Uncertainty in Live Forensics
نویسندگان
چکیده
The goal of live digital forensics is to collect crucial evidence that cannot be acquired under the well-known paradigm of post-mortem analysis. Volatile information in computer memory is ephemeral by definition and can be altered as a consequence of the live forensic approach. Every running tool on an investigated system leaves artifacts and changes the system state. This paper focuses on the understanding and measurement of the uncertainty related to the important and emerging paradigm of live forensic investigations. It also presents some practical examples related to the evaluation of uncertainty.
منابع مشابه
Procedures for a Harmonised Digital Forensic Process in Live Forensics
Cloud computing is a novel computing paradigm that presents new research opportunities in the field of digital forensics. Cloud computing is based on the following principles: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service. These principles require that cloud computing be distributed internationally. Even if the cloud is hosted locally, it ...
متن کاملMemory Forensics over the IEEE 1394 Interface
The IEEE 1394 “FireWire” interface provides a means for acquiring direct memory access. We discuss how this can be used to perform live memory forensics on a target system. We also present libforensic1394 an open-source software library designed especially for this purpose. Passive and active applications of live memory forensics are analysed. Memory imaging techniques are discussed at length. ...
متن کاملDe-Anonymizing Live CDs through Physical Memory Analysis
Traditional digital forensics encompasses the examination of data from an offline or “dead” source such as a disk image. Since the filesystem is intact on these images, a number of forensics techniques are available for analysis such as file and metadata examination, timelining, deleted file recovery, indexing, and searching. Live CDs present a serious problem for this investigative model, howe...
متن کاملA Platform for the Evaluation of Live Digital Forensics
Live digital forensics presents unique challenges with respect to maintaining forensic soundness, but also offers the ability to examine information that is unavailable to quiescent analysis. Any perturbation of a live operating system by a forensic examiner will have far-reaching effects on the state of the system being analysed. Numerous approaches to live digital forensic evidence acquisitio...
متن کاملPypette: A Platform for the Evaluation of Live Digital Forensics
Live digital forensics presents unique challenges with respect to maintaining forensic soundness, but also offers the ability to examine information that is unavailable to quiescent analysis. Any perturbation of a live operating system by a forensic examiner will have far-reaching effects on the state of the system being analysed. Numerous approaches to live digital forensic evidence acquisitio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010