Topic
Digital evidence
About: Digital evidence is a research topic. Over the lifetime, 1621 publications have been published within this topic receiving 18476 citations.
Papers published on a yearly basis
Papers
More filters
••
TL;DR: The paper proposes the use of Digital Evidence Bags as a suitable format for the evidential storage of information obtained from them, thus further illustrating the flexibility of the format and demonstrating the diverse range of devices that have to be handled within the digital investigation and law enforcement community.
15 citations
••
TL;DR: This paper demonstrates new methods for investigating Microsoft PowerPoint files that include some useful information about their own writing process that can help forensic examiners discover the relationships among several electronic documents and the traces of past work in some special cases.
15 citations
••
25 Aug 2009TL;DR: This paper analyzes changes in the time information of files and folders for different operations of the FAT and NTFS file systems and attempts to reconstruct the user’s actions.
Abstract: In digital forensics, the creation time, last written time, and last accessed time of a file or folder are important factors that can indicate events that have affected a computer system. The form of the time information varies with the file system, and the information changes the features, depending on the user’s actions such as copy, transfer, or network transport of files. Specific changes in the time information may be of considerable help in analyzing the user’s actions in the computer system. This paper analyzes changes in the time information of files and folders for different operations of the FAT and NTFS file systems and attempts to reconstruct the user’s actions. Further, it demonstrates the use of time information for digital evidence analysis by presenting a case study.
15 citations
••
22 May 2008TL;DR: This paper investigates the possibilities of combining physical and digital evidence in forensic investigations of vehicle crime scenes and shows that digital evidence can be used to improve the investigation of physical crimes and, respectively, that physicalevidence can be use to improveThe investigation of digital crimes.
Abstract: Traditional forensic investigations of vehicles aims at gathering physical evidence since most crimes involving vehicles are physical. However, in the near future digital crimes on vehicles will most likely surge, and therefore it will be necessary to also gather digital evidence. In this paper, we investigate the possibilities of combining physical and digital evidence in forensic investigations of vehicle crime scenes. We show that digital evidence can be used to improve the investigation of physical crimes and, respectively, that physical evidence can be used to improve the investigation of digital crimes. We also recognize that by gathering purely physical or digital evidence certain crimes cannot be solved. Finally, we show that by combining physical and digital evidence it is possible to distinguish between different types of physical and digital crime.
15 citations
••
TL;DR: A digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments, and fuse digital evidence from different sources such as hosts and sub-networks automatically is proposed.
Abstract: Network intrusion forensics is an important extension to present security infrastructure, and is becoming the focus of forensics research field. However, comparison with sophisticated multi-stage attacks and volume of sensor data, current practices in network forensic analysis are to manually examine, an error prone, labor-intensive and time consuming process. To solve these problems, in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments, and fuse digital evidence from different sources such as hosts and sub-networks automatically. In the end, we evaluate the method on well-known KDD Cup 1999 dataset. The results prove our method is very effective for real-time network forensics, and can provide comprehensible messages for a forensic investigators.
15 citations