By Topic

Towards Proactive Forensic Evidentiary Collection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Shields, C. ; Dept. of Comput. Sci., Georgetown Univ., Washington, DC, USA

Forensic investigations have traditionally relied on data that exists as a by-product of normal operating system and application operation on a system following an incident. We propose a research agenda targeted at expanding the information available to an investigator in computing environments in which software can be installed on the target systems ahead of any incident. In these cases, information can be preserved proactively and stored until needed for examination. In our first ongoing project, we are working to modify a file system to selectively recover disk blocks that are less likely to contain useful information when space is needed for a new file. In our second, we are keeping small amounts of information about files on a system that are deleted, copied, or modified. This allows us to perform certain types of investigations on files that are overwritten or otherwise missing from the system.

Published in:

System Sciences (HICSS), 2010 43rd Hawaii International Conference on

Date of Conference:

5-8 Jan. 2010