Abstract:
The increasing volume and complexity of digital evidence in cybercrime investigations place huge
pressure on digital forensic tools to perform efficient and scalable analysis. Autopsy, a widely
adopted open-source forensic platform, demonstrates limitations in handling large datasets,
particularly in keyword search responsiveness and hash-based file verification. This research
addresses the need to optimize indexing and retrieval mechanisms within the Autopsy tool to
support faster and scalable forensic data analysis in legal sectors.
To mitigate these challenges, two targeted technical enhancements were developed and integrated
into Autopsy. First, an Elasticsearch-based indexing engine was incorporated to replace the
existing Lucene implementation for keyword search. Second, a Bloom Filter-based hashing
module was introduced to accelerate the verification of known bad file hashes.
The testing using standard forensic image datasets revealed substantial improvements. Keyword
search latency was reduced by over 70%, and the Bloom Filter integration reduced hash lookup
time from an average of 120ms to less than 50ms. Overall, the enhancements contribute to higher
efficiency, scalability, and investigative accuracy in digital forensic analysis.
