Abstract:Criminal investigations are inherently complex as they typically involve interactions among various actors like investigators, prosecutors, and defendants. The pervasive integration of technology in daily life adds an extra layer of complexity, especially in crimes that involve a digital element. The establishment of digital forensics as a foundational discipline for extracting digital evidence further exacerbates the complex nature of criminal investigations, leading to the proliferation of multiple scenarios. Recognising the need to structure standard operating procedures for the handling of digital evidence, the representation of digital forensics as a protocol emerges as a valuable opportunity to identify security and privacy threats. In this paper, we delineate the protocols that compose digital forensics within a criminal case, formalise them as message sequence charts (MSCs), and identify their functional requirements.

What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve the complexity and standardization problems in the digital forensics process in criminal investigations. Specifically, the author hopes to improve and standardize the application of digital forensics in criminal investigations in the following ways: 1. **Structured Standard Operating Procedures**: Due to the wide application of technology in daily life, modern criminal investigations have become extremely complex, especially when digital evidence is involved. The author believes that establishing a set of structured standard operating procedures is crucial for handling digital evidence. 2. **Identifying Security and Privacy Threats**: As digital forensics, as a basic discipline for extracting digital evidence, its complexity has further increased, resulting in the emergence of multiple scenarios. Therefore, representing digital forensics as a protocol helps to identify potential security and privacy threats. 3. **Formalizing the Digital Forensics Process**: In order to better understand and manage the digital forensics process, the author proposes to formalize it as Message Sequence Charts (MSCs) and clarify its functional requirements. 4. **Simplifying Understanding**: By constructing a clear and formal visual model, it can help different participants (such as investigators, prosecutors, defendants, etc.) more intuitively understand the dynamics behind the digital crime scene. 5. **Providing Baseline References**: A formal and general - purpose model can also serve as a baseline reference for threat - modeling exercises, thereby helping to identify and mitigate potential attacks that may affect the investigation process or the rights of the defendant. ### Main Research Questions of the Paper Based on the above - mentioned background and motivation, the paper mainly explores the following two research questions: - **RQ1**: What available documents explain how to conduct digital forensics in criminal investigations? - **RQ2**: Can we derive a general MSC model from these knowledge bases to describe digital forensics in criminal investigations? ### Main Contributions The main contributions of the paper include: 1. **Identifying Key Roles**: Identifying the key roles involved in criminal investigations, such as prosecutors, suspects, defendants, and digital forensics experts. 2. **Identifying Messages**: Determining the interaction messages between these roles. 3. **Modeling Interactions**: Modeling these interactions through MSCs. 4. **Extracting Functional Requirements**: Clarifying the functional requirements of each stage in the digital forensics process. ### Conclusion By analyzing existing literature and relevant regulations, the paper proposes a general MSC model for describing the digital forensics process in criminal investigations. This model not only helps to improve the transparency and standardization of digital forensics, but also provides a reference framework for future cybersecurity research.

Behind the (Digital Crime) Scenes: An MSC Model

Digital Forensics Challenges in Cyberspace: Overcoming Legitimacy and Privacy Issues Through Modularisation

A Detection and Investigation Model for the Capture and Analysis of Network Crimes

SoK: Cross-border Criminal Investigations and Digital Evidence

Multi-platform Process Flow Models and Algorithms for Extraction and Documentation of Digital Forensic Evidence from Mobile Devices

The invisible evidence: Digital forensics as key to solving crimes in the digital age

A Smart City Infrastructure Ontology for Threats, Cybercrime, and Digital Forensic Investigation

Evaluation of Digital Forensic Process Models with Respect to Digital Forensics as a Service

Conceptualising an Anti-Digital Forensics Kill Chain for Smart Homes

Cybercrime Investigators are Users Too! Understanding the Socio-Technical Challenges Faced by Law Enforcement

On the Concept of Electronic Digital Display in Digital Forensics

A complete formalized knowledge representation model for advanced digital forensics timeline analysis

A blockchain-based forensic model for financial crime investigation: the embezzlement scenario

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

Orienting the Development of Crime Analysis Processes in Police Organisations Covering the Digital Transformations of Fraud Mechanisms

A forensic framework to improve digital image evidence administration in IIoT ✰

Digital and Cloud Forensic Challenges

Tiered Forensic Methodology Model for Digital Field Triage by Non-Digital Evidence Specialists

Current Challenges and Future Research Areas for Digital Forensic Investigation

Case Analysis System Based on SSM Framework

Exploring Cybercriminal Activities, Behaviors and Profiles