Abstract Digital forensic model which is abbreviated as ADFM is a tool for digital forensic investigation. This model provides a clear and structured and structured way to proceed with particular evidence. It contains 9 phases which are Identification, Preservation, Collection, Examination, Analysis, Reconstruction, Documentation, Presentation, and Returning Evidence. Because of these phases, investigators can increase the likelihood of successfully identifying and prosecuting crimes.
Pre-requisites: Introduction to Computer Forensics
Phases of Abstract Digital Forensic Model
- Identification– In this phase Identification of evidence takes place. Here evidence can be a computer, server, mobile, cloud service, etc.
- Preservation– Maintenance of integrity and security of evidence is performed in this phase.
- Collection– Recording the evidence and making a duplicate copy of the main evidence.
- Examination– Identification of relevant information and finding more related hints from this information.
- Analysis– Linking of data and recovering and identifying the damaged and deleted files.
- Reconstruction– In this phase, a model of the evidence or a situation when the evidence was found is constructed.
- Documentation– The result or the information found from the above phases is combined together in a form of a document which helps in legal proceedings.
- Presentation– The investigator plays the role of a presenter and provides graphs, reports, and visual aids for the further investigation process.
-
Returning evidence– After a complete examination, the evidence which is used for investigation is returned to the original owner of the evidence.
Drawbacks of ADFM
- It is not flexible enough to modify it according to the situation.
- The result produced from the model is difficult to understand.
- It has a very limited scope.
- It is dependent on technology, if technology fails model may not be able to complete tasks.
- Difficult to maintain and ensure the consistency of investigation as it lacks standardizations.