Embedding hercule poirot in networks: Addressing inefficiencies in digital forensic investigations

Abstract

Forensic investigations on networks are not scalable in terms of time and money [1]. Those investigations mat do occur consume months of attention from the very experts who should be investing in more productive activities, like designing and improving network performance [1]. Given these circumstances, organizations often must select which cases to pursue, ignoring many that could be prosecuted, if time allowed. Recognizing the exponential growth in the number of crimes that employ computers and networks that become subject to digital evidence procedures, researchers and practitioners, alike, have called for embedding forensics - essentially integrating the cognitive skills of a detective into the network [2, 3, 4], The premise is that the level of effort required to document incidents can thus be reduced, significantly. This paper introduces what technical factors might reflect those detecting skills, leading to solutions that could offset the inefficiencies of current practice. © Springer-Verlag Berlin Heidelberg 2007.