Crowdsourcing forensics: Creating a curated catalog of digital forensic artifacts

The increasing volume, variety, velocity, distribution, structural intricacy, and complexity of use of digital evidence can make it difficult for practitioners to find and understand the most forensically useful information (Casey E. Digital evidence and computer crime: Forensic science, computers, and the Internet. Academic Press; 2011. p. 31; Pollitt M. The hermeneutics of the hard drive: Using narratology, natural language processing, and knowledge management to improve the effectiveness of the digital forensic process [PhD dissertation]. University of Central Florida; 2011). Digital forensic practitioners currently search for information and solutions in an ad hoc manner, leading to results that are unstructured, unverified, and sometimes incomplete. As a result, certain digital evidence is being missed or misinterpreted. To mitigate risks of knowledge gaps, there is a pressing need for a systematic mechanism that practitioners can use to codify and combine their collective knowledge. This work presents the design and development of a solution that catalogs crowdsourced knowledge of digital forensic artifacts in a well‐structured, easily searchable form to support efficient and automated extraction of pertinent information, improving availability and reliability of interpretation of artifacts (general acceptance). Technical implementation and artifact curation are discussed with illustrative examples and recommendations for future work.