Paper Titles

A Time Series Analysis and Neural Network Based Scheme for Fault Diagnosis of Transformers
p.412

The Proof of Strong Markov Property Based on one Definition
p.419

Strong Consistency of Maximum Likelihood Estimators in Compound-Sequential Logit Model
p.429

Sparse L_p-Norm Based ICP for 3D Registration
p.433

A Practical Approach for Digital Forensic Triage
p.437

Strong Consistency of Maximum Likelihood Estimators in Sequential-Cumulative Logit Model
p.445

On the Almost sure Convergence Rate for Weighted Sums of Negatively Associated Random Variables with Application to Priestley-Chao Estimate
p.449

Remote Wireless Control System of Copper Refinery Shorting Switch
p.455

Solution for Radio Frequency Identification Conflict
p.460

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vol. 742A Practical Approach for Digital Forensic Triage

A Practical Approach for Digital Forensic Triage

Article Preview

Abstract:

In order to uncover truths to serve justice, case-related data collected from a digital investigation requires substantial resources to analyze, especially in time-critical situations. At present, however, digital forensics has not evolved to meet this ever-increasing demand. Digital forensic triage is a promising solution, as it is designed to maximize the use of resources according to a system of priorities, and hence the efficiency and effectiveness of forensic examinations can be increased. Nevertheless, the lack of concrete methods limits efforts to implement triage. This paper presents a practical approach that is designed to build a prioritizing solution. In this work a new process model is derived based on the presented approach, and it is particularly suited to scenarios where forensic examiners do not have enough time and resources to conduct a full examination and analysis. An example is described to demonstrate how this approach can be used to meet the requirements of network forensic investigations.

You might also be interested in these eBooks

Sensors, Mechatronics and Automation II

Info:

Periodical:

Applied Mechanics and Materials (Volume 742)

Pages:

437-444

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.742.437

Citation:

Cite this paper

Online since:

March 2015

Authors:

Jian Guo Jiang, Bo Yang*, Sen Lin, Ming Xing Zhang, Kun Ying Liu

Keywords:

Digital Forensics, Digital Triage, Network Forensic, Process Model

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2015 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

[1] Federal Bureau of Investigation, Regional Computer Forensics Laboratory (RCFL) Program Annual Report for Fiscal Year 2012, Washington, DC (www. rcf l. gov/downloads/documents/ RCFL_Nat_Annual12. pdf), (2012).

[2] K. V. Iserson, and J. C. Moskop, Triage in medicine, part I: concept, history, and types. Annals of emergency medicine, vol. 49(3): 275-281, (2007).

DOI: 10.1016/j.annemergmed.2006.05.019

[3] A. Agarwal, M. Gupta, S. Gupta and S. C. Gupta, Systematic digital forensic investigation model, International Journal of Computer Science and Security (IJCSS), vol. 5(1) , pp.118-131, (2011).

[4] V. Baryamureeba and F. Tushabe, The enhanced digital investigation process model, Proceedings of the Fourth Digital Forensic Research Workshop, (2004).

[5] G. Cantrell and D. Dampier, Evaluation of the semi-automated crime-specific digital triage process model, in Advances in Digital Forensics IX, G. Peterson and S. Shenoii (Eds. ), Springer Berlin Heidelberg, p.410 : 83-98, (2013).

DOI: 10.1007/978-3-642-41148-9_6

[6] B. Carrier and E. H. Spafford, Getting physical with the digital investigation process, International Journal of Digital Evidence, vol. 2(2), pp.1-20, (2003).

[7] B. Carrier and E. H. Spafford, An event-based digital forensic investigation framework, Proceedings of the Fourth Digital Forensic Research Workshop, (2004).

[8] R. F. Erbacher, K. Christensen and A. Sundberg, Visual forensic techniques and processes, Proceedings of the 9th Annual NYS Cyber Security Conference Symposium on Information Assurance, (2006).

[9] K. Kent, S. Chevalier, T. Grance, H. Dang, Guide to integrating forensic techniques into incident response, NIST Special Publication, 800-86, (2006).

DOI: 10.6028/nist.sp.800-86

[10] G. Palmer, A Road Map for Digital Forensic Research, DFRWS Technical Report, DTR-T001-01 Final, Air Force Research Laboratory, Rome, New York, (2001).

[11] M. Pollitt, Computer Forensics: an Approach to Evidence in Cyberspace, Proceedings of the National Information Systems Security Conference, (1995).

[12] M. Reith, C. Carr, and G. Gunsch, An Examination of Digital Forensic Models, International Journal of Digital Evidence, vol. 1(3) , pp.1-12, (2002).

[13] G. Ruibin, T. Yun and M. Gaertner, Case-relevance information investigation: binding computer intelligence to the current computer forensic framework, International Journal of Digital Evidence, vol. 4(1), pp.1-13, (2005).

[14] V. Roussev, C. Quates, and R. Martell, Real-time digital forensics and triage, Digital Investigation, vol. 10(2), pp.158-167, (2013).

DOI: 10.1016/j.diin.2013.02.001

[15] M. Rogers, J. Goldman, R. Mislan, T. Wedge, S. Debrota, Computer forensics ﬁeld triage process model, Journal of the Digital Forensics Security and Law, vol. 1(2), p.27–40, (2006).

DOI: 10.15394/jdfsl.2006.1004

[16] D. Brezinski and T. Killalea, RFC 3227: Guidelines for evidence collection and archiving, (http: /www. ietf. org/rfc/rfc3227. txt), (2002).

DOI: 10.17487/rfc3227

[17] V. Roussev, and C. Quates, Content triage with similarity digests: the M57 case study, Digital Investigation, vol. 9, pp.60-68, (2012).

DOI: 10.1016/j.diin.2012.05.012

[18] A. Shaw, and A. Browne, A practical and robust approach to coping with large volumes of data submitted for digital forensic examination, Digital Investigation, vol. 10(2), pp.116-128, (2013).

DOI: 10.1016/j.diin.2013.04.003

[19] K. Nance, B. Hay and M. Bishop, Digital forensics: defining a research agenda, In System Sciences, 2009. HICSS'09. 42nd Hawaii International Conference on (pp.1-6). IEEE.

DOI: 10.1109/hicss.2009.160

[20] E. Casey, Digital evidence and computer crime: forensic science, computers and the internet, Academic press, (2011).

[21] M. Pollitt, Triage: A practical solution or admission of failure, digital investigation 10(2): 87-88, (2013).

DOI: 10.1016/j.diin.2013.01.002

[22] G. Grispos, T. Storer and W. Glisson, Calm before the storm: The challenges of cloud computing in digital forensics, International Journal of Digital Crime and Forensics (IJDCF), vol. 4(2), pp.28-48, (2012).

DOI: 10.4018/jdcf.2012040103

[23] ACPO, Good practice guide for computer-based electronic evidence, (2008).

[24] J. Nilsson and S. Riedel, Electronic circuits, Prentice Hall, New York, (2008).