A second generation computer forensic analysis system

Ayers, Daniel

doi:10.1016/j.diin.2009.06.013

Cited by 61 publications

(33 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Quick and Choo, for the better understanding of the upcoming problems, the authors provided a consolidated survey on research contributions, the challenges and possible solutions allied to storage drive forensics. Similarly, the concern towards the underperforming behavior of existing forensic tools and their processing complexities in the scenario of the ever‐increasing volume of data were highlighted in Ayers …”

Section: Background and Related Workmentioning

confidence: 99%

An intelligent approach for examining and detecting target data fragments in suspected large storage drives

Bharadwaj

Singh

2019

Security and Privacy

View full text Add to dashboard Cite

The ever increasing capacity of storage devices is becoming a formidable obstruction to the digital forensic community due to its substantial investigation time and preservation space requirements. However, the investigation process becomes more complicated, whenever the fragmented or partially overwritten drives need forensic consideration. It is becoming extremely necessary to unfold novel methods the examination of storage drives involving a bulk volume of data. In this paper, the differential evolution (DE) technique is utilized with an unsupervised mean-shift clustering approach in the field of digital forensics for intelligently locating the traces of target file in suspected storage drives or raw images. The proposed methodology leverages the drives' geometrical information in DE for obtaining random sector samples followed by fitness value and sector hash computation. The clustering algorithm evaluates the obtained intelligence and assists in estimating the regions of forensic significance in the drive, instead of considering the entire drive contents. As an outcome, a proof-of-concept Python based command line tool has been developed and released to support the study and further enhancement. The experiments and case studies demonstrated using the drives of different capacities demonstrates the efficacy of the proposed method. K E Y W O R D Sdifferential evolution, digital forensics, huge data volumes, mean shift clustering, storage drive, target file 1 Security Privacy. 2019;2:e71.wileyonlinelibrary.com/journal/spy2

show abstract

Section: Background and Related Workmentioning

confidence: 99%

An intelligent approach for examining and detecting target data fragments in suspected large storage drives

Bharadwaj

Singh

2019

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…It is evident that the time requirements for full disk image collection and analysis process increase significantly with the increasing volume of data . Ayers et al discussed that the previously existing forensic tools and software are falling behind in their ability to handle the increasing complexity and volume of data. In order to address the data volume challenge, Roussev et al have introduced the notion of triage, a partial forensic examination conducted under significant time and resource constraints.…”

Section: Related Workmentioning

confidence: 99%

Significant data region identification and analysis using k‐means in large storage drive forensics

Bharadwaj

Singh

2018

Security and Privacy

View full text Add to dashboard Cite

The recent technological advancement with less implementation cost has completely changed the scenario of information being generated, stored, or manipulated digitally by using the storage devices. Today the criminal activities are directly or indirectly associated with the storage devices, thus it is now recognized as an essential evidence in court-of-law throughout the world. However, the massive capacities of modern storage devices significantly increase the time and effort required to preserve and analyze the evidence. This paper proposes a methodology based on the random sector sampling and k-means clustering approaches to efficiently identify and evaluate the significant data regions instead of the entire storage drive. The random sampling and clustering methods efficiently reveal the unseen resident data pattern and intelligence about the regions of the drive which may be of investigator's interest. Experiments involving storage drives of various capacities demonstrate the efficacy of the methodology. Moreover, we generalize our discussion to represent that the extracted hidden patterns of storage drive data can assist an investigator in achieving the desired performance requirements. KEYWORDS k-means clustering, large storage drives, random sector sampling, selective examination, significant regions identification, storage drive forensics, stored data pattern 1 Security Privacy. 2018;1:e40.wileyonlinelibrary.com/journal/spy2

show abstract

“…However, some metrics in the DF investigative process have already been proposed, such as the Forensic Traceability Measurement by authors Siti R. Selamat et al [3]. Daniel Ayers [13] makes suggestions for the measurement of the computer forensic tools' efficacy and performance, including the following parameters: absolute (T) and relative (T1) speed; completeness (%); accuracy (100 %); reliability (100 %); auditability (%); repeatability (%); and limitations of first-generation tools (Y/N).…”

Section: Establishing Integrated Model Of the Df Process Performancesmentioning

confidence: 99%

Integrated management model of the corporate digital forensic investigation

et al. 2016

View full text Add to dashboard Cite

Original scientific paper Metrics of the key performances indicators (KPIs) should be established into corporate digital forensic (DF) investigation process management to encourage performances effectiveness and efficiency improvement. The KPIs should lead to a quantitative assessment of gains in the DF investigation objectives, such as creating proved digital evidence (DE), reducing costs and DF investigation cycle time, etc. The KPIs metrics should address alignment with DF principles and standard operating procedures (SOP), forensic and legal requirements, digital evidence (DE) quality, stakeholder satisfaction and digital evidence legal admissibility. As a tool for quality improvement of the DF investigation processes, the KPIs metrics should be well defined and understood, and introduced by all stakeholders in the DF investigation process. The authors of this article suggested an integrated model of the corporate DF investigation management process. The model includes key activities, resources, performances objectives, risks and the KPIs metric. It is relevant for the development and management of the effective corporate DF investigation processes. Keywords: DF investigation process management; DF process performance; DF KPI metric; DF process management quality; integrated model Integrirani model upravljanja korporativnom digitalnom forenzičkom istragomIzvorni znanstveni članak Metrici indikatora ključnih performansi (KPI) treba uspostaviti u upravljačkom sustavu procesa korporativne digitalne forenzičke (DF) istrage, kako bi se ohrabrilo poboljšanje efektivnosti i efikasnosti performansi procesa. Oni trebaju omogućiti kvantitativnu procjenu dobiti u ciljevima DF istrage, kao što su izgradnja čvrstih digitalnih dokaza (DE), redukcija troškova i ciklusa DF istrage itd. Metrici KPI trebaju uključiti usklađivanje s DF principima i standardima, standardnim operativnim procedurama (SOP), forenzičkim i legalnim zahtjevima, smanjenjem troškova, kvalitetom DE, zadovoljstvom relevantnih sudionika i pravosudnom prihvatljivosti DE. Kao alat za poboljšanje kvaliteta procesa DF istrage, metrici KPI trebaju biti dobro definirani i shvaćena te da ih svi relevantni sudionici uvode u proces DF istrage. Autori ovog rada sugeriraju jedan integrirani model upravljanja procesom korporacijske DF istrage, koji obuhvaća ključne aktivnosti, resurse, ciljeve performansi, rizike i metrike KPI. Model je relevantan za razvoj i upravljanje efektivnim procesima DF istrage.

show abstract

A second generation computer forensic analysis system

Cited by 61 publications

References 2 publications

An intelligent approach for examining and detecting target data fragments in suspected large storage drives

An intelligent approach for examining and detecting target data fragments in suspected large storage drives

Significant data region identification and analysis using k‐means in large storage drive forensics

Integrated management model of the corporate digital forensic investigation

Contact Info

Product

Resources

About