A proposal for automating investigations in live forensics

Seokhee Lee; Antonio Savoldi; Kyoung Soo Lim; Jong Hyuk Park; Sangjin Lee

doi:10.1016/j.csi.2009.09.001

A proposal for automating investigations in live forensics

Seokhee Lee
, Antonio Savoldi
, Kyoung Soo Lim
, Jong Hyuk Park
, Sangjin Lee

Dept. of Computer Science and Engineering

Research output: Contribution to journal › Review article › peer-review

9 Scopus citations

Abstract

In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

Original language	English
Pages (from-to)	246-255
Number of pages	10
Journal	Computer Standards and Interfaces
Volume	32
Issue number	5-6
DOIs	https://doi.org/10.1016/j.csi.2009.09.001
State	Published - Oct 2010

Keywords

Automated digital investigation process
Digital evidence collection
Live forensics
XML technology

Access to Document

10.1016/j.csi.2009.09.001

Cite this

@article{f9137709824b448092841e692aec5025,

title = "A proposal for automating investigations in live forensics",

abstract = "In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.",

keywords = "Automated digital investigation process, Digital evidence collection, Live forensics, XML technology",

author = "Seokhee Lee and Antonio Savoldi and Lim, \{Kyoung Soo\} and Park, \{Jong Hyuk\} and Sangjin Lee",

year = "2010",

month = oct,

doi = "10.1016/j.csi.2009.09.001",

language = "English",

volume = "32",

pages = "246--255",

journal = "Computer Standards and Interfaces",

issn = "0920-5489",

number = "5-6",

}

TY - JOUR

T1 - A proposal for automating investigations in live forensics

AU - Lee, Seokhee

AU - Savoldi, Antonio

AU - Lim, Kyoung Soo

AU - Park, Jong Hyuk

AU - Lee, Sangjin

PY - 2010/10

Y1 - 2010/10

N2 - In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

AB - In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

KW - Automated digital investigation process

KW - Digital evidence collection

KW - Live forensics

KW - XML technology

UR - https://www.scopus.com/pages/publications/77955339339

U2 - 10.1016/j.csi.2009.09.001

DO - 10.1016/j.csi.2009.09.001

M3 - Review article

AN - SCOPUS:77955339339

SN - 0920-5489

VL - 32

SP - 246

EP - 255

JO - Computer Standards and Interfaces

JF - Computer Standards and Interfaces

IS - 5-6

ER -

A proposal for automating investigations in live forensics

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this