Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow
نویسندگان
چکیده
Forensic analysis requires the acquisition and management of many different types of evidence, including individual disk drives, RAID sets, network packets, memory images, and extracted files. Often the same evidence is reviewed by several different tools or examiners in different locations. We propose a backwards-compatible redesign of the Advanced Forensic Formatdan open, extensible file format for storing and sharing of evidence, arbitrary case related information and analysis results among different tools. The new specification, termed AFF4, is designed to be simple to implement, built upon the well supported ZIP file format specification. Furthermore, the AFF4 implementation has downward comparability with existing AFF files. a 2009 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved.
منابع مشابه
Visualization for network forensic analyses: extending the Forensic Log Investigator (FLI)
In a network attack investigation, the mountain of information collected from varying sources can be daunting. Investigators face significant challenges in being able to correlate findings from these sources, given difficulties with time synchronization. In addition, it is difficult to obtain summary or overview information for one set of data, much less the entire case. This, in turn, makes it...
متن کاملFIA: An Open Forensic Integration Architecture for Composing Digital Evidence
The analysis and value of digital evidence in an investigation has been the domain of discourse in the digital forensic community for several years. While many works have considered different approaches to model digital evidence, a comprehensive understanding of the process of merging different evidence items recovered during a forensic analysis is still a distant dream. With the advent of mode...
متن کاملAnalyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملEstimation of Road Traffic Mortality in Kurdistan Province, Iran, During 2004-2009, Using Capture-Recapture Method
Background: To reduce traffic injuries in the country, health professionals should have accurate estimates of road traffic deaths. Multiple and sometimes inconsistent statistics presented by organizations in charge create high degree of uncertainty for planners and decision makers. To achieve an accurate estimate, several methods are available. Of them, capture-recapture method ...
متن کاملDirecting the Forensic Investigation of a Catastrophic Structure Collapse: The Jacksonville Parking Garage Collapse
This paper discusses the forensic investigation of a fatality-involved catastrophic structure collapse and the special challenges faced when tasked with directing such an effort. While this paper discusses the investigation’s findings and the outcome of the event; this paper’s primary focus is on the challenges faced directing a forensic investigation that requires coordinating with governmenta...
متن کامل