Digital forensic research: current state of the art
Tóm tắt
Từ khóa
Tài liệu tham khảo
Adelstein F (2006) Live forensics: diagnosing your system without killing it first. Commun ACM 49(2):63–66
Adelstein F, Joyce RA (2007) FileMarshal: an automatic extraction of peer-to-peer data, digital investigation. In: Proceedings of the 7th annual digital forensic research workshop (DFRWS’07). Digit Investig 4(Supplement 1):S43–S48
Agrawal N, Bolosky WJ, Douceur JR, Lorsch JR (2007) A five-year study of file system metadata. ACM Trans Storage 3(3):9:1–9:32
Alink W, Bhoedjang RAF, Boncz PA, de Vries AP (2006) XIRAF—XML-based indexing and querying for digital forensics. In: The proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):50–58
Alvarez P (2004) Using extended file information (EXIF) file headers in digital evidence analysis. Int J Alvarezal Evidence 2(3):1–5
Arasteh A R, Debbabi M (2007) Forensic memory analysis: from stack and code to execution history, digital investigations. In: Proceedings of the 7th annual digital forensic research workshop (DFRWS’07). Digit Investig 4(Supplement 1):S114–S125
Arasteh AR, Debbabi M, Sakha A, Saleh M (2007) Analyzing multiple logs for forensic evidence, digital investigations. In: Proceedings of the 7th annual digital forensic research workshop (DFRWS’07). Digit Investig 4(Supplement 1):S82–S91
Arthur K, Olivier M, Venter H (2007) Applying the biba integrity model to evidence management. paper presented at the digital forensics; advances in digital forensics III. In: IFIP international conference on digital forensics, Orlando
Association of Chief Police Officers (ACPO) (2003) Good practice guide for computer based electronic evidence. NHTCU Publications, London, pp 1–51
Australian Computer Emergency Response Team (AusCERT) (2006) 2006 Australian Computer Crime and Security Survey. AusCERT & Australian High Tech Crime Center (AHTCC). ISBN 1-86499-849-0
Barik MS, Gupta G, Sinha S, Mishra A, Mazumdar C (2007) Efficient techniques for enhancing forensic capabilities of Ext2 file system. Digit Investig 4(Supplement 1):55–61
Beebe NL, Clark JG (2005) A hierarchical, objectives-based framework for the digital investigations process. Digit Investig 2(2):147–167
Beebe NL, Clark JG (2007) Digital forensic text string searching: improving information retrieval effectiveness by thematically clustering search results. Digit Investig 4(Supplement 1):49–54
Berners Lee T, Fielding R, Masinter L (1998) Uniform resource identifiers (URI), general syntax http://www.ietf.org/rfc/rfc2396.txt . Accessed 20 Mar 2008
Bogen AC, Dampier DA (2005) Unifying computer forensics modeling approaches: engineering perspective. In: Proceedings of the first international workshop on systematic approaches to digital forensic engineering (SADFE’05). IEEE Publication, Taipei
Bogen AC, Dampier DA (2005) Preparing for large scale investigations with case domain modeling. Paper presented at the 5th annual digital forensic research workshop (DFRWS’05), New Orleans
Boutell M, Luo J (2004) Photo classification by integrating image content and camera metadata. In: 17th international conference on pattern recognition (ICPR’04), vol 4, Cambridge, pp 901–904
Boutell M, Luo J (2004) Incorporating temporal context with content for classifying image collections. In: 17th international conference on pattern recognition (ICPR’04) vol 2, Cambridge, pp 947–950
Boutell M, Luo J (2004) Bayesian fusion of camera metadata cues in semantic scene classification. In: IEEE computer society conference on computer vision and pattern recognition (CVPR’04), vol 2, Washington, pp 623–630
Boutell M, Luo J (2005) Beyond pixels: exploiting camera metadata for photo classification. Pattern Recognit Image Underst Photogr 38(6): 935–946. doi: 10.1016/j.patcog.2004.11.013
Boyd C, Forster P (2004) Time and date issues in forensic computing—a case study. Digit Investig 1(1):18–23
