The Advanced Data Acquisition Model (Adam): A Process Model for Digital Forensic Practice

Adams, Richard; Hobbs, Valerie; Mann, Graham

doi:10.15394/jdfsl.2013.1154

Cited by 36 publications

(73 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There are many to choose from, each comprise the same main stages (secure, analyse, present), but with differing attention focusing on different stages. For example, the Advanced Data Acquisition Model (ADAM) methodology [10] allocates considerable time for pre-planning and pre-investigative stages, whereas CFSAP (Computer Forensics -Secure, Analyse, Present) comprises the four key elements of computer forensics (identification, preservation, analysis and presentation) into three steps to follow: Secure (Identify sources of digital evidence, Preserve digital evidence), Analyse (Forensic analysis of digital evidence: extract, process, interpret), Present (Presentation of digital evidence, expert opinion and testimony) [11].…”

Section: A Forensic Methodsologiesmentioning

confidence: 99%

Iot Forensics: Challenges for the Ioa Era

MacDermott

Baker

Shi

2018

2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

View full text Add to dashboard Cite

Abstract-Challenges for IoT-based forensic investigations include the increasing amount of objects of forensic interest, relevance of identified and collected devices, blurry network boundaries, and edgeless networks. As we look ahead to a world of expanding ubiquitous computing, the challenge of forensic processes such as data acquisition (logical and physical) and extraction and analysis of data grows in this space. Containing an IoT breach is increasingly challenging -evidence is no longer restricted to a PC or mobile device, but can be found in vehicles, RFID cards, and smart devices. Through the combination of cloud-native forensics with client-side forensics (forensics for companion devices), we can study and develop the connection to support practical digital investigations and tackle emerging challenges in digital forensics. With the IoT bringing investigative complexity, this enhances challenges for the Internet of Anything (IoA) era. IoA brings anything and everything "online" in a connectedness that generates an explosion of connected devices, from fridges, cars and drones, to smart swarms, smart grids and intelligent buildings. Research to identify methods for performing IoT-based digital forensic analysis is essential. The long-term goal is the development of digital forensic standards that can be used as part of overall IoT and IoA security and aid IoT-based investigations.

show abstract

Section: A Forensic Methodsologiesmentioning

confidence: 99%

Iot Forensics: Challenges for the Ioa Era

MacDermott

Baker

Shi

2018

2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

View full text Add to dashboard Cite

show abstract

“…The idea of assessing the existing DFIPMs against the Daubert Test was originally devised by Adams [23]. To assess the existing DFIPMs in this paper, this test has been selected based on the fact that it is commonly-referenced criteria to judge the reliability of scientific evidence by many courts [2], [14] and [24].The Daubert Test is currently utilised in the federal courts and some states courts in the United States. It replaced the Frye standard in the federal courts.…”

Section: Methodsologymentioning

confidence: 99%

“…In the United States, the admission in a federal court of scientific evidence (including digital evidence) is governed by the Federal Rules of Evidence (FRE) [25,26]. Across the U.S. federal courts, judges employ the Daubert Test [27] in order to determine the admissibility of digital evidence as well as any other types of scientific and technical evidence [23], [28,29,30]. Courts make an initial assessment of whether an expert's scientific testimony is based on reasoning or methodology which is scientifically valid and can properly be applied to the facts [31].…”

Section: Methodsologymentioning

confidence: 99%

“…Therefore, to assess each existing model against the Daubert Test five-point requirement, each model will be given a score out of "5" on the basis of how many of the five requirements have been achieved. The idea of score-based assessment was originally created by Adams [23]. Applying the Daubert Test to the existing DFIPMs can indicate how appropriate, or otherwise, the Daubert Test criteria are for assisting courts in judging the reliability of digital investigative process followed using a DFIPM.…”

Section: Methodsologymentioning

confidence: 99%

See 1 more Smart Citation

Review and Assessment of the Existing Digital Forensic Investigation Process Models

Montasari

2016

IJCA

View full text Add to dashboard Cite

This review paper assesses the existing body of knowledge associated with digital forensic investigation process models. To this end, eleven of the existing models are critically reviewed and evaluated against an assessment criteria, namely the Daubert Test, to determine which models have taken the most scientific approach. This review and assessment reveal that the authors of these models have developed their models based on their own personal experience and on an ad-hoc basis. The critical review and assessment also reveal that there does not exist a comprehensive model encompassing the entire digital investigative process that is formal in that it synthesizes, harmonizes and extends the previous models, and that is generic in that it can be applied in the different fields of law enforcement, commerce and incident response.

