Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework

Computer Forensics has grown rapidly in recent years. The current computer forensic investigation paradigm is laborious and requires significant expertise on the part of the investigators. This paper proposes a highly automatic and efficient framework to provide the Case-Relevance information, by binding computer intelligence technology to the current computer forensic framework. Computer intelligence is expected to offer more assistance in the investigation procedures and better knowledge reuse and sharing in computer forensics. Background Cybercrime is a mirror of the dark side of human society in the cyberworld. Its countermeasure, Computer Forensics, also referred as Digital Forensic Science, has been explicitly defined as, The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. [14] The process of "identifying, preserving, analyzing, and presenting digital evidence in a manner that is legally acceptable via the application of computer technology to the investigation of computer based crime" is called Forensic Computing [11] or Digital Evidence Investigation. As almost every piece of digital evidence could be challenged, computer forensic investigators are required to follow a rigorous process path. The work of the First Digital Forensics Research Workshop (DFRWS) [14] established a solid ground and allowed