Automated management of operational activities in forensic computer laboratories

Abstract

The paper shows the design of an extensible computer solution for computer forensic laboratories that will allow the automated management and monitoring of a set of tasks related to data processing to improve daily duties on digital evidence. The software works on an infrastructure composed of a local high-speed network and a group of workstations on which various forensic computer tools are executed. The forensic software tool is able to coordinate operational activities and the transfer of digital information on a set of network storage devices in which the sources of digital evidence and the results obtained from data processing are safeguarded. The framework has been designed for the automated management of operative activities and will enable the simultaneous and autonomous processing of multiple sources of digital evidence corresponding to different cases being processed in a computer forensic laboratory. Furthermore, it can also be managed through a web interface and will allow programming, controlling and reporting the progress of automated tasks that are executed on digital evidence. The results of those finalized jobs are stored in a database and after being validated they will be available and accessible through an online review system, so that judicial operators have without delays a fully set of forensic analysis reports and other potentially relevant findings that allow them an early evaluation of the digital evidence submitted to expertise. The solution proposed seeks to contribute to the automated management of operative activities in the laboratory as a first step towards the so-called forensic computer systems of second generation.