Cloudlet solution for digital forensic investigation of multiple cases of multiple devices

摘要

Multiple device ownership exponentially increases the volume and variety of data, with detrimental implications to digital forensic investigations. Several authors have proposed data reduction approaches in attempts to enhance the data acquisition and processing phases of the investigation process. Other works have aimed to take advantage of cloud computing's seemingly unlimited resources to leverage investigations. However, such approaches inadvertently affect the credibility of forensic evidence and its admissibility in a court of law, and degrade the efficiency of forensic processes. In this paper, we propose a novel approach which leverages current processes by focusing on augmenting computational and latency capabilities. To achieve this, we motivate a cloudlet-based digital forensic (DF) approach to complement existing cloud computing systems. Based on their proximity to end-devices and remote DF investigation teams, our proposed solution effectively tackles low latency challenges present with the cloud alternative. In addition, configuring the cloudlet solution as the sole custodian of data counters ensures that investigators remain in control of their data, and hence can maintain a comprehensive evidence trail. Finally, have also proposed a cloudlet-based DF resource optimization approach to facilitate upward and downward scaling of resources to cope with a variety of data sizes, multiple devices, and concurrent multiple cases.