A Novel Principle to Validate Digital Forensic Models

Digital forensic models (DFMs) form the base for any digital investigation because they guide the investigators with necessary steps and procedures to be taken during the investigation. State-of-the-art DFMs assume that it is safe to proceed from one stage of the investigation to the next without taking into account the anti-forensic techniques that could be used to defeat the investigation process.However, the findings in the literature shows that common phases in the digital forensic process such as acquisition, examination, analysis, and reporting are affected by various anti- forensic (AF) methods.To fill this gap, we propose an abstract digital forensic framework and validate DFMs by factoring in AF techniques affecting various phases in a digital forensic process. This validation principle can be used to enhance state-of-the-art DFMs to enable principled detection and countering of AF techniques before being applied to a real-time investigation case.