Brand A, Daly F, Meyers B (2003) Metadata demystified. The Sheridian and NISO Press, http://www.niso.org/standards/resources/Metadata_Demystified.pdf , pp 1–19. ISBN: 1-880124-59-9
Brinson A, Robinson A, Rogers M (2006) A cyber-forensics ontology: creating a new approach to studying cyber forensics. Digit Investig 3(Supplement 1): S37–S43
Buchholz F, Spafford EH (2004) On the role of system metadata in digital forensics. Digit Investig 1(1):298–309
Buchholz F, Spafford EH (2007) Run-time label propagation for forensic audit data. Comput Secur 26(2007):496–513
Buchholz F (2007) An improved clock model for translating timestamps, JMU-INFOSEC-TR-2007-001. James Madison University, Madison
Buchholz F, Tjaden B (2007) A brief history of time. In: Proceedings of the 7th annual digital forensic research workshop (DFRWS’07). Digit Investig 4S:S31–S42
Burke P, Craiger P (2007) Forensic analysis of Xbox consoles. Paper presented at the digital forensics. Advances in digital forensics III. In: IFIP international conference on digital forensics, Orlando
Calhoun WC, Coles D (2008) Predicting the types of file fragments. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(1):S14–S20
Carrier BD (2003) Defining digital forensic examination and analysis tools using abstraction layers. Int J Digit Evidence (IJDE) 1(4):1–12
Carrier BD (2003) Sleuthkit. http://www.sleuthkit.org/sleuthkit/ . Accessed 12 July 2011
Carrier BD (2005) File system forensic analysis. Addison Wesley, Upper Saddle River. ISBN 0-32-126817-2
Carrier BD, Grand J (2004) A hardware-based memory acquisition procedure for digital investigations. Digit Investig 1(1):50–60
Carrier BD, Spafford EH (2003) Getting physical with the digital investigation process. Int J Digit Evidence 2(2):1–20
Carrier BD, Spafford EH (2004) An event-based digital forensic investigation framework. Paper presented at the 4th annual digital forensic research workshop (DFRWS’04), Lafayette
Carrier BD, Spafford EH (2006) Categories of digital investigation analysis techniques based on the computer history model. In: The proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):121–130
Casadei F, Savoldi A, Gubian P (2006) Forensics and SIM cards: an overview. Int J Digit Evidence 5(1):1–21
Case A, Cristina A, Marziale L, Richard GG, Roussev V (2008) FACE: automated digital evidence discovery and correlation. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S65–S75
Casey E (2011) Digital evidence and computer crime: forensic science, computers and the internet. Academy Press Publications, London. ISBN 978-0-12-374268
Casey E (2009) Timestamp misinterpretations in file systems. http://blog.cmdlabs.com/tag/timestamps/ . Accessed 12 July 2011
Castiglione A, De Santis A, Soriente C (2007) Taking advantages of a disadvantage: digital forensics and steganography using document metadata. J Syst Softw 80(5):750–764
Choo Kim-Kwang R (2010) Cloud computing: challenges and future directions. Trends and issues in crime and criminal justice No. 400. Australian Institute of Criminology, Canberra. ISSN 1836-2206
Choo Kim-Kwang R (2011) Cyber threat landscape faced by financial and insurance industry. Trends and issues in crime and criminal justice No. 408. Australian Institute of Criminology, Canberra. ISSN 1836-2206
Choi Kan-San, Lam EY, Wong KKY (2006) Source camera identification using footprints from len aberration. Proceedings of the SPIE-IS&T Electronic Imaging SPIE 6069:60690J-1–60690J-8
Chow K, Law F, Kwan M, Lai P (2007) The rules of time on NTFS file system. In: Proceedings of the 2nd international workshop on systematic approaches to digital forensic engineering, Seattle
Ciardhuain SO (2004) An extended model for cybercrime investigations. Int J Digit Evidence 3(1):1–22
Cohen MI (2008) PyFlag—an advanced network forensic framework. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S112–S120
Cohen MI, Garfinkel S, Schatz B (2009) Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow. In: Proceedings of the 9th annual digital forensic research workshop (DFRWS’09). Digit Investig 6:S57–S68
