A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview

James, Joshua I.; Gladyshev, Pavel

doi:10.1016/j.diin.2013.04.005

Cited by 25 publications

(15 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Every digital forensics investigation case is bounded by local and federal laws and policies that should be followed strictly including privacy regulations [10]. Usually digital investigation starts with acquiring an investigation warrant that legalizes collection, processing and storing of data related to a specific person or group of suspected people [11]. However, in reality it is very common that irrelevant data about unrelated parties are collected and accessed during investigation by forensic investigators.…”

Section: Introductionmentioning

confidence: 99%

Privacy-respecting digital investigation

Dehghantanha

Franke

2014

2014 Twelfth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

the forensics investigation requirements are in direct conflict with the privacy rights of those whose actions are being investigated. At the same time, once the private data is exposed it is impossible to 'undo' its exposure effects should the suspect is found innocent! Moreover, it is not uncommon that during a suspect investigation, private information of other innocent parties becomes apparent to the forensics investigator. These all raise the concern for development of platforms for enforcing privacy boundaries even to authorized forensics investigators. To the best of authors' knowledge, there is no practical model for privacy-respecting digital investigation which is capable of considering different jurisdictions requirements and protecting subjects' data privacy in line with investigation warrant permissions and data-origin privacy requirements.Privacy-respecting digital forensics as an emerging crossdisciplinary research area is moving toward addressing above issues. In this paper, we first establish needed foundations and describe details of "privacy-respecting digital investigation" as a cross-disciplinary field of research. Afterwards, we review main research efforts in different research disciplines relevant to the field and elaborate existing research problems. We finalize the paper by looking at potential privacy issues during digital investigation in the light of EU, US, and APEC privacy regulations.The main contributions of this paper are first establishing essential foundations and providing detailed definition of "privacy-respecting digital investigation" as a new crossdisciplinary field of research, second a review of current state of art in different disciplines relevant to this field, third elaborating existing issues and discussing most promising solutions relevant to these disciplines, and forth is detailed discussion of potential privacy issues in different phases of digital forensics life cycle based on EU,US, and APEC privacy regulations. We hope this paper opens up a new and fruitful avenue in the study, design, and development of privacy respecting forensics investigation as an interdisciplinary field of research.

show abstract

Section: Introductionmentioning

confidence: 99%

Privacy-respecting digital investigation

Dehghantanha

Franke

2014

2014 Twelfth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

show abstract

“…imprisonment for a term not exceeding 10 years". In this case, based on Irish law, the legal system appears to lead to the prioritization of CEM investigations over basic hacking investigations, and this is informally reflected in the digital forensics laboratory (James & Gladyshev, 2013 While a thorough review of all applicable acts would need to be conducted, prioritizing by the punishment severity can help ensure that an organization is focus on crimes that are considered more serious by the legal system.…”

Section: Severity Of Fine or Sentencementioning

confidence: 99%

“…While there was no official prioritization model in Ireland, investigators generally prioritized child exploitation investigations, with approximately 80% of an investigator's time focused on those types of investigations (James & Gladyshev, 2013). Certain 'special circumstances' may see other case types prioritized, such as an immediate threat to life.…”

Section: Case Categorization and Prioritization In Practicementioning

confidence: 99%

Multi-Stakeholder Case Prioritization in Digital Investigations

James¹

2014

JDFSL

View full text Add to dashboard Cite

This work examines the problem of case prioritization in digital investigations for better utilization of limited criminal investigation resources. Current methods of case prioritization, as well as observed prioritization methods used in digital forensic investigation laboratories are examined. After, a multi-stakeholder approach to case prioritization is given that may help reduce reputational risk to digital forensic laboratories while improving resource allocation. A survey is given that shows differing opinions of investigation priority between Law Enforcement and the public that is used in the development of a prioritization model. Finally, an example case is given to demonstrate the practicality of the proposed method.

show abstract

“…Most forms of preliminary analysis involve some form of automation, and much of the time if a preliminary analysis is done, the decision to continue or stop the examination will be made based on what is found -or not -with these less in-depth processes. It also appears that in all cases if anything suspicious is found during a preliminary examination, then an in-depth analysis will normally take place [12]. Current processes, such as triage, have been shown to help reduce the number of suspect machines needing an in-depth examination; however, triage and highly automated preview examinations are not currently as effective as manual in-depth investigations in every situation [8,16].…”

Section: Other Levels Of Forensic Examinationmentioning

confidence: 99%

“…While there are many ways to implement the proposed accuracy measurement method in a digital investigation, this work will give one example of how such a measurement process could be implemented in a way that is minimally disruptive to current investigation processes. The proposed measurement method was used during the implementation of a new 'Preliminary Analysis Unit' as described by James and Gladyshev [12].…”

Section: Implementation Of Accuracy Measurement In Digital Forensic Lmentioning

confidence: 99%

Measuring Accuracy of Automated Parsing and Categorization Tools and Processes in Digital Investigations

James¹,

Lopez-Fernandez

Gladyhsev

2014

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Self Cite

View full text Add to dashboard Cite

Summary. This work presents a method for the measurement of the accuracy of evidential artifact extraction and categorization tasks in digital forensic investigations. Instead of focusing on the measurement of accuracy and errors in the functions of digital forensic tools, this work proposes the application of information retrieval measurement techniques that allow the incorporation of errors introduced by tools and analysis processes. This method uses a 'gold standard' that is the collection of evidential objects determined by a digital investigator from suspect data with an unknown ground truth. This work proposes that the accuracy of tools and investigation processes can be evaluated compared to the derived gold standard using common precision and recall values. Two example case studies are presented showing the measurement of the accuracy of automated analysis tools as compared to an in-depth analysis by an expert. It is shown that such measurement can allow investigators to determine changes in accuracy of their processes over time, and determine if such a change is caused by their tools or knowledge.

show abstract

A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview

Cited by 25 publications

References 1 publication

Privacy-respecting digital investigation

Privacy-respecting digital investigation

Multi-Stakeholder Case Prioritization in Digital Investigations

Measuring Accuracy of Automated Parsing and Categorization Tools and Processes in Digital Investigations

Contact Info

Product

Resources

About