Authors: Harm van Beek (Netherlands Forensic Institute)
DFRWS USA 2016
In 2010, we started providing Digital Forensics as a Service to the Dutch National police, based on a system called XIRAF. At the DFRWS EU 2014, we presented the game-changing aspects of this service, mainly with respect to the shifting roles both digital and tactical investigators get in case investigations (http://dx.doi.org/10.1016/j.diin.2014.03.007). In 2012, we started with a future-proof and more robust implementation of the service, called Hansken, whose design was published in Digital Investigation in 2015 (http://dx.doi.org/10.1016/j.diin.2015.07.004). By today, we processed over 1.3 petabytes of data in over 600 cases and provide access to over 2000 trained case investigators.
In this presentation, we like to update the Digital Forensic community with our experience in providing this service. We explain how we maintain, extend and provide forensically sound traces to both digital and tactical investigators using such a big platform. We give an overview of the do’s and don’ts we learned by offering the service. Last but not least, we demo the current features and give an overview of planned future work.