scispace - formally typeset
Search or ask a question
Topic

Digital forensics

About: Digital forensics is a research topic. Over the lifetime, 4270 publications have been published within this topic receiving 49676 citations. The topic is also known as: digital forensic science & Digital forensics.


Papers
More filters
Journal Article
TL;DR: The nature of tools in digital forensics is examined and a discussion of the definitions, properties, and error types of abstraction layers when used with digital forensic analysis tools is discussed.
Abstract: This paper uses the theory of abstraction layers to describe the purpose and goals of digital forensic analysis tools. Using abstraction layers, we identify where tools can introduce errors and provide requirements that the tools must follow. Categories of forensic analysis types are also defined based on the abstraction layers. Abstraction layers are not a new concept, but their usage in digital forensic analysis is not well documented. What does it mean to be a Digital Forensic Analysis Tool? How do we categorize the different types of analysis tools? For example, an investigator can view the files and directories of a suspect system by using either specialized forensic software or by using the operating system (OS) of an analysis system and viewing the files by mounting the drive. Both methods allow the investigator to view evidence in allocated files, but only the specialized forensic software allows him to easily view unallocated files. Additional tools are required if he is relying on the OS. Clearly both allow the investigator to find evidence and therefore should be considered forensic tools, but it is unclear how we should compare and categorize them. The high-level process of digital forensics includes the acquisition of data from a source, analysis of the data and extraction of evidence, and preservation and presentation of the evidence. Previous work has been done on the theory and requirements of data acquisition [7] and the preservation of evidence [4]. This paper addresses the tools that are used for the analysis of data and extraction of evidence. This paper examines the nature of tools in digital forensics and proposes definitions and requirements. Current digital forensic tools produce results that have been successfully used in prosecutions, but lack designs that were created with forensic science needs. They provide the investigator with access to evidence, but typically do not provide access to methods for verifying that the evidence is reliable. This is necessary when approaching digital forensics from a scientific point of view and could be a legal requirement in the future. The core concept of this paper is the basic notion of abstraction layers. Abstraction layers exist in all forms of digital data and therefore in the tools used to analyze them. The idea of using tools for layers of abstraction is not new, but a discussion of the definitions, properties, and error types of abstraction layers when used with digital

222 citations

Journal ArticleDOI
TL;DR: It is concluded that there remains a need for further research with a focus on real world applicability of a method or methods to address the digital forensic data volume challenge.

216 citations

Journal ArticleDOI
TL;DR: An exhaustive survey of various network forensic frameworks proposed till date is made and a generic process model for network forensics is proposed which is built on various existing models of digital forensics.

213 citations

Book
07 Oct 2009
TL;DR: The Handbook of Digital Forensics and Investigation builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field.
Abstract: The Handbook of Digital Forensics and Investigation builds on the success of the Handbook of Computer Crime Investigation, bringing together renowned experts in all areas of digital forensics and investigation to provide the consummate resource for practitioners in the field.This unique collection details how to conduct digital investigations in both criminal and civil contexts, and how to locate and utilize digital evidence on computers, networks, and embedded systems. Specifically, the Investigative Methodology section of the Handbook provides expert guidance in the three main areas of practice: Forensic Analysis, Electronic Discovery and Intrusion Investigation. The Technology section is extended and updated to reflect the state of the art in each area of specialization. The main areas of focus in the Technology section are forensic analysis of Windows, Unix, Macintosh, and embedded systems (including cellular telephones and other mobile devices), and investigations involving networks (including enterprise environments and mobile telecommunications technology).The Handbook of Digital Forensics and Investigation is an essential technical reference and on-the-job guide that IT professionals, forensic practitioners, law enforcement, and attorneys will rely on when confronted with computer related crime and digital evidence of any kind. *Provides methodologies proven in practice for conducting digital investigations of all kinds*Demonstrates how to locate and interpret a wide variety of digital evidence, and how it can be useful in investigations *Presents tools in the context of the investigative process, including EnCase, FTK, ProDiscover, foremost, XACT, Network Miner, Splunk, flow-tools, and many other specialized utilities and analysis platforms*Case examples in every chapter give readers a practical understanding of the technical, logistical, and legal challenges that arise in real investigations

200 citations

Journal ArticleDOI
TL;DR: The forensic analyses were aimed at determining whether activities conducted through these applications were stored on the device’s internal memory, and if so, the extent, significance, and location of the data that could be found and retrieved from the logical image of each device were determined.

192 citations


Network Information
Related Topics (5)
Authentication
74.7K papers, 867.1K citations
84% related
Encryption
98.3K papers, 1.4M citations
81% related
Cryptography
37.3K papers, 854.5K citations
81% related
Server
79.5K papers, 1.4M citations
77% related
Mobile computing
51.3K papers, 1M citations
76% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20243
2023205
2022552
2021267
2020339
2019343