The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

An Event-Based Digital Forensic Investigation Framework

Download

Download PDF Document
PDF

Author

Brian D. Carrier and Eugene H. Spafford

Tech report number

CERIAS TR 2004-53

Entry type

conference

Abstract

In this paper, we present a framework for digital forensics that includes an investigation process model based on physical crime scene procedures. In this model, each digital device is considered a digital crime scene, which is included in the physical crime scene where it is located. The investigation includes the preservation of the system, the search for digital evidence, and the reconstruction of digital events. The focus of the investigation is on the reconstruction of events using evidence so that hypotheses can be developed and tested. This paper also includes definitions and descriptions of the basic and core concepts that the framework uses.

Download

PDF

Date

2004 – 08

Booktitle

2004 Digital Forensic Research Workshop

Institution

CERIAS

Key alpha

carrier

School

Purdue University

Publication Date

2004-08-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.