Abstract: Forensic investigations on networks are not scalable in terms of time and money [1]. Those investigations that do occur consume months of attention from the very experts who should be investing in more productive activities, like designing and improving network performance [1]. Given these circumstances, organizations often must select which cases to pursue, ignoring many that could be prosecuted, if time allowed. Recognizing the exponential growth in the number of crimes that employ computers and networks that become subject to digital evidence procedures, researchers and practitioners, alike, have called for embedding forensics - essentially integrating the cognitive skills of a detective into the network [2, 3, 4]. The premise is that the level of effort required to document incidents can thus be reduced, significantly. This paper introduces what technical factors might reflect those detecting skills, leading to solutions that could offset the inefficiencies of current practice.
Revised: October 5, 2010 |
Published: August 24, 2007
Citation
Endicott-Popovsky B.E., and D.A. Frincke. 2007.Embedding Hercule Poirot in Networks: Addressing Inefficiencies in Digital Forensic Investigations. In Foundations of Augmented Cognition, Lecture Notews in Computer Science Vol 4565. 364-372. Berlin:Springer.PNNL-SA-73584.