Abstract : The traditional forensic search and seizure process employed by law enforcement is not always appropriate given large data volumes and the potential of hard drive encryption. This paper proposes a framework built on case-based reasoning to support a live forensic response during the search and seizure process. The framework assists a first responder by identifying the risks and the procedures to ensure the optimal collection of evidence based on prior cases. Test results demonstrate that the framework provides valuable assistance to first responders, reducing the time taken to complete a response and increasing the likelihood of a successful conclusion.
https://hal.inria.fr/hal-01569564
Contributor : Hal Ifip
<>
Submitted on : Thursday, July 27, 2017 - 8:22:35 AM
Last modification on : Friday, December 1, 2017 - 1:16:42 AM
Bruno Hoelz, Celia Ralha, Frederico Mesquita. Case-Based Reasoning in Live Forensics. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. pp.77-88, ⟨10.1007/978-3-642-24212-0_6⟩. ⟨hal-01569564⟩
