1 research outputs found
Engineering Adaptive Digital Investigations using Forensics Requirements
A digital forensic investigation aims to collect and analyse the evidence
necessary to demonstrate a potential hypothesis of a digital crime. Despite the
availability of several digital forensics tools, investigators still approach
each crime case from scratch, postulating potential hypotheses and analysing
large volumes of data. This paper proposes to explicitly model forensic
requirements in order to engineer software systems that are forensic-ready and
guide the activities of a digital investigation. Forensic requirements relate
some speculative hypotheses of a crime to the evidence that should be collected
and analysed in a crime scene. In contrast to existing approaches, we propose
to perform proactive activities to preserve important - potentially ephemeral -
evidence, depending on the risk of a crime to take place. Once an investigation
starts, the evidence collected proactively is analysed to assess if some of the
speculative hypotheses of a crime hold and what further evidence is necessary
to support them. For each hypothesis that is satisfied, a structured argument
is generated to demonstrate how the evidence collected supports that
hypothesis. Our evaluation results suggest that the approach provides correct
investigative findings and reduces significantly the amount of evidence to be
collected and the hypotheses to be analysed