Abstract

Digital Forensics as defined in ISO/IEC 27001 (Information security standards published jointly by the
International Organization for Standardization – ISO and the International Electrotechnical Commission -
IEC), guides on identifying, gathering/collecting/acquiring, handling and protecting/preserving Digital
Forensic evidence i.e., “digital data that may be of evidential value” for use in court. The most important
part of Digital Forensic Investigation (DFI) is the examination of data – knowing the data type and nature
beforehand makes this easier. Unfortunately, most of the time an investigation is required, such helpful
details are not available and the investigator has to “grope in the dark”. With many proprietary Digital
Forensic tools, an average investigator may spend more time trying to find the right tool for investigation
than doing the actual investigation. This paper presents three (3) DFI tools; Search Model, Buchi
Automaton and PowerForensics as means for the investigation of digital crime(s) and data/information
retrieval. My analysis of these three Digital Forensics investigation tools is to showcase their use in data
recovery and also, the general challenges faced which affect the Digital Forensic Investigation process.

Key words: Digital Forensics Investigation (DFI), Digital Forensic Tools, Buchi Automaton, Powerforensics, Search Model