Skip to main content
SpringerLink
Log in
Book cover

National Cyber Summit

NCS 2019: National Cyber Summit (NCS) Research Track pp 202–219Cite as

A Sequential Investigation Model for Solving Time Critical Digital Forensic Cases Involving a Single Investigator

  • Conference paper
  • First Online:

  • 426 Accesses

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1055))

Abstract

The number of evidences found in a digital crime scene has burgeoned significantly over the past few years. In addition, the demand for delivering accurate results within a given time deadline has increased. The major challenges coinciding with these aforementioned objectives are to investigate the right set of evidences and to allocate appropriate times for their investigation. In this paper, we present a mixed integer linear programming (MILP) model to analyze the problem of allocating optimal investigation times for evidences involving a single investigator. The objective is to maximize the overall effectiveness of a forensic investigation procedure. We particularly focus on the time critical digital forensic cases, in which results have to be finalized in a court of law within a specified time deadline. While the general problem is NP-hard, two special cases are illustrated to be optimally solvable in polynomially computational effort. Two heuristic algorithms are proposed to solve the general problem. Results of extensive computational experiments to empirically evaluate their effectiveness in finding an optimal or near-optimal solution are reported. Finally, this paper concludes with a summary of findings and some fruitful directions for future research.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Log files are specific files that are generated to keep a history of actions occurred on the system.

  2. 2.

    Private communication with Anuj Soni from Booz Allen Hamilton Inc.

  3. 3.

    Advanced Integrated Multidimensional Modeling Software for building decision support and optimization applications.

  4. 4.

    The solver used for optimization is CPLEX optimizer version 12.5.

  5. 5.

    Please contact the corresponding author for a numerical illustration and the detailed computational results.

References

  1. Palmer, G.: A road map for digital forensic research (2001). Technical Report DTR-T001-0

    Google Scholar 

  2. James, J.I., Gladyshev, P.: A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview. Digit. Investig. 10(2), 148–157 (2013)

    Article  Google Scholar 

  3. Richardson R.: CSI Computer crime and Security survey (2011). http://www.ncxgroup.com/wp-content/uploads/2012/02/CSIsurvey2010.pdf. Accessed 29 Nov 2013

  4. Casey, E., Katz, G., Lewthwaite, J.: Honing digital forensic processes. Digit. Investig. 10(2), 138–146 (2013)

    Article  Google Scholar 

  5. Pollitt, M.: Computer forensics: an approach to evidence in cyberspace. In: Proceedings of the National Information Systems Security Conference, pp. 487–491 (1995)

    Google Scholar 

  6. Agarwal, R., Kothari, S.: Review of digital forensic investigations frameworks. In: Kim, K.J. (ed.) Information Systems and Applications, pp. 561–571. Springer, Heidelberg (2015)

    Google Scholar 

  7. Reith, M., Carr, C., Gunsch, G.: An examination of digital forensic models. Int. J. Digit. Evid. 1(3), 1–12 (2002)

    Google Scholar 

  8. Rogers, M.K., Goldman, J., Mislan, R., Wedge, T., Debrota, S.: Computer forensics field triage process model. J. Digit. Forensics Secur. Law 1(2), 27–40 (2006)

    Google Scholar 

  9. Freiling, F.C., Schwittay, B.: A common process model for incident response and computer forensics. In: Proceedings of Conference on IT Incident Management and IT Forensics, pp.19–40 (2007)

    Google Scholar 

  10. Walls, R.J., Levine, B.N., Liberatore, M., Shields, C.: Effective digital forensics research is investigator-centric. In: Proceedings of the 6th USENIX Conference on Hot Topics in Security, pp. 1–11 (2011)

    Google Scholar 

  11. Hitchcock, B., Le-Khac, N., Scanlon, M.: Tiered forensic methodology model for digital field triage by non-digital evidence specialists. Digit. Invest. 16(S), S75–S85 (2016)

    Article  Google Scholar 

  12. Overill, R., Silomon, J., Roscoe, K.: Triage template pipelines in digital forensic investigations. Digit. Invest. 10(2), 168–174 (2013)

