A system for the proactive, continuous, and efficient collection of digital forensic evidence

2007 Aggarwal S, Henry P, Kermes L, Mulholland J. Evidence handling in proactive cyberstalking investigations: the PAPA approach. In: Systematic approaches to digital forensic engineering. 2005. p. 165–176. Bishop M. A standard audit trail format. In: National Information Systems Security’95 (18th) proceedings: making security real. 1996. p. 136. Boyd, 2004, Time and date issues in forensic computing: a case Study, Digital Investigation, 1, 18, 10.1016/j.diin.2004.01.002 Bradford PG, Hu N. A layered approach to insider threat detection and proactive forensics. In: Annual Computer Security Applications Conference (ACSAC). Tuscon, AZ: December 2005. Bradford P, Brow M, Perdue J, Self B. Towards proactive computer-system forensics. In: International conference on information technology: coding and computing. 2004. p. 648–652. Buchholz F. Falk C. Design and Implementation of zeitline: a forensic timeline editor. In: Digital Forensics Research Workshop. 2005. p. 1–7. Buchholz, 2004, On the role of file system metadata in digital forensics, Digital Investigation, 1, 298, 10.1016/j.diin.2004.10.002 Bumiller, 2010 Burges C, Plastina D, Platt J, Renshaw E, Malvar H. Using audio fingerprinting for duplicate detection and thumbnail generation. In: Proc. acoustics, speech, and signal processing. 2005. p. 1–4. Carrier, 2005 Chowdhury, 2002, Collection statistics for fast duplicate document detection, ACM Transactions on Information Systems, 20, 171, 10.1145/506309.506311 Cooper JW, Coden AR, Brown EW. Detecting similar documents using salient terms. In: Proceedings of the eleventh international conference on information and knowledge management. 2002. p. 245. Grossman, 2004 Heintze N. Scalable document fingerprinting. In: USENIX workshop on electronic commerce. 1996. Herrerias J, Gomez R. A log correlation model to support the evidence search process in a forensic investigation. In: second international workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’07). April 2007. p. 31–32. Hoad, 2006, Detection of video sequences using compact signatures, ACM Transactions on Information Systems, 24, 1, 10.1145/1125857.1125858 Keeney M, Kowalski E, Cappelli D, Moore A, Shimeall T, Rodgers S. Insider threat study: computer system sabotage in critical infrastructure sectors. Tech. rep., U.S. Secret Service and SEI at CMU. May 2005. Klimt B, Yang Y. Introducing the Enron Corpus. In: First conference on email and anti-spam (CEAS). 2004. Kornblum, 2006, Identifying almost identical files using context triggered piecewise hashing, Digital Investigation, 3, 91, 10.1016/j.diin.2006.06.015 Lothian, 2005 Luoma, 2006, Computer forensics and electronic discovery: the new management challenge, Computers & Security, 25, 91, 10.1016/j.cose.2006.01.002 Manber U. Finding similar files in a large file system. In: Proceedings of the USENIX Winter 1994 technical conference. Berkeley, CA: 1994. Neuman, 2010 Oberheide J, Cooke E, Jahanian F. CloudAV: N-version antivirus in the network cloud. In: Proceedings of the 17th USENIX security symposium. San Jose, CA: July 2008. Olsson, 2009, Computer forensic timeline visualization tool, Digital Investigation, 6, S78, 10.1016/j.diin.2009.06.008 Oracle, Oracle outside in technology. http://www.oracle.com/technology/products/content-management/oit/oit_all.html. Paintsil AB. Insider threat detection: a proactive forensic approach. Master’s thesis, Stockholm University/The Royal Institute of Technology, Stockholm. Sweden. May 2007. Picciotto J. The design of an effective auditing subsystem. In: Proceedings of the 1987 symposium on security and privacy. 1987. p. 13–22. Ponec M, Giura P, Brönnimann H, Wein J. Highly efficient techniques for network forensics. In: Proceedings of the 14th ACM conference on Computer and Communications Security. 2007. p. 150–160. Porter, 1997, An algorithm for suffix stripping, Readings in Information Retrieval, 313 Roussev V, III, Richard G, Marziale L. Multi-resolution similarity hashing. In: Digital Forensics Research Conference (DFRWS). 2007. p. 105–113. Sandler D, Derr K, Crosby S, Wallach DS. Finding the evidence in tamper-evident logs. In: 2008 Third international workshop on systematic approaches to digital forensic engineering. May 2008. p. 69–75. Schneier, 1999, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security (TISSEC), 2, 159, 10.1145/317087.317089 Shafi, 2005, Precision and recall of five search engines for retrieval of scholarly information in the field of Biotechnology, Webology, 2 Shields C, Frieder O, Maloof M. A novel system for the proactive, continuous, and efficient collection of digital forensic evidence. Tech. Rep. CSTR-20100415-1, Georgetown University. 2010. Shields C. Towards proactive forensic evidentiary collection. In: Hawaii International Conference on System Sciences (HICSS). January 2010. Srinivasan SH, Sawant N. Finding near-duplicate images on the web using fingerprints. In: Proceeding of the 16th ACM international conference on Multimedia. 2008. p. 881. Takahashi D, Xiao Y. Complexity analysis of retrieving knowledge from auditing log files for computer and network forensics and accountability. In: 2008 IEEE International Conference on Communications. May 2008. p. 1474–1478. Wee C. LAFS: a logging and auditing file system. In: Annual computer security applications conference. 1995. p. 1–10.