Authors: Chris Hargreaves

DFRWS APAC 2025

Abstract

The SOLVE-IT knowledge base of digital forensic techniques was launched at DFRWS EU 2025. This workshop brings SOLVE-IT to DFRWS APAC!
Inspired by MITRE ATT&CK, SOLVE-IT is in the process of indexing techniques that can be used as part of digital forensics investigations. More than just an index, it maps their potential weaknesses and mitigations which can be used to evaluate forensic processes and workflows. It also has many other applications and can be used to clearly situate digital forensics research and drill into the precise nature of existing techniques, and those being developed.
In this workshop we will briefly cover the origins and structure of the knowledge base, but then focus on applications (e.g. evaluating workflows for weaknesses and identifying mitigations, including using the supplied tools). Very importantly, we will also cover contributing to the project. Therefore the workshop should be equally applicable for researchers and practitioners.

Learning Objectives

At the end of this workshop you will be able to:

  • Describe the overall structure and detailed schema of SOLVE-IT, and discuss potential applications
  • Use supplied python tooling to use the knowledge base to evaluate a workflow for potential weaknesses
  • Submit contributions to the knowledge base and use a systematic workflow to enumerate potential weaknesses in digital forensic techniques.

Target experience level

All

Workshop description

  • Overview of SOLVE-IT
  • Schema for techniques, weaknesses and mitigations
  • Demonstrations of applications of the knowledge base
  • Generating worksheets for tool and process evaluation
  • Completing TRWM worksheets and the overall workflow(s) for contributing to SOLVE-IT
  • Discussion of additional applications, feature requests and other comments

Preparation details

If you wish to run the demos yourself, then Git & Python 3.
Excel (or similar) to review the output.

 

Biography

Chris Hargreaves
Chris Hargreaves

Dr Chris Hargreaves is a lecturer in the Department of Computer Science at the University of Oxford, UK. He also runs a part-time digital forensics R&D consultancy (HARGS Solutions Ltd), which he previously worked at full time before joining Oxford. Prior to this, he spent seven years as a lecturer at Cranfield University (Cranfield Forensic Institute), where he also acted as Course Director for the MSc in Digital Forensics. He holds a BSc in Computer Science from the University of Bristol, an MSc in Information Security and Computer Crime from the University of South Wales, and a PhD in Digital Forensics from Cranfield University. His doctoral research, completed in 2009, focused on “Assessing the Reliability of Digital Evidence from Live Investigations Involving Encryption.”

Downloads