article

Bringing science to digital forensics with standardized forensic corpora

Authors:

Simson Garfinkel,

Vassil Roussev,

George DinoltAuthors Info & Claims

Digital Investigation: The International Journal of Digital Forensics & Incident Response, Volume 6

Pages S2 - S11

https://doi.org/10.1016/j.diin.2009.06.016

Published: 01 September 2009 Publication History

Abstract

Progress in computer forensics research has been limited by the lack of a standardized data sets-corpora-that are available for research purposes. We explain why corpora are needed to further forensic research, present a taxonomy for describing corpora, and announce the availability of several forensic data sets.

References

[1]

Calhoun William C, Coles Drue. Predicting the types of file fragments. In: Digital Investigation: The Proceedings of the eighth annual DFRWS conference, vol. 5; 2008.

Digital Library

[2]

http://dftt. sourceforge.net/

[3]

Committee on Identifying the Needs of the Forensic Science Community. Strengthening forensic science in the united states: a path forward, February 2009.

[4]

http://www.cftt.nist.gov/ss-req-sc-draft-v1_0.pdf

[5]

Cunningham Robert, Lippmann Richard P, Fried David J, Garfinkel Simson L, Graf Isaac, Kendall Kris R, Webster Seth E, Wyschogrod Dan, Zissman Marc A. Evaluating intrusion detection systems without attacking your friends: the 1998 DARPA intrusion detection evaluation. In: Third conference and workshop on intrusion detection and response; 1999.

[6]

http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/

[7]

Provenance as data mining: combining file system metadata with content analysis. February 12 2009. Usenix.

[8]

http://www. dublincore. org

[9]

Farrell Paul. A framework for automated digital forensic reporting. Master's thesis, Naval Postgraduate School; 2009.

[10]

http://www.law.cornell.edu/rules/fre/rules.htm

[11]

IRBs and security research: myths, facts and mission creep. In: Usability, psychology and security 2008 (co-located with the 5th USENIX symposium on Networked Systems Design and Implementation (NSDI '08)),

[12]

Automating disk forensic processing with sleuthkit, xml and python. In: Proceedings of the fourth international IEEE workshop on systematic approaches to digital forensic engineering, IEEE.

[13]

Providing cryptographic security and evidentiary chain-of-custody with the advanced forensic format, library, and tools. The International Journal of Digital Crime and Forensics. v1.

[14]

Remembrance of data passed. IEEE Security and Privacy.

[15]

http://old.honeynet.org/scans/

[16]

Introducing the enron corpus. In: Conference on Email and Anti-Spam (CEAS), CEAS.

[17]

http://dftt.sourceforge.net/test13/

[18]

http://www.cfreds.nist.gov/

[19]

http://www.cfreds.nist.gov/utf-16-russ.html

[20]

http://tracer.csl.sony.co. jp/mawi/

[21]

McDaniel Mason. Automatic file type detection algorithm. Master's thesis, James Madison University; 2001.

[22]

Moody Sarah J, Erbacher Robert F. SÁdi statistical analysis for data type identification. In: Third international workshop on systematic approaches to digital forensic engineering; 2008. pp. 41-54.

Digital Library

[23]

http://www.ncbi.nlm.nih.gov/Genbank/

[24]

The best evidence rule. EnCase Legal Journal. 31-38.

[25]

Ryan Julie JCH, Ryan Daniel J. Institutional and professional liability in information assurance education. working paper; http://www.danjryan.com/papers.htm; 2009.

[26]

http://nsdl.org/collection/type.php

Cited By

Demmel MGöbel TGonçalves PBaier H(2024)Data Synthesis Is Going Mobile—On Community-Driven Dataset Generation for Android DevicesDigital Threats: Research and Practice10.1145/36888075:3(1-19)Online publication date: 14-Sep-2024
https://dl.acm.org/doi/10.1145/3688807
Diamantopoulos DPletka RSarafijanovic SReddy APozidis H(2024)WannaLaugh: A Configurable Ransomware Emulator - Learning to Mimic Malicious Storage TracesProceedings of the 17th ACM International Systems and Storage Conference10.1145/3688351.3689163(118-131)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1145/3688351.3689163
Tiwari DMonperrus MBaudry B(2024)Mimicking Production Behavior With Generated MocksIEEE Transactions on Software Engineering10.1109/TSE.2024.345844850:11(2921-2946)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3458448
Show More Cited By

