Digital forensics XML and the DFXML toolset
نویسنده
چکیده
Digital Forensics XML (DFXML) is an XML language that enables the exchange of structured forensic information. DFXML can represent the provenance of data subject to forensic investigation, document the presence and location of file systems, files, Microsoft Windows Registry entries, JPEG EXIFs, and other technical information of interest to the forensic analyst. DFXML can also document the specific tools and processing techniques that were used to produce the results, making it possible to automatically reprocess forensic information as tools are improved. This article presents the motivation, design, and use of DFXML. It also discusses tools that have been creased that both ingest and emit DFXML files. Published by Elsevier Ltd.
منابع مشابه
Managing and Transforming Digital Forensics Metadata for Digital Collections
In this paper we present ongoing work conducted as part of the BitCurator project to develop extensible strategies for transforming and incorporating digital forensics metadata into archival metadata schemas. We focus on metadata produced by open-source tools that support Digital Forensics XML (DFXML). We describe how portions of this metadata can be used when recording PREMIS events to describ...
متن کاملCooperative mode: Comparative storage metadata verification applied to the Xbox 360
This work addresses the question of determining the correctness of forensic file system analysis software. Current storage systems are built on theory that is robust but not invincible to faults, from software, hardware, or adversaries. Given a parsing of a storage system of unknown provenance, the lack of a sound and complete analytic theory means the parsing's correctness cannot be proven. Ho...
متن کاملAnalyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملManagement of XML Documents in an Integrated Digital Library
We describe a generalized toolset developed by the Perseus Project to manage XML documents in the context of a large, heterogeneous digital library. The system manages multiple DTDs through mappings from elements in the DTD to abstract document structures. The abstraction of document metadata, both structural and descriptive, facilitates the development of application-level tools for knowledge ...
متن کاملCloud forensics-Tool development studies & future outlook
In this work, we describe our experiences in developing cloud forensics tools and use them to support three main points: First, we make the argument that cloud forensics is a qualitatively different problem. In the context of SaaS, it is incompatible with long-established acquisition and analysis techniques, and requires a new approach and forensic toolset. We show that client-side techniques, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Digital Investigation
دوره 8 شماره
صفحات -
تاریخ انتشار 2012