DOI: http://dx.doi.org/10.26483/ijarcs.v8i7.4218 Volume 8, No. 7, July – August 2017 International Journal of Advanced Research in Computer Science RESEARCH PAPER Available Online at www.ijarcs.info © 2015-19, IJARCS All Rights Reserved 310 ISSN No. 0976-5697 ISSN No. 0976-5697 A PROPOSED STRUCTURED DIGITAL INVESTIGATION AND DOCUMENTATION MODEL (DIDM) Arfiya S Siddique, M AfsharAlam, Osama Chaudhary Department of CSE Jamia Hamdard,New Delhi, India Abstract: Digital Forensic investigation is the step wise process based on scientifically proven methods. Many advancements are taking place in this area also in the past researchers have developed some working model of investigation. However, with change in technology the models are turning obsolete. In this research we defined digital forensics, nature of evidence. The features of exiting models have been summarized. A possible structured investigation model has been proposed with refinement at each stage. To support the findings sample checklist and forms has been drafted. The sample are adaptable and can be modified. The improvisation has been added upon the review by theprofessional cyber forensic investigator. Keywords:Digital Forensics, Investigation, Models, Evidence, Checklist, Evidence Seizure Form, DIDM 1.INTRODUCTION The majority of organization relies deeply on digital devices and the internet to operate and improve their business, and these businesses depend on the digital devices to process, store and recover data. A large amount of information is produced, accumulated, and distributed via electronic means. [1] According to a report by Digital Strategy Consulting, India, the main changes in internet access have happened in the last five years and the internet has become an essential part of office life, and plays a key role in many homes in India. The massive Indian market is changing fast. Internet access is mainstreaming among professionals and the use of mobile is intensifying. The pace of change continues to be rapid with digital channels constantly growing in volume and strength. [2] India is the third biggest country in terms of internet users in the world, with a highly social and mobile audience. It's estimated as many as 121 million Indians are logged onto the internet. This research focuses on studying the different existing model and map out the consistent approach to digital forensic investigation which is effective and approachable. The research aims to design the possible format and bring about the changes in existing forms. We have also mentioned the cost associated with latest cyber breach over the past two years. The highlight of the research is the proposed model, The Digital Investigation and Documentation Model(DIDM). 2.LITERATURE REVIEW Evidence Investigation guide, clearly states that digital forensic is the utilization of scientifically proven method in order to carry out investigation at electronic crime scene. Identification, preservation, collection, validation, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. A lot has been adopted from physical forensics into digital forensics, specific software has been created to carry out investigation result and inclusive knowledge is received by digital forensic specialist to fight digital crimes. [3][4] 2.1 Digital Evidence Digital evidence is the information and data which is of value in and investigation involving digital devices which needs to be preserved. This evidence is procured when information or electronic gadgets are seized and secured for examination. An evidence can be secured from any criminal act related to the use of digital devices any crime scene including destruction of intellectual property, scam or even kidnapping. Any data which provide information about the crime scene and can provide significant link is an evidence and if the information is procured from an electronic source it’s a digital evidence. [6] 2.2 Digital evidence Digital evidence is fragile in nature. Information contained in it can be easily modified, destroyed or may get damaged. Care should be taken while dealing digital evidence. It can be easily copied, altered so after securing evidence. Evidence needs to stored cautiously. Digital evidence can be compared to Deoxyribonucleic Acid(DNA) or finger print evidence as information could be stored anywhere in that piece of device. You cannot predict the content from physical appearance. [3][4] 2.3 The DFRWS MODEL The Digital Forensic Research Workshops was held to provide a forum for newly formed community of academics and practitioners to share their knowledge of forensic. The DFRW model agreed for the following processes such as identification, preservation, collection, examination, analysis, presentation and decision, but the DFRWS model was just a basis for future work. [5]