Article
Increasing Digital Investigator Availability through Efficient Workflow Management and Automation
Contribution Summary
This paper addresses the challenge of increasing digital investigator availability through efficient workflow management and automation. The proposed framework aims to streamline the digital investigation process, reducing the time spent on acquisition and preparation steps, and increasing the efficiency of forensic software and hardware use. The framework is designed to be modifiable, scalable, and extendable, and is operating system independent. It simplifies the investigation process, decreases throughput time, and provides quicker results for the tactical detective. The framework is evaluated in a real-world scenario, demonstrating its benefits and robustness. The proposed approach has the potential to improve the efficiency of investigation, reduce costs, and increase the availability of digital investigators.
Keywords: Workflow Management; Digital Forensics; Automation; Investigation Efficiency; Digital Investigator Availability; Forensic Software; Hardware Use; Streamlining Investigation Process
Abstract
The growth of digital storage capacities and diversity devices has had a significant time impact on digital forensic laboratories in law enforcement. Backlogs have become commonplace and increasingly more time is spent in the acquisition and preparation steps of an investigation as opposed to detailed evidence analysis and reporting. There is generally little room for increasing digital investigation capacity in law enforcement digital forensic units and the allocated budgets for these units are often decreasing. In the context of developing an efficient investigation process, one of the key challenges amounts to how to achieve more with less. This paper proposes a workflow management automation framework for handling common digital forensic tools. The objective is to streamline the digital investigation workflow enabling more efficient use of limited hardware and software. The proposed automation framework reduces the time digital forensic experts waste conducting time-consuming, though necessary, tasks. The evidence processing time is decreased through server-side automation resulting in 24/7 evidence preparation. The proposed framework increases efficiency of use of forensic software and hardware, reduces the infrastructure costs and license fees, and simplifies the preparation steps for the digital investigator. The proposed approach is evaluated in a real-world scenario to evaluate its robustness and highlight its benefits.
BibTeX
@article{braekt2016workflow,
author="In de Braekt, Ronald and Le-Khac, Nhien-An and Farina, Jason and Scanlon, Mark and Kechadi, Mohand-Tahar",
title="{Increasing Digital Investigator Availability through Efficient Workflow Management and Automation}",
booktitle="{The 4th International Symposium on Digital Forensics and Security (ISDFS 2016)}",
year=2016,
month=04,
pages={68-73},
address={Little Rock, AR, USA},
publisher={IEEE},
abstract="The growth of digital storage capacities and diversity devices has had a significant time impact on digital forensic laboratories in law enforcement. Backlogs have become commonplace and increasingly more time is spent in the acquisition and preparation steps of an investigation as opposed to detailed evidence analysis and reporting. There is generally little room for increasing digital investigation capacity in law enforcement digital forensic units and the allocated budgets for these units are often decreasing. In the context of developing an efficient investigation process, one of the key challenges amounts to how to achieve more with less. This paper proposes a workflow management automation framework for handling common digital forensic tools. The objective is to streamline the digital investigation workflow enabling more efficient use of limited hardware and software. The proposed automation framework reduces the time digital forensic experts waste conducting time-consuming, though necessary, tasks. The evidence processing time is decreased through server-side automation resulting in 24/7 evidence preparation. The proposed framework increases efficiency of use of forensic software and hardware, reduces the infrastructure costs and license fees, and simplifies the preparation steps for the digital investigator. The proposed approach is evaluated in a real-world scenario to evaluate its robustness and highlight its benefits.",
doi={10.1109/ISDFS.2016.7473525},
}