Combs G (1998) Wireshark—network protocol analyzer. http://www.wireshark.org/about.html . Accessed 12 July 2011
Common Digital Evidence Storage Format Working Group (CDESF-WG) (2006) Standardizing digital evidence storage. Commun ACM 49(2):67–68
Common Digital Evidence Storage Format Working Group (CDESF-WG) (2006) Survey of disk image storage formats. Paper presented at the 6th annual digital forensic research workshop (DFRWS’05), New Orleans, pp 1–18
Computer Security Institute (2010/11) Computer crime and security survey. In: 15th Annual Computer Crime survey (2010, GoCSI). https://cours.etsmtl.ca/log619/documents/divers/CSIsurvey2010.pdf . Accessed 8 Oct 2012
Dennen VP (2005) Looking for evidence of learning: assessment and analysis methods for online discourse. Paper presented at the cognition and exploratory learning in digital age: CELDA, Lisbon
DFRWS Technical Committee (DFRWS) (2001) A road map for digital forensic research: DFRWS Technical Report. DTR-T001-01 FINAL
Denecke K, Risse T, Baehr T (2009) Text classification based on limited bibliographic metadata. In: Proceedings of the fourth IEEE international conference on digital information management, ICDIM 2009, Ann Arbor, pp 27–32. ISBN 978-1-4244-4253-9
Ding X, Zou H (2011) Time based data forensic and cross reference analysis. In: Proceedings of the ACM symposium on applied computing 2011, TaiChung, Taiwan, pp 185–190. ISBN: 978-14503-0113-8
Dolan-Gavitt B (2008) Forensic analysis of windows registry in memory. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S26–S32
Eckstein K, Jahnke M (2005) Data hiding in journaling file systems. Paper presented at the 5th annual digital forensic research workshop (DFRWS’05), New Orleans
Fei BKL, Eloff JHP, Olivier MS, Venter HS (2006) The use of self-organising maps for anomalous behaviour detection in a digital investigation. In: Forensic science international 17th triennial meeting of the international association of forensic sciences 2005, Hong Kong. Forensic Sci Int 162(1–3), 33–37
Fernandez E, Pelaez J, Larrondo-Petrie M (2007) Attack patterns: a new forensic and design tool. Paper presented at the digital forensics: advances in digital forensics III: IFIP international conference on digital forensics, Orlando
FICCI Indian Risk Survey (2012) FICCI & Pinkerton C&I India Ltd. 2012 Risk Survey. www.ficci.com/SEDocument/20186/IndiaRiskSurvey2012.pdf . Accessed 8 Oct 2012
Fu Z, Sun X, Liu Y, Li Bo (2011) Forensic investigation of OOXML format documents. Digit Investig 8(1):48–55
Gallup Politics (2010) 2010 Gallup computer crime survey. http://www.gallup.com/poll/145205/new-high-households-report-computer-crimes.aspx . Accessed 8 Oct 2012
Garfinkel SL (2010) Digital forensic research: the next 10 years. In: Proceedings of the 10th annual conference on digital forensic research workshop (DFRWS’10). Digit Investig 7:S64–S73
Garfinkel SL, Parker-Wood A, Huynh D, Migletz J (2010) An automated solution to the multiuser carved data ascription problem. IEEE Trans Inf Forensics Secur 5(4):868–882
Garfinkel SL, Migletz J (2009) New XML-based files: implications for forensics. IEEE Secur Privacy Mag 7(2):38–44
Garfinkel SL, Farrell P, Roussev V, Dinolt G (2009) Bringing science to digital forensics with standardized forensic corpora. In: Proceedings of the 9th annual conference on digital forensic research workshop (DFRWS’09). Digit Investig 6:S2–S11
Garfinkel SL (2009) Automating disk forensic processing with Sleuthkit, XML and Python. In: Proceedings of the 2009 fourth international IEEE workshop on systemmatic approaches to digital forensic engineering (SADFE 2009), Berkeley, pp 73–84. ISBN: 978-0-7695-3792-4
Garfinkel SL (2006) Forensic feature extraction and cross drive analysis. Digit Investig 3(Supplement 1):S71–S81
