Ect: A novel architecture for evidence collection in forensic investigation

Abstract

Computers, smart-phones, wearable devices, and more generally any piece of technology that processes information can be used in a criminal way. Forensics investigation is becoming a crucial process to acquire and secure information and data that is stored on, received or transmitted by an electronic device for further examination during a trial. In this work, we adopt semantics-based technologies to compose a methodology supporting forensics investigations during the analysis process. Proposed methodology aims to infer hidden correlations among different informative sources, for example, integrating in a unique coherent stream the results of different forensic tools. We implement this methodology through a system able to generate additional assertion to data generated by forensics tools during extraction processes. Thanks to their formal representation, assertions enable enhanced retrieval and reasoning capabilities and so more efficient access to information resources. In order to prove effectiveness of the approach, we show some experimental results obtained in a simulated case of a digital investigation examination, evaluating recall and precision of query results, asking for a set of given evidences considered as ground truth.