Title: Intelligence sharing in big data forensics

Authors: Oteng Tabona; Thabiso M. Maupong; Kopo M. Ramokapane; Thabo Semong

Addresses: Department of Computer Science and Information Systems, Botswana International University of Science and Technology, Palapye, Botswana ' Department of Computer Science and Information Systems, Botswana International University of Science and Technology, Palapye, Botswana ' University of Bristol, Bristol, UK ' Department of Computer Science and Information Systems, Botswana International University of Science and Technology, Palapye, Botswana

Abstract: With the high prevalence of digital crimes, forensic investigators rely on traditional desktop tools to conduct investigations. Most of these tools are device-specific and majority of them are desktop-based therefore they suffer from limited storage and fail to process big data. These tools also lack the analytical ability to link evidence between cases or share information between cases. Therefore, inter-links can exist between cases without being detected. The poor ability to detect links between cases may result in investigators: taking a long time to complete investigations and failing to establish organised crimes. In this paper, we propose a novel solution that can cross-link evidence between cases. Our solution is not desktop-based, nor is it restricted by the evidence source. Using real-world data for evaluation, we demonstrate that our solution is capable of uncovering evidence common between cases that could otherwise be missed.

Keywords: forensic cloud environment; FCE; big data forensic; digital forensic as a service; intelligence sharing; evidence correlation.

DOI: 10.1504/IJESDF.2023.127755

International Journal of Electronic Security and Digital Forensics, 2023 Vol.15 No.1, pp.33 - 55

Received: 01 Oct 2021
Accepted: 21 Dec 2021
Published online: 15 Dec 2022 *