DFaaS: a game changerDigital Forensics as a Service: a game changer

The NFI provide a service that processes multiple terabytes of digital material in a forensic context and gives easy and secure access to the processed results. Using this service-based approach for doing digital forensics asks for several changes in the investigation process.

To minimize the case lead time, processing of the seized material must be automated. Apart from that, case detectives should be the ones looking at the digital material since they can use their valuable case knowledge for identifying relevant traces.

This impact on the digital forensic process is explained in detail in our paper 'Digital Forensics as a Service, a game changer'.

Digital Forensics as a Service: A game changer
R.B. van Baar, H.M.A. van Beek, E.J. van Eijk
Digital Investigation, Volume 11, Supplement 1, 2014, Pages S54-S62, ISSN 1742-2876


DFaas: game onDigital Forensics as a Service: game on

Centralization of forensic data analysis and the associated risks, mandate keeping track of several design principles; the NFI identified eight. The three most important principles are sociologically driven and go hand-in-hand: security, privacy and transparency. These principles are set out from the viewpoint of the seized material, the people involved with processing the data, and system design itself. The other five principles are mainly business driven: multi tenancy, future proof, data retention, reliability and high availability.

How the principles impact the implementation of Hansken and what (distributed) technologies the several component of Hansken are based on, is explained in detail in our paper 'Digital Forensics as a Service: game on'.

Digital forensics as a service: Game on
H.M.A. van Beek, E.J. van Eijk, R.B. van Baar, M. Ugen, J.N.C. Bodde, A.J. Siemelink
Digital Investigation, Volume 15, 2015, Pages 20-38, ISSN 1742-2876


Engineering an online computer forensic serviceEngineering an online computer forensic service

XIRAF is a second-generation forensic analysis system developed at the Netherlands Forensic Institute. XIRAF automates the collection of millions of forensic artefacts and organizes these artefacts such that they can be searched in effective ways through a web interface. This paper describes the design of version 1.2 of XIRAF and describes the lessons we learned from implementing and deploying it.

Today, a number of Dutch law enforcement organizations are using the XIRAF service offered by the Netherlands Forensic Institute. Our experience with this service indicates that XIRAF allows investigative teams of dozens of investigators with varying technical background to collaborate effectively and allows them to obtain results from amounts of digital evidence that were infeasible to handle in a cost-effective way before.

Engineering an online computer forensic service
R.A.F. Bhoedjang, A.R. van Ballegooij, H.M.A. van Beek, J.C. van Schie, F.W. Dillema, R.B. van Baar, F.A. Ouwendijk, M. Streppel
Digital Investigation, Volume 9, Issue 2, 2012, Pages 96-108, ISSN 1742-2876


XIRAF – XML-based indexing and querying for digital forensicsXIRAF – XML-based indexing and querying for digital forensics

This paper introduces XIRAF, an XML-based approach towards managing and querying forensic traces extracted from digital evidence.

This approach has been implemented in XIRAF, a prototype system for forensic analysis. XIRAF systematically applies forensic analysis tools to evidence files (e.g., hard disk images). Each tool produces structured XML annotations that can refer to regions (byte ranges) in an evidence file. XIRAF stores such annotations in an XML database, which allows us to query the annotations using a single, powerful query language (XQuery). XIRAF provides the forensic investigator with a rich query environment in which browsing, searching, and predefined query templates are all expressed in terms of XML database queries.

XIRAF – XML-based indexing and querying for digital forensics
W. Alink, R.A.F. Bhoedjang, P.A. Boncz, A.P. de Vries
Digital Investigation, Volume 3, Supplement, 2006, Pages 50-58, ISSN 1742-2876