5W1H-based Expression for the Effective Sharing of Information in Digital Forensic Investigations

by   Jaehyeok Han, et al.

Digital forensic investigation is used in various areas related to digital devices including the cyber crime. This is an investigative process using many techniques, which have implemented as tools. The types of files covered by the digital forensic investigation are wide and varied, however, there is no way to express the results into a standardized format. The standardization are different by types of device, file system, or application. Different outputs make it time-consuming and difficult to share information and to implement integration. In addition, it could weaken cyber security. Thus, it is important to define normalization and to present data in the same format. In this paper, a 5W1H-based expression for information sharing for effective digital forensic investigation is proposed to analyze digital forensic information using six questions–what, who, where, when, why and how. Based on the 5W1H-based expression, digital information from different types of files is converted and represented in the same format of outputs. As the 5W1H is the basic writing principle, application of the 5W1H-based expression on the case studies shows that this expression enhances clarity and correctness for information sharing. Furthermore, in the case of security incidents, this expression has an advantage in being compatible with STIX.


page 1

page 2

page 3

page 4


Forensic Analysis of Residual Information in Adobe PDF Files

In recent years, as electronic files include personal records and busine...

Forensic Considerations for the High Efficiency Image File Format (HEIF)

The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as t...

Methodology for the Automated Metadata-Based Classification of Incriminating Digital Forensic Artefacts

The ever increasing volume of data in digital forensic investigation is ...

Parsing Data Formats of the Inputs and Outputs of Geographic Models with Code Analysis

Model web services provide an approach for implementing and facilitating...

Automated Artefact Relevancy Determination from Artefact Metadata and Associated Timeline Events

Case-hindering, multi-year digital forensic evidence backlogs have becom...

The ubiquitous digital file: A review of file management research

Computer users spend time every day interacting with digital files and f...

Please sign up or login with your details

Forgot password? Click here to reset