Title :
A Stepwise Methodology for Tracing Computer Usage
Author :
Lee, SeungBong ; Bang, Jewan ; Lim, KyungSoo ; Kim, Jongsung ; Lee, Sangjin
Author_Institution :
Center for Inf. Security Technol., Korea Univ., Seoul, South Korea
Abstract :
In digital forensics investigation, a general method of investigating the suspect´s computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect´s computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.
Keywords :
computer crime; data acquisition; storage media; computer crime; computer usage tracing; digital forensics investigation; file system meta data; prefetch files; selective data acquisition; storage media imaging; Computer crime; Digital forensics; File systems; Hard disks; History; Image storage; Law; Layout; Legal factors; Pattern analysis; PIM; pre-investigation; selectively acquisition;
Conference_Titel :
INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-5209-5
Electronic_ISBN :
978-0-7695-3769-6
DOI :
10.1109/NCM.2009.246
