Open In App

Abstract Digital Forensic Model

Last Updated : 16 Apr, 2023
Summarize
Comments
Improve
Suggest changes
Share
Like Article
Like
Report

Abstract Digital forensic model which is abbreviated as ADFM is a tool for digital forensic investigation. This model provides a clear and structured and structured way to proceed with particular evidence. It contains 9 phases which are Identification, Preservation, Collection, Examination, Analysis, Reconstruction, Documentation, Presentation, and Returning Evidence. Because of these phases, investigators can increase the likelihood of successfully identifying and prosecuting crimes.

Pre-requisites: Introduction to Computer Forensics

Phases of Abstract Digital Forensic Model 

  1. Identification- In this phase Identification of evidence takes place. Here evidence can be a computer, server, mobile, cloud service, etc.
  2. Preservation- Maintenance of integrity and security of evidence is performed in this phase.
  3. Collection- Recording the evidence and making a duplicate copy of the main evidence.
  4. Examination- Identification of relevant information and finding more related hints from this information.
  5. Analysis- Linking of data and recovering and identifying the damaged and deleted files.
  6. Reconstruction- In this phase, a model of the evidence or a situation when the evidence was found is constructed.
  7. Documentation- The result or the information found from the above phases is combined together in a form of a document which helps in legal proceedings.
  8. Presentation- The investigator plays the role of a presenter and provides graphs, reports, and visual aids for the further investigation process.
  9. Returning evidence- After a complete examination, the evidence which is used for investigation is returned to the original owner of the evidence.
     
Phases of Abstract Digital Forensic Model
 

Drawbacks of ADFM

  • It is not flexible enough to modify it according to the situation.
  • The result produced from the model is difficult to understand. 
  • It has a very limited scope.
  • It is dependent on technology, if technology fails model may not be able to complete tasks.
  • Difficult to maintain and ensure the consistency of investigation as it lacks standardizations.

Next Article
Abstract Digital Forensic Model

S
shravanimjagtap13
Improve
Article Tags :

Similar Reads

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox