Discussion

From the preceding sections, it demonstrates that various methodologies were developed over time to assist digital forensic investigations. The majority of these methodologies were devised to overcome limitations within the existing methods of the time and to expand the horizon of digital forensics.

Since examination and analysis are the core aspects of any digital forensic investigation, they were the main discussion focus of this chapter. As emphasised during the individual analysis of the various methodologies above, it is also apparent that this does not mean neglecting other important aspects such as data acquisition and so on. Some of the major points which arise out of the research completed in this chapter include the following:

Automation: it has been noted that due to several factors, especially rising computer assisted

crime rates and increasing volumes of data which require sifting through by digital forensic examiners, automation is acquiring the status of a necessity rather than a luxury for the examiners. Yet there are issues of thorough automation techniques which actually tend to at least partially replace the human factor. The current efforts at automation have been few and far between, and there is certainly a lack of proper tools which could be of high value to the examiners, helping them to focus more on the actual investigations rather than routine procedures and tasks.

41

Usability: any methodology, in spite of its level of advancement from the research or

academic viewpoint, should have practical implications for the digital forensic examiner at ground level. This will ensure that it actually helps personnel who deal with computer crime incidents on a day to day basis, and in a manner which is not too difficult to comprehend or implement. The usability factor is certainly one of the vital links which relates the research done in labs to the applications in the field.

Reliability and Acceptance: these two factors are very closely related, and normally a

methodology which is reliable will have better acceptability rates. Better adoption rates also ensure that standardising the procedures is easier which results in having a common framework globally, despite the boundaries of nation states. This is also an important requirement in scenarios relating to cyberspace, where boundaries do not exist at all.

Adaptation to evolving threats: it is critical that any methodology should have the ability to

adapt evolving threats; without having this factor in mind, the methodology could become exhausted very quickly if new threats appear. Apart from the early generic models (e.g. the DFRWS model and the Forensic Process model), majority of recent works claimed that their proposed methodology was designed to overcome limitations of existing methods (e.g. dealing with new threats) and offer new functionalities. This demonstrates that new proposal does take the adaptation to evolving threats into considerations to deal with the complex nature of the digital forensic investigation and fast evolution of threats within the IT domain. As a result, any novel methodology should consider potential new threats.

Amongst these areas, the usability, reliability, acceptance and adaptation to evolving threats are the basic requirements for any forensic methodologies; in other words, a new methodology or tool will not be accepted by the digital forensic domain if any of those four were missing. In comparison, the automation offers additional functionality that could be used to save investigator‟s time by speeding up the analysis process in a more accurate way; hence, the image data can be processed in a timely fashion. Also, as mentioned earlier, little research or work has been done on this topic. As a result, this result will focus upon the investigation on an automation method that can be used by forensic investigators to analyse a case image in an automatic manner.

42

3.4

Conclusion

It may be perceived that the digital forensic methodologies have been improving over time. These methodologies provide the framework on which digital forensic analysis rests.

It can be concluded from the above discussion that starting from very basic beginnings nearly three decades ago in 1984 until 2011, digital forensic methodologies have matured significantly, covering previously uncovered areas and trying to examine as much ground as possible. Indeed, the sequential study of the methodologies clearly indicates that there has been substantial progress with each subsequent methodology, building on the previous ones and adding something new to the already existing knowledge base. As a result, the methodologies have been improving from various aspects, adding to the reliability, usability and consequential acceptance within the digital forensic circles.

Within these methodologies, the examination and analysis process is mainly carried out by human investigators; such a process poses increasing challenges due to the large amount of data presented within forensic images. As a result, there is a strong need to develop automation tools which not only help to save forensic examiners‟ time but need to be also reliable and widely accepted. To this end, next Chapter will focus upon examining existing tools that are used for conducting digital forensic investigations, and to what extend the automation is utilised for the examination process.

43