Last ned (Gratis)

Abstrakt

Digital evidence can be found in any electronic device with storage
capability. In case of an incident, stored data can be of interest to
forensic analysts. The processing of digital evidence is performed
according to digital forensics methodology and requires specialized
computer tools and formats for storage and exchange. Digital
evidence on the original media cannot be tampered with during the
investigation, meaning that a copy of the original data has to be
made. Many digital forensics formats exist today and the information
storage capabilities of these formats have an impact on the investigation
results. In this paper we discuss the suitability of different formats
by evaluating them against a set of identified criteria. We also
discuss additional representation formats which aims to improve the
presentation and representation of the evidence itself.

Referanser

[1] WAlink, R Bhoedjang, P Boncz, and A.P. de Vries. Xiraf–xml-based indexing
and querying for digital forensics. Digital Investigation, Jan 2006.


[2] Daniel Ayers. A second generation computer forensic analysis system. Digital
Investigation, 6(Supplement 1):S34 – S42, 2009. The Proceedings of the Ninth
Annual DFRWS Conference.


[3] F Buchholz and E Spafford. On the role of file system metadata in digital
forensics. Digital Investigation, Jan 2004.


[4] Michael Cohen, Bradley Schatz, and Simson Garfinkel. Extending the
advanced forensic format to accommodate multiple data sources, logical
evidence, arbitrary information and forensic workflow. 2009.


[5] ASR data. Smart whitepaper - http://www.asrdata.com/smart/whitepaper.html.
Last visited: 10.11.2009.


[6] David Galat. Digital evidence, http://www.ncfs.org/digitalevd.html, 2008.
Last visited: 11.11.2009.


[7] L Garber. Encase: A case study in computer-forensic technology. IEEE
Computer Magazine January, Jan 2001.


[8] Simson L. Garfinkel. Automating disk Forensic Processing with SleuthKit,
XML and Python. In SADFE, pages 73–84. IEEE Computer Society, 2009.


[9] DFRWS CDESF Working Group. Survey of disk image storage formats,
http://www.dfrws.org/cdesf/survey-dfrws-cdesf-diskimg-01.pdf, 2006. Last
visited: 12.11.2009.


[10] DFRWS CDESF Working Group. Common digital evidence storage format,
http://www.dfrws.org/cdesf/index.shtml, 2009. Last visited: 11.11.2009.


[11] The Common Digital Evidence Storage Format Working Group. Standardizing
digital evidence storage. Commun. ACM, 49(2):67–68, 2006.


[12] Digital Intelligence. Encase forensic version 6,
http://www.digitalintelligence.com/software/guidancesoftware/encase/,
2009. Last visited: 11.11.2009.


[13] A Johnston. Computer forensics: Using encase for forensic investigations.
information-institute.org.


[14] Sang Su Lee, Tae-Sik Park, Sang-Uk Shin, Sung-Kyong Un, and Do-Won
Hong. A new forensic image format for high capacity disk storage.


[15] Rob J Meijer. Gfzip evidence format, http://www.nongnu.org/gfzip/, 2006.
Last visited: 20.11.2009.


[16] M Meyers and M Rogers. Computer forensics: the need for standardization
and certification. International Journal of Digital Evidence, Jan 2004.


[17] Golden G. Richard, III and Vassil Roussev. Next-generation digital forensics.
Commun. ACM, 49(2):76–80, 2006.


[18] Guidance Software. Encase forensic, http://www.guidancesoftware.com/computerforensics-
ediscovery-software-digital-evidence.htm, 2009. Last visited:
12.11.2009.


[19] Techpathways. Prodiscover forensic image format,
http://www.techpathways.com/uploads/prodiscoverimagefileformatv4.pdf.
Last visited: 09.11.09.


[20] Philip Turner. Applying a forensic approach to incident response, network
investigation and system administration using digital evidence bags. Digital
Investigation, 4(1):30–35, 2007.


[21] L Volonino. Electronic evidence and computer forensics. Communications of
the Association for Information Systems, Jan 2003.






Forrige artikkel