Skip to main content

An abstract model for digital forensic analysis tools − A foundation for systematic error mitigation analysis

Christopher Hargreaves‚ Alex Nelson and Eoghan Casey

Abstract

As automation within digital forensic tools becomes more advanced there is a need for a systematic approach to ensure the validity, reliability, and standardization of digital forensic results. This paper argues for intermediate output in a standardized format within digital forensic tools to allow a methodical approach to tool validation that targets errors at each stage of processing. To achieve this, a detailed process model of digital forensic analysis tools is created, extrapolating the details of the internal processes performed by monolithic forensic tools. The research deconstructs the process flow within tools and presents an ‘abstract digital forensic tool’, revisiting earlier abstraction layer ideas. This not only identifies the interconnected processes within tools but allows discussion of the potential error that could be introduced at each stage, and how it could potentially propagate within a tool. A demonstration, with a dataset, is also included, structurally annotated using Cyber-investigation Analysis Standard Expression (CASE).

ISSN
2666−2817
Journal
Forensic Science International: Digital Investigation
Keywords
Digital forensics tools‚ Digital forensics process‚ Abstraction layers‚ Validation‚ Error‚ Tool testing‚ CASE
Note
DFRWS EU 2024 − Selected Papers from the 11th Annual Digital Forensics Research Conference Europe
Pages
301679
Volume
48
Year
2024