show abstract

“…Ada beberapa metode yang ditawarkan antara lain dengan metode ADAM (The Advance Data Acquisitions Model). Metode ini dikembangkan dalam kerangka untuk mengatasi masalah reabilitas data yaitu bagaimana data digital evidence didapatkan dan hal ini akan menjadi perhatian khusus di persidangan namun sayangnya metode ADAM belum pernah dilakukan evaluasi secara independent [6].…”

unclassified

Penerapan Metode ADAM Pada Proses Investigasi Layanan Private Cloud Computing

Widiyasono

Riadi

Luthfi

2016

JEPIN

View full text Add to dashboard Cite

Abstrak-Layanan Private Cloud Computing memiliki potensi terjadinya penyalahgunaan yang dilakukan oleh internal di dalam perusahaan, sebagai contoh kasus yang yang terjadi di RSIA XYZ. Penyalahgunaan tersebut terjadi dikarenakan adanya kelemahan sistem yang digunakan ,ataupun sebab lain. Proses akuisisi data pada layanan cloud computing penanganannya tidaklah sama dikarenakan jenis dan karakteristik layanan cloud computing tersebut. Isu mengenai masalah realibilitas data atau bagaimana proses data digital evidence didapatkan, pada persidangan akan menjadi perhatian khusus bagi majelis hakim, sehingga untuk menangani masalah tersebut digunakanlah metode ADAM (The Advance Data Acquisition Model), sayangnya metode tersebut belum pernah dilakukan evaluasi secara independen. Penelitian ini menggunakan metode ADAM di dalam melakukan investigasi kasus pada layanan private cloud computing dan telah berhasil 100% menerapkannya, kemudian kontribusi pada penelitian ini telah menemukan penyebab potensi terjadinya penyalahgunaan layanan aplikasi owncloud tersebut. Private cloud dibangun untuk kebutuhan organisasi yang mencakup seluruh cloud infrastructure termasuk sumber daya hardware yang dimiliki organisasi tersebut. Community cloud adalah cloud yang digunakan secara bersama oleh organisasi yang memiliki jenis bisnis yang sama. Public Cloud adalah cloud yang dibangun dan digunakan oleh organisasi secara publik untuk kepentingan bisnisnya. Hybrid Cloud merupakan kombinasi dari private, community dan public cloud. Kata kunci-AkusisiLayanan cloud yang ditawarkan diantaranya adalah hosted desktop yang merupakan mesin virtual pada cloud. Layanan ini memiliki aplikasi dan data-data yang berada pada remote data center. Pemilik layanan ini dapat melakukan akses aplikasi dan data melalui computer desktop. Layanan hosted desktop ini dapat disalahgunakan untuk melakukan kejahatan cyber [2]. Penyalahgunaan layanan ini dapat terjadi juga dikarenakan adanya kelemahan (bugs) dari sisi keamanan sistem tersebut. Menurut NIST, tahapan pada cloud computing forensics adalah identification, collection, preservation, examination, interpretation and reporting of digital evidence.Penanganan kejahatan cyber tersebut diperlukan teknik akuisisi data, dimana teknik akusisi data dapat dilakukan secara live system ataupun write-block system [3]. Kedua teknik akuisisi data tersebut tidak hanya dilakukan pada layanan cloud computing, melainkan dapat dilakukan juga pada computer client, server, laptop atau notebook dan smartphone. Proses akusisi data secara live system maksudnya adalah proses untuk mendapatkan bukti digital dilakukan ketika sistem dalam keadaan hidup sedangkan write block system adalah proses akuisisi data yang dilakukan ketika sistem dalam keadaan mati misalnya proses akuisisi data pada harddisk.Proses akuisisi data pada layanan cloud computing tidak dapat diperlakukan sama dikarenakan karakteristik layanan tersebut tidak sama [4].Solusi yang diberikan pada masalah cloud forensics yaitu dengan memanfaatkan logging framework hal tersebut ...

show abstract

The Advanced Data Acquisition Model (Adam): A Process Model for Digital Forensic Practice

Cited by 36 publications

References 12 publications

Iot Forensics: Challenges for the Ioa Era

Iot Forensics: Challenges for the Ioa Era

Review and Assessment of the Existing Digital Forensic Investigation Process Models

Penerapan Metode ADAM Pada Proses Investigasi Layanan Private Cloud Computing

Contact Info

Product

Resources

About