This artice is free to access.
Digital evidence is playing an increasingly important role in prosecuting crimes. The reasons are manifold: financially lucrative targets are now connected online, systems are so complex that vulnerabilities abound and strong digital identities are being adopted, making audit trails more useful. If the discoveries of forensic analysts are to hold up to scrutiny in court, they must meet the standard for scientific evidence. Software systems are currently developed without consideration of this fact. This paper argues for the development of a formal framework for constructing “digital artifacts” that can serve as proxies for physical evidence; a system so imbued would facilitate sound digital forensic inference. A case study involving a filesystem augmentation that provides transparent support for forensic inference is described.
Gehani, A., Kirchner, F., & Shankar, N. (2009). System support for forensic inference. In IFIP Advances in Information and Communication Technology (Vol. 306, pp. 301–316). Springer New York LLC. https://doi.org/10.1007/978-3-642-04155-6_23