Defining a Digital Forensic Investigation
Page Content
Brian Carrier - Purdue University
Apr 06, 2005
Size:Download:
MP4 Video
Watch in your Browser (Flash Required)
RealVideo
Abstract
Digital investigations have occurred in some form or another for many years, yet there is no scientific model of the process. After all, there are multiple ways and sequences in which evidence may be found. An investigator does not necessarily need a model to solve a case, but a scientific model is useful for developing investigation tools and technology because it allows us to define requirements and identify what areas need more attention. Further, there are guidelines for entering technical evidence into a U.S. court that may require the technical procedure to be published and have known error rates. In this talk, I will present an overview of existing process models that an investigator can use. I will then present our initial findings on a more scientific model that is based on how digital evidence is created and will show how it can be applied to the process models used by practitioners. Our event-based model allows us to more clearly define requirements for investigation tools, which will help in the development and testing process.About the Speaker
Brian Carrier is a Research Assistant at CERIAS and a Computer Science Ph.D. candidate. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for its incident response team and digital forensic lab. Brian is the author of the File System Forensic Analysis book and has authored several digital forensic tools, including The Sleuth Kit and the Autopsy Forensic Browser. Brian has taught forensics and incident response at SANS, FIRST, the @stake Academy, and SEARCH and is a co-author for the 2nd edition of the Honeynet Project\'s Know Your Enemy book. He has also presented at The Digital Forensics Research Workshop (DFRWS), the High Technology Crime Investigation Association (HTCIA), and the American Academy of Forensic Sciences (AAFS). Brian has been involved with the European Commission\'s CTOSE project on Digital Evidence and a referee for the Journal of Digital Investigation.© 1999-2013 Purdue University. All rights reserved.
Use/Reuse Guidelines
CERIAS Seminar materials are intended for educational, non-commercial use only and any or all commercial use is prohibited. Any use must attribute "The CERIAS Seminar at Purdue University." Opinions expressed in the recordings are not necessarily representative of the views of CERIAS or of Purdue University.
Footer
RSS Feeds
Combined XML Feed
News XML Feed Events XML Feed Weblogs XML Feed Security Seminar Podcast
Twitter: @cerias, @ceriasarchive, #cerias
CERIAS, Purdue University / Recitation Building / 656 Oval Drive / West Lafayette IN 47907-2086
phone (765)494-7841 / fax (765)496-3181
Copyright © 2013, Purdue University, all rights reserved. Purdue University is an equal access/equal opportunity university.
If you have trouble accessing this page because of a disability, please contact the CERIAS webmaster at webmaster@cerias.purdue.edu. Some content on this site may require the use of a special plug-in or application. Please visit our plug-ins page for links to download these applications.
Privacy Policy
