Abstract:
The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the Digital Forensic Investigation, is also a big challenge. The investigator gets full access to the forensic image including suspect’s private data which may be sensitive at times as well as entirely unrelated to the given case under investigation. With a perception that privacy preservation and the completeness of investigation are incompatible with each other, the digital forensics researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a comprehensive approach that preserves data privacy by neither affecting the capabilities of the investigator nor the overall efficiency of the investigation process, is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and preserves data privacy in such a way that the overall efficiency of the digital forensic investigation process increases without affecting the integrity and admissibility of the evidence. The framework improves validation to enhance transparency in the investigation process. The framework also uses a secure logging mechanism to capture investigation steps to achieve a higher level of accountability. Since the proposed framework introduces notable enhancements to the current investigative practices more like the next version of Digital Forensics, the authors named it ‘Digital Forensics 2.0’, or DF 2.0 in short.