: Exploring the Limits of Police Productivity 3 Study 2- An Extended Model of Cybercrime Investigations 6 Study 3- Digital Investigation Models 8 Study 4- Procedure for Digital Investigation Based on Hardware Memory Procurement 10 Study 5- A Different Digital Investigations Process Framework 11 PART 1b - Critical Evaluations of Studies 13 PART 2- Literature Review 13 PART 3- Development of Research Question, Sketch of Study 14 References 15 PART 1a- Descriptions of Studies Study 1- Information, Apprehension, and Deterrence: Exploring the Limits of Police Productivity A. Research Problem: The study wanted to find out what kind of information is available to police officers in ferreting out and solving crimes, and how well or how poorly such available information is collected and made use of in such police activities. The goal is to find out the state of data collection and the state of data availability from all sources of data, as can be gleaned from a National Crime Panel study commissioned in 1973 (Skogan et al., 1979, pp. 217-241) B. Research Purpose To determine just how effectively data on crimes is being identified, collected and made use of to solve crimes, and just how well law enforcement can become if information and data on crimes are optimally gathered and utilized (Skogan et al., 1979, pp. 217-241). C. Design Type/Design Elements The sample data is taken from existing studies, in this case a study from the National Crime Panel that details the determination of available data from mapped an unmapped information sources in crime investigation settings. Such data is then factored into analyses of the effectiveness of law enforcement use of data and information to solve crimes. The thinking is that the more effective use of more information can lead to better law enforcement work as such work relates to crime investigations. The data analysis flows from this look into the availability of data and the degree of law enforcement use of such data (Skogan et al., 1979). D. Validity Threats, How Addressed The key threat to the validity of the research and its findings is that there is only one data source used, and that is a study that was done six years prior to the conduct of the research being described here. The reliance on one set of data limits the general applicability of research findings. This threat to validity is somehow addressed by the integrity of the institution that conducted that older study, and that the study was on a national scale, implying ample representation and ample population sizes (Skogan et al., 1979). E. Findings, Findings Implications Among the findings are that the status quo, where police leaned on data that they had at their disposal historically for particular crimes, yielded crime investigation outcomes that were far from ideal. On the other hand, the study also noted that there existed a larger amount of information from more sources, including bystanders and witnesses to crimes, than are being collected and used. The implication here is that with more rigorous ways of information collection, crime investigation outcomes would improve. The implications of the findings include that there needs to be a more rigorous attempt to gather data and to put up standard procedures for gathering more data in police work (Skogan et al., 1979). Study 2- An Extended Model of Cybercrime Investigations A. Research Problem: The paper posits a model for investigating cybercrimes that builds and improves on existing models, where the improvements center on certain aspects of cybercrime investigations that have somehow been missed or not properly included or factored into existing models. This is in effect also a research concerning finding out what the current models of cybercrime models are, what their strengths and shortcomings are, and how they can be improved (Ciardhouain, 2004). B. Research Purpose The purpose of the research is to determine what the existing models of cybercrime investigations are, and to map out their strengths and shortcomings as a preliminary to creating an extended model that incorporates the strengths and improves on the limitations and shortcomings of existing models (Ciardhouain, 2004). C. Design Type/Design Elements The sample population consists of literature on existing models for the modeling of cybercrimes, all of them reliant on certain data in order to work. The nature of the models and of modeling such crimes is such that it is reliant on good data, and therefore that the models are only as good as the data on which the models are applied. Here the operative analytical principle takes existing models as data inputs, and the resulting investigation focused on finding out where the models are strong and where the models are weak, by way of using the insights from such an investigation to come up with a new, expanded model that builds on top of those existing models and improves on them (Ciardhouain, 2004) D. Validity Threats, How Addressed The study noted that the existing models put under consideration had limitations in the areas that they covered, and those limitations are with regard to limits on the scope of the work. The scope is limited to focusing on the evidence as well as to the investigation of the crime scene. On the other hand, the proposed expanded model covers areas outside of these limitations. The question is with regard to the validity of those parts of the proposed model that fall outside of the scope of existing ones. The threat is with regard to those new aspects of the proposed model not having precedent in literature. This is not really addressed in the paper in a meaningful and convincing way, except prospectively, in terms of the results of applying the proposed model to future cases (Ciardhouain, 2004). E. Findings, Findings Implications The key findings relate to the shortcomings of existing models, and those shortcomings have to do with information flows not being properly tracked in the existing models, as well as existing models focusing somewhat narrowly on the investigation of the evidence An expanded model attempts to improve on these shortcomings, in terms of explicitly tracking the flow of information along the different steps of the model. The improvements are also along the lines of expanding the focus beyond just the gathering and analysis of the evidence, to include the crafting of hypotheses, the construction of proofs and the presentation of the results of the investigation. The implications are that investigative work for law