Reproducibility of Digital Evidence in Forensic Investigations
نویسندگان
چکیده
We present a three-component model of a digital investigation which comprises: determination of input-output layers, assignment of read and write operations associated with use of forensic tools, and time-stamping of read and write operations. This builds on work of several authors, culminating in the new model presented here which is generic, scalable and compatible with all functions in the system, and which is guaranteed to produce a high quality of reproducibility.
منابع مشابه
Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملDEX: Digital Evidence Provenance Supporting Reproducibility and Comparison
The current standard and open formats for forensic data describe whole disk and memory image properties, but do not describe the products of detailed investigations. We propose a simple canonical description of digital evidence provenance that explicitly states the set of tools and transformations that led from acquired raw data to the resulting product. Our format, called Digital Evidence Exch...
متن کاملA Framework for Digital Forensics and Investigations: The Goal-Driven Approach
Digital forensics investigations are an important task for collecting evidence based on the artifacts left in computer systems for computer related crimes. The requirements of such investigations are often a neglected aspect in most of the existing models of digital investigations. Therefore, a formal and systematic approach is needed to provide a framework for modeling and reasoning about the ...
متن کاملScenario-Based Digital Forensics Challenges in Cloud Computing
The aim of digital forensics is to extract information to answer the 5Ws (Why, When, Where, What, and Who) from the data extracted from the evidence. In order to achieve this, most digital forensic processes assume absolute control of digital evidence. However, in a cloud environment forensic investigation, this is not always possible. Additionally, the unique characteristics of cloud computing...
متن کاملTesting and Evaluating the Harmonized Digital Forensic Investigation Process in Post Mortem Digital Investigations
Existing digital forensic investigation process models have provided guidelines for identifying and preserving potential digital evidence captured from a crime scene. However, for any of the digital forensic investigation process models developed across the world to be adopted and fully applied by the scientific community, it has to be tested. For this reason, the Harmonized Digital Forensic In...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005