Improving Digital Forensics Analysis in Federated Domains through Estimator Analysis and Network Flow Optimization

Abstract

Digital Forensics is a field that deals with safe and unaltered collection of vital data from the scene of crime incidence for the purpose of investigation and prosecution. Different tools have been developed to help in analysing or estimating the degree or extent of the criminality. However, the exponential growth and expansion being experienced in field of computing and networking is making these estimations or forensic analysis more or less accurate. Some of the reasons militating against effective analysis are attributed to various inhibiting policies across different platforms, routers, domains of networking. In this paper, some tools used for forensics analysis or estimating the probative values of digital evidence are referred to estimators. Three of these estimators are selected and tested in a simulated environment. Analysis of three digital forensics estimators (EnCase, Safeback and TootKit) is carried out in this paper. This is experimentally aided by simulation of heterogeneous domain-based network and packet analyzer is used to collect probability reading in the packet option field at each hop along the communication path between an attacker and the victim. The graphical analysis with varied initial values shows that estimation accuracies of the estimators reduce irrespective of initial values. With the developed model, the router could be configured for packet boosting at the point of dwindling probabilities using Maximum Network Flow Algorithm