An Efficient Computer Forensics Selective Imaging Model
Selective imaging is a new concept in computer forensics. It is used for collecting only the data that is relevant to the crime and helps in improves the scalability of the investigation process. However, the current selective imaging approaches directly image the identified data without considering their offsets on the targeted user storage. This paper investigates the impact of the relevant data offsets on the efficiency of the selective imaging process. A practical selective imaging model is presented which includes a digital evidence ordering algorithm (DEOA) for ordering the selected relevant data items. The proposed selective imaging model has been implemented and evaluated in different types of storage devices. The evaluation result shows that even if our proposed algorithm has a small efficiency negative impact before the imaging process starts; it has a large positive effect on the efficiency of the selective imaging process itself.
KeywordsComputer forensics digital evidence selective imaging efficiency ordering algorithm
Unable to display preview. Download preview PDF.
- 2.Turner, P.: Selective and intelligent imaging using digital evidence bags. Digital Investigation 3(1), 559–564 (2006)Google Scholar
- 3.Stüttgen, J.: Selective Imaging: Creating Efficient Forensic Images by Selecting Content First. Mannheim University (2011)Google Scholar
- 6.Richard, G., Roussev, V.: Breaking the performance wall: The case for distributed digital forensics. Paper presented at the Proceedings of the 2004 Digital Forensics Research Workshop (DFRWS 2004), Baltimore, Maryland (2004)Google Scholar
- 8.Kloet, B., Metz, J., Mora, R.-J., Loveall, D., Schreiber, D.: libewf: project info. (2008), http://www.uitwisselplatform.nl/projects/libewf/
- 9.Garfinkel, S., Malan, D.J., Dubec, K.-A., Stevens, C.C., Pham, C.: Disk imaging with the advanced forensic format, library and tools. In: Research Advances in Digital Forensics (Second Annual IFIP WG 11.9 International Conference on Digital Forensics). Springer (January 2006)Google Scholar
- 11.Beebe, N.: Digital Forensics Research: The Bad, The God and the Unaddressed. In: Advances in Digital Forensics V - IFIP International Conference on Digital Forensics, Orlando, Florida, USA, pp. 17–36 (2009)Google Scholar
- 15.Richard, G., Roussev, V.: File System Support for Digital Evidence Bags. In: Olivier, M., Shenoi, S. (eds.) Internation al Federation for Information Processing. IFIP AICT, vol. 222, pp. 29–40. Springer, Boston (2006)Google Scholar