SlackStick: Signature-Based File Identification for Live Digital Forensics Examinations
作者: Rob Hegarty , John Haggerty
关键词: USB 、 Network forensics 、 Focus (computing) 、 Identification (information) 、 Computer forensics 、 Computer security 、 Information retrieval 、 Hash function 、 Scheme (programming language) 、 Digital forensics 、 Computer science
摘要: A digital forensics investigation may involve procedures for both live and gathering evidence from a device in laboratory. Due to the focus on capturing volatile data during investigation, tools have been developed that are aimed at specific surrounding state information. However, there be circumstances whereby non-volatile analysis, such as identification of files interest, is also required. In an ability use file-wise, or hash, signatures precluded due pre-processing requirements by tools. Therefore, this paper presents SlackStick, novel automated approach run USB memory interest triage using alternative signature scheme. Moreover, used inexpert users first-response phase investigation. The results case study presented demonstrate applicability approach.
computer.org
mmu.ac.uk
sci-hub.se 参考文章(14)
Vassil Roussev, Golden G. Richard, Scalpel: A Frugal, High Performance File Carver. digital forensic research workshop. ,(2005)
Yoshikuni Onozato, Ahmad Bazzi, IDS for detecting malicious non-executable files using dynamic analysis asia pacific network operations and management symposium. pp. 1- 3 ,(2013)
John Solis, Private searching for sensitive file signatures international conference on security and cryptography. pp. 341- 344 ,(2011)
Hui Gan, Long Chen, An Efficient Data Integrity Verification and Fault-Tolerant Scheme international conference on communication systems and network technologies. pp. 1157- 1160 ,(2014) , 10.1109/CSNT.2014.235
David McClelland, Fabio Marturana, A Digital Forensics Triage methodology based on feature manipulation techniques international conference on communications. pp. 676- 681 ,(2014) , 10.1109/ICCW.2014.6881277
Richard Crossley, Eleana Asimakopoulou, Stelios Sotiriadis, Nik Bessis, A Study on Metadata Tagging for Tracking Original File Information within the Cloud 2013 Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing. pp. 453- 456 ,(2013) , 10.1109/3PGCIC.2013.76
David Edmundson, Gerald Schaefer, Fast mobile image retrieval international conference on multimedia and expo. pp. 1- 6 ,(2013) , 10.1109/ICMEW.2013.6618399
Luís Filipe da Cruz Nassif, Eduardo Raul Hruschka, Document Clustering for Forensic Analysis: An Approach for Improving Computer Inspection IEEE Transactions on Information Forensics and Security. ,vol. 8, pp. 46- 54 ,(2013) , 10.1109/TIFS.2012.2223679
Ciprian Pungila, Improved file-Carving through data-parallel pattern matching for data forensics symposium on applied computational intelligence and informatics. pp. 197- 202 ,(2012) , 10.1109/SACI.2012.6250001
G. Schaefer, D. Edmundson, K. Takada, S. Tsuruta, Y. Sakurai, Effective and Efficient Filtering of Retrieved Images Based on JPEG Header Information signal-image technology and internet-based systems. pp. 644- 649 ,(2012) , 10.1109/SITIS.2012.97