Bringing science to digital forensics with standardized forensic corpora
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Digital forensics research: The next 10 years

Today's Golden Age of computer forensics is quickly coming to an end. Without a clear strategy for enabling research efforts that build upon one another, forensic research will fall behind the market, tools will become increasingly obsolete, and law ...
The Study of the Interrelation between Law Programs and Digital Forensics in UAE Academia
InfoSecCD '13: Proceedings of the 2013 on InfoSecCD '13: Information Security Curriculum Development Conference

The field of digital forensics is growing in the Middle East which is shown by the establishment of technical digital forensic programs in various universities. Even though these programs are important for the development and advancement of the field ...
Boundary Conditions for the Digital Forensic Use of Electronic Evidence and The Need for Forensic Counter-Analysis
SADFE '11: Proceedings of the 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

Network and Digital Forensics provide information about electronic activity in new, sometimes unprecedented forms. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance when incorporated under traditional legal ...

Comments

Information & Contributors

Information

Published In

cover image Digital Investigation: The International Journal of Digital Forensics & Incident Response

Digital Investigation: The International Journal of Digital Forensics & Incident Response Volume 6, Issue

September, 2009

141 pages

ISSN:1742-2876

Issue’s Table of Contents

Copyright © Digital Forensic Research Workshop © 2009.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 September 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Demmel MGöbel TGonçalves PBaier H(2024)Data Synthesis Is Going Mobile—On Community-Driven Dataset Generation for Android DevicesDigital Threats: Research and Practice10.1145/36888075:3(1-19)Online publication date: 14-Sep-2024
https://dl.acm.org/doi/10.1145/3688807
Diamantopoulos DPletka RSarafijanovic SReddy APozidis H(2024)WannaLaugh: A Configurable Ransomware Emulator - Learning to Mimic Malicious Storage TracesProceedings of the 17th ACM International Systems and Storage Conference10.1145/3688351.3689163(118-131)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1145/3688351.3689163
Tiwari DMonperrus MBaudry B(2024)Mimicking Production Behavior With Generated MocksIEEE Transactions on Software Engineering10.1109/TSE.2024.345844850:11(2921-2946)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3458448
Zhang HZhao LYu ACai LMeng D(2024)Ranker: Early Ransomware Detection Through Kernel-Level Behavioral AnalysisIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341051119(6113-6127)Online publication date: 6-Jun-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3410511
Göbel TBaier HBreitinger F(2023)Data for Digital Forensics: Why a Discussion on “How Realistic is Synthetic Data” is DispensableDigital Threats: Research and Practice10.1145/36098634:3(1-18)Online publication date: 6-Oct-2023
https://dl.acm.org/doi/10.1145/3609863
Garfinkel SStewart J(2023)Sharpening Your ToolsCommunications of the ACM10.1145/360009866:8(44-52)Online publication date: 25-Jul-2023
https://dl.acm.org/doi/10.1145/3600098
Zhu NLiu YWang KMa C(2023)File Fragment Type Identification Based on CNN and LSTMProceedings of the 2023 7th International Conference on Digital Signal Processing10.1145/3585542.3585545(16-22)Online publication date: 17-Feb-2023
https://dl.acm.org/doi/10.1145/3585542.3585545
Escudero García DDeCastro-García NMuñoz Castañeda A(2023)An effectiveness analysis of transfer learning for the concept drift problem in malware detectionExpert Systems with Applications: An International Journal10.1016/j.eswa.2022.118724212:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.eswa.2022.118724
Spring JIllari P(2021)Review of Human Decision-making during Computer Security Incident AnalysisDigital Threats: Research and Practice10.1145/34277872:2(1-47)Online publication date: 20-Apr-2021
https://dl.acm.org/doi/10.1145/3427787
Davies SMacfarlane RBuchanan W(2021)Differential area analysis for ransomware attack detection within mixed file datasetsComputers and Security10.1016/j.cose.2021.102377108:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102377
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents