A Framework for Digital Forensics and Investigations: The Goal-Driven Approach

Digital forensics investigations are an important task for collecting evidence based on the artifacts left in computer systems for computer related crimes. The requirements of such investigations are often a neglected aspect in most of the existing models of digital investigations. Therefore, a formal and systematic approach is needed to provide a framework for modeling and reasoning about the requirements of digital investigations. In addition, anti-forensics situations make the forensic investigation process challenging by contaminating any stage of the investigation process, its requirements, or by destroying the evidence. Therefore, successful forensic investigations require understanding the possible anti-forensic issues during the investigation. In this paper, the authors present a new method for guiding digital forensics investigations considering the antiforensics based on goal-driven requirements engineering methodologies, in particular KAOS. Methodologies like KAOS facilitate modeling and reasoning about goals, requirements and obstacles, as well as their operationalization and responsibility assignments. The authors believe that this new method will lead in the future to better management and organization of the various steps of forensics investigations in cyberspace as well as provide more robust grounds for reasoning about forensic evidence. A Framework for Digital Forensics and Investigations: The Goal-Driven Approach