framework for digital forensic evidence : Storage , intelligence , review and archive

The volume of digital forensic evidence is rapidly increasing, leading to large backlogs. In this paper, a Digital Forensic Data Reduction and Data Mining Framework is proposed. Initial research with sample data from South Australia Police Electronic Crime Section and Digital Corpora Forensic Images using the proposed framework resulted in significant reduction in the storage requirements — the reduced subset is only 0.196 percent and 0.75 percent respectively of the original data volume. The framework outlined is not suggested to replace full analysis, but serves to provide a rapid triage, collection, intelligence analysis, review and storage methodology to support the various stages of digital forensic examinations. Agencies that can undertake rapid assessment of seized data can more effectively target specific criminal matters. The framework may also provide a greater potential intelligence gain from analysis of current and historical data in a timely manner, and the ability to undertake research of trends over time.

[1]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[2]  Harry Parsonage,et al.  Computer Forensics Case Assessment and Triage - some ideas for discussion , 2010 .

[3]  Ross Brown,et al.  Design of a Digital Forensics Image Mining System , 2005, KES.

[4]  Golden G. Richard,et al.  Massive threading: Using GPUs to increase the performance of digital forensics tools , 2007, Digit. Investig..

[5]  George M. Mohay,et al.  FIA: An Open Forensic Integration Architecture for Composing Digital Evidence , 2009, e-Forensics.

[6]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[7]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[8]  Bradley L. Schatz,et al.  An open architecture for digital evidence integration , 2006 .

[9]  Patrick J. Hayes,et al.  Knowledge Sharing and Reuse in Digital Forensics , 2010, 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[10]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[11]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[12]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[13]  G. Richard,et al.  Breaking the Performance Wall: The Case for Distributed Digital Forensics , 2004 .

[14]  Jack Wiles TechnoSecurity's Guide to E-Discovery and Digital Forensics: A Comprehensive Handbook , 2007 .

[15]  C. Walter Kryder's law. , 2005, Scientific American.

[16]  Nicole Beebe,et al.  Dealing with Terabyte Data Sets in Digital Investigations , 2005 .

[17]  Erin E. Kenneally,et al.  Risk sensitive digital evidence collection , 2005, Digit. Investig..

[18]  Robert F. Erbacher,et al.  Improving the computer forensic analysis process through visualization , 2006, CACM.

[19]  Thomas M. Coughlin High Density Hard Disk Drive Trends in the USA , 2001 .

[20]  Simson L. Garfinkel,et al.  Bringing science to digital forensics with standardized forensic corpora , 2009, Digit. Investig..

[21]  Matt Bishop,et al.  Proceedings of the 42nd Hawaii International Conference on System Sciences- 2009 Digital Forensics: Defining a Research Agenda , 2022 .

[22]  Andrew Sheldon The future of forensic computing , 2005, Digit. Investig..

[23]  Andrew Jones,et al.  An Ontology-Based Forensic Analysis Tool , 2013 .

[24]  Jerry H. Ratcliffe Intelligence-Led Policing , 2016 .

[25]  Matt Bishop,et al.  Digital Forensics: Defining a Research Agenda , 2009 .

[26]  Simson L. Garfinkel,et al.  Forensic feature extraction and cross-drive analysis , 2006, Digit. Investig..

[27]  U. S. Nij Forensic Examination of Digital Evidence: A Guide for Law Enforcement , 2013 .

[28]  Célia Ghedini Ralha,et al.  Artificial intelligence applied to computer forensics , 2009, SAC '09.

[29]  Tamas Abraham,et al.  Event sequence mining to develop profiles for computer forensic investigation purposes , 2006, ACSW.

[30]  Lynn Greiner Sniper forensics , 2009, NTWK.

[31]  Sriram Raghavan,et al.  Digital forensic research: current state of the art , 2012, CSI Transactions on ICT.

[32]  Matthew M. Shannon Forensic Relative Strength Scoring: ASCII and Entropy Scoring , 2004, Int. J. Digit. EVid..

[33]  Eoghan Casey Bs Ma Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet , 2000 .

[34]  Dowon Hong,et al.  High-speed search using Tarari content processor in digital forensics , 2008, Digit. Investig..

[35]  Philip Turner,et al.  Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) , 2005, DFRWS.

[36]  Steve Bunting,et al.  EnCase Computer Forensics -- The Official EnCE: EnCase Certified Examiner Study Guide , 2006 .

[37]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .

[38]  Harlan Carvey,et al.  Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry , 2011 .

[39]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[40]  Dale Liu Digital Forensics and Analyzing Data , 2009 .

[41]  Anthony Reyes,et al.  Digital Forensics and Analyzing Data , 2007 .