Taxonomy for digital forensic evidence
Karie, Nickson M.
Kebande, Victor R.
Venter, H. S.
MetadataShow full item record
Modern society has increased its dependencies on digital systems and computer networks in almost every area of life today. Although this dependency is good it has opened a whole new world of possibilities for criminals to exploit. This has been seen in areas where criminals are able to use existing digital systems to share information and to reinforce their hacking techniques for nefarious purposes. As a result, major potential security risks, such as malicious insiders, data loss or leakage and policy violations have now invaded our digital world with worrying trends of digital and cyber-crimes. This, therefore, has made computer based information a primary source of digital evidence in many legal matters and digital investigations. The understanding of the different types of information generated by computer systems is thus an importance aspect of any digital forensic investigation process. For this reason, this paper reviews existing digital forensic research literature and highlights the different types of digital evidence that can potentially be admissible in our courts of law today. In conducting this research study, however, it was difficult for the authors to review all the existing research literature in the digital forensic domain; hence, sampling and randomization techniques were employed to facilitate the review of the gathered literature. The taxonomy classifies a large number of Digital Forensic Evidence (DFE) into a few well-defined and easily understood categories which can be useful, for example, the future developments of digital forensic tools. In addition, the taxonomy can also be helpful to practitioners, for example, in classifying the different types of DFE that can be admissible in courts. The main contribution of this research is, therefore, to propose a taxonomy for DFE that can assist digital forensic analysts and forensic practitioners to understand the different types of evidence with ease and their applicability in different legal matters.