Garfinkel SL, Malan D, Dubec K, Stevens C, Pham C (2006) Advanced forensic format: an open extensible format for disk imaging. In: Olivier M, Shenoi S (eds) Proceedings of the second annual IFIP WG 11.9 international conference on digital forensics, advances in digital forensics II. Springer, Boston, pp 17–31. ISBN: 0-387-36890-6
Garfinkel SL (2007) Carving contiguous and fragmented files with fast object validation. Digit Investig 4(Supplement 1):S2–S12
Garfinkel SL (2009) Providing cryptographic security and evidentiary chain-of-custody with the advanced forensic format library and tools. Int J Digit Crime Forensics 1(1):1–28
Gehani A, Reif J (2007) Super-resolution video analysis for forensic investigations. Paper presented at the digital forensics: advances in digital forensics III: IFIP international conference on digital forensics, Orlando
Geiger M (2005) evaluating commercial counter forensic tools. Paper presented at the 5th annual digital forensic research workshop (DFRWS’05), New Orleans
Gerber M, Leeson J (2004) Formalization of computer input and output: the Hadley model. Digit Investig 1(3):214–224
Gillam WB, Rogers M (2005) FileHound: a forensics tool for first responders. In: Proceedings of the 5th annual digital forensic research workshop (DFRWS’05), New Orleans
Gilligan J (2001) Beating the daylight savings Time bug and getting the correct file modification times. Code project—date and time. http://www.codeproject.com/KB/datetime/dstbugs.aspx . Accessed 12 July 2011
Gladyshev P, Patel A (2004) Finite state machine approach to digital event reconstruction. Digit Investig 1(2):130–149
Gloe T, Bohme R (2010) The Dresden Image database for benchmarking digital image forensics. In: Proceedings of the ACM symposium on applied computing 2010 (SAC 2010), Sierre. ISBN 978-1-60558-639-7
Gupta MR, Hoeschele MD, Rogers MK (2006) Hidden disk areas: hPA and DCO. Int J Digit Evidence 5(1):1–8
Hargreaves C, Chivers H, Titheridge D (2008) Windows vista and digital investigations. Digit Investig 5(1):34–48
Harms K (2006) Forensic analysis of system restore points in microsoft windows XP. In: Proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(1):151–158
Hartong M, Goel R, Wijeskera D (2007) A framework for investigating railroad accidents. Paper presented at the digital forensics; advances in digital forensics III: IFIP international conference on digital forensics, Orlando
Hearst MA (2006) Clustering versus faceted categories for information exploration. Commun ACM 49(4):59–61
Hosmer C, Hyde C (2003) Discovering covert digital evidence. Paper presented at the 3rd annual digital forensic research workshop (DFRWS’03), Cleveland
Huang H-C, Fang W-C, Chen S-C (2008) Copyright protection with EXIF metadata and error control codes, security technology. In: International conference on security technology 2008, Sanya, pp 133–136
Ieong RSC (2006) FORZA—digital forensics investigation framework that incorporate legal issues. In: The proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):29–36
Jansen W, Ayers R (2005) An overview and analysis of PDA forensic tools. Digit Investig 2(2):120–132
Jeyaraman S, Atallah MJ (2006) An empirical study of automatic event reconstruction systems. In: Proceedings of the 6th annual digital forensic research workshop (DRFWS’06). Digit Investig 3(Supplement 1):S108–S115
Jian X, Walters A, Xu D, Spafford E, Buchholz F, Wang Y (2007) Provenance-aware tracing of worm break-in and contaminations: a process coloring approach. In: Proceedings of the 24th IEEE international conference on distributed computing systems, (ICDCS 2006), Lisbon. ISBN: 0-7695-2540-7
Johnston A, Reust J (2006) Network intrusion investigation—preparation and challenges. Digit Investig 3(1):118–126
Kenneally EE, Brown CLT (2005) Risk sensitive digital evidence collection. Digit Investig 2(2):101–119
Kee E, Farid H (2010) Digital image authentication from thumbnails. In: Proceedings of the SPIE symposium on electronic imaging, San Jose
