An ordered selective imaging and distributed analysis computer forensics model
The traditional computer forensics procedures and tools collect and analyze the entire user data. This scenario has been proven to be not appropriate any more due to increased size of user data and storage. Accordingly, selective imaging and distributed analysis concepts have been introduced in the...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Asian Network for Scientific Information
2014
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/36427/1/An%20ordered%20selective%20imaging%20and%20distributed%20analysis%20computer%20forensics%20model.pdf http://psasir.upm.edu.my/id/eprint/36427/ http://scialert.net/abstract/?doi=jas.2014.2704.2712 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| id |
my.upm.eprints.36427 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.364272015-09-10T06:52:48Z http://psasir.upm.edu.my/id/eprint/36427/ An ordered selective imaging and distributed analysis computer forensics model Halboob, Waleed Mahmod, Ramlan Udzir, Nur Izura Abdullah @ Selimun, Mohd Taufik Deghantanha, Ali The traditional computer forensics procedures and tools collect and analyze the entire user data. This scenario has been proven to be not appropriate any more due to increased size of user data and storage. Accordingly, selective imaging and distributed analysis concepts have been introduced in the literature to reduce the digital evidences collection and analysis costs (time and resources). Current selective imaging approaches image the relevant data according the order of their selection and not according to their physical offsets order inside the targeted storage. Furthermore, integrating the selective imaging and distributed analysis has not been considered yet. This study proposed a computer forensics investigation process that provides an efficient imaging and scalable analysis. The selected data artifacts are first ordered upon their physical offsets. Then, based on the selected data size and available investigation time, the selected data are imaged into one or more partial forensic image in such a way that the produced images can be analyzed by different investigators and using several machines. An Advanced Forensic File Format 4 (AFF4) is used as a container for the collected relevant data. An experiment study has been used to evaluate the performance of the selected imaging process. The result shows that, even if ordering the selected digital evidences has a small performance negative impact but it has a positive effect on the performance of the selective imaging process itself. A qualitative study has been also used to evaluate the system and management scalability of the distributed analysis. Asian Network for Scientific Information 2014 Article PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/36427/1/An%20ordered%20selective%20imaging%20and%20distributed%20analysis%20computer%20forensics%20model.pdf Halboob, Waleed and Mahmod, Ramlan and Udzir, Nur Izura and Abdullah @ Selimun, Mohd Taufik and Deghantanha, Ali (2014) An ordered selective imaging and distributed analysis computer forensics model. Journal of Applied Sciences, 14 (21). pp. 2704-2712. ISSN 1812-5654; ESSN: 1812-5662 http://scialert.net/abstract/?doi=jas.2014.2704.2712 10.3923/jas.2014.2704.2712 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
The traditional computer forensics procedures and tools collect and analyze the entire user data. This scenario has been proven to be not appropriate any more due to increased size of user data and storage. Accordingly, selective imaging and distributed analysis concepts have been introduced in the literature to reduce the digital evidences collection and analysis costs (time and resources). Current selective imaging approaches image the relevant data according the order of their selection and not according to their physical offsets order inside the targeted storage. Furthermore, integrating the selective imaging and distributed analysis has not been considered yet. This study proposed a computer forensics investigation process that provides an efficient imaging and scalable analysis. The selected data artifacts are first ordered upon their physical offsets. Then, based on the selected data size and available investigation time, the selected data are imaged into one or more partial forensic image in such a way that the produced images can be analyzed by different investigators and using several machines. An Advanced Forensic File Format 4 (AFF4) is used as a container for the collected relevant data. An experiment study has been used to evaluate the performance of the selected imaging process. The result shows that, even if ordering the selected digital evidences has a small performance negative impact but it has a positive effect on the performance of the selective imaging process itself. A qualitative study has been also used to evaluate the system and management scalability of the distributed analysis. |
| format |
Article |
| author |
Halboob, Waleed Mahmod, Ramlan Udzir, Nur Izura Abdullah @ Selimun, Mohd Taufik Deghantanha, Ali |
| spellingShingle |
Halboob, Waleed Mahmod, Ramlan Udzir, Nur Izura Abdullah @ Selimun, Mohd Taufik Deghantanha, Ali An ordered selective imaging and distributed analysis computer forensics model |
| author_facet |
Halboob, Waleed Mahmod, Ramlan Udzir, Nur Izura Abdullah @ Selimun, Mohd Taufik Deghantanha, Ali |
| author_sort |
Halboob, Waleed |
| title |
An ordered selective imaging and distributed analysis computer forensics model |
| title_short |
An ordered selective imaging and distributed analysis computer forensics model |
| title_full |
An ordered selective imaging and distributed analysis computer forensics model |
| title_fullStr |
An ordered selective imaging and distributed analysis computer forensics model |
| title_full_unstemmed |
An ordered selective imaging and distributed analysis computer forensics model |
| title_sort |
ordered selective imaging and distributed analysis computer forensics model |
| publisher |
Asian Network for Scientific Information |
| publishDate |
2014 |
| url |
http://psasir.upm.edu.my/id/eprint/36427/1/An%20ordered%20selective%20imaging%20and%20distributed%20analysis%20computer%20forensics%20model.pdf http://psasir.upm.edu.my/id/eprint/36427/ http://scialert.net/abstract/?doi=jas.2014.2704.2712 |
| _version_ |
1643831736598003712 |