Pypette: A Platform for the Evaluation of Live Digital Forensics

Authors:
Brett Lempereur;Madjid Merabti;Qi Shi
Affiliations:
School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, UK;School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, UK;School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, UK
Venue:
International Journal of Digital Crime and Forensics
Year:
2012

Citing 12
Cited 0

Risks of live digital forensic analysis

Communications of the ACM - Next-generation cyber forensics
Live forensics: diagnosing your system without killing it first

Communications of the ACM - Next-generation cyber forensics
Next-generation digital forensics

Communications of the ACM - Next-generation cyber forensics
Technical Challenges and Directions for Digital Forensics

SADFE '05 Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering on Systematic Approaches to Digital Forensic Engineering
Acquiring volatile operating system data tools and techniques

ACM SIGOPS Operating Systems Review
Recovery of Encryption Keys from Memory Using a Linear Scan

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
A Model of Computer Live Forensics Based on Physical Memory Analysis

ICISE '09 Proceedings of the 2009 First IEEE International Conference on Information Science and Engineering
Live Analysis: Progress and Challenges

IEEE Security and Privacy
An overall assessment of Mobile Internal Acquisition Tool

Digital Investigation: The International Journal of Digital Forensics & Incident Response
BodySnatcher: Towards reliable volatile memory acquisition by software

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Editorial: What does "forensically sound" really mean?

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Visualization in testing a volatile memory forensic tool

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Quantified Score

Hi-index	0.00

Visualization

Abstract

Live digital forensics presents unique challenges with respect to maintaining forensic soundness, but also offers the ability to examine information that is unavailable to quiescent analysis. Any perturbation of a live operating system by a forensic examiner will have far-reaching effects on the state of the system being analysed. Numerous approaches to live digital forensic evidence acquisition have been proposed in the literature, but relatively little attention has been paid to the problem of identifying how the effects of these approaches, and their improvements over other techniques, can be evaluated and quantified. In this paper, the authors present Pypette, a novel platform enabling the automated, repeatable analysis of live digital forensic acquisition techniques.