Abstract
The collection and handling of court admissible evidence is a fundamental component of any digital forensic investigation. While the procedures for handling digital evidence take much of their influence from the established policies for the collection of physical evidence, due to the obvious differences in dealing with non-physical evidence, a number of extra policies and procedures are required. This paper compares and contrasts some of the existing digital evidence formats or “bags” and analyses them for their compatibility with evidence gathered from a network source. A new digital extended evidence bag is proposed to specifically deal with evidence gathered from P2P networks, incorporating the network byte stream and on-the-fly metadata generation to aid in expedited identification and analysis.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Turner, P.: Unification of digital evidence from disparate sources (digital evidence bags). Digital Investigation 2(3), 223–228 (2005)
Casey, E.: What does for ensically sound really mean. Digital Investigation 4(2), 49–50 (2007)
Common Digital Evidence Storage Format (CDESF): Survey of existing disk image storage formats. In: Proc. Digital Forensic Research Workshop 2006 (September 2006)
Group, D.F.R.W.D.C.D.E.S.F.C.W (September 2006), http://www.dfrws.org/CDESF/index.shtml
The Common Digital Evidence Storage Format Working Group: Standardizing digital evidence storage. Communications of the ACM 49(2), 67–68 (2006)
Garfinkel, S.: Aff: a new format for storing hard drive images (2006)
Richard, G., Roussev, V., Marziale, L.: Forensic discovery auditing of digital evidence containers. Digital Investigation 4(2), 88–97 (2007)
Zip, G.F.: (April 2009), http://www.nongnu.org/gfzip/
Hosmer, C.: Digital evidence bag. Commun. ACM 49(2), 69–70 (2006)
Features, E.F.: (August 2009), http://www.guidancesoftware.com/WorkArea/DownloadAs-set.aspx?id=671.GuidanceSoftware
Science and Technology Committee: Forensic Science on Trial, 75–76 (2005)
Carrier, B.: Open source digital forensics tools: Thelegal argument. @stakeResearch Report (2002)
Supreme Court of the United States, Daubert v. Merrell Dow Pharmaceuticals: (June 1993), http://supct.law.cornell.edu/supct/html/92-102.ZS.html/
Computer Forensic Tool Testingpro-gram, U.S.N.I.o.S., Technology (August 2009), http://www.cftt.nist.gov/
National Institute of Standards and Technology: NIST Special Publication 800-86 Guide to Integrating Forensic Techniques into Incident Response. Create Space, Paramount, CA (2012)
Karyda, M., Mitrou, L.: Internet forensics: Legal and technical issues. In: IEEE Second International Workshop on Digital Forensics and Incident Analysis, WDFIA 2007, pp. 3–12 (2007)
McCanne, S., Leres, C., Jacobson, V.: Libpcap (June 2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Scanlon, M., Kechadi, T. (2014). Digital Evidence Bag Selection for P2P Network Investigation. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds) Future Information Technology. Lecture Notes in Electrical Engineering, vol 276. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40861-8_44
Download citation
DOI: https://doi.org/10.1007/978-3-642-40861-8_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40860-1
Online ISBN: 978-3-642-40861-8
eBook Packages: EngineeringEngineering (R0)