FACE: Automated digital evidence discovery and correlation
Reads0
Chats0
TLDR
FACE is presented, a framework for automatic evidence discovery and correlation from a variety of forensic targets, and an advanced open-source memory analysis tool, ramparser, for the automated analysis of Linux systems is presented.About:
This article is published in Digital Investigation.The article was published on 2008-09-01 and is currently open access. It has received 136 citations till now. The article focuses on the topics: Digital forensics & Digital evidence.read more
Citations
More filters
Proceedings ArticleDOI
Technical Issues of Forensic Investigations in Cloud Computing Environments
Dominik Birk,Christoph Wegener +1 more
TL;DR: This paper focuses on the technical aspects of digital forensics in distributed cloud environments by assessing whether it is possible for the customer of cloud computing services to perform a traditional digital investigation from a technical point of view.
Journal ArticleDOI
Impacts of increasing volume of digital forensic data
TL;DR: It is concluded that there remains a need for further research with a focus on real world applicability of a method or methods to address the digital forensic data volume challenge.
Proceedings Article
Automatic Reverse Engineering of Data Structures from Binary Execution.
TL;DR: In this article, a reverse-engineering technique is proposed to automatically reveal program data structures from binaries based on dynamic analysis, where each memory location accessed by the program is tagged with a timestamped type attribute.
Proceedings Article
Automatic reverse engineering of data structures from binary execution
TL;DR: This paper proposes a reverse engineering technique to automatically reveal program data structures from binaries based on dynamic analysis and demonstrates that REWARDS provides unique benefits to two applications: memory image forensics and binary fuzzing for vulnerability discovery.
Journal ArticleDOI
Acquisition and analysis of volatile memory from android devices
TL;DR: This work presents the first methodology and toolset for acquisition and deep analysis of volatile physical memory from Android devices, and discusses the new kernel module for dumping memory, named dmd, and addresses the difficulties in developing device-independent acquisition tools.
References
More filters
Book
File system forensic analysis
TL;DR: Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.
Proceedings Article
Understanding data lifetime via whole system simulation
TL;DR: This investigation reveals that Mozilla, Apache, and Perl, which are used to process millions of passwords, credit card numbers, etc, take virtually no measures to limit the lifetime of sensitive data they handle, leaving passwords and other sensitive data scattered throughout user and kernel memory.
Journal ArticleDOI
A hardware-based memory acquisition procedure for digital investigations
Brian D. Carrier,Joe Grand +1 more
TL;DR: A procedure for acquiring volatile memory using a hardware expansion card that can copy memory to an external storage device and the initial results of the hardware implementation of the procedure are presented.
Proceedings Article
Scalpel: A Frugal, High Performance File Carver.
Golden G. Richard,Vassil Roussev +1 more
TL;DR: Some requirements for high performance file carving are presented, derived during design and implementation of Scalpel, a new open source file carving application that runs on machines with only modest resources and performs carving operations very rapidly, outperforming most, perhaps all, of the current generation of carving tools.
Journal ArticleDOI
Searching for processes and threads in Microsoft Windows memory dumps
TL;DR: This article analyzes the in-memory structures which represent processes and threads and develops search patterns which will then be used to scan the whole memory dump for traces of said objects, independent from the aforementioned lists.