An Object Based Decision Support Protocol for Multi- Constraint Agile Digital Forensics Investigation

Abstract

The recent scenarios expressing live digital forensics and its applications in security domain with multiple constraint-based analysis. Many digital forensic tools available in the market helps to make a good analysis of various digital forensic situations but the awareness of the situation-based decision making is still an unsolvable issue in many critical forensic cases. As the digital forensic domain increases its scope to various business and computer related industries, leading market investors and the employees are much aware about the digital crimes and its prevention. Here in this article, we proposed a new protocol which can help the decision making of sensitive digital forensic cases by the involvement of various constraint-based evaluation. A multi constraint operational system proposed here for live digital forensic and the decision support system takes an object parameter while the decision-making procedure is implemented. Thus, the protocol introduced here may carry a set of rules where the object formation and decision support constraints bind together and it may reply on the digital forensic tool integration. The characteristics of this protocol is mainly distributed for situation awareness criterion evaluation and modelled to limit the amount of data retrieval and its acquisition. categorical acquisition of digital evidences through time, duration, devices involved, wings of affect, cause of the target, hacker/attacker/affected user, kind of attack are the constraints to be solved through this prototype. The focus of this prototype is for dynamic digital forensics instead classic forensics conducted on switched off devices. This protocol supports the standard organizational formats to follow the forensic procedures in which a detailed recommendations and documentation from various organizations. The standardized formats of National Institute of Standards and Technology (NIST), International Standards Organization (ISO), Global Professional Information Community (AIIM) and American Society for Testing and Materials (now ASTM International) into considered while developing this protocol.