Abstract
The number of evidences found in a digital crime scene has burgeoned significantly over the past few years. In addition, the demand for delivering accurate results within a given time deadline has increased. The major challenges coinciding with these aforementioned objectives are to investigate the right set of evidences and to allocate appropriate times for their investigation. In this paper, we present a mixed integer linear programming (MILP) model to analyze the problem of allocating optimal investigation times for evidences involving a single investigator. The objective is to maximize the overall effectiveness of a forensic investigation procedure. We particularly focus on the time critical digital forensic cases, in which results have to be finalized in a court of law within a specified time deadline. While the general problem is NP-hard, two special cases are illustrated to be optimally solvable in polynomially computational effort. Two heuristic algorithms are proposed to solve the general problem. Results of extensive computational experiments to empirically evaluate their effectiveness in finding an optimal or near-optimal solution are reported. Finally, this paper concludes with a summary of findings and some fruitful directions for future research.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Log files are specific files that are generated to keep a history of actions occurred on the system.
- 2.
Private communication with Anuj Soni from Booz Allen Hamilton Inc.
- 3.
Advanced Integrated Multidimensional Modeling Software for building decision support and optimization applications.
- 4.
The solver used for optimization is CPLEX optimizer version 12.5.
- 5.
Please contact the corresponding author for a numerical illustration and the detailed computational results.
References
Palmer, G.: A road map for digital forensic research (2001). Technical Report DTR-T001-0
James, J.I., Gladyshev, P.: A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview. Digit. Investig. 10(2), 148–157 (2013)
Richardson R.: CSI Computer crime and Security survey (2011). http://www.ncxgroup.com/wp-content/uploads/2012/02/CSIsurvey2010.pdf. Accessed 29 Nov 2013
Casey, E., Katz, G., Lewthwaite, J.: Honing digital forensic processes. Digit. Investig. 10(2), 138–146 (2013)
Pollitt, M.: Computer forensics: an approach to evidence in cyberspace. In: Proceedings of the National Information Systems Security Conference, pp. 487–491 (1995)
Agarwal, R., Kothari, S.: Review of digital forensic investigations frameworks. In: Kim, K.J. (ed.) Information Systems and Applications, pp. 561–571. Springer, Heidelberg (2015)
Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digit. Evid. 1(3), 1–12 (2002)
Rogers, M.K., Goldman, J., Mislan, R., Wedge, T., Debrota, S.: Computer forensics field triage process model. J. Digit. Forensics Secur. Law 1(2), 27–40 (2006)
Freiling, F.C., Schwittay, B.: A common process model for incident response and computer forensics. In: Proceedings of Conference on IT Incident Management and IT Forensics, pp.19–40 (2007)
Walls, R.J., Levine, B.N., Liberatore, M., Shields, C.: Effective digital forensics research is investigator-centric. In: Proceedings of the 6th USENIX Conference on Hot Topics in Security, pp. 1–11 (2011)
Hitchcock, B., Le-Khac, N., Scanlon, M.: Tiered forensic methodology model for digital field triage by non-digital evidence specialists. Digit. Invest. 16(S), S75–S85 (2016)
Overill, R., Silomon, J., Roscoe, K.: Triage template pipelines in digital forensic investigations. Digit. Invest. 10(2), 168–174 (2013)
Bashir, M.S., Khan, M.N.: A triage framework for digital forensics. Comput. Fraud Secur. 3(1), 8–18 (2015)
Sun, G.Z., Dong, Y., Liu, J.P., Shen T.: The validity of trusted forensics based on probability. In: Proceedings of the International Conference on Information Engineering and Computer Science, pp. 1–4 (2009)
Wang, W., Daniels, T.A.: Graph based approach toward network forensics analysis. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(2), 4–33 (2008)
Spyridopoulos, T., Tryfonas, T., May, J.: Incident analysis & digital forensics in SCADA and industrial control systems. In: Proceedings of the 8th IET International System Safety Conference incorporating the Cyber Security Conference, pp. 1–6 (2013)
Alharbi, S., Weber-Jahnke, J., Traore, I.: The proactive and reactive digital forensics invesitgation process: a systematic literature review. Int. J. Secur. Appl. 5(4), 59–71 (2011)
Raghavan, S.: Digital forensic research: current state of the art. CSIT 1(1), 91–114 (2013)
Gupta, J.N.D., Kalaimannan, E., Yoo, S.M.: A heuristic for maximizing investigation effectiveness of digital forensic cases involving multiple investigators. Comput. Oper. Res. 69(1), 1–9 (2016)
Divakaran, D.M., Fok, K.W., Nevat, I., Thing, V.L.L.: Evidence gathering for network security and forensics. Digit. Invest. 20(S), S56–S65 (2017)
Herrerias, J., Gomez, R.: A log correlation model to support the evidence search process in a forensic investigation. In: Second International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 31–42 (2007)
US Department of Justice: Forensic Examination of Digital Evidence: A Guide for Law Enforcement. National Institute of Justice Report No. NCJ 187736 (2004)
Williams, J.: ACPO good practice guide for digital evidence (2011). http://www.acpo.police.uk/documents/crime/2011/201110-cba-digital-evidence-v5.pdf. Accessed 25 Oct 2014
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, Dallas (1979)
Martello, S., Toth, P.: Knapsack Problems: Algorithms and Computational Implementation. Wiley, Hoboken (1990)
Dantzig, G.: Discrete varaible extremum problems. Oper. Res. 5(1), 266–277 (1957)
Amar, D.A., Gupta, J.N.D.: Simulated versus real life data in testing the efficiency of scheduling algorithms. IIE Trans. 18(1), 16–25 (1986)
AIMMS 3.13: Paragon Decision Technology B.V., Netherlands. http://www.AIMMS.com
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Gupta, J.N.D., Kalaimannan, E., Yoo, SM. (2020). A Sequential Investigation Model for Solving Time Critical Digital Forensic Cases Involving a Single Investigator. In: Choo, KK., Morris, T., Peterson, G. (eds) National Cyber Summit (NCS) Research Track. NCS 2019. Advances in Intelligent Systems and Computing, vol 1055. Springer, Cham. https://doi.org/10.1007/978-3-030-31239-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-31239-8_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31238-1
Online ISBN: 978-3-030-31239-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)