Title

Applying Traditional Forensic Taxonomy To Digital Forensics

Keywords

Digital evidence process; Forensic examination; Forensic taxonomy

Abstract

Early digital forensic examinations were conducted in toto - every file on the storage media was examined along with the entire file system structure. However, this is no longer practical as operating systems have become extremely complex and storage capacities are growing geometrically. Examiners now perform targeted examinations using forensic tools and databases of known files, selecting specific files and data types for review while ignoring files of irrelevant type and content. Despite the application of sophisticated tools, the forensic process still relies on the examiner's knowledge of the technical aspects of the specimen and understanding of the case and the law. Indeed, the success of a forensic examination is strongly dependent on how it is designed. This paper discusses the application of traditional forensic taxonomy to digital forensics. The forensic processes of identification, classification/individualization, association and reconstruction are used to develop "forensic questions," which are applied to objectively design digital forensic examinations. © 2008 International Federation for Information Processing.

Publication Date

9-11-2008

Publication Title

IFIP International Federation for Information Processing

Volume

285

Number of Pages

17-26

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1007/978-0-387-84927-0_2

Socpus ID

51149113778 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/51149113778

This document is currently not available here.

Share

COinS