ABSTRACT-Performing a digital forensic investigation (DFI) requires a standardized and formalizedprocess. There is currently neither an international standard nor does a global, harmonized DFI process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of processes, the scope, the hierarchical levels and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of processes proposed by the existing models, including those aimed at achieving digital forensic readiness. The authors introduce a novel class of processes called concurrent processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.Keywords: forensic science, digital forensics, digital evidence, investigation, process, model, harmonization, standardization 3 Digital forensics gained importance rapidly over the past number of years. Information security incidents are constantly on the rise and are becoming more and more versatile. The fact that societies depend heavily on information technology, contributes to the importance of digital forensics.Dealing with digital evidence requires a standardized and formalized process in order for digital evidence to be accepted in a court of law. For example, consider the Daubert rule (1), which is most prominently used in the USA for expert witness testimony in digital forensic investigation cases. The Daubert rule clearly states that theories and techniques used to draw conclusions in a case must result in positive answers to a number of questions, notably the question that asks whether the theories and techniques are subject to standards governing their application. Methods and process models for the digital forensic investigation process have been -more often than not-developed mostly by practitioners and digital forensic investigators based on personal experience and expertise, on an ad hoc bases, without the main aim to reach harmonization and standardization within in the field. In the past decade, there were also a number of academic research projects conducted in order to establish a digital forensic investigation process model. By the time of writing this paper, there currently exists no international standard formalizing the digital forensic investigation process. An effort to standardize the process has, however, started within the International Standardization Organization (ISO), by the authors (2). In their previous work, the authors proposed a comprehensive and harmonized digital forensic investigation process model (3,4).The model proposed in this paper represents further work in achieving comprehensiveness and harmonization. It is important to note that the proposed process model includes pro...
