Article

Deriving cse-specific live forensics investigation procedures from FORZA

Authors:

HC LeungAuthors Info & Claims

SAC '07: Proceedings of the 2007 ACM symposium on Applied computing

Pages 175 - 180

https://doi.org/10.1145/1244002.1244049

Published: 11 March 2007 Publication History

Abstract

Performing live forensics investigation becomes a trend in digital forensics. Different vendors and software developer implement their own investigation procedures. By applying FORZA framework -- a digital forensics investigation framework, investigation requirement could be translated and formulated into criteria in applying appropriate forensics investigation requirement. Through this model, only necessary searching would be applied to live investigation process instead of simply passing all investigation process to live investigation unintentionally.

In this paper, the FORZA framework that applied to live forensics investigation will be presented and illustrated using the investigation of the first BT illegal movie upload investigation.

References

[1]

Adelstein, F., "Live Forensics: Diagnosing Your System Without Killing It First", Communications of the ACM (Vol. 49, No. 2), February 2006, pp 63--66

Digital Library

[2]

Brown Christopher L. T., "Benefits and Techniques for Live Investigations", HTCIA International Conference, 2005

[3]

Casey E., Stanley A., "Tool review -- remote forensic preservation and examination tools", Digital Investigation 2004; 1(4), pp284 -- 297

Digital Library

[4]

DFRWS, Report from the First Digital Forensic Research Workshop. DTR-T001-01 FINAL A Road Map for Digital Forensic Research. Final version, November 6, 2001. http://www.dfrws.org

[5]

HKSAR v Chan Nai Ming, {2005}, TMCC 1268/2005, http://www.smlawpub.com.hk/cases/2005/1024.htm

[6]

Ieong Ricci S. C., "FORZA -- Digital forensics investigation framework that incorporate legal issues", Digital Forensics Research Workshop (DFRWS), 2006

Digital Library

[7]

John McLeod, "IRCR v2", http://tools.phantombyte.com/

[8]

Jesse Kornblum, "Preservation of Fragile Digital Evidence by First Responders", Digital Forensics Research Workshop (DFRWS), 2002

[9]

Kenneally Erin E., Brown Christopher L. T., "Risk sensitive digital evidence collection", Digital Investigation 2005; 2(2), pp101 -- 119

Digital Library

[10]

Knoppix, "First Responder Guide for Law Enforcement and Corrections Officers", 01 July 2003

[11]

McDougal Monty, "Live Forensics on a Windows System: Using Windows Forensic Toolchest (WFT)", http://www.foolmoon.net/security, 10 Jun 2006

[12]

Nikkel Bruce J., "Generalizing sources of live network evidence", Digital Investigation 2005; 2(3), pp193 -- 200

Digital Library

[13]

Nikkel Bruce J., "Improving evidence acquisition from live network sources", Digital Investigation 2006; 3(2), pp89 -- 96

Digital Library

[14]

Reith M., Carr., C., and Gunsch, G., "An Examination of Digital Forensic Models." International Journal of Digital Evidence (1:3), Fall 2002, pp 1--12.

[15]

Sommer Peter, "Downloads, logs, and captures: evidence from cyberspace", Journal of Financial Crime, October 1997

[16]

U.S. Department of Justice, "Electronic crime scene investigation -- a guide for first responders", 2001

[17]

U.S. Department of Justice, "Forensic Examination of Digital Evidence: A Guide for Law Enforcement", 2004

Cited By

Grobler CLouwrens Cvon Solms S(2010)A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations2010 International Conference on Availability, Reliability and Security10.1109/ARES.2010.62(677-682)Online publication date: Feb-2010
https://doi.org/10.1109/ARES.2010.62

Index Terms

Deriving cse-specific live forensics investigation procedures from FORZA

Recommendations

FORZA - Digital forensics investigation framework that incorporate legal issues

What is Digital Forensics? Mark Pollitt highlighted in DFRWS 2004 [Politt MM. Six blind men from Indostan. Digital forensics research workshop (DFRWS); 2004] that digital forensics is not an elephant, it is a process and not just one process, but a ...
Advances in Digital Forensics Frameworks and Tools: A Comparative Insight and Ranking

Digital forensics science is a well-known initiative to unearth computer-assisted crimes. The thriving criminal activities using digital media have changed the typical definition of a traditional crime. Meanwhile, the means and targets of criminal ...
A proposal for automating investigations in live forensics

In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '07: Proceedings of the 2007 ACM symposium on Applied computing

March 2007

1688 pages

ISBN:1595934804

DOI:10.1145/1244002

Conference Chairs:
Yookun Cho
Seoul National University, Seoul, Korea
,
Roger L. Wainwright
University of Tulsa, Tulsa, Oklahoma
,
Hisham M. Haddad
Kennesaw State University, Kennesaw, Georgia
,
Sung Y. Shin
South Dakota State University, Brookings, South Dakota
,
Program Chair:
Yong Wan Koo
The University of Suwon, Gyeongggi-do, Korea

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 March 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC07

Sponsor:

SIGAPP

SAC07: The 2007 ACM Symposium on Applied Computing

March 11 - 15, 2007

Seoul, Korea

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
754
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Grobler CLouwrens Cvon Solms S(2010)A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations2010 International Conference on Availability, Reliability and Security10.1109/ARES.2010.62(677-682)Online publication date: Feb-2010
https://doi.org/10.1109/ARES.2010.62

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents