On-the-spot digital investigation by means of LDFS: Live Data Forensic System

Mathematical and Computer Modelling

Volumn 55, Issue 1-2, 2012, Pages 223-240

  Lim, Kyung Soo ^a   Savoldi, Antonio ^b   Lee, Changhoon ^c   Lee, Sangjin ^a  

^a Korea University   (South Korea)

^b UNIVERSITY OF BRESCIA   (Italy)

^c Hanshin University   (South Korea)

Author keywords

Automated digital investigation process; Live forensics; On the spot digital investigation

Indexed keywords

DATA FORENSICS; DIGITAL INVESTIGATION; FILE SYSTEMS; FORENSIC PRACTITIONER; HARD DRIVES; INCIDENT RESPONSE; INSTANT MESSAGING SERVICE; LIVE FORENSICS; MICROSOFT; POSTMORTEM ANALYSIS; UNIFIED ANALYSIS; WINDOWS REGISTRY; WINDOWS-BASED SYSTEMS;

ELECTRONIC CRIME COUNTERMEASURES; METADATA; WORLD WIDE WEB;

COMPUTER CRIME;

EID: 82755182926     PISSN: 08957177     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.mcm.2011.05.019     Document Type: Article

References (26)

1. Riley J., Dampier D., Vaughn R. Time Analysis of Hard Drive Imaging Tools. Advances in Digital Forensics 2008, vol. IV. Springer, Boston.
2. Turner P. Selective and intelligent imaging using digital evidence bags. Digital Investigation 2007, 3(Supplement 3):59-64. Retrieved September, 2009, from http://www.dfrws.org/2006/proceedings/8-Turner.pdf.
3. Turner P. Applying a forensic approach to incident response, network investigation and system administration using digital evidence bags. Digital Investigation 2007, 1(1):30-35. Retrieved September, 2009, from http://www.dfrws.org/2006/proceedings/8-Turner.pdf.
4. D. Brezinski, T. Killalea, Guidelines for Evidence Collection and Archiving, Network Working Group, RFC3227, 2002. Retrieved August, 2009. From http://www.ietf.org/rfc/rfc3227.txt.
5. Hay B., Bishop M., Nance K. Live analysis progress and challenges. IEEE Security and Privacy 2009, 7(2):30-37.
6. Savoldi A., Gubian P., Echizen I. Uncertainty in Live Forensics. Advances in Digital Forensics, vol. IV 2010, 171-184. Springer, Boston.
7. M. Rogers, J. Goldman, R. Mislan, T. Wedge, S. Debrota, Computer forensics field triage process model, in: The Proceedings of the ADFSL 2006 Conference on Digital Forensics, Security and Law, vol. 1, 2006.
8. S. Matthieu, Windd Windows Physical Memory Imaging Utility, 2009. Retrieved February, 2010, from http://http://windd.msuiche.net/.
9. Petroni N., Walters A., Fraser T., Arbaugh W. Fatkit: a framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation 2006, 3(4):197-210. Retrieved January, 2010, from http://www.dfrws.org/2006/proceedings/2-Schuster.pdf.
10. Schuster A. Searching for processes and threads in microsoft windows memory dumps. Digital Investigation 2006, 3(Supplement 3):10-16. Retrieved January, 2010, from http://www.dfrws.org/2006/proceedings/2-Schuster.pdf.
11. A. Vidstrom, PMDump Tool, 2007. Retrieved February, 2010, from http://www.ntsecurity.nu/toolbox/pmdump/.
12. Jones K.J., Bejtlich R., Rose C.W. Real Digital Forensics - Computer Security and Incident Response 2006, Addison-Wesley Professional. first edition.
13. Carvey H. Windows Forensic Analysis DVD Toolkit 2009, Syngress Publishing. second edition.
14. MSDN. CredEnumerate Function, 2009. Retrieved February, 2010, from http://msdn.microsoft.com/en-us/library/aa374794(VS.85).aspx.
15. Malin C., Casey E., Aquilina J.M. Malware Forensics: Investigating and Analyzing Malicious Code 2008, Elsevier. first edition.
16. A. Walters, N. Petroni, Volatools: Integrating Volatile Memory Forensic into the Digital Investigation Process, 2007. Retrieved August, 2009, from http://www.blackhat.com/presentations/bh-dc-07/Walters/Paper/bh-dc-07-Walters-WP.pdf.
17. D. Bilby, Low Down and Dirty: Anti-forensic Rootkits, 2006. Retrieved August, 2009, from http://www.blackhat.com/presentations/bh-jp-06/BH-JP-06-Bilby-up.pdf.
18. He4Hook Rootkit. Retrieved August, 2009, from http://www.pandasecurity.com/homeusers/security-info/98568/He4Hook.A.
19. Baiyuanfan. New Thoughts in Ring3 NT Rootkit, 2005. Retrieved August, 2009, from http://xcon.xfocus.org/XCon2005/archives/2005/Xcon2005_Baiyuanfan.pdf.
20. Hoglund G., Butler J. Rootkits: Subverting the Windows Kernel 2005, Addison-Wesley Professional. first edition.
21. A. Vidstrom, DECAF, January 2010. Retrieved February, 2010, from http://www.decafme.org/.
22. M.J. Leaver, InstallSpy v.2.0, 2003. Retrieved February, 2010, from http://www.mjleaver.com/.
23. A.J. Glina, Obrut, 2008. Retrieved April, 2010, from http://www.softpedia.com/get/Tweak/CPU-Tweak/Obrut.shtml.
24. Microsoft. Computer Online Forensic Evidence Extractor (COFEE), May 2008. Retrieved August, 2009, from. http://www.microsoft.com/industry/government/news/cofee_faq.mspx.
25. Guidance. EnCase Portable, May 2009. Retrieved April, 2010, from http://www.guidancesoftware.com/encase-portable.htm.
26. ADF Solutions. Triage Live, May 2009. Retrieved April, 2010, from http://www.adfsolutions.com/.