Concepts of automating forensic case management

Glenn Nor*, Iain Sutherland, Andrew Blyth

*Awdur cyfatebol y gwaith hwn

    Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion CynhadleddCyfraniad i gynhadleddadolygiad gan gymheiriaid

    Crynodeb

    The forensics community has expended considerable effort in the development of tools in support of digital investigation. The focus has been on the creation and development of tools to capture data for later forensic analysis, or to support forensic analysis in the searching and sorting of large volumes of data for information relating to specific system or specific user activities. There has been more limited effort and success on the development of tools to support case management and less still on the reporting and formatting of evidence for court. The most notable reporting tools being those incorporated into the more monolithic forensic suites used to export or present evidence from those tools. One issue is the wide range of possible requirements for forensic reports dictated by the needs of the case. These different requirements often result in a manual process being used to organize evidence in a consistent manner for review. For instance, each evidence item must be mapped to the correct custodian, with correct item size, correct hash, and correct time. Related attachments have to be created and crosschecked to ensure correct content and position in the report. In large commercial cases, the manual process can prove time consuming and increase the possibility for human error. Details may be retyped in which case best practice may require stringent quality controls including double-checking by additional personnel, increasing cost and effort. This paper reviews some of the current tools for reporting the results of forensic analysis. It outlines a lightweight approach based on the automated creation of folder structures and related a referencing methodology aimed at reducing the possibility of human error. This system, adopted commercially for organizing evidence potentially extracted from a number of different tools, enables multiple investigators to collate and consistently organize information for reporting and review.

    Iaith wreiddiolSaesneg
    TeitlProceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
    CyhoeddwrCurran Associates Inc.
    Tudalennau338-342
    Nifer y tudalennau5
    Cyfrol2018-June
    ISBN (Electronig)9781911218852
    StatwsCyhoeddwyd - 2018
    Digwyddiad17th European Conference on Cyber Warfare and Security, ECCWS 2018 - Oslo, Norwy
    Hyd: 28 Meh 201829 Meh 2018

    Cynhadledd

    Cynhadledd17th European Conference on Cyber Warfare and Security, ECCWS 2018
    Gwlad/TiriogaethNorwy
    DinasOslo
    Cyfnod28/06/1829/06/18

    Ôl bys

    Gweld gwybodaeth am bynciau ymchwil 'Concepts of automating forensic case management'. Gyda’i gilydd, maen nhw’n ffurfio ôl bys unigryw.

    Dyfynnu hyn