SOLVE-IT: TRWM-A Worksheet

About this tool

This experimental tool helps perform a systematic review of a technique in digital forensics and to create or update content for inclusion in the SOLVE-IT knowledge base. It consists of working through four stages (TRWM) to populate content:

Technique — Document the technique
Results — Identify Digital Forensic Technique Results (DFTRs)
Weaknesses — Systematically consider weaknesses using ASTM E3016-18 error classifications
Mitigations — Propose mitigations for identified weaknesses

This specific implementation uses TRWM-A, which refers to the use of the ASTM E3016-18 error classifications to help iterate through potential weaknesses.

Sessions

Settings

Auto-backup to file:

How saving works: Your work is automatically saved to your browser's local storage every time you make a change — you don't need to do anything. This means if you close the tab or refresh the page, your session will still be there when you come back.

Auto-backup to file is an optional extra safety net. When enabled, it will periodically download a JSON backup file to your computer's Downloads folder. This protects against browser data being cleared, or if you need to move your work to a different computer. Note: your browser may show a download prompt or save bar each time a backup is created.

You can also manually save at any time using the Save progress to file button in the header.

Load existing technique from online repository

Enter a technique ID (e.g. DFT-1002) or a GitHub URL to load existing data for amendment

Technique ID

Use format DFT-XXXX for existing techniques, or leave as placeholder for new ones

Technique name

Short, descriptive name for the technique

Description

A single-sentence definition of the technique, backed by literature (max ~25 words, active voice)

0 words

Synonyms

Alternative names for this technique (press Enter or comma to add)

Technique details

Additional context beyond the definition

Examples

Tools or implementations that exemplify this technique (press Enter or comma to add)

Ontology input class

What type of data does this technique take as input? Search CASE/UCO and SOLVE-IT ontology classes.

References

Harvard-format references supporting the technique definition (press Enter to add)

Digital Forensic Technique Results

Add the results/outputs this technique produces. Only results with a name will be used in subsequent stages. Generally if you have multiple output classes you might want to consider if they are different DFTRs, but in some cases a single DFTR could have multiple class types. If no suitable class can be found in the UCO/CASE/SOLVE-IT ontologies, you can type free text and press Enter to add a suggested class.

DFTRs defined: 0

Results Notes

Here you can provide additional notes as to how the DFTRs were determined.

ASTM E3016 provides several error types. This part of the worksheet uses them as prompts to think about what potential weaknesses of each of those types may look like for the DFTRs you have identified.

In each section below a prompt for the error classification is provided to document potential weaknesses. The checkboxes on the right are pre-ticked, but some weaknesses may have multiple effects.

A weakness being in one primary category or another has no impact. The classifications are used only as prompts to enumerate weaknesses in a systematic way.

Total weaknesses: 0

Aggregated Weaknesses

Ensure weakness names stand alone without context. You can edit names and add references.

For each weakness, consider mitigations. Some categories to consider:

Checking results manually or with another tool
Testing
Using an alternative approach
Using a complementary approach
Checking for supporting or contradictory information

Compact Summary

Export