A Stepwise Methodology for Tracing Computer Usage

Author

Lee, SeungBong ; Bang, Jewan ; Lim, KyungSoo ; Kim, Jongsung ; Lee, Sangjin

Author_Institution

Center for Inf. Security Technol., Korea Univ., Seoul, South Korea

fYear

2009

fDate

25-27 Aug. 2009

Firstpage

1852

Lastpage

1857

Abstract

In digital forensics investigation, a general method of investigating the suspect´s computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect´s computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.

Keywords

computer crime; data acquisition; storage media; computer crime; computer usage tracing; digital forensics investigation; file system meta data; prefetch files; selective data acquisition; storage media imaging; Computer crime; Digital forensics; File systems; Hard disks; History; Image storage; Law; Layout; Legal factors; Pattern analysis; PIM; pre-investigation; selectively acquisition;

fLanguage

English

Publisher

ieee

Conference_Titel

INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on

Conference_Location

Seoul

Print_ISBN

978-1-4244-5209-5

Electronic_ISBN

978-0-7695-3769-6

Type

conf

DOI

10.1109/NCM.2009.246

Filename

5331447