enforcement has room to improve in many areas (Ciardhouain, 2004). Study 3- Digital Investigation Models A. Research Problem: The study looks at digital crime investigations and corporate investigations with a view towards proposing a model for investigating digital crimes that mimics investigation models for physical or brick and mortar crimes. The problem is with regard to mapping out what is known in physical investigations and applying the vast knowledge from thousands of years of practice to the emerging digital crimes literature (Carrier and Spafford, 2003). B. Research Purpose The purpose of the research is to be able to come up with a mapped model for undertaking digital crime investigations that leverages wisdom and knowledge from theory and practice in physical investigations (Carrier and Spafford, 2003). C. Design Type/Design Elements The methodology consists of poring through the literature on physical investigations and going through best practices models that have been in wide use for a long time. These include physical investigation models that have been outlined for the US Justice Department for use by its law enforcement arms, an abstract process that was prescribed by the US Air Force, and a so-called Incident Response Process Model, where the latter is focused on compromised systems. The method of analysis also includes the presentation of case studies. These are all leveraged to come up with a hybrid model for investigation that takes off from the physical investigation models for use in digital crime investigations (Carrier and Spafford, 2003) D. Validity Threats, How Addressed The evaluation of the effectiveness of the proposed model lacks rigor in terms of considering real-life case studies that show demonstrated proof of effectiveness of the proposed model. Therefore, there is some threat to the validity of the finding of the effectiveness of the proposed model, and the wisdom of using physical investigation models as basis for coming up with counterpart models for digital investigations. The fictional case studies do give some means to address the threats to validity, by demonstrating how the proposed model can work hypothetically (Carrier and Spafford, 2003). E. Findings, Findings Implications The findings are encapsulated in the proposed model for investigating digital crimes, which on inspection closely mirrors a standard model for physical investigation that was presented as a distillation of some of the best practices models discussed earlier in the study. The findings include that the proposed model benefits from making use of what has worked for a long time in the world of physical investigations, and that in a way the thinking that goes into physical investigations can be applied as a paradigm for investigating digital crimes. The implications of this findings are huge This means that the large body of wisdom, practice and literature on physical investigations can be brought to bear on investigations on crimes in emerging areas of human activities, such as cyberspace activities, where there has been little precedent in terms of the kinds of crimes that are investigated and the kinds of investigative models that have been put to use in order to solve such crimes (Carrier and Spafford, 2003). Study 4- Procedure for Digital Investigation Based on Hardware Memory Procurement A. Research Problem: Given the complex nature of some digital crimes, the existing methods of gathering evidence and investigating such crimes from the hard disks of computers may not be sufficient. This is because increasingly sophisticated hacks and intrusions all occur from volatile computer memory, and do not leave traces of their activities in the hard disks. The way to properly deal with such activities is to capture volatile memory while the intrusions are happening. This is easier said than done, because volatile memory is erased when computers are turned off. Is there a way to securely get access to data on volatile memory in computer systems, for use in digital crime investigations and forensic data investigations involving digital data? (Carrier and Grand, 2004, pp. 50-60). B. Research Purpose The purpose of the research is to expose the limitations of existing procedures and processes for investigating digital crimes, that rely solely on stored memory when it comes to gathering evidence and reconstructing the mode and method of the crimes. The corollary purpose of the research is to highlight the advantages of technology that allows investigators to capture the contents of volatile memory, while a digital crime is happening (Carrier and Spafford, 2003). C. Design Type/Design Elements The method of inquiry is the review of existing methods in the available literature, to find out what has been done in the past and what is being done in the field as far as gathering forensic evidence in digital/computer crimes are concerned. The mode of analysis is the survey of the technologies for gathering data from hard disks in computer systems, and advances in forensic data gathering for different operating systems and use scenarios. The technology to gather volatile memory is itself presented, alongside proof of effectiveness by way of sample data. The technology is proposed as a hardware dongle attached to a PCI slot, a computer peripheral that is not easily accessed by hackers and malicious code (Carrier and Grand, 2004, pp. 50-60). D. Validity Threats, How Addressed There is little real-world data to prove that the technology works, even though the validity threat is assuaged and addressed somehow by simulated runs and the resulting data dump that the hardware tool was able to gather of the volatile memory in the case of a hypothetical attack (Carrier and Grand, 2004, pp. 50-60). E. Findings, Findings Implications Where existing interventions have failed to capture volatile memory contents and therefore fail to properly investigate sophisticated crimes that reside solely there, the proposed technological intervention is in proof of concept mode able to do just that. This can plug a hole in existing procedures for investigating and solving computer crimes (Carrier and Grand, 2004, pp. 50-60). Study 5- A Different Digital Investigations Process Framework A. Research Problem The observation is that existing frameworks for digital investigations are sometimes too abstract, and leave out opportunities to apply more rigor and science to the process, as well as greater levels of detail in the investigative work. Is there merit in a