A Case-Based Reasoning Method for Locating Evidence During Digital Forensic Device Triage

Horsman, Graeme, Laing, Christopher and Vickers, Paul (2014) A Case-Based Reasoning Method for Locating Evidence During Digital Forensic Device Triage. Decision Support Systems, 61. pp. 69-78. ISSN 0167-9236

[img]
Preview
PDF (Article)
Horsman_et_al_Author_Accepted_Manuscript.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0.

Download (303kB) | Preview
Official URL: http://dx.doi.org/10.1016/j.dss.2014.01.007

Abstract

The role of triage in digital forensics is disputed, with some practitioners questioning its reliability for identifying evidential data. Although successfully implemented in the field of medicine, triage has not established itself to the same degree in digital forensics. This article presents a novel approach to triage for digital forensics. Case-Based Reasoning Forensic Triager (CBR-FT) is a method for collecting and reusing past digital forensic investigation information in order to highlight likely evidential areas on a suspect operating system, thereby helping an investigator to decide where to search for evidence. The CBR-FT framework is discussed and the results of twenty test triage examinations are presented. CBR-FT has been shown to be a more effective method of triage when compared to a practitioner using a leading commercial application.

Item Type: Article
Subjects: G400 Computer Science
G600 Software Engineering
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Paul Vickers
Date Deposited: 20 Jan 2014 09:56
Last Modified: 17 Dec 2023 14:52
URI: https://nrl.northumbria.ac.uk/id/eprint/15186

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics