Categories of digital investigation analysis techniques based on the computer history model

Authors:
Brian D. Carrier;Eugene H. Spafford
Affiliations:
Center for Education and Research in Information Assurance and Security - CERIAS, Purdue University, West Lafayette, IN 47907, USA;Center for Education and Research in Information Assurance and Security - CERIAS, Purdue University, West Lafayette, IN 47907, USA
Venue:
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Year:
2006

Citing 4
Cited 0

Decompilation of binary programs

Software—Practice & Experience
Languages and machines: an introduction to the theory of computer science

Languages and machines: an introduction to the theory of computer science
Reverse Engineering from Assembler to Formal Specifications via Program Transformations

WCRE '00 Proceedings of the Seventh Working Conference on Reverse Engineering (WCRE'00)
A hypothesis-based approach to digital forensic investigations

A hypothesis-based approach to digital forensic investigations

Quantified Score

Hi-index	0.00

Visualization

Abstract

Several digital forensic frameworks have been proposed, yet no conclusions have been reached about which are more appropriate. This is partly because each framework may work well for different types of investigations, but it hasn't been shown if any are sufficient for all types of investigations. To address this problem, this work uses a model based on the history of a computer to define categories and classes of analysis techniques. The model is more lower-level than existing frameworks and the categories and classes of analysis techniques that are defined support the existing higher-level frameworks. Therefore, they can be used to more clearly compare the frameworks. Proofs can be given to show the completeness of the analysis techniques and therefore the completeness of the frameworks can also be addressed.