Australian Digital Forensics Conference

Document Type

Conference Proceeding

Publisher

SRI Security Research Institute, Edith Cowan University, Perth, Western Australia

Abstract

Digital forensics plays an increasingly important role within society as the approach to the identification of criminal and cybercriminal activities. It is however widely known that a combination of the time taken to undertake a forensic investigation, the volume of data to be analysed and the number of cases to be processed are all significantly increasing resulting in an ever growing backlog of investigations and mounting costs. Automation approaches have already been widely adopted within digital forensic processes to speed up the identification of relevant evidence – hashing for notable files, file signature analysis and data carving to name a few. However, to date, little research has been undertaken in identifying how more advanced techniques could be applied to perform “intelligent” processing of cases. This paper proposes one such approach, the Automated Forensic Examiner (AFE) that seeks to apply artificial intelligence to the problem of sorting and identifying relevant artefacts. The proposed approach utilises a number of techniques, including a technical competency measure, a dynamic criminal knowledge base and visualisation to provide an investigator with an in depth understanding of the case. The paper also describes how its implementation within a cloud based infrastructure will also permit a more timely and cost effective solution.

Comments

Originally published in the Proceedings of the 11th Australian Digital Forensics Conference. Held on the 2nd-4th December, 2013 at Edith Cowan University, Perth, Western Australia

Share

 
COinS
 

Link to publisher version (DOI)

10.4225/75/57b3be61fb866