The peer-reviewed paper and presentation of SOLVE-IT: A proposed digital forensic knowledge base inspired by MITRE ATT&CK at DFRWS EU 2025 marks the official launch of another DFRWS supported community project.
SOLVE-IT is a knowledge base for and by the digital forensic community that describes and indexes techniques available to digital forensic investigators during an examination.

Uniquely, it also describes potential weakness at each stage of a digital forensic investigation, including in digital forensic tools. It also provides Python tooling to compile the contents of the knowledge base into different formats, making it useful for a number of different applications.
These many potential applications of SOLVE-IT include:
- strengthen tool testing by scoping error-focused data sets for a technique
- reinforce techniques by cataloguing available mitigations for weaknesses
- bolster quality assurance by identifying potential weaknesses in a specific processes
- structure consideration of potential uses of AI in digital forensics
- augment automation by highlighting relevant CASE ontology classes
- prioritize innovation by identifying academic research opportunities
- standardizing language and terminology in teaching using the indexed techniques
- conducting capability assessments of labs or individuals against the techniques
One of the most interesting and immediate applications of SOLVE-IT is to avoid missed or unmitigated errors in digital forensic processes. This can be undertaken to review either standard processes, tool workflows, or even individual investigations.
Digital forensic service providers can use SOLVE-IT to bolster quality assurance programs and set requirements for independent verification and validation of tools. SOLVE-IT provides a systematic approach to mitigate errors as articulated in the Standard Guide for Establishing Confidence in Digital and Multimedia Evidence Forensic Results by Error Mitigation Analysis (ASTM E3016-18). Use of, and outputs from, SOLVE-IT help ensure the reliability and consistency of digital forensic techniques, supporting compliance with substantial and significant aspects of ISO 17025 accreditation.
More specifically, SOLVE-IT has a configuration file that can be customized to map techniques in the knowledge base to an organization’s standard operating procedures and mitigations (e.g., tool validation reports). Tooling in SOLVE-IT can then be used to automatically generate a spreadsheet of all techniques and mitigations for a given procedure.
There are number of ways that you can contribute to SOLVE-IT on GitHub:
- Adding or updating the content of techniques within the knowledge base
- Adding or updating weaknesses of techniques within the knowledge base
- Adding mitigations that can be put in place to address the impact of weaknesses
- Developing systematic techniques to identify weaknesses in techniques
- Linking relevant research in the references for a specific technique, weakness, or mitigation
- Developing a graphical user interface to browse and extend the knowledge base
— Eoghan Casey