Towards Collaborative Forensics

  • Mike Mabey
  • Gail-Joon Ahn


Digital forensic analysis techniques have been significantly improved and evolved in past decade but we still face a lack of effective forensic analysis tools to tackle diverse incidents caused by emerging technologies and the advances in cyber crime. In this paper, we propose a comprehensive framework to address the efficacious deficiencies of current practices in digital forensics. Our framework, called Collaborative Forensic Framework (CUFF), provides scalable forensic services for practitioners who are from different organizations and have diverse forensic skills. In other words, our framework helps forensic practitioners collaborate with each other, instead of learning and struggling with new forensic techniques. In addition, we describe fundamental building blocks for our framework and corresponding system requirements.


Domain Name System Business Process Execution Language Storage Component Analysis Node Digital Forensic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Advanced message queuing protocol (amqp) project home (2013).
  2. 2.
    Altheide C, Merloni C, Zanero S (2008) A methodology for the repeatable forensic analysis of encrypted drives. In: EUROSEC ’08: proceedings of the 1st European workshop on system security, Glasgow. ACM, New York, pp 22–26. doi: 1355289Google Scholar
  3. 3.
    Amazon web services (2013).
  4. 4.
    Apache wave incubating project home (2012).
  5. 5.
    Casey E, Stellatos GJ (2008) The impact of full disk encryption on digital forensics. SIGOPS Oper Syst Rev 42(3):93–98. doi: 10.1145/1368506.1368519Google Scholar
  6. 6.
    Cost of hard drive storage space (2013).
  7. 7.
    Denning PJ (1996) Workflow in the WEB. In: Fischer L (ed) New tools for new times: electronic commerce. Future Strategies, Lighthouse PointGoogle Scholar
  8. 8.
    Du J, Gu X, Reeves DS (2010) Highly available component sharing in large-scale multi-tenant cloud systems. In: Proceedings of the 19th ACM international symposium on high performance distributed computing, HPDC ’10, Chicago. ACM, New York, pp 85–94. doi:
  9. 9.
    Dumas M, Hofstede AHMt (2001) Uml activity diagrams as a workflow specification language. In: Proceedings of the 4th international conference on the unified modeling language, modeling languages, concepts, and tools, Toronto. Springer, London, pp 76–90.
  10. 10.
    Euca2ools user guide (2013).
  11. 11.
    Forensic toolkit (ftk) (2013).
  12. 12.
    Garfinkel SL open source computer forensics software – fiwalk (2012).
  13. 13.
    Garfinkel S (2009) Automating disk forensic processing with Sleuthkit, XML and Python. In: IEEE systematic approaches to digital forensics engineering, Berkeley, pp 73–84. doi:10.1109/SADFE.2009.12Google Scholar
  14. 14.
    Garfinkel S (2010) Aff and aff4: where we are, where we are going, and why it matters to you. In: Sleuth kit and open source digital forensics conference, ChantillyGoogle Scholar
  15. 15.
    Garfinkel SL (2010) Digital forensics research: the next 10 years. Digit Investig 7(Suppl 1): S64–S73. The proceedings of the tenth annual DFRWS conference doi:10.1016/j.diin.2010.05. 009.
  16. 16.
    Garfinkel S, Farrell P, Roussev V, Dinolt G (2009) Bringing science to digital forensics with standardized forensic corpora. Digit Investig 6(Suppl 1):S2–S11. The proceedings of the ninth annual DFRWS conference. doi:10.1016/j.diin.2009.06.016.
  17. 17.
    Higgins KJ (2010) Zeus attackers deploy honeypot against researchers, competitors. DarkReading.
  18. 18.
    (ISC)2 US Government Advisory Board Executive Writer’s Bureau (2010) Do punishments fit the cybercrime? Infosecurity.
  19. 19.
    Juric MB (2010) Wsdl and bpel extensions for event driven architecture. Inf Softw Technol 52:1023–1043. doi: Google Scholar
  20. 20.
    Krishnakumar N, Aheth A (1995) Managing heterogeneous multi-system tasks to support enterprose-wide operations. Distrib Parallel Databases 3(2):155–186CrossRefGoogle Scholar
  21. 21.
    Liebrock LM, Marrero N, Burton DP, Prine R, Cornelius E, Shakamuri M, Urias V (2007) A preliminary design for digital forensics analysis of terabyte size data sets. In: SAC ’07: proceedings of the 2007 ACM symposium on applied computing, Seoul. ACM, New York, pp 190–191. doi: Scholar
  22. 22.
    Liu Q, Wang G, Wu J (2010) Efficient sharing of secure cloud storage services. In: 2010 IEEE 10th international conference on computer and information technology (CIT), Bradford, pp 922–929. doi:10.1109/CIT. 2010.171Google Scholar
  23. 23.
    Mabey M, Ahn GJ (2011) Towards collaborative forensics: preliminary framework. In: 2011 IEEE international conference on information reuse and integration (IRI), Las Vegas, pp 94–99. doi:10.1109/IRI.2011. 6009527Google Scholar
  24. 24.
    Menn J (2010) Fatal system error: the hunt for the new crime lords who are bringing down the internet, 1st edn. PublicAffairs, New YorkGoogle Scholar
  25. 25.
    Menn J (2010) US experts close in on google hackers.
  26. 26.
    Miller JA, Palaniswami D, Sheth AP, Kochut KJ, Singh H (1998) Webwork: meteor’s web-based workflow management system. J Intell Inf Syst 10:185–215. doi:10.1023/A:1008660827609.
  27. 27.
    Moraski L (2011) Cybercrime knows no borders. Infosecurity.
  28. 28.
    National software reference library (2009).
  29. 29.
    Openstack project home (2013).
  30. 30.
    Rabbitmq project home (2013).
  31. 31.
    Roussev V, Richard GG III (2004) Breaking the performance wall: the case for distributed digital forensics. In: The proceedings of the fourth annual DFRWS conference, BaltimoreGoogle Scholar
  32. 32.
    Scanlon M, Kechadi MT (2009) Online acquisition of digital forensic evidence. Lecture notes of the institute for computer sciences, Social informatics and telecommunications engineering, vol 31, pp 122–131. Springer, Berlin/HeidelbergGoogle Scholar
  33. 33.
    Sharp A, McDermott P (2001) Workflow modeling: tools for process improvement and application development, 1st edn. Artech House, Inc., NorwoodGoogle Scholar
  34. 34.
    Urias V, Hash C, Liebrock LM (2008) Consideration of issues for parallel digital forensics of raid systems. J Digit Forensic Pract 2(4):196–208. Google Scholar
  35. 35.
    Wang D, Mah A, Lassen S (2010) Google wave operational transformation. Version 1.1.
  36. 36.
    Wang J, Varman P, Xie C (2010) Middleware enabled data sharing on cloud storage services. In: Proceedings of the 5th international workshop on middleware for service oriented computing, MW4SOC ’10, Bangalore. ACM, New York, pp 33–38. doi:
  37. 37.
    Wave in a box announcement (2010)
  38. 38.
    Zhao G, Rong C, Li J, Zhang F, Tang Y (2010) Trusted data sharing over untrusted cloud storage providers. In: 2010 IEEE second international conference on cloud computing technology and science (CloudCom), Indianapolis, pp 97–103. doi:10.1109/CloudCom.2010.36Google Scholar

Copyright information

© Springer-Verlag Wien 2013

Authors and Affiliations

  1. 1.Laboratory of Security Engineering for Future Computing (SEFCOM)Arizona State UniversityTempeUSA

Personalised recommendations