{"title":"分层磁盘调查模型","authors":"Umit Karabiyik, S. Aggarwal","doi":"10.1109/ISDFS.2016.7473523","DOIUrl":null,"url":null,"abstract":"Digital forensics investigators need specialized tools in order to retrieve evidence on hard disks. When using automated tools, only conventional areas of the disk are often analyzed and as a result potential evidence in hidden areas may be missed. One reason for this is the lack of a universal standard or approach with regards to the systematic disk investigation of the total disk area. In this paper, we present a new hierarchical disk investigation model that can be used to support automated digital forensics tools in systematically examining the disk in its totality, based on the disk's physical and logical structures. We have implemented our proposed model in an open source tool called Automated Disk Investigation Toolkit for illustration.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Model of hierarchical disk investigation\",\"authors\":\"Umit Karabiyik, S. Aggarwal\",\"doi\":\"10.1109/ISDFS.2016.7473523\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Digital forensics investigators need specialized tools in order to retrieve evidence on hard disks. When using automated tools, only conventional areas of the disk are often analyzed and as a result potential evidence in hidden areas may be missed. One reason for this is the lack of a universal standard or approach with regards to the systematic disk investigation of the total disk area. In this paper, we present a new hierarchical disk investigation model that can be used to support automated digital forensics tools in systematically examining the disk in its totality, based on the disk's physical and logical structures. We have implemented our proposed model in an open source tool called Automated Disk Investigation Toolkit for illustration.\",\"PeriodicalId\":136977,\"journal\":{\"name\":\"2016 4th International Symposium on Digital Forensic and Security (ISDFS)\",\"volume\":\"58 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-04-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 4th International Symposium on Digital Forensic and Security (ISDFS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISDFS.2016.7473523\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISDFS.2016.7473523","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
摘要
数字取证调查人员需要专门的工具来检索硬盘上的证据。当使用自动化工具时,通常只分析磁盘的常规区域,因此可能会错过隐藏区域的潜在证据。其中一个原因是缺乏一个通用的标准或方法,关于系统的磁盘调查总的磁盘面积。在本文中,我们提出了一个新的分层磁盘调查模型,该模型可用于支持自动化数字取证工具,根据磁盘的物理和逻辑结构系统地检查磁盘的整体。我们已经在一个名为Automated Disk Investigation Toolkit的开源工具中实现了我们提出的模型。
Digital forensics investigators need specialized tools in order to retrieve evidence on hard disks. When using automated tools, only conventional areas of the disk are often analyzed and as a result potential evidence in hidden areas may be missed. One reason for this is the lack of a universal standard or approach with regards to the systematic disk investigation of the total disk area. In this paper, we present a new hierarchical disk investigation model that can be used to support automated digital forensics tools in systematically examining the disk in its totality, based on the disk's physical and logical structures. We have implemented our proposed model in an open source tool called Automated Disk Investigation Toolkit for illustration.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
