Open source software tools designed for disk analysis play a critical role in today's forensic investigations. These tools typically are onerous to use and rely on expertise both in investigation techniques as well as in the tools and disk structures. In previous work we presented the design and initial development for a toolkit that can be used as an automated assistant for forensic investigations. In this paper, we expand on previous work and illustrate our advanced automated disk

more »

... n toolkit (AUDIT) which has been substantially improved and now uses a dynamic knowledge base and database. It also now supports reporting and inference functions. AUDIT can support the investigative process by handling the core IT expertise including choice and operational sequence of tool use as well as their proper configuration. Its capabilities as an intelligent digital assistant are evaluated through a series of tests comparing it against standard benchmark disk images as well as its support for a human investigator.