Name
Abstract | ||
|---|---|---|
Digital forensic tools are being developed at a brisk pace in response to the ever increasing variety of forensic targets. Most tools are created for specific tasks - filesystem analysis, memory analysis, network analysis, etc. - and make little effort to interoperate with one another. This makes it difficult and extremely time-consuming for an investigator to build a wider view of the state of the system under investigation. In this work, we present FACE, a framework for automatic evidence discovery and correlation from a variety of forensic targets. Our prototype implementation demonstrates the integrated analysis and correlation of a disk image, memory image, network capture, and configuration log files. The results of this analysis are presented as a coherent view of the state of a target system, allowing investigators to quickly understand it. We also present an advanced open-source memory analysis tool, ramparser, for the automated analysis of Linux systems. |
Year | DOI | Venue |
|---|---|---|
2008 | 10.1016/j.diin.2008.05.008 | Digital Investigation: The International Journal of Digital Forensics & Incident Response |
Keywords | DocType | Volume |
memory image,network capture,automated digital evidence discovery,filesystem analysis,automated analysis,disk image,forensic target,digital forensics,advanced open-source memory analysis,evidence correlation,memory analysis,linux system,network analysis,integrated analysis,log file,digital forensic tool,forensics tool,physical memory | Journal | 5, |
Issue | ISSN | Citations |
Supplement | Digital Investigation | 52 |
PageRank | References | Authors |
2.83 | 11 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Andrew Case | 1 | 138 | 11.36 |
| Andrew Cristina | 2 | 59 | 3.84 |
| Lodovico Marziale | 3 | 214 | 15.10 |
| Golden G. Richard | 4 | 80 | 5.41 |
| Vassil Roussev | 5 | 699 | 54.67 |