A New Triage Process Model For Digital Investigations

As the amount of crimes involving the digital dimension grows, an ever increasing number of digital artifacts collected from a forensic investigation needs plenty of resources to process in a forensically sound manner. Digital forensic triage provides a way to deal with this scalability problem, as it is tailored to maximize the utilization of resources based on a priority system. Unfortunately, the paucity of definite solutions limits efforts to triage implementation. In this article, we propose a Dual-Triage Digital Forensic Process Model, termed DTDFPM, which increases the effectiveness and efficiency of examinations. The DTDFPM simultaneously enjoys the following properties: i) background information is utilized to prioritize cases and specific features are determined which media contain information relevant to the investigation, ii) a Priority Sorting with Artificial Neuron algorithm (PSAN) is designed, which is the first application of neural network to sorting solution in digital triage, iii) efficient integration, the proposed model implemented based on the Python programming language can be easy to integrate into existing forensic tools. Thoroughly theoretical analysis and performance evaluation indicate the advantage of our proposed process model.