Improving Performance in Digital Forensics A case using pattern matching board

Due to recent advanced technology in the field of HDD, forensic investigators and analysts are dealing with terabyte data sets and spending tremendous time and effort in forensic investigations. It makes "Speed" one of the hot issues in digital forensics. To get speed up or to improve efficiency, some approaches have been proposed. One of them getting attention is a hardware-based approach. However, such a way is limitedly used in the field of evidence cloning or password cracking while rarely applied in search and analysis for the digital evidence. A general approach to the forensic search is to find specific text strings by comparing every byte of the digital evidence at the physical level. Besides, alternative approaches have been proposed for speedup of search and analysis process. They are usually based on the technologies such like indexing algorithms, distributed processing, and data mining. However, these methods have some drawbacks. Some require a lot of initial time for preprocessing, others are impractical. In order to solve this problem, we have already proposed an efficient and practical approach for forensic analysis in [1]. In this paper, we present the system architecture and show feasibility and scalability of our approach by comparing its performance to those of a popular forensic tool currently on the market.