2013
DOI: 10.1016/j.diin.2013.02.001
|View full text |Cite
|
Sign up to set email alerts
|

Real-time digital forensics and triage

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
41
0

Year Published

2015
2015
2019
2019

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 67 publications
(47 citation statements)
references
References 9 publications
0
41
0
Order By: Relevance
“…The first stage, in which many potential sources of digital evidence for specific information are reviewed, is alternatively referred to as survey or triage. The same idea that triage is part of forensic examination, is supported in later works [4][5][6][7][8].…”
Section: Introductionmentioning
confidence: 69%
See 1 more Smart Citation
“…The first stage, in which many potential sources of digital evidence for specific information are reviewed, is alternatively referred to as survey or triage. The same idea that triage is part of forensic examination, is supported in later works [4][5][6][7][8].…”
Section: Introductionmentioning
confidence: 69%
“…There are many other definitions of triage, which slightly differ depending on the attributed qualities [7][8][9][10][11][12]. The diversity of triage definitions reflects the variety of the views and indicates the immaturity of the field.…”
Section: Introductionmentioning
confidence: 99%
“…The regulation might also extend towards expressing the investigative results, given the extensive set of potential outcomes and the threat of data alternation or elimination especially in environments with a high degree of volatility. Considering also the threat to the resultant interpretations imposed by the anti-forensics actions (Simmons, Jones, & Simmons, 2011), the regulative aspects might provide the contours of an investigative strategy that incorporates both the hypothesis-based approach (Carrier, 2006;Casey, 2011) and the © 2015 ADFSL often necessary real-time digital forensics triage (Roussev, Quates, & Martell, 2013). By abstracting the characteristics of the investigative strategy, the deviations from the accepted norms identified with the interpretative bias, contingency and favoritism can be more easily recognized and eliminated.…”
Section: A Comparison In Respect To Examination and Conclusionmentioning
confidence: 99%
“…Triaging a live system is one approach, where data are assessed for their evidence value [9,10], outside the laboratory, prior to the recovery of a HDD and its forensic examination. The process of triage avoids data being written to the HDD through the use of external storage, typically a USB memory device, to contain the executable triage code and the resulting data recovered.…”
Section: Virtual Machinesmentioning
confidence: 99%