I just received in the mail an author’s advance copy of Eoghan Casey’s "Digital Evidence and Computer Crime". Originally published in 2000, this update sees the book now in its third edition. Amongst a wide range of significant updates is a chapter Eoghan and I co-authored. The focus of the chapter is on methods of conducing digital investigations.
Identifying methods of reliably transitioning from investigative goals or claims to substantiated facts has been a significant preoccupation within the field over the last decade. Perspectives have ranged across extremes: from those that deny such methods exist (“it’s an art”) to those that attempt to characterise method as a system or recipe (“it’s a process”). Only in recent years have clear inroads been made into the relationship between digital forensics and the scientific method in general.
The chapter begins with a comparison of a wide range of perspectives on digital investigation methodologies, and follows with practical guidance on applying the scientific method as a methodology for each step of a digital investigation. The chapter concludes with an investigative scenario demonstrating how the scientific method may be applied in the context of an actual case.