Open In App

Abstract Digital Forensic Model

Last Updated : 16 Apr, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Abstract Digital forensic model which is abbreviated as ADFM is a tool for digital forensic investigation. This model provides a clear and structured and structured way to proceed with particular evidence. It contains 9 phases which are Identification, Preservation, Collection, Examination, Analysis, Reconstruction, Documentation, Presentation, and Returning Evidence. Because of these phases, investigators can increase the likelihood of successfully identifying and prosecuting crimes.

Pre-requisites: Introduction to Computer Forensics

Phases of Abstract Digital Forensic Model 

  1. Identification– In this phase Identification of evidence takes place. Here evidence can be a computer, server, mobile, cloud service, etc.
  2. Preservation– Maintenance of integrity and security of evidence is performed in this phase.
  3. Collection– Recording the evidence and making a duplicate copy of the main evidence.
  4. Examination– Identification of relevant information and finding more related hints from this information.
  5. Analysis– Linking of data and recovering and identifying the damaged and deleted files.
  6. Reconstruction– In this phase, a model of the evidence or a situation when the evidence was found is constructed.
  7. Documentation– The result or the information found from the above phases is combined together in a form of a document which helps in legal proceedings.
  8. Presentation– The investigator plays the role of a presenter and provides graphs, reports, and visual aids for the further investigation process.
  9. Returning evidence– After a complete examination, the evidence which is used for investigation is returned to the original owner of the evidence.
     
Phases of Abstract Digital Forensic Model

 

Drawbacks of ADFM

  • It is not flexible enough to modify it according to the situation.
  • The result produced from the model is difficult to understand. 
  • It has a very limited scope.
  • It is dependent on technology, if technology fails model may not be able to complete tasks.
  • Difficult to maintain and ensure the consistency of investigation as it lacks standardizations.

Like Article
Suggest improvement
Previous
Rogue Antivirus
Next
MCB Full Form
Share your thoughts in the comments

Similar Reads

CAINE Forensic Environment
Windows Forensic Analysis
Digital Evidence Preservation - Digital Forensics
What is Digital Privacy & Online Safety?
Chain of Custody - Digital Forensics
Recovering Deleted Digital Evidence
Integrated Digital Investigation Process
Digital Evidence Collection in Cybersecurity
HASHDEEP: A Digital Forensics tool in kali linux
OSI Model Full Form in Computer Networking

S
shravanimjagtap13
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox