Forensic Computing Theory & Practice: Towards developing a methodology for a standardised approach to Computer misuse

The increasing risk and incidence of computer misuse has raised awareness in the public and private sectors of the need to develop defensive and offensive responses. There is now widespread recognition of the importance of specialised forensic computing investigation (FCI) teams able to operate across conventional boundaries of law enforcement and national defence. More specifically, recent research on Australian FCI teams has revealed the critical role of investigative skills alongside digital evidence acquisition and presentation competences. At the level of practice these investigative skills extend beyond a methodical approach, to include case management, critical thinking and sensitivity to the corroborative importance of non-digital evidence. This paper considers the implications of these practical insights for forensic computing theory and presents a matrix for classifying behaviours and types of computer misuse. It also examines the European CTOSE methodology and reflects on how it is re-contextualised by these insights derived from FCI practice. It is anticipated that this paper will contribute towards the development of a standardised and comprehensive forensic approach to computer misuse.