Reimplementing the Cedar file system using logging and group commit
SOSP '87 Proceedings of the eleventh ACM Symposium on Operating systems principles
The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Location-based authentication: grounding cyberspace for better security
Internet besieged
Deciding when to forget in the Elephant file system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Investigating Computer Crime
Providing Process Origin Information to Aid in Network Traceback
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Computer and Intrusion Forensics
Computer and Intrusion Forensics
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime
Providing process origin information to aid in computer forensic investigations
Journal of Computer Security
A categorization of computer security monitoring systems and the impact on the design of audit sources
Pervasive binding of labels to system processes
Pervasive binding of labels to system processes
A general-purpose file system for secondary storage
AFIPS '65 (Fall, part I) Proceedings of the November 30--December 1, 1965, fall joint computer conference, part I
Taking advantages of a disadvantage: Digital forensics and steganography using document metadata
Journal of Systems and Software
A proposal for automating investigations in live forensics
Computer Standards & Interfaces
Trail of bytes: efficient support for forensic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Time based data forensic and cross-reference analysis
Proceedings of the 2011 ACM Symposium on Applied Computing
Knowing what happened - automatic documentation of image analysis processes
ICVS'11 Proceedings of the 8th international conference on Computer vision systems
On metadata context in Database Forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A system for the proactive, continuous, and efficient collection of digital forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
XIRAF - XML-based indexing and querying for digital forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
International Journal of Ambient Computing and Intelligence
Hi-index | 0.00 |
Most of the effort in today's digital forensics community lies in the retrieval and analysis of existing information from computing systems. Little is being done to increase the quantity and quality of the forensic information on today's computing systems. In this paper we pose the question of what kind of information is desired on a system by a forensic investigator. We give an overview of the information that exists on current systems and discuss its shortcomings. We then examine the role that file system metadata play in digital forensics and analyze what kind of information is desirable for different types of forensic investigations, how feasible it is to obtain it, and discuss issues about storing the information.