Quantitative evaluation of the results of digital forensic investigations: a review of progress

• Main Authors: Richard E. Overill, Jan Collie
• Format: Article
• Language: English
• Published: Taylor & Francis Group 2021-01-01
• Series: Forensic Sciences Research
• Subjects: forensic sciences; digital forensic metrics; measures of plausibility; bayesian networks; probability theory; statistical theory; complexity theory; information theory
• Online Access: http://dx.doi.org/10.1080/20961790.2020.1837429

Unlike conventional forensics, digital forensics does not at present generally quantify the results of its investigations. It is suggested that digital forensics should aim to catch up with other forensic disciplines by using Bayesian and other numerical methodologies to quantify its investigations’ results. Assessing the plausibility of alternative hypotheses (or propositions, or claims) which explain how recovered digital evidence came to exist on a device could assist both the prosecution and the defence sides in criminal proceedings: helping the prosecution to decide whether to proceed to trial and helping defence lawyers to advise a defendant how to plead. This paper reviews some numerical approaches to the goal of quantifying the relative weights of individual items of digital evidence and the plausibility of hypotheses based on that evidence. The potential advantages enabling the construction of cost-effective digital forensic triage schemas are also outlined.Key points The absence of quantified results from digital forensic investigations, unlike those of conventional forensics, is highlighted. A number of approaches towards quantitative evaluation of the results of digital forensic investigations are reviewed. The significant potential benefits accruing from such approaches are discussed.