Advanced framework for digital forensic technologies and procedures

Journal of Forensic Sciences

Volumn 55, Issue 6, 2010, Pages 1471-1480

  Trček, Denis ^a,b   Abie, Habtamu ^c   Skomedal, Åsmund ^c   Starc, Iztok ^a,b  

^a UNIVERSITY OF LJUBLJANA   (Slovenia)

^b UNIVERSITY OF PRIMORSKA   (Slovenia)

^c NORWEGIAN COMPUTING CENTER   (Norway)

Author keywords

Admissible evidence; Digital forensics; Forensic procedures; Forensic science; Sensor networks; Service oriented architectures

Indexed keywords

ARTICLE; COMPUTER NETWORK; COMPUTER SECURITY; FORENSIC SCIENCE; HUMAN; METHODOLOGY; MICROCOMPUTER; VICTIM;

COMPUTER COMMUNICATION NETWORKS; COMPUTER SECURITY; CRIME VICTIMS; FORENSIC SCIENCES; HUMANS; MICROCOMPUTERS;

EID: 78149296009     PISSN: 00221198     EISSN: 15564029     Source Type: Journal    
DOI: 10.1111/j.1556-4029.2010.01528.x     Document Type: Article

References (57)

1. Abie H, Skomedal A. A conceptual formal framework for developing and maintaining security-critical systems. International Journal of Computer Science and Network Security 2005;5(12):89-98.
2. Rogers M. The role of criminal profiling in the computer forensics process. Comput Secur 2003;22(4):292-8.
3. Kruse WJ, Heiser JG. Computer forensics: incident response essentials. New York, NY: Addison-Wesley Professional, 2002.
4. Stephenson P. End-to-end digital forensics. Computer Fraud and Security 2002;2002(9):17-9.
5. Trček D. Managing information systems security and privacy. Heidelberg/New York: Springer, 2006.
6. Wang SJ. Measures of retaining digital evidence to prosecute computer-based cyber-crimes. Computer Standards & Interfaces 2007;29(2):216-23.
7. Palmer G, editor. A road map for digital forensic research (Report From the First Digital Forensic Research Workshop (DFRWS)). Utica, NY: AFRL/IFGB; 2001 Nov. Report No.: DTR-T001-01 FINAL.
8. Hunter W. Forensics: The science of crime-solving series. Philadelphia, PA: Ser. Mason Crest Publishers, 2005.
9. Stephenson P. Analysis and correlation. Computer Fraud and Security 2002;2002(12):16-8.
10. Stephenson P. A formal model for information risk analysis using colored petri nets. In: Jensen K, editor. Proceedings of the Fifth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools (CPN '04); 2004 Oct 8-11; Aarhus, Denmark. Aarhus, Denmark: CPN Group-Department of Computer Science/University of Aarhus, 2004;167-84.
11. Brinson A, Robinson A, Rogers M. A cyber forensics ontology: creating a new approach to studying cyber forensics. Digit Invest 2006;3(Suppl. 1):37-43.
12. Ieong RSC. FORZA-Digital forensics investigation framework that incorporate legal issues. Digit Invest 2006;3(Suppl. 1):29-36.
13. Endicott-Popovsky B, Frincke DA, Taylor CA. A theoretical framework for organizational network forensic readiness. J Comput 2007;2(3):1-11.
14. Taylor C, Endicott-Popovsky B, Frincke DA. Specifying digital forensics: a forensics policy approach. Digital Investigation 2007;4(Suppl. 1):101-4.
15. Grobler T, Louwrens B. Digital forensic readiness as a component of information security: best practice. In: Venter H, Eloff M, Labuschagne L, Eloff VSR, editors. New approaches for security, privacy and trust in complex environments (IFIP International Federation for Information Processing). Boston, MA: Springer, 2007;13-24.
16. Ryan DJ, Shpantzer G. Legal aspects of digital forensics. Washington, DC: The George Washington University, 2002.
17. Pollitt MM. An ad hoc review of digital forensic models. Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE 2007); 2007 Apr 10-12; Seattle, WA. Washington, DC: IEEE Computer Society, 2007;10-2.
18. Rekhis S, Krichene J, Boudriga N. Cognitive-maps based investigation of digital security incidents. In: Rekhis S, Krichene J, Boudriga N, editors. SADFE 2008. Proceedings of the 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering; 2008 May; Oakland, CA. Washington, DC: IEEE Computer Society, 2008;25-40.
19. Goel A, Farhadi K, Po K, Feng W. Reconstructing system state for intrusion analysis. ACM SIGOPS Operating Systems Review 2008;42(3):21-8.
20. Cohen F. Digital forensics. Network Sec 2000;2000(1):18-20.
21. Schatz B, Mohay G, Clark A. A correlation method for establishing provenance of timestamps in digital evidence. Digit Invest 2006;3(Suppl. 1):98-107.
22. Willassen SY. Timestamp evidence correlation by model based clock hypothesis testing. Proceedings of the 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia and Workshop; 2008 Jan 21-23; Adelaide, Australia. Brussels, Belgium: ICST, 2008;Article No 15.
23. Case A, Cristina A, Marziale L, Richard GG, Roussev V. FACE: Automated digital evidence discovery and correlation. Digit Invest 2008;5(Suppl. 1):S65-75.
24. Patel A, Shah M, Chandramouli R, Subbalakshmi KP. Covert channel forensics on the internet: issues, approaches, and experiences. International Journal of Network Security 2007;5(1):41-50.
25. Barik MS, Gupta G, Sinha S, Mishra A, Mazumdar C. An efficient technique for enhancing forensic capabilities of Ext2 file system. Digit Invest 2007;4(Suppl. 1):55-61.
