DFaaS: stepping up the gameDigital Forensics as a Service: stepping up the game

After providing Digital Forensics as a Service (DFaaS) implementations to law enforcement agencies for close to a decade, we present our view from an inside-out perspective. We share the lessons learned from an organizational, operational and development perspective in a forensic and legal context. We conclude with our vision on how to bring the DFaaS concept to the next level for both investigative and innovative purposes.

Digital forensics as a service: Stepping up the game
H.M.A. van Beek, J. van den Bos, A. Boztas, E.J. van Eijk, R. Schramp, M. Ugen
Forensic Science International: Digital Investigation, Volume 35, 2020, 301021, ISSN 2666-2817




DFaas: game onDigital Forensics as a Service: game on

Centralization of forensic data analysis and the associated risks, mandate keeping track of several design principles; the NFI identified eight. The three most important principles are sociologically driven and go hand-in-hand: security, privacy and transparency. These principles are set out from the viewpoint of the seized material, the people involved with processing the data, and system design itself. The other five principles are mainly business driven: multi tenancy, future proof, data retention, reliability and high availability.

How the principles impact the implementation of Hansken and what (distributed) technologies the several component of Hansken are based on, is explained in detail in our paper 'Digital Forensics as a Service: game on'.

Digital forensics as a service: Game on
H.M.A. van Beek, E.J. van Eijk, R.B. van Baar, M. Ugen, J.N.C. Bodde, A.J. Siemelink
Digital Investigation, Volume 15, 2015, Pages 20-38, ISSN 1742-2876



DFaaS: a game changerDigital Forensics as a Service: a game changer

The NFI provide a service that processes multiple terabytes of digital material in a forensic context and gives easy and secure access to the processed results. Using this service-based approach for doing digital forensics asks for several changes in the investigation process.

To minimize the case lead time, processing of the seized material must be automated. Apart from that, case detectives should be the ones looking at the digital material since they can use their valuable case knowledge for identifying relevant traces.

This impact on the digital forensic process is explained in detail in our paper 'Digital Forensics as a Service, a game changer'.

Digital Forensics as a Service: A game changer
R.B. van Baar, H.M.A. van Beek, E.J. van Eijk
Digital Investigation, Volume 11, Supplement 1, 2014, Pages S54-S62, ISSN 1742-2876



Engineering an online computer forensic serviceEngineering an online computer forensic service

XIRAF is a second-generation forensic analysis system developed at the Netherlands Forensic Institute. XIRAF automates the collection of millions of forensic artefacts and organizes these artefacts such that they can be searched in effective ways through a web interface. This paper describes the design of version 1.2 of XIRAF and describes the lessons we learned from implementing and deploying it.

Today, a number of Dutch law enforcement organizations are using the XIRAF service offered by the Netherlands Forensic Institute. Our experience with this service indicates that XIRAF allows investigative teams of dozens of investigators with varying technical background to collaborate effectively and allows them to obtain results from amounts of digital evidence that were infeasible to handle in a cost-effective way before.

Engineering an online computer forensic service
R.A.F. Bhoedjang, A.R. van Ballegooij, H.M.A. van Beek, J.C. van Schie, F.W. Dillema, R.B. van Baar, F.A. Ouwendijk, M. Streppel
Digital Investigation, Volume 9, Issue 2, 2012, Pages 96-108, ISSN 1742-2876


XIRAF – XML-based indexing and querying for digital forensicsXIRAF – XML-based indexing and querying for digital forensics

This paper introduces XIRAF, an XML-based approach towards managing and querying forensic traces extracted from digital evidence.

This approach has been implemented in XIRAF, a prototype system for forensic analysis. XIRAF systematically applies forensic analysis tools to evidence files (e.g., hard disk images). Each tool produces structured XML annotations that can refer to regions (byte ranges) in an evidence file. XIRAF stores such annotations in an XML database, which allows us to query the annotations using a single, powerful query language (XQuery). XIRAF provides the forensic investigator with a rich query environment in which browsing, searching, and predefined query templates are all expressed in terms of XML database queries.

XIRAF – XML-based indexing and querying for digital forensics
W. Alink, R.A.F. Bhoedjang, P.A. Boncz, A.P. de Vries
Digital Investigation, Volume 3, Supplement, 2006, Pages 50-58, ISSN 1742-2876