Digital Evidence Bag Selection for P2P Network Investigation

Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 276)

Abstract

The collection and handling of court admissible evidence is a fundamental component of any digital forensic investigation. While the procedures for handling digital evidence take much of their influence from the established policies for the collection of physical evidence, due to the obvious differences in dealing with non-physical evidence, a number of extra policies and procedures are required. This paper compares and contrasts some of the existing digital evidence formats or “bags” and analyses them for their compatibility with evidence gathered from a network source. A new digital extended evidence bag is proposed to specifically deal with evidence gathered from P2P networks, incorporating the network byte stream and on-the-fly metadata generation to aid in expedited identification and analysis.

Keywords

Peer-to-Peer Network Digital Forensics Evidence Handling 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Turner, P.: Unification of digital evidence from disparate sources (digital evidence bags). Digital Investigation 2(3), 223–228 (2005)CrossRefGoogle Scholar
  2. 2.
    Casey, E.: What does for ensically sound really mean. Digital Investigation 4(2), 49–50 (2007)Google Scholar
  3. 3.
    Common Digital Evidence Storage Format (CDESF): Survey of existing disk image storage formats. In: Proc. Digital Forensic Research Workshop 2006 (September 2006) Google Scholar
  4. 4.
    Group, D.F.R.W.D.C.D.E.S.F.C.W (September 2006), http://www.dfrws.org/CDESF/index.shtml
  5. 5.
    The Common Digital Evidence Storage Format Working Group: Standardizing digital evidence storage. Communications of the ACM 49(2), 67–68 (2006) Google Scholar
  6. 6.
    Garfinkel, S.: Aff: a new format for storing hard drive images (2006) Google Scholar
  7. 7.
    Richard, G., Roussev, V., Marziale, L.: Forensic discovery auditing of digital evidence containers. Digital Investigation 4(2), 88–97 (2007) Google Scholar
  8. 8.
    Zip, G.F.: (April 2009), http://www.nongnu.org/gfzip/
  9. 9.
    Hosmer, C.: Digital evidence bag. Commun. ACM 49(2), 69–70 (2006)MathSciNetCrossRefGoogle Scholar
  10. 10.
  11. 11.
    Science and Technology Committee: Forensic Science on Trial, 75–76 (2005)Google Scholar
  12. 12.
    Carrier, B.: Open source digital forensics tools: Thelegal argument. @stakeResearch Report (2002) Google Scholar
  13. 13.
    Supreme Court of the United States, Daubert v. Merrell Dow Pharmaceuticals: (June 1993), http://supct.law.cornell.edu/supct/html/92-102.ZS.html/
  14. 14.
    Computer Forensic Tool Testingpro-gram, U.S.N.I.o.S., Technology (August 2009), http://www.cftt.nist.gov/
  15. 15.
    National Institute of Standards and Technology: NIST Special Publication 800-86 Guide to Integrating Forensic Techniques into Incident Response. Create Space, Paramount, CA (2012) Google Scholar
  16. 16.
    Karyda, M., Mitrou, L.: Internet forensics: Legal and technical issues. In: IEEE Second International Workshop on Digital Forensics and Incident Analysis, WDFIA 2007, pp. 3–12 (2007) Google Scholar
  17. 17.
    McCanne, S., Leres, C., Jacobson, V.: Libpcap (June 2012) Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.School of Computer Science and InformaticsUniversity College DublinBelfieldIreland

Personalised recommendations