Name
Abstract | ||
|---|---|---|
Digital evidence is not well perceived by the human senses. Crucial pieces of digital evidence may simply be missed by investigators as the forensic significance of seemingly unimportant pieces of collected data may not be fully understood. This paper will discuss how abstract pieces of informa- tion may be extracted from seemingly insignificant evidence sources such a file timestamps by making use of correlating evidence sources. The use of file timestamps as a substitute for missing or corrupt log files as well as the information deficiency problem surrounding the use of timestamps will be discussed in detail. A prototype was developed to help investigators to de- termine the course of event as they occurred according to file timestamps. The prototype results that were obtained as well as prototype flaws will also be addressed. |
Year | Venue | Keywords |
|---|---|---|
2008 | ISSA | digital forensics,reco platform,timestamps.,event reconstruction |
Field | DocType | Citations |
World Wide Web,Internet privacy,Digital forensics,Computer security,Computer science,Digital evidence,Timestamp | Conference | 2 |
PageRank | References | Authors |
0.58 | 9 | 2 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Renico Koen | 1 | 3 | 0.98 |
| Martin S. Olivier | 2 | 465 | 73.94 |