Table of Contents
The purpose of the essay is to find and present quality research with regards to the following trending issues in the computer forensics world. Deductive, inductive and abductive reasoning in the context of cyber forensics analysis. Processes that assist in developing a case hypothesis and alternative hypothesis. Validation processes that check and test the correctness of the digital evidence exhibits and their relationships with corroborating evidence relied on in legal cases. Processes that would enhance the communication of and presentation of case analysis to the legal practitioner and courts.
Deductive, inductive and abductive reasoning in the context of cyber forensics analysis.
Hurley mentioned (2000, p. 33), deductive reasoning is “an argument in which the premises are claimed to support the conclusion in such a way that it is impossible for the premises to be true and the conclusion false”. This equates to say that if all the premises are firm and accurate, the conclusion is most definitely firm and correct (Walton, 2005). Conclusion drawn from deductive reasoning is derived from the given premises. The reasoning moves from general principles to a specific conclusion when utilized by the criminal justice profession (Turvey, 2001). One of the most well-known deductive reasoning is the Locard exchange principle; Kirk (1953) defined this principle as "Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the blood or semen he deposits or collects. All of these and more, bear mute witness against him. This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it, study and understand it, can diminish its value." Deductive reasoning is usually used when we have a hypothesis which we assume to be true, and find evidence that should be observable if this hypothesis is true to support the hypothesis. In doing so, we can also determine that other hypothesis can be true if this hypothesis is true. This will allow us to probe deeper and identify new evidence. (Tecuci et al, 2011) Deductive reasoning is also used to identify suspects. For example, if bloody footprints were found at the scene of the crime, and we can find the person who owns the shoe that matches the blood at the crime scene, we can place the person at the scene of the crime. (Rebecca, 2007) Deduction in summary, would be working from general theories to the more specific. Trochim (2006) explained this with the figure below.
Inductive reasoning is an observation of patterns based on a premise of broad generalizations and statistical analysis which leads to the development of a hypothesis (Turvey, 2001). An inductive argument is which premises are claimed to support the conclusion in such a way that it is not probable that the stated premises be true and the conclusion turn out to be false. (Hurley, 2000, p. 33) The inferential link between the premises and the conclusion here is not one of necessity but of probability. It is highly unlikely that the conclusion would be false, if the premises are all true. (Walton, 2005). A distinct difference between inductive reasoning and deductive reasoning is that the truth of the premises in inductive reasoning does not warrants the truth of the conclusion (Saad, Traore, 2010). Inductive reasoning is also used to narrow down the pool of suspects. For example, it is noted that a shoe print of size 9 was found leaving the crime scene at the scene of the crime, with inductive reasoning, we...
References: Craiger, P., Swauger, J., Marberry, C., & Hendricks, C. (2006). “Validation of Digital Forensics Tools” Retrieved 15th July 2014 from www.irma-international.org/viewtitle/8351/
Carrier, B., & Spafford, E
Carrier, B., & Spafford, E. (2004). “An Event-Based Digital Forensic Investigation Framework” Retrieved 11th July 2014 from www.digital-evidence.org/papers/dfrws_event.pdf
Castiglione, A., Cattaneo, G., Maio, G., & Santis, A
Ciardhuáin, Ó. (2004). “An Extended Model of Cybercrime Investigations” Retrieved 11th July 2014 from https://utica.edu/academic/institutes/ecii/publications/articles/A0B70121-FD6C-3DBA-0EA5C3E93CC575FA.pdf
Daubert v. Merrell Dow Pharmaceuticals, Inc. (92-102), 509 U.S. 579 (1993). Retrieved 13th July 2014 from http://www.law.cornell.edu/supct/html/92-102.ZO.html
Jindani, A., Poovathingal, A., & Rawat, A. (2011). ”Abductive Reasoning”. Retreieved 10th July 2014 from http://www.cse.iitb.ac.in/~cs621-2011/2011-seminars/abduction-slide.ppt
Kerr, D., Gammack, J., & Bryant, K
Kirk, P.L. (1953). “Crime investigation: physical evidence and the police laboratory”. Interscience Publishers, Inc.
New South Wales Consolidated Regulations. (2005). “UNIFORM CIVIL PROCEDURE RULES 2005 - SCHEDULE 7” Retrieved 13th July 2014 from http://www.austlii.edu.au/au/legis/nsw/consol_reg/ucpr2005305/sch7.html
Peirce, Charles, S
Saad, S., & Traore, I. (2010, August). Method ontology for intelligent network forensics analysis. In Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on (pp. 7-14). IEEE.
Sagepub. (n.d.). ”Chapter 8: Introduction to Hypothesis Testing” Retrieved 11th July 2014 from www.sagepub.com/upm-data/40007_Chapter8.pdf
Stephenson, P. (2000). “Investigating computer-related crime”. Boca Raton, Florida: CRC Press
Tecuci, G., Schum, D., Boicu, M., Marcu, D., & Russell, K. (2001). “Toward a Computational Theory of Evidence-based Reasoning”. Retrieved 10th July 2014 from http://lac.gmu.edu/publications/2011/tecuci_et_al_ebr-2011.pdf
Turvey, B. (2001). Criminal profiling. San Diego, CA: Elsevier Academic Press
Willassen, S. (2008). “Hypothesis-based investigation of digital timestamps.” Retrieved 11th July 2014 from www.willassen.no/svein/pub/ifip08.pdf
Please join StudyMode to read the full document