Concepts of automating forensic case management

Glenn Nor*, Iain Sutherland, Andrew Blyth

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


    The forensics community has expended considerable effort in the development of tools in support of digital investigation. The focus has been on the creation and development of tools to capture data for later forensic analysis, or to support forensic analysis in the searching and sorting of large volumes of data for information relating to specific system or specific user activities. There has been more limited effort and success on the development of tools to support case management and less still on the reporting and formatting of evidence for court. The most notable reporting tools being those incorporated into the more monolithic forensic suites used to export or present evidence from those tools. One issue is the wide range of possible requirements for forensic reports dictated by the needs of the case. These different requirements often result in a manual process being used to organize evidence in a consistent manner for review. For instance, each evidence item must be mapped to the correct custodian, with correct item size, correct hash, and correct time. Related attachments have to be created and crosschecked to ensure correct content and position in the report. In large commercial cases, the manual process can prove time consuming and increase the possibility for human error. Details may be retyped in which case best practice may require stringent quality controls including double-checking by additional personnel, increasing cost and effort. This paper reviews some of the current tools for reporting the results of forensic analysis. It outlines a lightweight approach based on the automated creation of folder structures and related a referencing methodology aimed at reducing the possibility of human error. This system, adopted commercially for organizing evidence potentially extracted from a number of different tools, enables multiple investigators to collate and consistently organize information for reporting and review.

    Original languageEnglish
    Title of host publicationProceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
    PublisherCurran Associates Inc.
    Number of pages5
    ISBN (Electronic)9781911218852
    Publication statusPublished - 2018
    Event17th European Conference on Cyber Warfare and Security, ECCWS 2018 - Oslo, Norway
    Duration: 28 Jun 201829 Jun 2018


    Conference17th European Conference on Cyber Warfare and Security, ECCWS 2018


    • Automation
    • Digital forensics
    • Forensic analysis
    • Forensic case management
    • Forensic report referencing


    Dive into the research topics of 'Concepts of automating forensic case management'. Together they form a unique fingerprint.

    Cite this