The Case for Validating ADDIE Model as a Digital Forensic Model for Peer-to-Peer Network Investigation

Rapid technological advancement can substantially impact the processes of digital forensic investigation and present a myriad of challenges to the investigator. With these challenges, it is necessary to have a standard digital forensic framework as the foundation of any digital investigation. State-of-the-art digital forensic models assume that it is safe to move from one investigation stage to the next. It guides the investigators with the required steps and procedures. This brings a great stride to validate a non-specific framework to be used in most digital investigation procedures. This paper considers a new technique for detecting active peers that participate in a peer-to-peer (P2P) network. As part of our study, we crawled the µTorrent P2P client over ten days in different instances while logging all participating peers. We then employed digital forensic techniques to analyse the popular users and generate evidence within them with high accuracy. We evaluated our approach against the standard Analysis, Design, Development, Implementation, and Evaluation (ADDIE) model for the digital investigation to achieve the credible digital evidence presented in this paper. Finally, we presented a validation case for the ADDIE model using the United States Daubert Test and the United Kingdom’s Forensic Science Regulator Guidance – 218 (FSR-G-218) and Forensic Science Regulator Guidance – 201 (FSR-G-201) to formulate it as a standard digital forensic model.