In forensic investigations, an increasing amount of evidence is retrieved from digital devices. This evidence is often extracted from devices using digital forensic platforms. The platforms are able to extract digital traces from several types of files, originating from different applications, such as email applications from laptops or chat applications from smartphones. Developing support for a new file format and adding it to a digital forensic platform is time-consuming and difficult. An alternative approach is to integrate an existing digital forensic platform into another platform to extend its capabilities. This is, however, not trivial because firstly, it is difficult to choose a platform to integrate. This difficulty stems firstly from the fact that there exists no overview of open-source digital forensic platforms that can be used to compare advantages and disadvantages of the platforms. The first aim of this thesis is therefore to provide an overview of available open-source digital forensic platforms. This overview is created by means of online research.
The second reason that it is difficult to choose a platform to integrate is that it is difficult to assess whether the output of these platforms is accessible and structured such that it can easily be integrated. The second aim of this thesis is therefore to determine what the best method is to quantify the uniformity of the output of digital forensic platforms and to develop a proof of concept implementing this method. Developing the uniformity metric is done by first dividing the concept of uniformity into six sub-forms of uniformity. Conceptual methods to quantify each of those forms are provided, and we present a concrete implementation of a proof-of-concept.
The results of this thesis imply that although development of digital forensic platforms is actively ongoing, developers miss out on improving the digital forensic field as a whole by not considering the interoperability of the platforms they develop.