    Article  Google Scholar 

  13. Bashir, M.S., Khan, M.N.: A triage framework for digital forensics. Comput. Fraud Secur. 3(1), 8–18 (2015)

    Article  Google Scholar 

  14. Sun, G.Z., Dong, Y., Liu, J.P., Shen T.: The validity of trusted forensics based on probability. In: Proceedings of the International Conference on Information Engineering and Computer Science, pp. 1–4 (2009)

    Google Scholar 

  15. Wang, W., Daniels, T.A.: Graph based approach toward network forensics analysis. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(2), 4–33 (2008)

    Article  Google Scholar 

  16. Spyridopoulos, T., Tryfonas, T., May, J.: Incident analysis & digital forensics in SCADA and industrial control systems. In: Proceedings of the 8th IET International System Safety Conference incorporating the Cyber Security Conference, pp. 1–6 (2013)

    Google Scholar 

  17. Alharbi, S., Weber-Jahnke, J., Traore, I.: The proactive and reactive digital forensics invesitgation process: a systematic literature review. Int. J. Secur. Appl. 5(4), 59–71 (2011)

    Google Scholar 

  18. Raghavan, S.: Digital forensic research: current state of the art. CSIT 1(1), 91–114 (2013)

    Article  Google Scholar 

  19. Gupta, J.N.D., Kalaimannan, E., Yoo, S.M.: A heuristic for maximizing investigation effectiveness of digital forensic cases involving multiple investigators. Comput. Oper. Res. 69(1), 1–9 (2016)

    Article  MathSciNet  Google Scholar 

  20. Divakaran, D.M., Fok, K.W., Nevat, I., Thing, V.L.L.: Evidence gathering for network security and forensics. Digit. Invest. 20(S), S56–S65 (2017)

    Article  Google Scholar 

  21. Herrerias, J., Gomez, R.: A log correlation model to support the evidence search process in a forensic investigation. In: Second International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 31–42 (2007)

    Google Scholar 

  22. US Department of Justice: Forensic Examination of Digital Evidence: A Guide for Law Enforcement. National Institute of Justice Report No. NCJ 187736 (2004)

    Google Scholar 

  23. Williams, J.: ACPO good practice guide for digital evidence (2011). http://www.acpo.police.uk/documents/crime/2011/201110-cba-digital-evidence-v5.pdf. Accessed 25 Oct 2014

  24. Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, Dallas (1979)

    MATH  Google Scholar 

  25. Martello, S., Toth, P.: Knapsack Problems: Algorithms and Computational Implementation. Wiley, Hoboken (1990)

    MATH  Google Scholar 

  26. Dantzig, G.: Discrete varaible extremum problems. Oper. Res. 5(1), 266–277 (1957)

    Article  Google Scholar 

  27. Amar, D.A., Gupta, J.N.D.: Simulated versus real life data in testing the efficiency of scheduling algorithms. IIE Trans. 18(1), 16–25 (1986)

    Article  Google Scholar 

  28. AIMMS 3.13: Paragon Decision Technology B.V., Netherlands. http://www.AIMMS.com

Download references

Author information

Authors and Affiliations

  1. College of Business, University of Alabama in Huntsville, Huntsville, AL, 35899, USA

    Jatinder N. D. Gupta

  2. Department of Computer Science, University of West Florida, Pensacola, FL, 32514, USA

    Ezhil Kalaimannan

  3. Department of Electrical and Computer Engineering, University of Alabama in Huntsville, Huntsville, AL, 35899, USA

    Seong-Moo Yoo

Authors
  1. Jatinder N. D. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ezhil Kalaimannan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seong-Moo Yoo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jatinder N. D. Gupta .

Editor information

Editors and Affiliations

  1. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  2. University of Alabama in Huntsville, Huntsville, AL, USA

    Thomas H. Morris

  3. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert L. Peterson

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gupta, J.N.D., Kalaimannan, E., Yoo, SM. (2020). A Sequential Investigation Model for Solving Time Critical Digital Forensic Cases Involving a Single Investigator. In: Choo, KK., Morris, T., Peterson, G. (eds) National Cyber Summit (NCS) Research Track. NCS 2019. Advances in Intelligent Systems and Computing, vol 1055. Springer, Cham. https://doi.org/10.1007/978-3-030-31239-8_16

Download citation

Publish with us

Policies and ethics

Search

Navigation