Kee E, Johnson MK, Farid H (2011) Digital image authentication from JPEG headers. IEEE Trans Inf Forensic Secur 6(3):1066–1075
Khan MNA, Chatwin CR, Young RCD (2007) A framework for post-event timeline reconstruction using neural networks. Digit Investig 4(3–4):146–157
Koen R, Olivier M (2008) The use of file timestamps in digital forensics. In: Proceeding of the information security of South Africa (ISSA 2008), Pretoria, pp 1–16
Kornblum JD (2008) Using JPEG quantization tables to identify imagery processed by software. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5:S21–S25
Kornblum JD (2006) Identifying almost identical files using context triggered piecewise hashing. In: Proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):S91–S97
Kornblum JD (2004) The linux and the forensic acquisition of hard disks with odd number of sectors. Int J Digit Evidence 3(2):1–5
Lalis S, Karypidis A, Savidis A (2005) Ad-hoc composition in wearable and mobile computing. Commun ACM 48(3):67–68
Lamport L (1978) Time, clocks, and the ordering of events in a distributed system. Commun ACM 21(7):558–565
Lavelle C, Konrad A (2007) FriendlyRoboCopy: a GUI to robocopy for computer forensic investigators. Digit Investig 4(1):16–23
Lee S, Shamma DA, Gooch B (2006) detecting false captioning using common sense reasoning. In: Proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):S65–S70
Lee J, Un S, Hong D (2008) High-speed search using tarari content processor in digital forensics. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S91–95
Leighland R, Krings AW (2004) A formalization of digital forensics. Int J Digit Evidence 3(2):1–32
Liebrock LM, Marrero N, Burton DP, Prine R, Cornelius E, Shakamuri M et al. (2007) A preliminary design for digital forensics analysis of terabyte size data sets. Paper presented at the symposium on applied computing (SAC’2007), Seoul
Lyle JR (2006) A strategy for testing hardware write block devices. Paper presented at the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):S3–S9
Marziale L, Richard III GG, Roussev V (2006) Massive threading: using GPUs to increase performance of digital forensic tools. Paper presented at the 6th annual digital forensics research workshop (DFRWS’06). Digit Investig 4:73–81
Masters G, Turner P (2007) Forensic data discovery and examination of magnetic swipe card cloning devices. In: The proceedings of the 7th annual digital forensic research workshop (DFRWS‘07). Digit Investig 4(Supplement 1):S16–S22
McGrew R, Vaughn R (2007) Using search engines to acquire network forensic evidence. Paper presented at the digital forensics; advances in digital forensics III: IFIP international conference on digital forensics, Orlando
McKemmish R (1999) What is forensic computing? Trends and issues in crime and justice, vol 188. Australian Institute of Criminology, Canberra, pp 1–6. ISBN 0-642-24102-3
Mead S (2006) Unique file identification in the national software reference library. Digit Investig 3(1):138–150
Mee V, Tryfonas T, Sutherland I (2006) The windows registry as a forensic artefact: illustrating evidence collection for Internet usage. Digit Investig 3(3):166–173
Metadata Working Group (2010) Guidelines for handling metadata, Ver 2.0. http://www.metadataworkinggroup.org/pdf/mwg_guidance.pdf . Accessed 12 July 2011
Microsoft Developer Network Library (2011) SYSTEMTIME Structure, MSDN Microsoft Corporation. http://msdn.microsoft.com/en-us/library/ms724950(v=VS.85).aspx . Accessed 12 July 2011. Microsoft Developer Network Library, TIME_ZONE_INFORMATION Structure, MSDN Microsoft Corporation. http://msdn.microsoft.com/en-us/library/ms725481(v=VS.85).aspx . Accessed 12 July 2011
Microsoft Developer Network Library (2011) DYNAMIC_TIME_ZONE_INFORMATION structure, MSDN Microsoft Corporation. http://msdn.microsoft.com/en-us/library/ms724253(v=VS.85).aspx . Accessed 12 July 2011
Microsoft Developer Network Library (2011) File times, MSDN Microsoft Corporation. http://msdn.microsoft.com/en-us/library/ms724290(v=VS.85).aspx . Accessed 12 July 2011
Microsoft Developer Network Library (2011) Local time, MSDN Microsoft Corporation. http://msdn.microsoft.com/en-us/library/ms724493(v=VS.85).aspx . Accessed 12 July 2011
Microsoft Developer Network Library (2011) DateTime. ToUniversalTime Method, MSDN Microsoft Corporation. http://msdn.microsoft.com/en-us/library/system.datetime.touniversaltime.aspx . Accessed 12 July 2011
Microsoft Support (2011) Time stamps change when copying from NTFS to FAT, Article ID 127830, Microsoft Corporation. http://support.microsoft.com/kb/127830 . Accessed 12 July 2011
Microsoft Support (2011) Description of NTFS date and Time stamps for file and folders. Article ID 299648, Microsoft Corporation. http://support.microsoft.com/kb/299648 . Accessed 12 July 2011
Microsoft Support (2011) Interpreting timestamps on NTFS file systems. Article ID 158558, Microsoft Corporation. http://support.microsoft.com/kb/158558 . Accessed 12 July 2011
Miskelly GM, Wagner JH (2005) Using spectral information in forensic imaging. Forensic Sci Int 155(2–3):112–118
Mocas S (2004) Building theoretical underpinnings for digital forensics research. Digit Investig 1(1):61–68
Mohay GM, Anderson A, Collie B, de Vel O, McKemmish R (2003) Computer and intrusion forensics. Artech House Publications, London. ISBN 1580533698, 9781580533690
Morgan TD (2008) Recovering data from the windows registry. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S33–S41
Murphey R (2007) Automated Windows Event Log Forensics. Paper presented at the 7th annual digital forensic research workshop (DFRWS’07). Digit Investig 4(Supplement 1):S92–S100
Myers M, Rogers M (2004) Computer forensics: a need for standardization and certification. Int J Digit Evidence 3(2):1–11
National Institute of Justice (NIJ) (2001) Electronic crime scene investigation guide: a guide for first responders. National Institute of Justice, Department of Justice (DoJ) 2001. http://www.ncjrs.gov/pdffiles1/nij/187736.pdf
Nikkel BJ (2006) Improving evidence acquisition from live network sources. Digit Investig 3(2):89–96
NISO (2004) Understanding metadata. NISO Press, pp 1–20. ISBN: 1-880124-62-9, http://www.niso.org/publications/press/UnderstandingMetadata.pdf
NIST (2007) Test results for hardware write block device: Tableau Forensic SATA Bridge T3u. NIST, Gaithersburg (Unpublished manuscript)
NIST (2002) Hard disk hardware write block tool specification. NIST, Gaithersburg (Unpublished manuscript)
NIST (2003) Hard disk software write block tool specification. NIST, Gaithersburg (Unpublished manuscript)
NIST (2001) General test methodology for computer forensic tools. NIST, Gaithersburg (Unpublished manuscript)
NIST (2001) Disk imaging tool specification. NIST, Gaithersburg (Unpublished manuscript)
Olievier MS (2008) On metadata context in database forensics. Digit Investig 5(1):1–8
Pal A, Sencar HT, Memon N (2008) Detecting file fragmentation point using sequential hypothesis testing. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S2–S13
Pan L, Batten LM (2005) Reproducibility of digital evidence in forensic investigations. Paper presented at the 5th annual digital forensic research workshop (DFRWS’05), New Orleans
Park B, Park J, Lee S (2009) Data concealment and detection in microsoft office 2007 files. Digit Investig 5(3–4):104–114
Pering T, Ballagas R, Want R (2005) Spontaneous marriages of mobile devices and interactive spaces. Commun ACM 48(9):53–59
Petroni J, Nick L, Walters A, Fraser T, Arbaugh WA (2006) FATKit: a framework for the extraction and analysis of digital forensic data from volatile system memory. Digit Investig 3(4):197–210
Pollitt MM (2007) An Ad-hoc review of digital forensic models. In: Proceedings of the second international workshop on systematic approaches to digital forensic engineering (SADFE’07). IEEE Publication, Washington
