Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags)
نویسنده
چکیده
This paper outlines a new approach to the acquisition and processing of digital evidence obtained from disparate digital devices and sources. To date the capture of digital based evidence has always been in its entirety from the source device and different methods and containers (file types) are used for different types of digital device (e.g. computer, PDA, mobile phone). This paper defines a new approach called a Digital Evidence Bag (DEB) that is a universal container for the capture of digital evidence. Furthermore, the Digital Evidence Bag concept could be used to permit the streamlining of data capture and allow multiple sources of evidence to be processed in a multiprocessor distributed environment and thereby maximizing the use of available processing power. The approach described in this paper allows for the first time the forensic process to be extended beyond the traditional static forensic capture of evidence into the real-time ‘live’ capture of evidence. In addition to this the Digital Evidence Bag can be used to provide an audit trail of processes performed upon the evidence as well as integrated integrity checking.
منابع مشابه
Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملSecure, Audited Processing of Digital Evidence: Filesystem Support for Digital Evidence Bags
Traditional digital forensics methods capture, preserve, and analyze digital evidence in standard electronic containers: images of seized hard drives (e.g., created using the Unix dd command) are stored in regular files and documents are typically processed “as is”. Auditing of a digital investigation, from identification and seizure of evidence through duplication and investigation is essentia...
متن کاملAn open architecture for digital evidence integration
Recently the need for “digital evidence bags” – a common storage format for digital evidence – has been identified as a key requirement for enabling inter-organisational sharing of digital evidence, and interoperability between forensic analysis tools. Recent work has described an ontology based approach to correlation of event log based evidence, using semantic web technologies for describing ...
متن کاملDigital Evidence Bag Selection for P2P Network Investigation
The collection and handling of court admissible evidence is a fundamental component of any digital forensic investigation. While the procedures for handling digital evidence take much of their influence from the established policies for the collection of physical evidence, due to the obvious differences in dealing with non-physical evidence, a number of extra policies and procedures are require...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Digital Investigation
دوره 2 شماره
صفحات -
تاریخ انتشار 2005