Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the investigation of digital crimes

Al-Mutawa, Noora, Bryce, Joanne orcid iconORCID: 0000-0001-9144-2899, Franqueira, Virginia Nunes Leal, Marrington, Andrew and Read, Janet C orcid iconORCID: 0000-0002-7138-1643 (2019) Behavioural Digital Forensics Model: Embedding Behavioural Evidence Analysis into the investigation of digital crimes. Digital Investigation, 28 . pp. 70-82. ISSN 1742-2876

Full text not available from this repository.

Official URL: https://doi.org/10.1016/j.diin.2018.12.003

Abstract

The state-of-the-art and practice show an increased recognition, but limited adoption, of Behavioural Evidence Analysis (BEA) within the Digital Forensics (DF) investigation process. Yet, there is currently no BEA-driven process model and guidelines for DF investigators to follow in order to take advantage of such an approach. This paper proposes the Behavioural Digital Forensics Model to fill this gap. It takes a multidisciplinary approach which incorporates BEA into in-lab investigation of seized devices related to interpersonal cases (i.e., digital crimes involving human interactions between offender(s) and victim(s)). The model was designed based on the application of traditional BEA phases to 35 real cases, and evaluated using 5 real digital crime cases - all from Dubai Police archive. This paper, however, provides details of only one case from this evaluation pool. Compared to the outcome of these cases using a traditional DF investigation process, the new model showed a number of benefits. It allowed a more effective focusing of the investigation, and provided logical directions for identifying the location of further relevant evidence. It also enabled a better understanding and interpretation of victim/offender behaviours (e.g., probable offenders' motivations and modus operandi), which facilitated a more in depth understanding of the dynamics of the specific crime. Finally, in some cases, it enabled the identification of suspect's collaborators, something which was not identified via the traditional investigative process.


Repository Staff Only: item control page