A Sequential Investigation Model for Solving Time Critical Digital Forensic Cases Involving a Single Investigator

The number of evidences found in a digital crime scene has burgeoned significantly over the past few years. In addition, the demand for delivering accurate results within a given time deadline has increased. The major challenges coinciding with these aforementioned objectives are to investigate the right set of evidences and to allocate appropriate times for their investigation. In this paper, we present a mixed integer linear programming (MILP) model to analyze the problem of allocating optimal investigation times for evidences involving a single investigator. The objective is to maximize the overall effectiveness of a forensic investigation procedure. We particularly focus on the time critical digital forensic cases, in which results have to be finalized in a court of law within a specified time deadline. While the general problem is NP-hard, two special cases are illustrated to be optimally solvable in polynomially computational effort. Two heuristic algorithms are proposed to solve the general problem. Results of extensive computational experiments to empirically evaluate their effectiveness in finding an optimal or near-optimal solution are reported. Finally, this paper concludes with a summary of findings and some fruitful directions for future research.