Abstract
Early digital forensic examinations were conducted in toto — every file on the storage media was examined along with the entire file system structure. However, this is no longer practical as operating systems have become extremely complex and storage capacities are growing geometrically. Examiners now perform targeted examinations using forensic tools and databases of known files, selecting specific files and data types for review while ignoring files of irrelevant type and content. Despite the application of sophisticated tools, the forensic process still relies on the examiner’s knowledge of the technical aspects of the specimen and understanding of the case and the law. Indeed, the success of a forensic examination is strongly dependent on how it is designed. This paper discusses the application of traditional forensic taxonomy to digital forensics. The forensic processes of identification, classification/individualization, association and reconstruction are used to develop “forensic questions,” which are applied to objectively design digital forensic examinations.
Chapter PDF
References
V. Baryamureeba and F. Tushabe, The enhanced digital investigation process model, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.
N. Beebe and J. Clark, A hierarchical, objectives-based framework for the digital investigation process, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.
B. Carrier, Defining digital forensic examination and analysis tools using abstraction layers, International Journal of Digital Evidence, vol. 1(4), 2003.
B. Carrier and E. Spafford, Getting physical with the digital investigation process, International Journal of Digital Evidence, vol. 2 (2),2003.
K. Inman and N. Rudin, Principles and Practices of Criminalistics: The Profession of Forensic Science, CRC Press, Boca Raton, Florida, 2001.
T. Kuhn, The Structure of Scientific Revolutions, University of Chicago Press, Chicago, Illinois, 1970.
H. Lee and H. Harris, Physical Evidence in Forensic Science, Lawyers and Judges Publishing Company, Tucson, Arizona, 2000.
G. Mohay, A. Anderson, B. Collie, O. de Vel and R. McKemmish, Computer and Intrusion Forensics, Artech House, Boston, Massachusetts, 2003.
A. Mozayani and C. Noziglia, The Forensic Laboratory Handbook: Procedures and Practice, Humana Press, Totowa, New Jersey, 2006.
National Archives and Records Administration, The Future, Col- lege Park, Maryland (www.archives.gov/about/history/building-an-archives/statues/statue-future.html).
National Institute of Standards and Technology, National Software Reference Library, Gaithersburg, Maryland (www.nsrl.nist.gov).
B. Nelson, Guide to Computer Forensics and Investigations, Thompson Course Technology, Boston, Massachusetts, 2006.
M. Pollitt, An ad hoc review of digital forensic models, presented at the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, 2007.
M. Reith, C. Carr and G. Gunsch, An examination of digital forensic models, International Journal of Digital Evidence, vol. 1(3), 2002.
R. Saferstein, Forensic Science Handbook, Volume II, Prentice-Hall, Englewood Cliffs, New Jersey, 1988.
P. Stephenson, Modeling of post-incident root cause analysis, In- ternational Journal of Digital Evidence, vol. 2(2), 2003.
C. Welch, Flexible standards, deferential review: Daubert’s legacy of confusion, Harvard Journal of Law and Public Policy, vol. 29(3), 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pollitt, M. (2008). Applying Traditional Forensic Taxonomy to Digital Forensics. In: Ray, I., Shenoi, S. (eds) Advances in Digital Forensics IV. DigitalForensics 2008. IFIP — The International Federation for Information Processing, vol 285. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-84927-0_2
Download citation
DOI: https://doi.org/10.1007/978-0-387-84927-0_2
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84926-3
Online ISBN: 978-0-387-84927-0
eBook Packages: Computer ScienceComputer Science (R0)