منابع مشابه
Forensic examination of log files
Forensic examination of logs plays a big role in modern computer security, but it has become a time consuming and daunting task due to the sheer amount of data involved. It is therefore necessary to make specialized tools to aid the investigation, so that the digital evidence can be extracted in a fast and efficient manner. In this thesis a system is developed that can identify malicious traffi...
متن کاملForensic Analysis of Windows Thumbcache files
A range of court cases and forensic investigations have involved thumbnail pictures contained within operating system files, such as thumbcache and thumbs.db. In many of these cases, the thumbnail image has been the evidence presented to a court. Further analysis may locate additional information relating to thumbnail pictures, such as being able to link a thumbnail to a picture file on storage...
متن کاملForensic memory analysis: Files mapped in memory
In this paper we describe a method for recovering files mapped in memory and to link mapped-file information process data. This information is forensically interesting, because it helps determine the origin and usage of the file and because it reduces the amount of unidentified data in a memory dump. To find mapped-file content, we apply several different techniques. Together, these techniques ...
متن کاملReconstructing Fragmented YAFFS2 Files for Forensic Analysis
Data recovery from captured intelligent mobile devices such as smartphones plays a significant role in digital forensic analysis. In this paper, we study the main characteristics of NAND flash and YAFFS2 file systems and explore the method for recovering YAFFS2 files for forensic analysis based on Tnode tree that can save a lot of time compared to other data recovery methods. For any broken fil...
متن کاملTesting Forensic Hash Tools on Sparse Files
Forensic hash tools are usually used to prove and protect the integrity of digital evidence: When a file is intercepted by law enforcement, a cryprographic fingerprint is taken by using a forensic hash tool. If later in a court of law the identical fingerprint can be computed from the presented evidence, the evidence is taken to be original. In this paper we demonstrate that most of the freely ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Environmental Health Perspectives
سال: 2004
ISSN: 0091-6765,1552-9924
DOI: 10.1289/ehp.112-a88