different framework or model for doing digital investigations that plug these shortcomings of existing models, in such a way as to make the investigative work more scientific, more data-intensive, and more rigorous? (Beebe and Clark, 2005). B. Research Purpose The purpose of the research is to draw attention to the shortcomings of existing digital investigation models, and to propose a different framework that has multiple levels, has hierarchies, and allows for greater rigor and data-intensive, scientific analysis (Beebe and Clark, 2005). C. Design Type/Design Elements The study surveys the literature to discuss the shortcomings of existing models, and to propose a new model as discussed above. This new model is then utilized in two cases or scenarios, to show how the framework brings out the expected benefits of greater rigor and greater use of data on more levels of analysis (Beebe and Clark, 2005). D. Validity Threats, How Addressed Use cases and scenarios are hypothetical, and the threat to validity is that there is no demonstrated success in use in real life settings. This is offset and addressed by the rigor and realism of the case scenarios crafted (Carrier and Grand, 2004, pp. 50-60). E. Findings, Findings Implications The study exposes some real shortcomings in the existing abstract models for digital investigations. The new model on paper looks promising. The implications include that there is room for more data gathering and for the greater use of rigorous scientific and analytical models to achieve success in digital investigations (Beebe and Clark, 2005). PART 1b - Critical Evaluations of Studies The five studies are exhaustive and rigorous individually, and make a good case for information (Skogan et al., 1979), and the use of proper frameworks for undertaking digital investigations in order to do successful criminal investigative work (Beebe and Clark, 2005; Carrier and Grand, 2004; Carrier and Spafford, 2003; Ciardhouain, 2004) PART 2- Literature Review The first study considered highlighted even in 1979 the importance of information gathering and the adequacy of information in doing successful crime investigation work. Fast forward to the next four studies of more recent origin, and information remains a key focus in different discussions centering on methods, processes and frameworks for undertaking digital investigative work. The different studies considered highlight different aspects of the field, and the different considerations that go into investigating digital crimes. This area of law enforcement is exciting because it is a new field, and is fresh with possibilities. At the same time, the studies point to the need for digital investigative science to keep up with the advances in digital crime. What is known is that many areas of physical investigative work apply in digital investigations. Moreover, it is also known that some of the frameworks and models for doing investigative work in the digital realm, but there is need for improvement in many of the models, to make the work more scientific, rigorous, and data/information-intensive. Unknowns include just how well the proposed technological interventions and models work in real life, given that many of the presented cases are hypothetical (Beebe and Clark, 2005; Skogan et al., 1979; Carrier and Grand, 2004; Carrier and Spafford, 2003; Ciardhouain, 2004). PART 3- Development of Research Question, Sketch of Study Research Question: How well do technologies that capture volatile memory activity to gather forensic evidence in digital investigations actually work in real life? How well do these technologies help solve digital crimes and where can they be improved? (Carrier and Grand, 2004) Sketch of Study: The hardware proposed in Carrier and Grand (2004) is to be placed in a number of computer systems in different facilities that are the frequent target of outside hacks and attacks. The population can be 100, in order to cover a wide sample of the computer systems of the target organization. This is also to make sure that enough data is gathered over the duration of the study, which is proposed to be one year. Within that time period data shall be collected from the volatile memory of the target computers. The goal is to try and solve the crimes as they occur, by making use of the data captured from volatile memory, making use of the technology proposed (Carrier and Grand, 2004). The value of this research is clear. If the technology is proven to work, then this patches a hole in current digital investigation and law enforcement work, and limits the success of criminals making use of the loopholes in technologies to track volatile memory to perpetuate crimes (Carrier and Grand, 2004). References Beebe, N. L. (2005). A Hierarchical, Objectives-Based Framework for the Digital Investigations Process. Digital Investigations 2(2). Retrieved from http://faculty.business.utsa.edu/nbeebe/pubs/DIP%20Framework%20Journal%20Submission%20v4%20-%20FINAL%20JDI%20author%20copy.pdf Carrier, B. and Grand, J. (2004). A hardware-based memory acquisition procedure for digital investigations. Digital Investigation 1. Retrieved from http://grandideastudio.com/wp-content/uploads/tribble_paper.pdf Carrier, B. and Spafford, E.. (2003). Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.76.757&rep=rep1&type=pdf Ciardhouain, S. (2004). An Extended Model of Cybercrime Investigations. International Journal of Digital Evidence. Retrieved from https://utica.edu/academic/institutes/ecii/publications/articles/A0B70121-FD6C-3DBA-0EA5C3E93CC575FA.pdf Skogan, W. et al. (1979). Information, Apprehension, and Deterrence: Exploring the Limits of Police Productivity. Journal of Criminal Justice 7. Retrieved from http://skogan.org/files/Information_Apprehension_and_Deterrence.pdf Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(A Hierarchical, Objectives-Based Framework for the Digital Investigati Research Paper, n.d.)
A Hierarchical, Objectives-Based Framework for the Digital Investigati Research Paper. Retrieved from https://studentshare.org/law/1614937-research-empirical-studies
(A Hierarchical, Objectives-Based Framework for the Digital Investigati Research Paper)
A Hierarchical, Objectives-Based Framework for the Digital Investigati Research Paper. https://studentshare.org/law/1614937-research-empirical-studies.
“A Hierarchical, Objectives-Based Framework for the Digital Investigati Research Paper”, n.d. https://studentshare.org/law/1614937-research-empirical-studies.
  • Cited: 0 times

