Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the Investigation of Digital Crimes

ORCID Identifiers

0000-0003-1332-9115

Document Type

Article

Source of Publication

Digital Investigation

Publication Date

3-1-2019

Abstract

© 2018 Elsevier Ltd The state-of-the-art and practice show an increased recognition, but limited adoption, of Behavioural Evidence Analysis (BEA) within the Digital Forensics (DF) investigation process. Yet, there is currently no BEA-driven process model and guidelines for DF investigators to follow in order to take advantage of such an approach. This paper proposes the Behavioural Digital Forensics Model to fill this gap. It takes a multidisciplinary approach which incorporates BEA into in-lab investigation of seized devices related to interpersonal cases (i.e., digital crimes involving human interactions between offender(s) and victim(s)). The model was designed based on the application of traditional BEA phases to 35 real cases, and evaluated using 5 real digital crime cases - all from Dubai Police archive. This paper, however, provides details of only one case from this evaluation pool. Compared to the outcome of these cases using a traditional DF investigation process, the new model showed a number of benefits. It allowed a more effective focusing of the investigation, and provided logical directions for identifying the location of further relevant evidence. It also enabled a better understanding and interpretation of victim/offender behaviours (e.g., probable offenders’ motivations and modus operandi), which facilitated a more in depth understanding of the dynamics of the specific crime. Finally, in some cases, it enabled the identification of suspect's collaborators, something which was not identified via the traditional investigative process.

ISSN

1742-2876

Publisher

Elsevier Ltd

Volume

28

First Page

70

Last Page

82

Disciplines

Computer Sciences

Keywords

Behavioural digital forensics model, Behavioural Evidence Analysis, Digital evidence interpretation, Digital forensics investigation, Reconstruction of digital crime

Scopus ID

85060907760

Indexed in Scopus

yes

Open Access

yes

Open Access Type

Green: A manuscript of this publication is openly available in a repository

Share

COinS