Standard Representation for Digital Forensic Processing

This paper discusses the lack of reliability and reproducibility validation in digital forensics for a criminal trial. It is argued that this challenge can be addressed with standard data-representation for digital evidence. The representation must include reproducibility documentation on processing operations including automation, human interaction, and investigation steps. Analyzed are two blueprint articles – the CASE specification language for cyber-investigations [1] and the WANDA data standard for the documenting semi-automated hand-writing examination [2]. These two generic frameworks are studied for their granularity to support reproducibility testing by representing: (i) artefact characteristics, forensic – tool parameters and input – output logic; (ii) human and tool data interpretation; and (iii) parallel-running forensic tasks or chains of processes. Proposed is the integration of WANDA-based schema as CASE expression. The utility of such integration is demonstrated as a new module in CASE designed to meet the high standard of proof and scientific validation typically required in criminal investigations and trials. The expression ensures compliance without overburdening digital forensic practitioners.