Pypette: A Framework for the Evaluation of Live Digital Forensic Acquisition Techniques
نویسندگان
چکیده
With the increasing scale of digital forensic investigations, there is a need for approaches that are capable of reducing the quantities of data forensic examiners are required to search. As this trend continues, traditional quiescent digital forensic analysis is in some cases becoming impractical; examiners must often rely on an in-situ investigation of the live computing environment. Numerous approaches to live digital forensic evidence acquisition have been proposed in the literature, but relatively little attention has been paid to the problem of identifying how the effects of these approaches, and their improvements over other techniques, can be evaluated and quantified. In this paper, we present Pypette, a novel framework enabling the automated, repeatable analysis of live digital forensic acquisition techniques.
منابع مشابه
Pypette: A Framework for the Automated Evaluation of Live Digital Forensic Techniques
With the increasing scale of digital forensic investigations, there is a need for approaches that are capable of reducing the quantities of data forensic examiners are required to search. Meanwhile, as anti-forensic and encryption techniques evolve, there is an increasing need to capture relevant information from a machine before powering it off. Numerous approaches to live forensic evidence ac...
متن کاملPypette: A Platform for the Evaluation of Live Digital Forensics
Live digital forensics presents unique challenges with respect to maintaining forensic soundness, but also offers the ability to examine information that is unavailable to quiescent analysis. Any perturbation of a live operating system by a forensic examiner will have far-reaching effects on the state of the system being analysed. Numerous approaches to live digital forensic evidence acquisitio...
متن کاملA Platform for the Evaluation of Live Digital Forensics
Live digital forensics presents unique challenges with respect to maintaining forensic soundness, but also offers the ability to examine information that is unavailable to quiescent analysis. Any perturbation of a live operating system by a forensic examiner will have far-reaching effects on the state of the system being analysed. Numerous approaches to live digital forensic evidence acquisitio...
متن کاملAn Evidence Acquisition Tool for Live Systems
Evidence acquisition is concerned with the collection of evidence from digital devices for subsequent analysis and presentation. It is extremely important that the digital evidence is collected in a forensically-sound manner using acquisition tools that do not affect the integrity of the evidence. This paper describes a forensic acquisition tool that may be used to access files on a live system...
متن کاملLive Memory Acquisition for Windows Operating Systems:
Cover Page and Abstract Tools and Techniques for Analysis The live acquisition of volatile memory (RAM) is an area in digital forensics that has not garnered much attention until most recently. The importance of the contents of physical memory has always taken a back seat to what is considered more important – the contents of physical media. However, a great deal of information can be acquired ...
متن کامل