Digital Forensics Evidence Analysis: An Answer Set Programming Approach for Generating Investigation Hypotheses

The results of the evidence analysis phase in Digital Forensics (DF) provide objective data which however require further elaboration by the investigators: in fact, they must contextualize analysis results within an investigative environment so as to provide possible hypotheses that can be proposed as proofs in court, to be evaluated by lawyers and judges. Aim of our research has been that of exploring the applicability of Answer Set Programming (ASP) to the automatization of evidence analysis. This brings many advantages, among which that of making different possible investigative hypotheses explicit, whereas different human experts working on the case often devise and select, relying on intuition, discordant interpretations. Very complex investigations for which human experts can hardly find solutions turn out in fact to be reducible to optimization problems in classes P or NP or not far beyond, that can thus be expressed in ASP. As a proof of concept, in this paper we present the formulation of some real investigative cases via simple ASP programs, and discuss how this leads to the formulation of concrete investigative hypotheses.