Next-generation digital forensics
Communications of the ACM - Next-generation cyber forensics
Deriving cse-specific live forensics investigation procedures from FORZA
Proceedings of the 2007 ACM symposium on Applied computing
Evidential notions of defensibility and admissibility with property preservation
iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
Windows Vista and digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The growing need for on-scene triage of mobile devices
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Distributed forensics and incident response in the enterprise
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Improving evidence acquisition from live network sources
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Selective and intelligent imaging using digital evidence bags
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Over the past decade or so, well-understood procedures and methodologies have evolved within computer forensics digital evidence collection. Correspondingly, many organizations such as the HTCIA (High Technology Criminal Investigators Association) and IACIS (International Association of Computer Investigative Specialists) have emphasized disk imaging procedures which ensure reliability, completeness, accuracy, and verifiability of computer disk evidence. The rapidly increasing and changing volume of data within corporate network information systems and personal computers are driving the need to revisit current evidence collection methodologies. These methodologies must evolve to maintain the balance between electronic environmental pressures and legal standards. This paper posits that the current methodology which focuses on collecting entire bit-stream images of original evidence disk is increasing legal and financial risks. The first section frames the debate and change drivers for a Risk Sensitive approach to digital evidence collection, which is followed by the current methods of evidence collection along with a cost-benefit analysis. Then the methodology components of the Risk Sensitive approach to collection, and then concludes with a legal and resource risk assessment of this approach. Anticipated legal arguments are explored and countered, as well. The authors suggest an evolved evidence collection methodology which is more responsive to voluminous data cases while balancing the legal requirements for reliability, completeness, accuracy, and verifiability of evidence.