Primary Investigator:
Umit Karabiyik

Project Members
Akif Ozer, Umit Karabiyik

The rapid increase in digital devices has generated an enormous amount of forensic data that challenges traditional analysis methods. In response, this study introduces FOREST (Forensic Search Tool), a distributed microservices architecture designed to enhance digital forensic investigations by dividing complex tasks into smaller, manageable services. At its core, FOREST employs an event-driven system using Apache Kafka for parallel task management, enabling the simultaneous processing of multiple data streams and significantly reducing evidence analysis time. The system utilizes ElasticSearch and PostgreSQL for efficient storage and rapid retrieval of both structured and unstructured data, ensuring seamless integration throughout the workflow. Furthermore, FOREST integrates a local AI module based on the Ollama framework to automatically extract and summarize key forensic artifacts, thereby minimizing the need for extensive manual review, while the inclusion of Ghidra for reverse engineering provides detailed insights into binary data. Performance evaluations reveal that FOREST effectively manages terabytes of data, delivering considerable improvements in processing time and overall efficiency. Its scalable, fault-tolerant design also supports detailed cross-case analysis through graph-based indexing, demonstrating that the integration of distributed systems and AI can significantly transform digital forensic investigations to be faster, more reliable, and better equipped to handle modern digital evidence.