Title: Knowledge Management as a Strategic Asset in Digital Forensic Investigations

Issue Number: Vol. 7, No. 1
Year of Publication: Jan - 2018
Page Numbers: 10-20
Authors: Nickson M. Karie, Victor R. Kebande
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002311


While conducting a Digital Forensic Investigation (DFI), detectives make use of specialised skills and knowledge to capture, manage and analyse enormous amounts of Potential Digital Evidence (PDE) data and information, which may be used to support legal actions during civil or criminal proceedings in a court of law. However, based on the nature of the DFI process, new skills and knowledge may sometimes be needed to handle an incident at hand. This is because every DFI process may be unique and might differ greatly from previously handled DFI processes, hence the need for new knowledge and skills. The problem addressed in this paper, however, is that, most of the new knowledge generated during DFI processes is not explicitly recorded and this hampers external reviews and training of other digital forensic investigators. Past experience may and should be used to train new digital forensic personnel, as a way of fostering knowledge sharing and reuse among digital forensic investigators and law enforcement agencies. In the long run, such initiatives will expose any new generated knowledge and information to quality assessment by the digital forensic community and other third parties. For this reason, the authors in this paper examine the subject of Knowledge Management (KM) as a strategic asset in digital forensic investigations to support legal actions in court and civil proceedings. As a new contribution, this paper goes further to propose a Knowledge Management Life Cycle (KMLC) that can be beneficial to digital forensic community. This proposition is meant to encourage knowledge sharing and reuse as well as enhance the process of knowledge capturing and development during a digital forensic investigation process.