Digital evidence

About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.

Analysis of Time Information for Digital Investigation

Abstract: In digital forensics, the creation time, last written time, and last accessed time of a file or folder are important factors that can indicate events that have affected a computer system. The form of the time information varies with the file system, and the information changes the features, depending on the user’s actions such as copy, transfer, or network transport of files. Specific changes in the time information may be of considerable help in analyzing the user’s actions in the computer system. This paper analyzes changes in the time information of files and folders for different operations of the FAT and NTFS file systems and attempts to reconstruct the user’s actions. Further, it demonstrates the use of time information for digital evidence analysis by presenting a case study.

Combining Physical and Digital Evidence in Vehicle Environments

Abstract: Traditional forensic investigations of vehicles aims at gathering physical evidence since most crimes involving vehicles are physical. However, in the near future digital crimes on vehicles will most likely surge, and therefore it will be necessary to also gather digital evidence. In this paper, we investigate the possibilities of combining physical and digital evidence in forensic investigations of vehicle crime scenes. We show that digital evidence can be used to improve the investigation of physical crimes and, respectively, that physical evidence can be used to improve the investigation of digital crimes. We also recognize that by gathering purely physical or digital evidence certain crimes cannot be solved. Finally, we show that by combining physical and digital evidence it is possible to distinguish between different types of physical and digital crime.

A digital evidence fusion method in network forensics systems with Dempster-shafer theory

Abstract: Network intrusion forensics is an important extension to present security infrastructure, and is becoming the focus of forensics research field. However, comparison with sophisticated multi-stage attacks and volume of sensor data, current practices in network forensic analysis are to manually examine, an error prone, labor-intensive and time consuming process. To solve these problems, in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments, and fuse digital evidence from different sources such as hosts and sub-networks automatically. In the end, we evaluate the method on well-known KDD Cup 1999 dataset. The results prove our method is very effective for real-time network forensics, and can provide comprehensible messages for a forensic investigators.