Quantifying Digital Forensic Investigations and their Evidence

Lead Research Organisation: King's College London
Department Name: Computer Science

Abstract

With the growth of the world-wide web (WWW), there has been a corresponding growth in crimes that use the WWW. Specialist law enforcement investigators are ever more frequently required to examine PCs, laptops, mobile phones, sat-navs, and personal digital assistants (PDAs) for look for incriminating (or exonerating) evidence. This has led to a situation where there is a severe shortage of digital forensic examiners with long backlogs of work, leading to even longer delays within the judicial process.

At the same time, lawyers are becoming ever more savvy in finding ingenious alternative explanations for the recovered digital evidence which, if accepted by the court, would allow their client to be acquitted.

This research project aims to address both these issues.

The former issue will be tackled by devising one or more digital forensic triage schemes in which a digital forensic technician filters or screens each digital device for the expected traces of evidence and the 'probative value' or weight of the recovered evidence is accumulated. Only if this accumulated weight of evidence meets one or more prescribed criteria is the device passed on to an experienced forensic investigator for a full digital examination.

The latter issue is to be addressed by using the notions of likelihoods and odds to determine how plausible it is that the recovered digital evidence was in fact formed by the process that the prosecution suspects, rather than by some alternative process that the defence might suggest. If the prosecuting authority performs such an analysis it will aid their decision as to whether to go to trial, and if the expert witnesses are armed with this data it will enable them to be more authoritative than previously regarding the strength of the available digital evidence.

Planned Impact

The development of procedures, processes, tools and techniques to optimise the utilisation of resources available for digital forensic investigations by law enforcement, and to provide a sharper focus to the interpretation of the recovered digital evidence by prosecution authorities and expert witnesses, will result in increasingly cost-effective operations.

Publications

10 25 50
 
Description Techniques for measuring the strength of a prosecution or defence case involving digital crime.
Exploitation Route use by digital crime investigators, law enforcement and prosecution service officials in deciding whether to go to trial
Sectors Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice

URL http://www.inf.kcl.ac.uk/staff/richard/reo_pubs.html
 
Description adoption by prosecution authorities in UK & HK of quantitative metrics derived in this project as an aid to evaluate the probative value (strength) of the prosecution or defence case
First Year Of Impact 2012
Sector Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice
Impact Types Societal,Policy & public services