Data Warehousing Based Computer Forensics Investigation Framework

In this paper, we have proposed the design of an efficient computer forensics investigation framework. The proposed framework improves the investigation efficiency using Data Warehouse (DW) concept, which provides a selective evidence identification, collection and analysis. So, only relevant data is investigated instead of investigating the entire user data. The proposed framework consists of a Data Warehouse Engine (DWE) to selectively identify, collect and analyze digital evidences from multiple digital resources. A Digital Evidence Preservation (DEP) mechanism is also introduced for preservation of the collected digital evidences whose authenticity is ensured using cryptographic techniques. An access control mechanism is implemented to allow only authorized investigator to access the preserved digital evidences. The DEP mechanism provides court of law with a Secure Forensic Audit Trial (SFAT) that helps in tracking happened activities on the collected evidences for ensuring the authenticity and reliability of the presented digital evidence.