P2DF: A Privacy-Preserving Digital Forensics Framework

P2DF: A Privacy-Preserving Digital Forensics Framework

Muhammad Abulaish, Nur Al Hasan Haldar, Jahiruddin Jahiruddin
Copyright: © 2021 |Pages: 15
DOI: 10.4018/IJDCF.288547
Article PDF Download
Open access articles are freely available for download


The extensive use of digital devices by individuals generates a significant amount of private data which creates challenges for investigation agencies to protect suspects' privacy. Existing digital forensics models illustrate the steps and actions to be followed during an investigation, but most of them are inadequate to investigate a crime with all the processes in an integrated manner and do not protect suspect's privacy. In this paper, we propose the development of a privacy-preserving digital forensics (P2DF) framework, which facilitates investigation through maintaining confidentiality of the suspects through various privacy standards and policies. It includes an access control mechanism which allows only authorized investigators to access private data and identified digital evidences. It is also equipped with a digital evidence preservation mechanism which could be helpful for the court of law to ensure the authenticity, confidentiality, and reliability of the evidences, and to verify whether privacy of the suspect was preserved during the investigation process.
Article Preview

1. Introduction

The advancements in information and communication technologies have enormously impacted the information storage and sharing approaches in the current digital world. It provides a simple and cost-effective way of storing, transmitting, and sharing of digital data. Though digital technologies have enhanced the life of an ordinary person, they provide equal opportunities to the anti-social elements to use such technologies for many fraudulent activities. Nowadays, cybercriminals find digital technologies and tools to be most convenient and comfortable way for conducting cybercrimes. As a counter-measure, researchers have proposed various tools and techniques to recover digital data from deleted files, browsing history, cache entries, cookies, and registry in an automated manner to control cybercrimes and speed up the investigation process (Al-Rowaily et al., 2015; Yasin & Abulaish, 2013). A detailed discussion and comparative analysis of various digital forensics frameworks and tools can be found in (Abulaish & Haldar, 2018). Such tools and techniques play an important role and they can be used to analyze digital data and collect digital evidences to serve different spectrum of legal and industry purposes (Hibshi et al., 2011). However, usability and performance consistency are still critical issues, as misunderstanding of manuals and technical advancements may lead to false interpretations in the real-life cases. Moreover, a very few researchers in the area of digital forensics works toward the automation of the investigation process to minimize human effort and investigation time (Gupta, 2013).

Digital forensics is a promising research field, which aims to apply scientific techniques and tools to investigate digital devices of the crime suspects. It uses a number of valid and systematic processes to acquire and validate the digital evidences extracted from the crime-related digital devices. The objective of the digital forensics is to understand and reliably correlate the sequence of crime events supported by the data available in associated digital devices. In 2001, a digital forensic research workshop was initiated to provide a knowledge sharing platform where experts from academia and industries could share their knowledge and experiences related to the digital forensics science. In this venue, Palmer (2001) compiled the definition of digital forensics as “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations”. This is one of the highly popular and accepted definitions in the digital forensics research community. However, Willassen & Mjølsnes (2005) broadened this definition to suit more in the scope of digital forensics by excluding the specific terms such as “criminal events”, “unauthorized actions”, etc. This definition includes various definitions of digital forensics and also includes the commercial investigation forensics analysis (Kohn et al., 2013).

The primary target of digital forensics is to identify crime-related evidences such that an event can be reconstructed. It pursues a proper investigation process to relate digital evidences to establish legal information for judicial process and inspection. Such investigation process follows a number of steps to carry out an appropriate investigation practice. Some of the necessary steps are identification, preparation, collection, analysis, and presentation of findings. Most of the forensic investigation approaches differ in the process of data collection methods. Some methods acquire the full image of a digital device, whereas other extract selective data files in accordance with some practical guidelines (Williams, 2012). Though the investigation phases are almost similar in most of the famous process models, the investigation approaches may differ in some cases. Such disparity may occur due to the varieties in digital devices (mobile forensics, computer forensics, etc.), policies (organizational rules, country-based policies, etc.), and associated data types (email data, image, text, etc.).

Complete Article List

Search this Journal:
Volume 16: 1 Issue (2024)
Volume 15: 1 Issue (2023)
Volume 14: 3 Issues (2022)
Volume 13: 6 Issues (2021)
Volume 12: 4 Issues (2020)
Volume 11: 4 Issues (2019)
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing