Skip to Main content Skip to Navigation
Conference papers

Case-Based Reasoning in Live Forensics

Bruno Hoelz 1, 2 Celia Ralha 1 Frederico Mesquita 1, 2
1 UnB - Universidade de Brasilia [Brasília]
2 National Institute of Criminalistics [Brasília]
Abstract : The traditional forensic search and seizure process employed by law enforcement is not always appropriate given large data volumes and the potential of hard drive encryption. This paper proposes a framework built on case-based reasoning to support a live forensic response during the search and seizure process. The framework assists a first responder by identifying the risks and the procedures to ensure the optimal collection of evidence based on prior cases. Test results demonstrate that the framework provides valuable assistance to first responders, reducing the time taken to complete a response and increasing the likelihood of a successful conclusion.
Keywords : Live forensics case-based reasoning
Document type :
Conference papers
Complete list of metadata

Cited literature [11 references]  Display  Hide  Download
https://hal.inria.fr/hal-01569564
Contributor : Hal Ifip <>
Submitted on : Thursday, July 27, 2017 - 8:22:35 AM
Last modification on : Thursday, March 5, 2020 - 4:46:43 PM

File

Vignette du document
978-3-642-24212-0_6_Chapter.pd...
Files produced by the author(s)

Licence

Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Collections

IFIP | IFIP-AICT | IFIP-TC | IFIP-TC11 | IFIP-DF | IFIP-WG11-9 | IFIP-AICT-361 | IFIP-LNCS | IFIP-WG

Citation

Bruno Hoelz, Celia Ralha, Frederico Mesquita. Case-Based Reasoning in Live Forensics. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. pp.77-88, ⟨10.1007/978-3-642-24212-0_6⟩. ⟨hal-01569564⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

144

Files downloads

495

 

Contact                    Legal Notice                    Personal Data