Poolsapassit N, Ray I (2007) Investigating computer attacks using attack trees. In: Pollitt M, Shenoi S (eds) Proceedings of the third annual IFIP WG 11.9 international conference on digital forensics; advances in digital forensics III: IFIP international conference on digital forensics. Springer, Orlando. ISBN: 978-0-387-73741-6
Popescu AC, Farid H (2004) Statistical tools for digital forensics. In: Proceedings of sixth international workshop on information hiding, Toronto
Raghavan S, Clark AJ, Mohay G (2009) FIA: an open forensic integration architecture for composing digital evidence. In: Proceedings of the ICST second annual international conference on forensic applications and techniques in telecommunications, information and multimedia (e-Forensics 2009), Adelaide
Reith M, Carr C, Gunsch G (2002) An examination of digital forensic models. Int J Digit Evidence 1(3):1–12
Reyes A, O’Shea K, Steele J, Hansen JR, Jean BR, Ralph T (2007) Digital forensics and analyzing data, cyber crime investigations. Syngress, Burlington, pp 219–259
Richard III GG, Roussev V (2005) Scalpel: a frugal high performance file carver. Paper presented at the 5th annual digital forensics research workshop (DFRWS’05), New Orleans
Richard III GG, Roussev V, Marziale L (2006) In-place file carving. In: Proceedings of the second annual IFIP WG 11.9 international conference on digital forensics, advances in digital forensics II. Springer, Boston, pp 1–12. ISBN: 0-387-36890-6
Richard GG III, Roussev V, Marziale L (2007) Forensic discovery auditing of digital evidence containers. Digit Investig 4(2):88–97
Rossev V, Chen Y, Bourg T, Richard III GG (2005) md5Bloom: forensic filesystem hashing revisited. Paper presented at the 5th annual digital forensics research workshop (DFRWS’05), New Orleans
Roussev V, Richard GG III, Marziale L (2007) Multi-resolution similarity hashing. Digit Investig 4(Supplement 1):105–113
Rowe NC, Garfinkel S (2011) Finding anomalous and suspicious files from directory metadata on a large corpus, to appear. In: Proceedings of the third international conference on digital forensics and cyber crime, ICDF2C 2011, Dublin
Rui Y, Huang TS, Shih-Fu Chang (1998) Image retrieval: current technologies, promising directions and open issues. J Vis Commun Image Represent (IJVCIR) 10:39–62
Sarmoria CG, Chapin SJ (2005) Monitoring Access to shared memory mapped files. Paper presented at the 5th annual digital forensic research workshop (DFRWS’05), New Orleans
Scientific Working Group on Digital Evidence (2009) technical notes on microsoft windows vista. SWGDE Technical Notes, pp 1–25
Scientific Working Group on Digital Evidence (2010) Technical notes on microsoft windows 7. SWGDE Technical Notes, pp 1–20
Schatz B (2007) BodySnatcher: towards reliable volatile memory acquisition by software. Digit Investig 4(Supplement 1):126–134
Schatz BL, Clark AJ (2006) An open architecture for digital evidence integration. In: Proceedings of the AusCERT R&D Stream, AusCERT 2006, Gold Coast, pp 15–29
Schatz B, Mohay G, Clark A (2006) A correlation method for establishing provenance of timestamps in digital evidence. In: The proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):98–107
Schuster A (2006) Searching for processes and threads in microsoft windows memory dumps. In: The proceedings of the 6th annual digital forensic research workshop (DFRWS’06). Digit Investig 3(Supplement 1):10–16
Schuster A (2007) Introducing the microsoft vista event log file format. Digit Investig 4(Supplement 1):65–72
Schuster A (2008) The impact of microsoft windows pool allocation strategies on memory forensics. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S58–S64
Schraffel MC, Wilson M, Russel M, Smith DA (2006) MSpace: improving information access to multimedia domains with multimodal exploratory search. Commun ACM 49(4):47–49
The Sedona Conference Working Group (2007) The Sedona principles: best practices recommendations & principles for addressing electronic document production (2nd edn.) http://www.thesedonaconference.org/content/miscFiles/TSC_PRINCP_2nd_ed_607.pdf . Accessed 12 July 2011