26. Goodrich MT. Probabilistic packet marking for large-scale IP traceback. IEEE/ACM Transactions on Networking (TON) 2008;16(1):15-24.
27. Sung M, Xu J, Li J, Li L. Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation. IEEE/ACM Transactions on Networking (TON) 2008;16(6):1253-66.
28. Lu L, Chan MC, Chang EC. A general model of probabilistic packet marking for IP traceback. Proceedings of the 2008 of the ASIAN ACM Symposium on Information, Computer and Communications Security; 2008 Mar 18-20; Tokyo, Japan. New York, NY: ACM;179-88.
29. Shue CA, Gupta M, Davy MP. Packet forwarding with source verification. Computer Networks 2008;52(8):1567-82.
30. Nilsson DK, Larson UE. Conducting forensic investigations of cyber attacks on automobile in-vehicle networks. Proceedings of the 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia and Workshop; 2008 Jan 21-23; Adelaide, Australia. Brussels, Belgium: ICST 2008;Article No 8.
31. Tan J. Forensic readiness. Cambridge, MA: @stake Inc., 2001, (accessed August 13, 2009).
32. Rowlingson R. A ten step process for forensic readiness. Int J Digit Evid 2004;2(3):1-28.
33. Yasinsac A, Manzano Y. Policies to enhance computer and network forensics. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security; 2001 June 5-6; West Point, NY. IEEE, 2001.
34. Wolfe-Wilson J, Wolfe HB. Management strategies for implementing forensic security measure. Info Tech Sec Report 2003;8(2):55-64.
35. Rogers MK, Seigfried K. The future of computer forensics: a needs analysis survey. Comput & Secur 2004;23(1):12-6.
36. Carrier B, Spafford E. Getting physical with the digital investigation process. Int J Digit Evid 2003;2(2):???-???.
37. Yasinsac A, Erbacher RF, Marks DG, Pollitt MM, Sommer PM. Computer forensics education. IEEE Sec & Priv 2003;1(4):15-23.
38. Muftic S, Patel A, Sanders P, Colon R, Heijnsdijk J, Pulkkinen U. Security architecture for open distributed systems (Wiley Series in Communications & Distributed Systems). Chichester, England: John Wiley & Sons, 1993.
39. Garber L. Computer forensics: high-tech law enforcement. IEEE Computer 2001;34(1):22-7.
40. Savola R, Abie H. On-line and off-line security measurement framework for mobile ad hoc networks. Journal of Networks Special Issue on Security of Wireless Communication System 2009;4(7):565-79.
41. Gene HK, Spafford EH. The design and implementation of tripwire: a file system integrity checker. Proceedings of the 2nd ACM Conference on Computer and Communications Security; 1994 Nov 2-4; Fairfax, VA. New York, NY: ACM 1994;18-29.
42. Roesch M. SNORT-Lightweight intrusion detection system for networks. Proceedings of the 13th USENIX Conference on System Administration; 1999 Nov 7-12; Seattle, WA. Berkeley, CA: USENIX Association, 1999;229-38.
43. Data Protection Directive 95/64/EC. Official Journal of the European Communities L281, European Commission. 1995.
44. Trček D. Services deployment methodologies for weak processing devices: an analysis. In: System theory and applications. Proceedings of the 11th WSEAS International Conference on Systems; 2007 Jul 23-25; Agios Nikolaos, Greece. Stevens Point, WI: WSEAS Press 2007;357-60.
45. Morariu C, Stiller B. DiCAP: distributed packet capturing architecture for high-speed network links. 33rd Annual IEEE Conference on Local Computer Networks (LCN); 2008 Oct 14-17; Montreal, Canada. IEEE Computer Society, 2008;168-75.
46. Open Source Forensics: Open Source Tools.
47. Manson D, Carlin A, Ramos S, Gyger A, Kaufman M, Treichelt J. Is the open way a better way? Digital forensics using open source tools. Proceedings of the 40th Hawaii International Conference on System Sciences; 2007 Jan 3-6; Waikola Village, Hawaii. Washington, DC: IEEE Computer Society 2007;266b.
48. Carrier B. Open source digital forensics tools: the legal argument. Cambridge, MA: @stake Inc., 2002.
49. Byfield B. The two-edged sword: Legal computer forensics and open source. News Forge 2005;???:???-???.
50. Gyger A. Sleuthkit/Autopsy: an open source forensic package. February 15, 2006.
51. Geiger M, Cranor LF. Scrubbing stubborn data. IEEE Sec & Priv 2006;4(5):16-25.
52. Distefano A, Me G. An overall assessment of Mobile Internal Acquisition Tool. Digit Invest 2008;5(Suppl. 1):S121-7.
53. Richard GG, Roussev V. Digital forensics tools: the next generation. In: Kanellis P, editor. Digital crime and forensic science in cyberspace (N/A). Hershey, PA: Idea Group Publishing, 2006;76-81.
54. Scientific Working Group on Digital Evidence. Best practices for computer forensics, Version 2.1 (July 2006), (accessed August 13, 2009).
55. ENFSI. Guidelines for best practice in the forensic examination of digital technology, FIT-2005-001, No. 6, (accessed August 13, 2009).
56. ISO/IEC. General requirements for the competence of testing and calibration laboratories, ISO/IEC 17025, 2nd edn. Geneva, Switzerland: ISO, 2005.
57. UNCITRAL. Model law on electronic commerce. Vienna, Austria: United Nations Commission on International Trade Law (UNCITRAL), 1996.