Effective digital forensics research is investigator-centric

  • Authors:
  • Robert J. Walls;Brian Neil Levine;Marc Liberatore;Clay Shields

  • Affiliations:
  • Dept. of Computer Science, University of Amherst, MA;Dept. of Computer Science, University of Amherst, MA;Dept. of Computer Science, University of Amherst, MA;Dept. of Computer Science, Georgetown University, Washington, DC

  • Venue:
  • HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Many technical mechanisms across computer security for attribution, identification, and classification are neither sufficient nor necessary for forensically valid digital investigations; yet they are often claimed as useful or necessary. Similarly, when forensic research is evaluated using the viewpoints held by computer security venues, the challenges, constraints, and usefulness of the work is often misjudged. In this paper, we point out many key aspects of digital forensics with the goal of ensuring that research seeking to advance the discipline will have the highest possible adoption rate by practitioners. We enumerate general legal and practical constraints placed on forensic investigators that set the field apart. We point out the assumptions, often limited or incorrect, made about forensics in past work, and discuss how these assumptions limit the impact of contributions.