Skip to main content
SpringerLink
Log in
Book cover

Future Information Technology pp 277–284Cite as

An Efficient Computer Forensics Selective Imaging Model

  • Conference paper

Part of the Lecture Notes in Electrical Engineering book series (LNEE,volume 276)

Abstract

Selective imaging is a new concept in computer forensics. It is used for collecting only the data that is relevant to the crime and helps in improves the scalability of the investigation process. However, the current selective imaging approaches directly image the identified data without considering their offsets on the targeted user storage. This paper investigates the impact of the relevant data offsets on the efficiency of the selective imaging process. A practical selective imaging model is presented which includes a digital evidence ordering algorithm (DEOA) for ordering the selected relevant data items. The proposed selective imaging model has been implemented and evaluated in different types of storage devices. The evaluation result shows that even if our proposed algorithm has a small efficiency negative impact before the imaging process starts; it has a large positive effect on the efficiency of the selective imaging process itself.

Keywords

  • Computer forensics
  • digital evidence
  • selective imaging
  • efficiency
  • ordering algorithm

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kenneallya, E.E., Brown, C.L.T.: Risk sensitive digital evidence collection. Digital Investigation 2(2), 101–119 (2005)

    CrossRef  Google Scholar 

  2. Turner, P.: Selective and intelligent imaging using digital evidence bags. Digital Investigation 3(1), 559–564 (2006)

    Google Scholar 

  3. Stüttgen, J.: Selective Imaging: Creating Efficient Forensic Images by Selecting Content First. Mannheim University (2011)

    Google Scholar 

  4. Turner, P.: Digital provenance - interpretation, verification and corroboration. Digital Investigation 2(1), 45–49 (2005)

    CrossRef  Google Scholar 

  5. Turner, P.: Unification of digital evidence from disparate sources (Digital Evidence Bags). Digital Investigation 2(3), 223–228 (2005)

    CrossRef  Google Scholar 

  6. Richard, G., Roussev, V.: Breaking the performance wall: The case for distributed digital forensics. Paper presented at the Proceedings of the 2004 Digital Forensics Research Workshop (DFRWS 2004), Baltimore, Maryland (2004)

    Google Scholar 

  7. Turner, P.: Applying a forensic approach to incident response, network investigation and system administration using Digital Evidence Bags. Digital Investigation 4(1), 30–35 (2007)

    CrossRef  Google Scholar 

  8. Kloet, B., Metz, J., Mora, R.-J., Loveall, D., Schreiber, D.: libewf: project info. (2008), http://www.uitwisselplatform.nl/projects/libewf/

  9. Garfinkel, S., Malan, D.J., Dubec, K.-A., Stevens, C.C., Pham, C.: Disk imaging with the advanced forensic format, library and tools. In: Research Advances in Digital Forensics (Second Annual IFIP WG 11.9 International Conference on Digital Forensics). Springer (January 2006)

    Google Scholar 

  10. Cohen, M., Schatz, B.: Hash based disk imaging using AFF4. Digital Investigation 7, 121–128 (2010)

    CrossRef  Google Scholar 

  11. Beebe, N.: Digital Forensics Research: The Bad, The God and the Unaddressed. In: Advances in Digital Forensics V - IFIP International Conference on Digital Forensics, Orlando, Florida, USA, pp. 17–36 (2009)

    Google Scholar 

  12. Beebe, N., Clark, J.: Dealing with Terabyte Data Sets in Digital Investigations. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics V. IFIP, vol. 194, pp. 3–16. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  13. Sanderson, P.: Mass image classification. Digital Investigation 3(4), 190–195 (2006)

    CrossRef  MathSciNet  Google Scholar 

  14. Beebe, N.L., Clark, J.G.: Digital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results. Digital Investigation 4(1), 49–54 (2007)

    CrossRef  Google Scholar 

  15. Richard, G., Roussev, V.: File System Support for Digital Evidence Bags. In: Olivier, M., Shenoi, S. (eds.) Internation al Federation for Information Processing. IFIP AICT, vol. 222, pp. 29–40. Springer, Boston (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Waleed Halboob & Khaled S. Alghathbar

  2. Departments of Information Systems, Collage of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia

    Khaled S. Alghathbar

  3. Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400, Serdang, Selangor, Malaysia

    Waleed Halboob, Ramlan Mahmod, Nur Izura Udzir, Mohd. Taufik Abdullah & Ali Deghantanha

Authors
  1. Waleed Halboob
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Khaled S. Alghathbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ramlan Mahmod
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nur Izura Udzir
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohd. Taufik Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ali Deghantanha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul University of Science & and Technology (SeoulTech), Seoul, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

  2. SEECS, University of Ottawa, Ottawa, Ontario, Canada

    Ivan Stojmenovic

  3. School of Information and Communication Engineering, Chungbuk National University, Chungbuk, Korea, Republic of (South Korea)

    Min Choi

  4. Department of Languages and Informatics Systems, Polytechnic University of Catalonia, Barcelona, Spain

    Fatos Xhafa

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Halboob, W., Alghathbar, K.S., Mahmod, R., Udzir, N.I., Abdullah, M.T., Deghantanha, A. (2014). An Efficient Computer Forensics Selective Imaging Model. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds) Future Information Technology. Lecture Notes in Electrical Engineering, vol 276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40861-8_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40861-8_41

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40860-1

  • Online ISBN: 978-3-642-40861-8

  • eBook Packages: EngineeringEngineering (R0)

search

Navigation