发布求助
文献互助 智能选刊 最新文献

2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)最新文献

筛选
英文 中文
CAT Record (computer activity timeline record): A unified agent based approach for real time computer forensic evidence collection CAT记录(计算机活动时间线记录):一种基于统一代理的实时计算机取证方法
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911539
Shadi Al Awawdeh, I. Baggili, A. Marrington, Farkhund Iqbal
{"title":"CAT Record (computer activity timeline record): A unified agent based approach for real time computer forensic evidence collection","authors":"Shadi Al Awawdeh, I. Baggili, A. Marrington, Farkhund Iqbal","doi":"10.1109/SADFE.2013.6911539","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911539","url":null,"abstract":"In this paper we present CAT Record - a real time computer forensics agent that records computer activity for subsequent forensic investigation on a Windows computer system as actions are taking place on a system. This approach is different from the traditional post-mortem approach of examining a hard disk since activities are being recorded as they are happening. The prototype agent included six modules 1) Windows Event Watcher - which records the Windows Operating System events 2) Active Window Detector - which records the active windows on the screen 3) Font-Time-Power-Resolution Detector - which records changes in font, time, power or resolution on the system 4) Explorers Monitor - which records the activity when opening an item from the Windows Explorer or Internet Explorer 5) Removable Devices Detector - which records any external devices that are plugged in or removed from a system and 6) File System Watcher - which records the activity taking place on the file system. CAT Record was stress tested in three scenarios using an automated program that was written to test the accuracy of the agent and its memory consumption on Windows XP and Windows 7. Overall, the results indicated that the amount of recorded data varied between Windows XP and Windows 7 and that CAT Record on average did not consume more than 42,876 KB of memory per second during its operation under extremely stressful tests.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126946450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Digital forensic investigation in cloud computing environment: Impact on privacy 云计算环境下的数字取证调查:对隐私的影响
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911542
Filipo Sharevski
{"title":"Digital forensic investigation in cloud computing environment: Impact on privacy","authors":"Filipo Sharevski","doi":"10.1109/SADFE.2013.6911542","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911542","url":null,"abstract":"Cloud computing as an extensive IT service delivery platform is one of the most promising technologies for rapid business development and operational efficiency improvement. Unfortunately, many of the attractive cloud computing attributes can be utilized for cybercrime purposes and illegal activities. Effective combat of these cybercrimes requires careful application of digital forensics practice in the cloud computing environment. This refers not just to the adoption of specific technical methodologies or tools for cloud forensic investigation, but also to serious consideration of the legal and privacy aspects of this investigation. Accordingly, through this paper we discuss the potential impact of the cloud forensics on privacy in the cloud computing environment, and offer several recommendations for adoption of privacy aware cloud forensic investigation process.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"424 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123400040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
A study of forensic & analysis tools 法医和分析工具的研究
2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE) Pub Date : 2013-11-01 DOI: 10.1109/SADFE.2013.6911540
S. Raghavan, S. Raghavan
{"title":"A study of forensic & analysis tools","authors":"S. Raghavan, S. Raghavan","doi":"10.1109/SADFE.2013.6911540","DOIUrl":"https://doi.org/10.1109/SADFE.2013.6911540","url":null,"abstract":"There are a wide range of forensic and analysis tools to examine digital evidence in existence today. Traditional tool design examines each source of digital evidence as a BLOB (binary large object) and it is up to the examiner to identify the relevant items from evidence. In the face of rapid technological advancements we are increasingly confronted with a diverse set of digital evidence and being able to identify a particular tool for conducting a specific analysis is an essential task. In this paper, we present a systematic study of contemporary forensic and analysis tools using a hypothesis based review to identify the different functionalities supported by these tools. We highlight the limitations of the forensic tools in regards to evidence corroboration and develop a case for building evidence correlation functionalities into these tools.","PeriodicalId":287131,"journal":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123343553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信