Full Text

Abstract: Digital forensics has emerged as a discipline that plays a very critical role in both civil and criminal cases. However, due to the evolution in digital technologies, the recovery and investigation of evidence found in digital devices, often in relation to digital crimes, is increasingly becoming sophisticated. Digital forensic investigators, unluckily, can only work with existing digital forensic investigation tools to locate, gather, analyse and reconstruct data from computer systems, networks, wireless communications and other digital devices. Unfortunately, most of the existing digital forensic investigation tools consist of dissimilar elements or parts and are consequently unable to work together harmoniously. The ability to chronologically interrelate uniquely identified digital forensic evidence data from a crime scene with tools that are unable to work together harmoniously makes digital evidence traceability a challenge to quite a number of investigators. The aim of this paper, therefore, is to propose a generic framework for digital evidence traceability. Such a framework is meant to assist or guide digital forensic investigators, law enforcement agencies and other digital forensic practitioners in identifying, tracking or even verifying the source and history, including the application of specific digital evidence data captured during an investigation process. In the authors' opinion, employing such a framework in digital forensics can help investigators to save time as well as simplify the digital evidence traceability process.

Keywords: digital forensics, generic framework, digital evidence, traceability