Inproceedings
Battling the Digital Forensic Backlog through Data Deduplication
Contribution Summary
The digital forensic backlog is a significant problem faced by law enforcement agencies worldwide, with backlogs reaching up to four years in some cases. The proposed solution, a database-driven deduplication system, aims to alleviate this issue by eliminating redundant storage and reanalysis of previously processed data. The system stores a single copy of each unique artefact, reducing storage requirements and expediting digital forensic processing. This approach also facilitates collaborative examination and sharing of digital evidence, enabling easier cooperation on a local, national, and international level. The system's advantages include reduced storage requirements, expedited digital forensic processing, and improved collaboration, making it a promising solution to combat the digital forensic backlog.
Keywords: Digital Forensic Backlog; Data Deduplication; Digital Forensics; Cloud-Based Solution; Collaborative Examination; Digital Evidence Sharing; Cybersecurity; Law Enforcement
Abstract
In recent years, technology has become truly pervasive in everyday life. Technological advancement can be found in many facets of life, including personal computers, mobile devices, wearables, cloud services, video gaming, web-powered messaging, social media, Internet-connected devices, etc. This technological influence has resulted in these technologies being employed by criminals to conduct a range of crimes - both online and offline. Both the number of cases requiring digital forensic analysis and the sheer volume of information to be processed in each case has increased rapidly in recent years. As a result, the requirement for digital forensic investigation has ballooned, and law enforcement agencies throughout the world are scrambling to address this demand. While more and more members of law enforcement are being trained to perform the required investigations, the supply is not keeping up with the demand. Current digital forensic techniques are arduously time-consuming and require a significant amount of man power to execute. This paper discusses a novel solution to combat the digital forensic backlog. This solution leverages a deduplication-based paradigm to eliminate the reacquisition, redundant storage, and reanalysis of previously processed data.
BibTeX
@inproceedings{scanlon2016deduplication,
author={Scanlon, Mark},
title="{Battling the Digital Forensic Backlog through Data Deduplication}",
booktitle="{Proceedings of the 6th IEEE International Conference on Innovative Computing Technologies (INTECH 2016)}",
year=2016,
month=08,
month={August},
address={Dublin, Ireland},
publisher={IEEE},
abstract="In recent years, technology has become truly pervasive in everyday life. Technological advancement can be found in many facets of life, including personal computers, mobile devices, wearables, cloud services, video gaming, web-powered messaging, social media, Internet-connected devices, etc. This technological influence has resulted in these technologies being employed by criminals to conduct a range of crimes -- both online and offline. Both the number of cases requiring digital forensic analysis and the sheer volume of information to be processed in each case has increased rapidly in recent years. As a result, the requirement for digital forensic investigation has ballooned, and law enforcement agencies throughout the world are scrambling to address this demand. While more and more members of law enforcement are being trained to perform the required investigations, the supply is not keeping up with the demand. Current digital forensic techniques are arduously time-consuming and require a significant amount of man power to execute. This paper discusses a novel solution to combat the digital forensic backlog. This solution leverages a deduplication-based paradigm to eliminate the reacquisition, redundant storage, and reanalysis of previously processed data.",
doi={10.1109/INTECH.2016.7845139},
}