Resolving Semantic Disparities in Digital Forensics

Abstract

Digital forensics is a growing field that is gaining popularity among many computer professionals, law enforcement agencies, investigators and other digital forensic practitioners. For this reason, several investigation process models have been developed to offer direction on how to recognize and preserve potential digital evidence obtained from a crime scene. However, the vast number of existing models and frameworks has added to the complexity of the digital forensic field. This situation has further created an environment replete with semantic disparities in the domain, which need to be resolved. Note that the term ‘semantic disparities’ is used in this thesis to refer to disagreements about the interpretation, description and representation of the same or related digital forensic data or information and terminologies. In a world where digital technology keeps changing and the evolution of the digital forensic domain continues, it would be appropriate to develop and standardise dynamic and practical methods that can help to resolve many of the present and future disparities bound to occur in digital forensics. Such methods will further aid in creating uniformity in the interpretation, description and representation of the same or related digital forensic data or information. The interpretation, description and representation of digital forensic data or information are important, especially during the digital forensic investigation process, in order to conform to the uniformity of investigative terminologies so that misunderstandings between investigators and other parties, e.g. judges, does not happen. In this research study, therefore, the researcher employs a pragmatic approach to research and proposes a sematic reconciliation model for resolving semantic disparities in digital forensics. The study is conducted in two phases where the first phase involves investigating the various challenges that digital forensics have faced to date – in a bid to demonstrate the semantic disparities that exist in digital forensics. In the second phase, a model coined as the Digital Forensic Semantic Reconciliation (DFSR) model is presented in an attempt to provide directions in resolving the semantic disparities that occur in the digital forensic domain. The researcher also demonstrates in this study a prototype implementation of the DFSR model called the DFSR prototype. Finally, to assess the efficiency of the DFSR prototype, several experiments are conducted and the results discussed. All the experiments conducted to test the feasibility and implementations of the proposed DFSR model in this study have delivered remarkable results. Therefore, the proposed DFSR model in this study can be used as an initial guide towards resolving semantic disparities in digital forensics. The proposed DFSR model, for example, can also be helpful in facilitating the harmonisation and/or uniformity in the interpretation, description and representation of the same or related digital forensic data or information within the field of digital forensics.