Use of Automation in Correlation of Metadata Activity in Digital Forensic Investigations

Extracting relevant information from large volumes of digital evidence is a significant challenge for digital forensic investigators. Manual analysis is time-consuming and error-prone, and the sheer volume of data can make it difficult to identify correlations and key events. To address this challenge, this research project has developed a new framework that extracts metadata activity timelines and identifies correlations between them. By using this framework, investigators can generate automated correlation data for use in timeline or graph-based visualization. This framework is designed to extract relevant activity or event-based data, design a framework that allows the creation of custom activity or event-based, custodian-specific correlation data, and test the theoretical framework by creating proof-of-concept python implementation code. The resulting insights are novel, enabling investigators to identify crucial correlations and information about document content, order of document revisions, and other relevant metadata activities.