SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
Digital forensics plays an increasingly important role within society as the approach to the identification of criminal and cybercriminal activities. It is however widely known that a combination of the time taken to undertake a forensic investigation, the volume of data to be analysed and the number of cases to be processed are all significantly increasing resulting in an ever growing backlog of investigations and mounting costs. Automation approaches have already been widely adopted within digital forensic processes to speed up the identification of relevant evidence – hashing for notable files, file signature analysis and data carving to name a few. However, to date, little research has been undertaken in identifying how more advanced techniques could be applied to perform “intelligent” processing of cases. This paper proposes one such approach, the Automated Forensic Examiner (AFE) that seeks to apply artificial intelligence to the problem of sorting and identifying relevant artefacts. The proposed approach utilises a number of techniques, including a technical competency measure, a dynamic criminal knowledge base and visualisation to provide an investigator with an in depth understanding of the case. The paper also describes how its implementation within a cloud based infrastructure will also permit a more timely and cost effective solution.