TY - GEN
T1 - Applying forensic approach to live investigation using XeBag
AU - Lim, Kyung Soo
AU - Lee, Changhoon
PY - 2012
Y1 - 2012
N2 - The law enforcement agencies in the worldwide are confiscating or retaining computer systems involved in a crime/civil case at the preliminary investigation stage, even though the case does not involve a cyber-crime. They are collecting digital evidences from the suspects's systems and using them in the essential investigation procedure. It requires much time, though, to collect, duplicate and analyze disk images in general crime cases, especially in cases in which rapid response must be taken such as kidnapping and murder cases. It is efficient and effective to selectively collect only traces of the behavior of the user activities on operating systems or particular files in focus of triage investigation in live system. On the other hand, if we just acquire essential files from target computer, it is not suitable forensically soundness. Therefore, we need to use standard digital evidence container to prove integrity and probative of evidence from various digital sources. In this article, we describe a forensic approach to live investigation using Xebeg, which is easily able to preserve collected digital evidences selectively for using general technology such as XML and PKZIP compression technology, which is satisfied with generality, integrity, unification, scalability and security.
AB - The law enforcement agencies in the worldwide are confiscating or retaining computer systems involved in a crime/civil case at the preliminary investigation stage, even though the case does not involve a cyber-crime. They are collecting digital evidences from the suspects's systems and using them in the essential investigation procedure. It requires much time, though, to collect, duplicate and analyze disk images in general crime cases, especially in cases in which rapid response must be taken such as kidnapping and murder cases. It is efficient and effective to selectively collect only traces of the behavior of the user activities on operating systems or particular files in focus of triage investigation in live system. On the other hand, if we just acquire essential files from target computer, it is not suitable forensically soundness. Therefore, we need to use standard digital evidence container to prove integrity and probative of evidence from various digital sources. In this article, we describe a forensic approach to live investigation using Xebeg, which is easily able to preserve collected digital evidences selectively for using general technology such as XML and PKZIP compression technology, which is satisfied with generality, integrity, unification, scalability and security.
KW - Digital evidence container
KW - Digital forensics
KW - Incident response
KW - Live investigation
UR - http://www.scopus.com/inward/record.url?scp=84868524054&partnerID=8YFLogxK
U2 - 10.1007/978-94-007-5699-1_38
DO - 10.1007/978-94-007-5699-1_38
M3 - Conference contribution
AN - SCOPUS:84868524054
SN - 9789400756984
T3 - Lecture Notes in Electrical Engineering
SP - 389
EP - 397
BT - Computer Science and Its Applications, CSA 2012
T2 - 4th FTRA International Conference on Computer Science and Its Applications, CSA 2012
Y2 - 22 November 2012 through 25 November 2012
ER -