Inproceedings
Privileged Data within Digital Evidence
Contribution Summary
This research addresses the challenges of handling privileged data in digital forensic investigations, where investigators must balance the need to analyze evidence with the need to protect sensitive information. The authors present a script for the digital forensic tool Nuix, which automates the handling of privileged data by relating files based on content, rather than relying on limited metadata. This approach increases the effectiveness of filtering and minimizes the exposure of sensitive information to investigators. The script is tested against traditional filtering methods and demonstrates its superiority in identifying and blocking privileged data. The research contributes to the development of more efficient and effective digital forensic tools, particularly in the context of large-scale financial and economic fraud investigations.
Keywords: Digital Forensics; Privileged Data; Nuix; Digital Evidence; Automated Filtering; Content-Based Filtering; Digital Investigation
Abstract
In recent years the use of digital communication has increased. This also increased the chance to find privileged data in the digital evidence. Privileged data is protected by law from viewing by anyone other than the client. It is up to the digital investigator to handle this privileged data properly without being able to view the contents. Procedures on handling this information are available, but do not provide any practical information nor is it known how effective filtering is. The objective of this paper is to describe the handling of privileged data in the current digital forensic tools and the creation of a script within the digital forensic tool Nuix. The script automates the handling of privileged data to minimize the exposure of the contents to the digital investigator. The script also utilizes technology within Nuix that extends the automated search of identical privileged document to relate files based on their contents. A comparison of the 'traditional' ways of filtering within the digital forensic tools and the script written in Nuix showed that digital forensic tools are still limited when used on privileged data. The script manages to increase the effectiveness as direct result of the use of relations based on file content.
BibTeX
@inproceedings{fleurbaaij2017p,
author={Fleurbaaij, Dominique and Scanlon, Mark and Le-Khac, Nhien-An},
title="{Privileged Data within Digital Evidence}",
booktitle="{Proceedings of the 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom-17)}",
year=2017,
month=08,
address={Sydney, Australia},
publisher={IEEE},
pages="737-744",
abstract="In recent years the use of digital communication has increased. This also increased the chance to find privileged data in the digital evidence. Privileged data is protected by law from viewing by anyone other than the client. It is up to the digital investigator to handle this privileged data properly without being able to view the contents. Procedures on handling this information are available, but do not provide any practical information nor is it known how effective filtering is. The objective of this paper is to describe the handling of privileged data in the current digital forensic tools and the creation of a script within the digital forensic tool Nuix. The script automates the handling of privileged data to minimize the exposure of the contents to the digital investigator. The script also utilizes technology within Nuix that extends the automated search of identical privileged document to relate files based on their contents. A comparison of the 'traditional' ways of filtering within the digital forensic tools and the script written in Nuix showed that digital forensic tools are still limited when used on privileged data. The script manages to increase the effectiveness as direct result of the use of relations based on file content. ",
doi={10.1109/Trustcom/BigDataSE/ICESS.2017.307},
}