An Approach for Managing Knowledge in Digital Forensics Examinations
Computers and digital devices are continuing to evolve in the areas of storage, processing power, memory, and features. Resultantly, digital forensic investigations are becoming more complex due to the increasing size of digital storage reaching gigabytes and terabytes. Due to this growth in disk storage, new approaches for managing the case details of a digital forensics investigation must be developed. In this paper, the importance of managing and reusing knowledge in digital forensic examinations is discussed, a modeling approach for managing knowledge is presented, and experimental results are presented that show how this modeling approach was used by law enforcement to manage the case details of a digital forensic examination.
Tanner, A. and D. Dampier, “An Approach for Managing Knowledge in Digital Forensics Examinations,” International Journal of Computer Science and Security, Computer Science Journals, Vol. 4, Issue 5, December 2010 pp. 451-465.