查看文章

Internet’s pervasiveness and the large availability of multimedia devices with networking capability have contributed to the global diffusion of cyber threats and cybercrimes, causing serious challenges from the digital forensic perspective. As a consequence, the potential amount of data which requires analysis is increasing, causing an urgent need for new forensic techniques and tools. Those currently in use, indeed, being more focused on full device extraction for some basic statistics than reducing and correlating data for case-relevant device identification, tend to be outdated. In this situation, which may be referred to as data rich but information poor, a practical solution is represented by Digital Forensics Triage, a promising new branch of the Digital Forensics science whose aim is to extract evidence and provide vital intelligence in a timely manner. Digital Forensics Triage, or simply Digital Triage, is generally referred to as a framework that could be adopted in time-critical situations to assign a higher priority to certain digital devices with regards to others, according to their relevance to the criminal case. Digital Triage has been characterized by the development of rapid data extraction techniques and tools whereas, despite some categorisation functions, determining the relevance of a digital device to a criminal case, also known as classification, tend to be a mostly manual process. Based on substantial research carried out to establish current methodologies in the field of Digital Triage and their potential use, this thesis describes an original methodology for digital device pre-examination and classification either on the crime scene or at Digital …