Proposal / Submission Type

Peer Reviewed Paper

Start Date

17-5-2018 3:55 PM

End Date

17-5-2018 4:30 PM

Abstract

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although it is not directly related to the performance of Digital Forensic Investigation process, preventing data privacy violations during the process is also a big challenge. The investigator gets full access to the forensic image including suspect's private data which may be sensitive at times as well as entirely unrelated to the given case under investigation. With a notion that privacy preservation and completeness of investigation are contradicting to each other, the digital forensics researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a generalized approach that preserves data privacy by affecting neither the capabilities of the investigator nor the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and preserves data privacy in such a way that the overall efficiency of the digital forensic investigation process increases without affecting the integrity and admissibility of the evidence. The framework improves validation to enhance transparency in the investigation process. The framework also uses a secure logging mechanism to capture investigation steps to achieve a higher level of accountability. Since the proposed framework introduces significant enhancements to the current investigative practices more like the next version of Digital Forensics, the authors named it `Digital Forensics 2.0', or DF 2.0 in short.

Comments

Visit the Panel Session page

Share

COinS
 
May 17th, 3:55 PM May 17th, 4:30 PM

DF 2.0: Designing an automated, privacy preserving, and efficient digital forensic framework

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although it is not directly related to the performance of Digital Forensic Investigation process, preventing data privacy violations during the process is also a big challenge. The investigator gets full access to the forensic image including suspect's private data which may be sensitive at times as well as entirely unrelated to the given case under investigation. With a notion that privacy preservation and completeness of investigation are contradicting to each other, the digital forensics researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a generalized approach that preserves data privacy by affecting neither the capabilities of the investigator nor the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and preserves data privacy in such a way that the overall efficiency of the digital forensic investigation process increases without affecting the integrity and admissibility of the evidence. The framework improves validation to enhance transparency in the investigation process. The framework also uses a secure logging mechanism to capture investigation steps to achieve a higher level of accountability. Since the proposed framework introduces significant enhancements to the current investigative practices more like the next version of Digital Forensics, the authors named it `Digital Forensics 2.0', or DF 2.0 in short.