Towards an Automated Digital Data Forensic Model with specific reference to Investigation Processes
Digital Data Forensics is constantly under scrutiny to standardize processes. Previous researchers moved between various frameworks without presenting a firm platform or solution, addressing standardization. Only a few researchers referred to automated investigation processes. Established data banks do not exist. We investigate whether investigators use forensic frameworks in their investigations. We question if these frameworks are guiding the investigation and the feasibility of an automated investigation model. We also investigate if a prediction based on a global digital forensic data bank is possible. Investigation processes with regard to the readiness of automated investigation is also investigated. Problems encountered are primarily linked to privacy is a major concern. The lack or willingness to address privacy up front, place obstacles in the way of would be researchers. The term automated forensics and automated tools are misunderstood, some participants regard automation as automated software tools and address this as: “Forensic automation is already becoming a problem by giving untrained examiners a false sense of security when in reality, they are not conducting an examination at all” Investigations using software that reflects a click and drag scenario, does not promote an academic research platform. We suggests automated forensics to be the process of investigation where the investigator make use of previous data based on predictive analysis of data bank from previous data and make use of forensic software in a lesser part. We suggest changing the mindset from “automated software”, to “automated analysis” whereby investigators could sift through the first level of classification and determine sub levels of the investigation with optimal running of scripts, suitable for level comparison and prediction. (Beebe, 2009) suggests using an Intelligent Analytical Approach extending artificial intelligence and other intelligent search enabling successful retrieval, making use of algorithms. This supports our point of view as well; using a stronger reflection to a semantic vs. literal searching technique should set a base platform, substituting the traditional literal searches. This also fits well with our vision of having a structured, relational data structure in place thereby improving data indexing. This would ultimately present a match based on “fuzzy hashing” which require a complete paradigm shift. This shift would step away from the overwhelming traditional search patterns and move to prediction of similar cases. We suggest using predictive Markov models, analyzing data for predictive similarity in events. We will also move to a fuzzy re-classification of data models. Since each case differs substantially, a model built from a generic level to predictive sub levels is suggested. This research did not cover relational database creation and classification of variables, further research will be conducted. In other words, we form predictions, irrespective of the investigation model followed. Further research is required in classifying variables and groups. It is questionable whether forensic investigators would follow standardized procedures at all—considering they are following their own customized methods to date. This presents a problem for standardization and ultimately automation.