Defining a Digital Forensic Investigation
Brian Carrier - Purdue University
Apr 06, 2005Size: 170.8MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractDigital investigations have occurred in some form or another for many years, yet there is no scientific model of the process. After all, there are multiple ways and sequences in which evidence may be found. An investigator does not necessarily need a model to solve a case, but a scientific model is useful for developing investigation tools and technology because it allows us to define requirements and identify what areas need more attention. Further, there are guidelines for entering technical evidence into a U.S. court that may require the technical procedure to be published and have known error rates. In this talk, I will present an overview of existing process models that an investigator can use. I will then present our initial findings on a more scientific model that is based on how digital evidence is created and will show how it can be applied to the process models used by practitioners. Our event-based model allows us to more clearly define requirements for investigation tools, which will help in the development and testing process.
About the SpeakerBrian Carrier is a Research Assistant at CERIAS and a Computer Science Ph.D. candidate. Previously, Brian was a Research Scientist at @stake in Boston, MA, and the lead for its incident response team and digital forensic lab. Brian is the author of the File System Forensic Analysis book and has authored several digital forensic tools, including The Sleuth Kit and the Autopsy Forensic Browser. Brian has taught forensics and incident response at SANS, FIRST, the @stake Academy, and SEARCH and is a co-author for the 2nd edition of the Honeynet Project\'s Know Your Enemy book. He has also presented at The Digital Forensics Research Workshop (DFRWS), the High Technology Crime Investigation Association (HTCIA), and the American Academy of Forensic Sciences (AAFS). Brian has been involved with the European Commission\'s CTOSE project on Digital Evidence and a referee for the Journal of Digital Investigation.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.