Increasing digital investigator availability through efficient workflow management and automation

TL;DR

This paper introduces an automation framework for digital forensic workflows that enhances investigator efficiency, reduces processing time, and lowers costs, addressing resource constraints in law enforcement digital investigations.

Contribution

It presents a novel automation framework that streamlines digital forensic processes, enabling more efficient investigations with limited resources.

Findings

Evidence processing time decreased with server-side automation.

Increased investigator efficiency and reduced infrastructure costs.

Framework demonstrated robustness in real-world scenario.

Abstract

The growth of digital storage capacities and diversity devices has had a significant time impact on digital forensic laboratories in law enforcement. Backlogs have become commonplace and increasingly more time is spent in the acquisition and preparation steps of an investigation as opposed to detailed evidence analysis and reporting. There is generally little room for increasing digital investigation capacity in law enforcement digital forensic units and the allocated budgets for these units are often decreasing. In the context of developing an efficient investigation process, one of the key challenges amounts to how to achieve more with less. This paper proposes a workflow management automation framework for handling common digital forensic tools. The objective is to streamline the digital investigation workflow - enabling more efficient use of limited hardware and software. The proposed automation framework reduces the time digital forensic experts waste conducting time-consuming, though necessary, tasks. The evidence processing time is decreased through server-side automation resulting in 24/7 evidence preparation. The proposed framework increases efficiency of use of forensic software and hardware, reduces the infrastructure costs and license fees, and simplifies the preparation steps for the digital investigator. The proposed approach is evaluated in a real-world scenario to evaluate its robustness and highlight its benefits.