From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy
ABSTRACT Forensic investigations are usually conducted to solve crimes committed using IT systems as pertetrator and/or victim. However, depending on the size of IT system, also nonmalicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well known computer incident taxonomy, this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and nonmalicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well defined questions during such an examination. The usefulness of the proposed forensic examination taxonomy is shown using a malicious and a nonmalicious example.