The term digital forensic artifact is one that is widely used in the digital forensic domain, however the term itself has never been truly defined. Generally, it has been used to describe potential digital evidence that could be found on a device such as e-mail messages, images, videos, chat logs, browsing history, hardware identifiers, etc. But again, no clear cut definition has been developed. Developing a clear cut meaning of what a digital forensic artifact is crucial in the development of our project, the Artifact Genome Project (AGP), and is the purpose for this survey.
AGP is a project that has received funding from Purdue’s VACCINE Center – (a US Department of Homeland Security Center of Excellence) to create a scientifically validated and organized repository of all digital forensic artifacts. This is of major interest to the cyber forensics community as it will provide a central hub where all known information regarding any digital artifact can be found and archived. For instance, if a practitioner were investigating an incident and discovered an artifact that they were unfamiliar with, they could query our database in search for it. This action would cause one of two responses; i) an entry for the artifact existed within AGP thereby allowing the practitioner to receive detailed information regarding the artifact including how to proceed with the investigation, or ii) an entry did not exist. Consequently the practitioner must investigate it themselves, but once fully inspected the practitioner may create an entry within AGP thus ensuring that if others were to come across this artifact they would know how to examine it.
This survey will help us develop categories and fields for digital forensic artifacts that will contribute to AGP’s ease-of-use as well as ensure that AGP provides as much correct and useful information as possible.
Survey link: http://studentvoice.com/uonh/agp