Abstract

It is challenging for digital forensic practitioners to maintain skillset currency, for example knowing where and how to extract digital artifacts relevant to investigations from newer, emerging devices (e.g., due to the increased variety of data storage schemas across manufacturers and constantly changing models). This paper presents a knowledge sharing platform, developed and validated using an Internet of Things dataset released in the DFRWS 2017-2018 forensic challenge. Specifically, we present an automated knowledge-sharing forensic platform that automatically suggests forensic artifact schemas, derived from case data, but does not include any sensitive data in the final (shared) schema. Such artifact schemas are then stored in a schema pool and the platform presents candidate schemas for use in new cases based on the data presented. In this way, investigators need not learn the forensic profile of a new device from scratch, nor do they have to manually anonymize and share forensic knowledge obtained during the course of an investigation.