DESO: Addressing volume and variety in large-scale criminal cases

Brady, O., Overill, R. and Keppens, J.

Digital Investigation 15:72-82.

December 2015

Abstract

This paper proposes a mechanism for dealing with the growing variety and volume of digital evidence in a criminal investigation. The challenges posed by this growth have been long recognised and documented. There have been solutions aimed at processing bulk data and others based on event correlation or time lines. Instead we examine if there is an alternate method: to classify digital evidence artefacts in a way that assists selection of the potentially relevant evidence before processing any material. In so doing we wish to avoid generating bulk data and instead start viewing digital evidence from an investigative perspective – not a technological one. This paper details the continuing development of an ontology for this purpose – the Digital Evidence Semantic Ontology (DESO). This provides an index to a repository of known digital evidence artefacts which are classified according to the location that they are found and the information they represent. Further, this paper also demonstrates how DESO can be applied to criminal investigations to assist lines of enquiry.

DOI: 10.1016/j.diin.2015.10.002