2005
DOI: 10.1016/j.diin.2005.02.001
|View full text |Cite
|
Sign up to set email alerts
|

Risk sensitive digital evidence collection

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
22
0

Year Published

2006
2006
2015
2015

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 49 publications
(22 citation statements)
references
References 1 publication
0
22
0
Order By: Relevance
“…Traditionally, write-blocking hardware combined with bit-stream image copying processes is used (Kenneally & Brown, 2005). This is considered to allow data recovery and is believed to enhance validation of the reliability, accuracy, and completeness of the recovered evidence (Kenneally & Brown, 2005).…”
mentioning
confidence: 99%
“…Traditionally, write-blocking hardware combined with bit-stream image copying processes is used (Kenneally & Brown, 2005). This is considered to allow data recovery and is believed to enhance validation of the reliability, accuracy, and completeness of the recovered evidence (Kenneally & Brown, 2005).…”
mentioning
confidence: 99%
“…Kenneally and Brown [9] argue that partial acquisition of a source can also be used as valid evidence. When acquiring data from live network sources, this selective collection is indeed the only feasible method.…”
Section: Integrity and Protection Of Collected Datamentioning
confidence: 99%
“…However, not all non-authoritative sources may be useful for evidential purposes. For example, a web browser cache 9 , corporate web proxy cache, or poorly updated server may contain stale or outdated evidence.…”
Section: Identifying Authoritative Sourcesmentioning
confidence: 99%
“…Eckstein and Jahnke [68] present a study on data hiding in journaling file systems, Gupta et al [92] study hidden disk areas in a hard disk, Barik et al [13] propose a methodology to preserve authentic date and timestamps (ADTS) in EXT2 file system for forensic purposes and Schatz et al [182] propose a method for establishing timestamp provenance in digital evidence by corroborating system timestamps with a universal source such as NTP timestamps. Kenneally and Brown [107] present a risk sensitive approach to evidence collection while adhering to a legal framework and Johnston and Reust [106] highlight the importance of evaluating evidence in a network intrusion case study. Casadei et al [42] present an overview of the SIM card forensics, Laurie [117] analyzes the forensic scope for Bluetooth technology and Nutter [155] examines TomTom records for identifying locations.…”
Section: Forensic Acquisition Toolsmentioning
confidence: 99%