Abstract : The traditional forensic search and seizure process employed by law enforcement is not always appropriate given large data volumes and the potential of hard drive encryption. This paper proposes a framework built on case-based reasoning to support a live forensic response during the search and seizure process. The framework assists a first responder by identifying the risks and the procedures to ensure the optimal collection of evidence based on prior cases. Test results demonstrate that the framework provides valuable assistance to first responders, reducing the time taken to complete a response and increasing the likelihood of a successful conclusion.
Gilbert Peterson; Sujeet Shenoi. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-361, pp.77-88, 2011, Advances in Digital Forensics VII. 〈10.1007/978-3-642-24212-0_6〉
https://hal.inria.fr/hal-01569564
Contributeur : Hal Ifip
<>
Soumis le : jeudi 27 juillet 2017 - 08:22:35
Dernière modification le : vendredi 1 décembre 2017 - 01:16:42
Bruno Hoelz, Celia Ralha, Frederico Mesquita. Case-Based Reasoning in Live Forensics. Gilbert Peterson; Sujeet Shenoi. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-361, pp.77-88, 2011, Advances in Digital Forensics VII. 〈10.1007/978-3-642-24212-0_6〉. 〈hal-01569564〉
