Research Challenges and Opportunities in Big Forensic Data

Abstract

The growth in the data volume and number of evidential data sources, including from heterogeneous distributed systems such as cloud and fog computing systems and Internet-of-Things devices (e.g. drones), has led to increased collection, processing and analysis times, potentially resulting in vulnerable individuals and organizations (e.g. in the event of an insider breach) being at risk.In this presentation, we will describe the potential of data reduction and management approaches, such as methodologies for data reduction, quick analysis, in-depth analysis, semi-automated information and entity extraction, and link charting in conjunction with link analysis. We will also examine how our data reduction approach can be realistically implemented to reduce collection and processing times, as well as reducing the time to undertake analysis, and providing investigators with evidence or actionable intelligence in a timely manner.The importance of integrating (big) digital forensics principles and concepts into future system design and development (i.e. forensic-by-design) is also explained. While a forensically friendly / reader system will not stop a security incident (e.g. insider breach) from occurring, it can assist investigators in the examination of such incidents, such as the preservation of evidential data, the analysis of an incident to determine root causes, and accelerate the restoration of devices and services affected with an incident.Potential research questions will also be discussed.