The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Brian Carrier - Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Defining a Digital Forensic Investigation

Apr 06, 2005

Download: Video Icon MP4 Video Size: 170.8MB  
Watch on Youtube Watch on YouTube

Abstract

Digital investigations have occurred in some form or another for many years, yet there is no scientific model of the process. After all, there are multiple ways and sequences in which evidence may be found. An investigator does not necessarily need a model to solve a case, but a scientific model is useful for developing investigation tools and technology because it allows us to define requirements and identify what areas need more attention. Further, there are guidelines for entering technical evidence into a U.S. court that may require the technical procedure to be published and have known error rates. In this talk, I will present an overview of existing process models that an investigator can use. I will then present our initial findings on a more scientific model that is based on how digital evidence is created and will show how it can be applied to the process models used by practitioners. Our event-based model allows us to more clearly define requirements for investigation tools, which will help in the development and testing process.


About the Speaker

Brian Carrier is a Research Assistant at CERIAS and a Computer Science Ph.D. candidate. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for its incident response team and digital forensic lab. Brian is the author of the File System Forensic Analysis book and has authored several digital forensic tools, including The Sleuth Kit and the Autopsy Forensic Browser. Brian has taught forensics and incident response at SANS, FIRST, the @stake Academy, and SEARCH and is a co-author for the 2nd edition of the Honeynet Project\'s Know Your Enemy book. He has also presented at The Digital Forensics Research Workshop (DFRWS), the High Technology Crime Investigation Association (HTCIA), and the American Academy of Forensic Sciences (AAFS). Brian has been involved with the European Commission\'s CTOSE project on Digital Evidence and a referee for the Journal of Digital Investigation.




Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!