Computer forensic analysis model for the reconstruction of chain of evidence of volatile memory data - Citegraph

Paper Info

Title
Computer forensic analysis model for the reconstruction of chain of evidence of volatile memory data

Abstract
Digital forensic data from volatile system memory possesses the following distinctive features: volatility, transience, phased stability, complexity, relevance of collected data, and phased behavior predictability. We present a computer forensic analysis model (CERM) for the reconstruction of a chain of evidence of volatile memory data. CERM frees analysts from being confined to the traditional analysis approach of digital forensic data that requires single evidence-oriented analysis. In CERM, they can focus on higher abstract levels involving the relationships of independent pieces of evidence and analyze patterns to construct a chain of evidence from the perspective of Evidence Law. In addition to CERM, we have designed a correlation analysis algorithm based on time series. Experimental tests have been conducted to verify the established model and designed algorithm. The experimental result shows that CERM is feasible and efficient, thus providing a new analysis perspective for digital forensic data from volatile system memory.

Year	DOI	Venue
2016	10.1007/s11042-015-2798-8	Multimedia Tools Appl.
Keywords	Field	DocType
Computer forensics, Chain of evidence, Time relevance, Volatile, Memory data	Data mining,Predictability,Computer forensics,Pattern recognition,Digital forensics,Computer science,Simulation,Chain of custody,Artificial intelligence,Volatile memory,Correlation analysis	Journal
Volume	Issue	ISSN
75	16	1573-7721
Citations	PageRank	References
2	0.37	10
Authors
4

Authors (4 rows)

Cited by (2 rows)

References (10 rows)

Name	Order	Citations	PageRank
Feng Wang	1	37	6.59
liang hu	2	34	8.17
jiejun hu	3	15	2.40
Kuo Zhao	4	30	4.15

1