Authors: Michael Wilkinson, Brian Jones, and Syd Pleno
DFRWS USA 2012
Abstract
This paper presents a methodology which has been used to address two ubiquitous problems of practicing digital forensics in law enforcement, the ever-increasing data volume and staff exposure to disturbing material. It discusses how the New South Wales Police Force, State Electronic Evidence Branch (SEEB) has implemented a “Discovery Process”. Using random sampling of files and applying statistical estimation to the results, the branch has been able to reduce backlogs from three months to 24 h. The process has the added advantage of reducing staff exposure to child abuse material and providing the courts with an easily interpreted report. The software portion of the Discovery process is contained within the framework of Guidance software’s forensic tool, EnCase. This is then further customized for the Discovery process by using the EnCase EnScript language.