You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
A rigorous, repeatable methodology is the backbone of any digital forensic investigation. Without a structured process, evidence may be missed, contaminated, or rendered inadmissible in court. This lesson covers the standard forensic frameworks, the phases of an investigation, and best practices for documentation.
Several organisations have published forensic process models:
| Framework | Publisher | Key Contribution |
|---|---|---|
| NIST SP 800-86 | National Institute of Standards and Technology | Four-phase model: Collection, Examination, Analysis, Reporting |
| DFRWS Investigative Model | Digital Forensic Research Workshop | Seven-phase model including Identification and Presentation |
| ISO/IEC 27037 | International Organisation for Standardisation | Guidelines for identification, collection, acquisition, and preservation of digital evidence |
| ACPO Good Practice Guide | Association of Chief Police Officers (UK) | Four principles for computer-based electronic evidence |
| RFC 3227 | IETF | Guidelines for evidence collection and archiving, emphasising volatility order |
The most widely referenced model is from NIST SP 800-86:
Collection ──▶ Examination ──▶ Analysis ──▶ Reporting
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.