Automating Aspects of Forensic Case Management

Abstract:

The forensics community has invested considerable effort in the development of tools in support of the different stages of a digital investigation. However, the main focus has been on the development of tools to capture data, or to support later forensic analysis in the sifting and sorting of large volumes of data in the search for information relating to specific system or user activities. There has been more limited effort and success in terms of the development of tools to support case management and less still on the organisation of metadata needed for the reporting and formatting of evidence for court.

This paper reviews some of the current tools for reporting the results of forensic analysis. It out- lines a lightweight approach based on the automated creation of folder structures and a related referencing methodology aimed at reducing the possibility of human error. This system, adopted commercially for organising evidence potentially extracted from several different tools, enables multiple investigators to collate and to consistently organise information for reporting and review.


AUTHORS

Photo of Glenn Nor

Forensic Technology Services PriceWaterhouseCoopers Oslo,
Norway

Glenn Nor has a background in IT network and security, and completed one of Norway’s first bachelor degrees that focuses specifically on digital forensics.   He is now head of forensic technology services at PwC Norway and pursuing an MPhil/ PhD  at the University of South Wales.

Photo of Professor Iain Sutherland

School of Technology and Digital Media Noroff University College Kristiansand,
Norway

Security Research Institute Edith Cowan University Perth,
Australia

Professor Iain Sutherland is currently Professor of Digital Forensics at Noroff University College in Kristiansand, Norway. He is a recognized expert in the area of computer forensics and data recovery. He has authored numerous articles ranging from forensics practice and procedure to network security. In addition to being actively involved in research, he has acted as a consultant on forensic and security issues for both UK police forces and commercial organizations. His current research interests lie in the areas of computer forensics and computer security.

Photo of Dr. Andrew Blyth

School of Computing and Mathematics University of South Wales Pontypridd,
United Kingdom

Dr. Andrew Blyth, formally the Director of the Information Security Research Group at the University of South Wales has functioned as an expert witness in the area of computer forensic and data recovery for a wide variety of law enforcement agencies, such as the Home Office, SOCA, and the Metropolitan Police. Dr.  Blyth has also published several journal papers on the areas of computer forensic and data recovery and is one of the leading global authorities on data sanitization and forensic techniques on solid state media. Dr. Blyth is on the ISO advisory board for standards relating to Computer Forensics, is   a member of the National IA forum, and works with UK government agencies, including the Defence Science Technology Laboratory.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com