A heuristic for maximizing investigation effectiveness of digital forensic cases involving multiple investigators

Digital forensic investigation refers to the use of science and technology in the process of investigating a crime scene so as to maximize the effectiveness of proving the perpetrator has committed crime in a court of law. Evidences are considered to be the building block of any crime scene investigation (CSI) procedure including those involving cyber crimes. Selecting the right set of evidence and assigning the appropriate investigator for the selected evidence is vital in time critical forensic cases, in which results have to be finalized within a specified time deadline. Not doing this may lead to the scope creep problem, which is a significant issue in digital forensics. Therefore, major challenges with respect to digital forensic investigation are to determine the right set of evidences to be assigned to each of the available multiple investigators and allocate appropriate investigation time for the selected evidences to maximize the effectiveness of the investigation effort. A mixed integer linear programming (MILP) model is developed to analyze and solve the problem of evidence selection and resource allocation in a digital crime scene investigation. In view of the problem being NP-hard, a heuristic algorithm with polynomially bounded computational complexity is proposed to solve the problem. Results of extensive computational experiments to empirically evaluate its effectiveness to find an optimal or near-optimal solution are reported. Finally, this paper concludes with a summary of findings and some fruitful directions for future research.