Battling the digital forensic backlog through data deduplication

In recent years, technology has become truly pervasive in everyday life. Technological advancement can be found in many facets of life, including personal computers, mobile devices, wearables, cloud services, video gaming, web-powered messaging, social media, Internet-connected devices, etc. This technological influence has resulted in these technologies being employed by criminals to conduct a range of crimes — both online and offline. Both the number of cases requiring digital forensic analysis and the sheer volume of information to be processed in each case has increased rapidly in recent years. As a result, the requirement for digital forensic investigation has ballooned, and law enforcement agencies throughout the world are scrambling to address this demand. While more and more members of law enforcement are being trained to perform the required investigations, the supply is not keeping up with the demand. Current digital forensic techniques are arduously time-consuming and require a significant amount of man power to execute. This paper discusses a novel solution to combat the digital forensic backlog. This solution leverages a deduplication-based paradigm to eliminate the reacquisition, redundant storage, and reanalysis of previously processed data.

[1]  Brett A. Becker,et al.  Current Challenges and Future Research Areas for Digital Forensic Investigation , 2016, ArXiv.

[2]  Adrian Shaw,et al.  A practical and robust approach to coping with large volumes of data submitted for digital forensic examination , 2013, Digit. Investig..

[3]  Marcus K. Rogers,et al.  Computer Forensics Field Triage Process Model , 2006, J. Digit. Forensics Secur. Law.

[4]  Gary C. Kessler,et al.  The growing need for on-scene triage of mobile devices , 2010, Digit. Investig..

[5]  E. J. van Eijk,et al.  Digital Forensics as a Service: A game changer , 2014, Digit. Investig..

[6]  E. Casey,et al.  Investigation Delayed Is Justice Denied: Proposals for Expediting Forensic Examinations of Digital Evidence * , 2009, Journal of forensic sciences.

[7]  Joshua James,et al.  Automated inference of past action instances in digital investigations , 2014, International Journal of Information Security.

[8]  M. Tahar Kechadi,et al.  Online Acquisition of Digital Forensic Evidence , 2009, ICDF2C.

[9]  M. Tahar Kechadi,et al.  Increasing digital investigator availability through efficient workflow management and automation , 2016, 2016 4th International Symposium on Digital Forensic and Security (ISDFS).

[10]  Golden G. Richard,et al.  Rapid forensic imaging of large disks with sifting collectors , 2015, Digit. Investig..

[11]  Graig Lundy The need for distributed lab resources for state local tribal and territorial law enforcement agencies , 2015 .

[12]  Nhien-An Le-Khac,et al.  Tiered Forensic Methodology Model for Digital Field Triage by Non-Digital Evidence Specialists , 2016, ArXiv.

[13]  M. Tahar Kechadi,et al.  Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync , 2014, J. Digit. Forensics Secur. Law.

[14]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[15]  Steven Furnell,et al.  A suspect-oriented intelligent and automated computer forensic analysis , 2016, Digit. Investig..

[16]  Bill Hill,et al.  Teleporter: An analytically and forensically sound duplicate transfer system , 2009, Digit. Investig..

[17]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[18]  E. J. van Eijk,et al.  Digital forensics as a service: Game on , 2015, Digit. Investig..