1. DIGITAL FORENSICS :
PRINCIPLES AND
PROCEDURES
S1 Teknologi Informasi
UNIVERSITAS TEKNOKRAT INDONESIA
Maret 2022
Bandarlampung
By : Jupriyadi
2. OUTLINE
Reference in acting correctly and
procedurally in carrying out
investigation of computer crime
01 03
Basic Principles of Digital Forensic
02 04
Digital Forensics Classification
Skill Required and Challenges Faced By
Digital Forensic
3. Reference in acting correctly and
procedurally in carrying out
investigation of computer crime
4. Digital Forensic Investigation Guidelines
Good Practice Guide for Computer-Based Electronic
Evidence -> ACPO (Association of Chief Police Officers)
Forensic Examination of Digital Evidence: Guide for Law
Enforcement -> National Institute of Justice
Electronic Crime Scene Investigation: A Guide for First
Responders -> National Institute of Justice
Global Guidelines For Digital Forensics Laboratories ->
Interpol
.....
5. Basic Principles of Digital Forensic (ACPO, p4)
1. No action taken by law enforcement agencies or their agents should
change data held on a computer or storage media which may
subsequently be relied upon in court.
2. In circumstances where a person finds it necessary to access original data
held on a computer or on storage media, that person must be competent to
do so and be able to give evidence explaining the relevance and the
implications of their actions.
3. An audit trail or other record of all processes applied to computer-based
electronic evidence should be created and preserved. An independent third
party should be able to examine those processes and achieve the same
result.
4. The person in charge of the investigation (the case officer) has overall
responsibility for ensuring that the law and these principles are adhered to.
6. Digital Forensics Classification
• Computer Forensics
• Mobile Forensics
• Audio Forensics
• Video Forensics
• Image Forensics
• Cyber Forensics
Source : Muhammad Nuh Al Azhar
Digital Forensic : Practical Guidelines for Computer Investigation
Other :
• Network Forensics
• Database Forensics
• Wireless Forensics
• Malware Forensics
• Mobile Phone Forensics
• Memory Forensics
9. IDENTIFICATION
The first step in the forensic process:
What evidence is present
Where it is stored and
How it is stored
Electronic stores can be:
Person computers
Mobile phones
PDAs
Smart cards
Key parameters in identification
Type of information
Format
10. PRESERVATION
Isolate, secure and preserve the state of physical and digital
evidence
This includes preventing people from using the digital device or
allowing other electromagnetic devices to be used within an
affected radius
11. ANALYSIS
Determine significance, reconstruct fragments of data and draw
conclusions based on evicence found
It may take several iterations of examination and analysis to
support a crime theory
12. DOCUMENTATION
A record of all visible data must be created, which helps in
recreating the scene and reviewing it any time
Involves proper documentation of the crime scene along with
photographing, sketching and crime-scene mapping
13. PRESENTATION
Summarize and provide explanation of conclusions
This should be written in a layperson’s terms using abstracted
terminologies
All abstracted terminologies should reference the specific
details