• DocumentCode
    2360603
  • Title

    How to Deal with Blurriness in Live Forensics: A Case of Study

  • Author

    Savoldi, Antonio ; Gubian, Paolo ; Echizen, Isao

  • Author_Institution
    Dept. of Electron. for Autom., Univ. of Brescia, Brescia, Italy
  • fYear
    2009
  • fDate
    25-27 Aug. 2009
  • Firstpage
    1865
  • Lastpage
    1871
  • Abstract
    When dealing with live forensics cases, we should modify the volatile memory of the investigated system as little as possible, since it may contain plenty of evidential data. Usually, state-of-the-art live forensics best practices mention very little about how much the volatile memory is affected during a live investigation. As a result, there are only vague and imprecise ideas regarding the uncertainty of the resulting evidence. In this paper we would like to present a clear overview of how to measure the uncertainty of the dd collection tool, which is widely used for obtaining the full memory contents of a live computer-based system. As a result, it will become clear how to control and reduce the error when collecting evidence from the volatile memory.
  • Keywords
    security of data; storage management; blurriness; computer-based system; evidential data; live forensics; volatile memory; Automation; Best practices; Computer crime; Computer errors; Digital forensics; Error correction; Informatics; Linux; Measurement uncertainty; Mission critical systems; Blurriness; Error measure; Live forensics; Volatile memory;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on
  • Conference_Location
    Seoul
  • Print_ISBN
    978-1-4244-5209-5
  • Electronic_ISBN
    978-0-7695-3769-6
  • Type

    conf

  • DOI
    10.1109/NCM.2009.75
  • Filename
    5331456
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2360603