Home > Research > Publications & Outputs > DF-C²M²

Electronic data

  • 2016AlHanaeephd

    Final published version, 6.64 MB, PDF document

    Available under license: CC BY-ND: Creative Commons Attribution-NoDerivatives 4.0 International License

View graph of relations

DF-C²M²: a comprehensive capability maturity model for digital forensics organisations

Research output: ThesisDoctoral Thesis

Published
  • Ebrahim Hamad Salem Sulaiman Al Hanaee
Close
Publication date2016
Number of pages391
QualificationPhD
Awarding Institution
Supervisors/Advisors
Publisher
  • Lancaster University
<mark>Original language</mark>English

Abstract

The field of digital forensics has grown from an obscure area of interest amongst computer enthusiasts to become an emerging forensic scientific discipline of great significance in criminal investigations and civil litigations across the globe. The majority of digital forensic laboratories today are faced with ever-increasing legal and regulatory demands to meet internationally accepted rules regarding the admissibility of digital evidence, as well as being faced with various pending regulatory mandates requiring international accreditation of digital forensic facilities. These two major requirements, coupled with ever-increasing case backlogs and limited resources, have left many digital forensic labs to confront what initially seems to be an ‘insurmountable challenge’ to manage their caseloads, implement new regulatory requirements, and still find ways to improve overall efficiency and effectiveness.
Based on the Capability Maturity Model (CMM) paradigms, the Digital Forensics - Comprehensive Capability Maturity Model (DF-C²M²) was born out of the findings of this research and the scientific gap that exists in the current digital forensics standards, best practices, frameworks, and models. This model has been developed through consultations and interviews with digital forensics experts.

The DF-C²M² enables the measurement of maturity along three key organisational dimensions: people, processes, and tools, while enabling such an assessment to be tailored to a particular type of organisation, e.g., law enforcement or non-law enforcement. The inclusion of capability maturity across multiple key domains is designed to provide a more comprehensive capability maturity assessment of an organisation – across its three inter-dependants ‘influencer’ domains, when compared with other capability maturity models that focus on only specific domains such as processes, or on a sub-element of a domain.
The model has been tested and evaluated as a management support and Capability Maturity Assessment system within two labs. One of the labs is an ISO 17025 accredited digital forensic lab within a law enforcement agency, while the other one is a non-accredited lab within an academic institute.
The model will also serve as a stepping stone towards a timelier, more effective, and more efficient means of developing and implementing digital forensic standards and best practices moving forward.

In summary, the DF-C²M² was designed to address the cited challenges by creating a modular management decision support framework to enable labs to better manage and achieve their objectives through a system of assessments and planning tools all geared towards measuring compliance and Capability Maturity across multiple domains.