CHECK THESE SAMPLES OF A Hierarchical, Objectives-Based Framework for the Digital Investigations Process

Integrated Systems of Insuring Customer Objectives in Construction Industry

Achieving this balance requires the deliberate establishment of management structures to ensure the efficient delivery of client objectives through a process of knowledge management (Anumba et al.... Integrated Systems towards the insurance of Customer objectives in the Construction Industry In the field of construction, as well as any other highly technical institution or operation requiring an extensive hierarchical and organizational structure there exists a perennial problem of achieving objectives while satisfying clients or constituents....
13 Pages (3250 words) Literature review

Reports of Digital Investigations to Management

Reports to ManagementDigital Investigations Reports addressed to management are, quite possibly, the most important of all the digital forensic reports prepared by the organization.... tephenson (2003) similarly emphasizes the importance of the digital investigation reports submitted to management.... s indicated above, the composition of digital investigation reports is a complex and complicated process.... Certainly, digital forensics investigations are time-consuming and resource-consumptive but are integral to the continued securitization of an organization's data and the protection of both its customers and its market status....
4 Pages (1000 words) Essay

An investigation into why e-businesses fail

The аim of this reseаrch wаs to determine whether online businesses should be undertаking their own in-house mаrketing, or if they should be using professionаl mаrketing compаnies to аvoid business fаilure.... This will be аchieved by looking e-mаrketing or mаrketing… n аn online environment; undertаking reseаrch on fаiled аnd successful online businesses, аs well аs the fаctors thаt influence success in аn online business....
40 Pages (10000 words) Essay

Analysis of William Labov and Penelope Eckert

The paper "William Labov's Martha's Vineyard Study and Penelope Eckert's Jocks, Burnouts, and the High School Corporate Culture" investigates social class through two methods of sociolinguistic analysis.... While Labov's work is firmly rooted in experimental psychology and the scientific method, Eckert offers a more impressionistic social analysis....
9 Pages (2250 words) Literature review

Investigating Cold Cases

In the essay “Investigating Cold Cases” the author analyzes a criminal case that has not been cracked or deciphered yet, but at the same time, the investigation on it has also halted.... Such cases might resume in case the suspect is found performing weird or doubtful activities.... hellip; The author states that crimes go into the bucket of cold cases since the authorities have no proof against the criminal....
3 Pages (750 words) Essay

Criminal Investigations

In the past, low burglary clearance rate has… This has delayed many cases as the investigators fail to find convincing proof that a person was involved in a crime. Increasing the effectiveness of the police in investigations has been noted as a rule to improve the clearance rates Investigating Burglary Investigating Burglary The process of making follow up in a burglary case is becoming a concern to the police investigation department.... This is because the investigation process needs to identify the route used by the thief to access the building....
1 Pages (250 words) Essay

The process of investigating

“Volatools: Integrating Volatile Memory Forensics into the digital Investigation Process.... An ideal investigation process is comprehensive in a bid to figure out issues involved, thus leading to personal growth in a way of approaching issues.... Investigation being a systematic process, it ensures that there is no crucial part of the process that is left out.... First, the initial step in this Investigation process Introduction An ideal investigation process is comprehensive in a bid to figure out issues involved, thus leading to personal growth in a way of approaching issues....
2 Pages (500 words) Essay

Digital Telephony Investigation and Time Division Multiplexing

Show on each part that the data/signal is analog or digital Explain the functions of each device: how these devices process your voice and transmit to the receiving end.... … The paper “digital Telephony Investigation and Time Division Multiplexing” is an excellent variant of case study on engineering.... The paper “digital Telephony Investigation and Time Division Multiplexing” is an excellent variant of case study on engineering....
7 Pages (1750 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us