Tool review - remote forensic preservation and examination tools
نویسندگان
چکیده
Forensic tools are emerging to help digital investigators preserve evidence on live, remote systems. These tools are applying the precepts of digital forensics to incident response, enterprise policy enforcement, and electronic data discovery. This paper discusses the strengths and shortcomings of ProDiscover IR and EnCase Enterprise Edition in the context of the overall digital investigation process. In addition, a test scenario of a security breach involving a Windows rootkit is used to evaluate the capabilities of these tools. Based on this review, a comparison table is provided and several enhancements are proposed for tools used to process digital evidence on remote, live systems. I have spread my dreams under your feet; Tread softly because you tread on my dreams.
منابع مشابه
Chapter 16 REMOTE FORENSIC ANALYSIS OF PROCESS CONTROL SYSTEMS
Forensic analysis can help maintain the security of process control systems: identifying the root cause of a system compromise or failure is useful for mitigating current and future threats. However, forensic analysis of control systems is complicated by three factors. First, live analysis must not impact the performance and functionality of a control system. Second, the analysis should be perf...
متن کاملA Survey of Computer Methods in Forensic Handwritten Document Examination
Forensic document examination is at a cross-roads due to challenges posed to its scientific basis as well as due to the availability of revolutionary computer methods. This paper surveys recent efforts in the areas of establishing a scientific basis of forensic handwriting examination, software tools to assist document examiners and software systems that automate some of the examination process...
متن کاملDefining Digital Forensic Examination and Analysis Tool Using Abstraction Layers
This paper uses the theory of abstraction layers to describe the purpose and goals of digital forensic analysis tools. Using abstraction layers, we identify where tools can introduce errors and provide requirements that the tools must follow. Categories of forensic analysis types are also defined based on the abstraction layers. Abstraction layers are not a new concept, but their usage in digit...
متن کاملEvaluating Commercial Counter-Forensic Tools
Digital forensic analysts may find their task complicated by any of more than a dozen commercial software packages designed to irretrievably erase files and records of computer activity. These counter-forensic tools have been used to eliminate evidence in criminal and civil legal proceedings and represent an area of continuing concern for forensic investigators. In this paper, we review the per...
متن کاملForensic Analysis of Smartphones: The Android Data Extractor Lite (ADEL)
Due to the ubiquitous use of smartphones, these devices become an increasingly important source of digital evidence in forensic investigations. Thus, the recovery of digital traces from smartphones often plays an essential role for the examination and clarification of the facts in a case. Although some tools already exist regarding the examination of smartphone data, there is still a strong dem...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Digital Investigation
دوره 1 شماره
صفحات -
تاریخ انتشار 2004