A case-based reasoning method for locating evidence during digital forensic device triage
نویسندگان
چکیده
The role of triage in digital forensics is disputed, with some practitioners questioning its reliability for identifying evidential data. Although successfully implemented in the field of medicine, triage has not established itself to the same degree in digital forensics. This article presents a novel approach to triage for digital forensics. Case-Based Reasoning Forensic Triager (CBR-FT) is a method for collecting and reusing past digital forensic investigation information in order to highlight likely evidential areas on a suspect operating system, thereby helping an investigator to decide where to search for evidence. The CBR-FT framework is discussed and the results of twenty test triage examinations are presented. CBR-FT has been shown to be a more effective method of triage when compared to a practitioner using a leading commercial application.
منابع مشابه
A Case Based Reasoning System for Automated Forensic Examinations
While still relatively young the use of digital forensics in criminal investigations is increasing. This has prompted law enforcement agencies to look at developing more efficient techniques for investigating digital media. Triage tools are seen as the next generation of digital forensics investigatory technologies. However, such tools are still lacking basic decision support mechanisms, and st...
متن کاملAnalyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملMethods and Tools of Digital Triage in Forensic Context: Survey and Future Directions
Digital triage is the first investigative step of the forensic examination. The digital triage comes in two forms, live triage and post-mortem triage. The primary goal of the live triage is a rapid extraction of an intelligence from the potential sources. The live triage raises legitimate concerns. The post-mortem triage is conducted in the laboratory and its main goal is ranking of the seized ...
متن کاملA Method for Reducing the Risk of Errors in Digital Forensic Investigations
Motivated by the concerns expressed by many academics over difficulties facing the digital forensic field, user-contributory case-based reasoning (UCCBR); a method for auditing digital forensic investigations is presented. This auditing methodology is not designed to replace a digital forensic practitioner but to aid their investigation process, acting as a method for reducing the risks of miss...
متن کاملA Framework for Digital Forensics and Investigations: The Goal-Driven Approach
Digital forensics investigations are an important task for collecting evidence based on the artifacts left in computer systems for computer related crimes. The requirements of such investigations are often a neglected aspect in most of the existing models of digital investigations. Therefore, a formal and systematic approach is needed to provide a framework for modeling and reasoning about the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Decision Support Systems
دوره 61 شماره
صفحات -
تاریخ انتشار 2014