Lessons Learned from Failed Digital Forensic Investigations
Salem Lotfi Boumediene & Salma Boumediene
Abstract
Digital evidence is the most critical component in digital forensics, and its admissibility in court is very challenging. Although it carries a legal connotation, digital evidence involves scientific concepts, techniques, and methods and requires advanced IT knowledge, skills, and legal expertise to ensure its admissibility. This study aims to identify common patterns and possible factors contributing to DF deficiencies leading to inadmissible evidence. To understand the causes of failures, we use the Swiss cheese model, known as the accident causation model, proposed by Reason (2000). Our findings show that the inadmissibility of the evidence is the consequence of adverse events caused by the combination of human, environmental, hardware/software, and legal factors. We conclude that understanding the different types of mishaps and identifying the active failures and latent conditions can help forensic practitioners navigate complex situations and adapt to changing environments to create a more robust and reliable digital forensic practice.
1 citation
Evidence weight
Balanced mode · F 0.40 / M 0.15 / V 0.05 / R 0.40
| F · citation impact | 0.16 × 0.4 = 0.06 |
| M · momentum | 0.53 × 0.15 = 0.08 |
| V · venue signal | 0.50 × 0.05 = 0.03 |
| R · text relevance † | 0.50 × 0.4 = 0.20 |
† Text relevance is estimated at 0.50 on the detail page — for your query’s actual relevance score, open this paper from a search result.