A Practical Approach for Digital Forensic Triage-Reference-Cited by-同舟云学术

A Practical Approach for Digital Forensic Triage

Published:2015-03 Issue: Volume:742 Page:437-444
ISSN:1662-7482
Container-title:Applied Mechanics and Materials
language:
Short-container-title:AMM

Author:

Jiang Jian Guo¹,Yang Bo¹,Lin Sen²,Zhang Ming Xing¹,Liu Kun Ying¹

Affiliation:

1. Chinese Academy of Sciences

2. Harbin Engineering University

Abstract

In order to uncover truths to serve justice, case-related data collected from a digital investigation requires substantial resources to analyze, especially in time-critical situations. At present, however, digital forensics has not evolved to meet this ever-increasing demand. Digital forensic triage is a promising solution, as it is designed to maximize the use of resources according to a system of priorities, and hence the efficiency and effectiveness of forensic examinations can be increased. Nevertheless, the lack of concrete methods limits efforts to implement triage. This paper presents a practical approach that is designed to build a prioritizing solution. In this work a new process model is derived based on the presented approach, and it is particularly suited to scenarios where forensic examiners do not have enough time and resources to conduct a full examination and analysis. An example is described to demonstrate how this approach can be used to meet the requirements of network forensic investigations.

Publisher

Trans Tech Publications, Ltd.

Link

https://www.scientific.net/AMM.742.437.pdf

Reference24 articles.

1. Federal Bureau of Investigation, Regional Computer Forensics Laboratory (RCFL) Program Annual Report for Fiscal Year 2012, Washington, DC (www. rcf l. gov/downloads/documents/ RCFL_Nat_Annual12. pdf), (2012).

2. K. V. Iserson, and J. C. Moskop, Triage in medicine, part I: concept, history, and types. Annals of emergency medicine, vol. 49(3): 275-281, (2007).

3. A. Agarwal, M. Gupta, S. Gupta and S. C. Gupta, Systematic digital forensic investigation model, International Journal of Computer Science and Security (IJCSS), vol. 5(1) , pp.118-131, (2011).

4. V. Baryamureeba and F. Tushabe, The enhanced digital investigation process model, Proceedings of the Fourth Digital Forensic Research Workshop, (2004).

5. G. Cantrell and D. Dampier, Evaluation of the semi-automated crime-specific digital triage process model, in Advances in Digital Forensics IX, G. Peterson and S. Shenoii (Eds. ), Springer Berlin Heidelberg, p.410 : 83-98, (2013).