This report summarizes the research and tasks completed by the RT&E Center for evaluation of the Digital Forensics Compute Cluster (DFORC2) tool created by the RAND Corporation to increase throughput of digital evidence processing by performing computations in the Amazon Web Services (AWS) cloud.
Specifically, this report presents findings and recommendations for the DFORC2 tool and the processing of digital evidence in a cloud environment. This evaluation of the DFORC2 tool determined that due to the prototype status of the DFORC2 tool and the significant development required to attain a working installation of the tool, the RT&E Center was unable to replicate the results reported by RAND for DFORC2 evidence processing. This report recommends that improvements be made to the DFORC2 tool in order for it to be considered generally usable by practitioners. The architecture of the DFORC2 installation should be considered in order to avoid potential security problems in the future. The tool should be updated to operate with the current versions of AWS tools and third-party software; and the installation process should be improved. Documentation should be written to enable smooth installation without the need for AWS and Kubernetes expertise. 13 tables, 5 figures, and 32 bibliographic listings