Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow

نویسندگان

  • Michael Cohen
  • Simson Garfinkel
  • Bradley Schatz
چکیده

Forensic analysis requires the acquisition and management of many different types of evidence, including individual disk drives, RAID sets, network packets, memory images, and extracted files. Often the same evidence is reviewed by several different tools or examiners in different locations. We propose a backwards-compatible redesign of the Advanced Forensic Formatdan open, extensible file format for storing and sharing of evidence, arbitrary case related information and analysis results among different tools. The new specification, termed AFF4, is designed to be simple to implement, built upon the well supported ZIP file format specification. Furthermore, the AFF4 implementation has downward comparability with existing AFF files. a 2009 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Visualization for network forensic analyses: extending the Forensic Log Investigator (FLI)

In a network attack investigation, the mountain of information collected from varying sources can be daunting. Investigators face significant challenges in being able to correlate findings from these sources, given difficulties with time synchronization. In addition, it is difficult to obtain summary or overview information for one set of data, much less the entire case. This, in turn, makes it...

متن کامل

FIA: An Open Forensic Integration Architecture for Composing Digital Evidence

The analysis and value of digital evidence in an investigation has been the domain of discourse in the digital forensic community for several years. While many works have considered different approaches to model digital evidence, a comprehensive understanding of the process of merging different evidence items recovered during a forensic analysis is still a distant dream. With the advent of mode...

متن کامل

Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications

The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...

متن کامل

Estimation of Road Traffic Mortality in Kurdistan Province, Iran, During 2004-2009, Using Capture-Recapture Method

Background: To reduce traffic injuries in the country, health professionals should have accurate estimates of road traffic deaths. Multiple and sometimes inconsistent statistics presented by organizations in charge create high degree of uncertainty for planners and decision makers. To achieve an accurate estimate, several methods are available. Of them, capture-recapture method ...

متن کامل

Directing the Forensic Investigation of a Catastrophic Structure Collapse: The Jacksonville Parking Garage Collapse

This paper discusses the forensic investigation of a fatality-involved catastrophic structure collapse and the special challenges faced when tasked with directing such an effort. While this paper discusses the investigation’s findings and the outcome of the event; this paper’s primary focus is on the challenges faced directing a forensic investigation that requires coordinating with governmenta...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011