The Sedona Conference Working Group (2010) The Sedona conference glossary: e-discovery & digital information management (3rd edn.) www.thesedonaconference.org/dltForm?did=glossary2010.pdf . Accessed 12 July 2011
The Sedona Conference Working Group (2011) The Sedona Conference: Commentary on ESI Evidence & Admissibility (2008). http://www.thesedonaconference.org/dltForm?did=ESI_Commentary_0308.pdf . Accessed 12 July 2011
Sencar HT, Memon N (2009) Identification and recovery of JPEG files with missing fragments. Digit Investig 6(4):S88–S98
Sencar HT, Memon N (2008) Overview of state-of-the-art in digital image forensics, part of Indian statistical institute platinum jubilee monograph series titled statistical science and interdisciplinary research. World Scientific Press, Singapore
Shannon MM (2004) Forensic relative strength scoring: aSCII and entropy scoring. Int J Digit Evidence 2(4):1–19
Solomon J, Huebner E, Bem D, Szezynska (2007) User data persistence in physical memory. Digit Investig 4(1):68–72
Standards Australia (2003) HB171-guidelines for the management of IT evidence
Steele J (2007) Digital forensics and analyzing data: alternate data storage forensics. Syngress, Burlington, pp 1–38
Stevens MW (2004) Unification of relative time frames for digital forensics. Digit Investig 1(1):225–239
Teerlink S, Erbacher R (2006) Improving the computer forensic process through visualization. Commun ACM 49(2):71–75
Toyama K, Logan R, Roseway A, Anadan P (2003) Geographic location tags on digital images. In: Proceedings of ACM multimedia 2003, Berkeley, pp 156–166. ISBN: 1-58113-722-2
Turnbull B, Blundell G, Slay G (2006) Google desktop as a source of digital evidence. Int J Digit Evidence (IJDE) 5(1):1–12
Turner P (2005) Unification of digital evidence from disparate sources (digital evidence bags). Digit Investig 2(3):223–228
Turner P (2005) Digital provenance—interpretation, verification and corroboration. Digit Investig 2(1):45–49
Turner P (2006) Selective and intelligent imaging using digital evidence bags. In: The proceedings of the 6th annual digital forensic research workshop (DFRWS’06), Digit Investig 3(Supplement 1):59–64
Turner P (2007) Applying a forensic approach to incident response, network investigation and system administration using digital evidence bags. Digit Investig 4(1):30–35
van Baar RB, Alink W, Van Ballegooji AR (2008) Forensic memory analysis: files mapped in memory. In: Proceedings of the 8th annual digital forensic research workshop (DFRWS’08). Digit Investig 5(Supplement 1):S52–S57
Venter J, de Waal A, Willers C (2007) Specializing CRISP-DM for evidence mining. Paper presented at the digital forensics; advances in digital forensics III: IFIP international conference on digital forensics, Orlando
Vlastos E, Patel A (2007) An open source forensic tool to visualize digital evidence. Comput Stand Interfaces 29(6):614–625
Vlastos E, Patel A (2008) An open source forensic tool to visualize digital evidence. Comput Stand Interfaces 30(1–2):8–19
Wang G, Chen H, Atabakhsh H (2004) Automatically detecting deceptive criminal identities. Commun ACM 47(3):71–76
Wang S-J, Kao D-Y (2007) Internet forensics on the basis of evidence gathering with peep attacks. Comput Stand Interfaces 29(4):423–429
Wang S-J (2007) Measures of retaining digital evidence to prosecute computer-based cyber-crimes. Comput Stand Interfaces 29(2):216–223
Wang W, Daniels TE (2005) Network forensic analysis with evidence graphs. Paper presented at the 5th annual digital forensic research workshop (DFRWS’05), New Orleans
Weil MC (2002) Dynamic time and date stamp analysis. Int J Digit Evidence 1(2):1–6
Willassen S (2008) Finding evidence of antedating in digital investigations. In: Proceedings of the third international conference on availability, reliability and security, ARES, Barcelona, pp 26–32