Android Memory Capture and Applications for Security and Privacy

Full Text Android Memory Capture and Applications for Security and Privacy, University of New Orleans 2011 Abstract The Android operating system is quickly becoming the most popular platform for mobile devices. As Android’s use increases, so does the need for both forensic and privacy tools designed for the platform. This thesis presents the first methodology […]

Acquisition and Analysis of Volatile Memory from Android Devices

Full Text Acquisition and Analysis of Volatile Memory from Android Devices, Digital Investigation Journal, 2012 Abstract The Android operating system for mobile phones, which is still relatively new, is rapidly gaining market share, with dozens of smartphones and tablets either released or set to be released. In this paper, we present the first methodology and […]

Advanced Techniques for Improving the Efficacy of Digital Forensics Investigations

Full Text Advanced Techniques for Improving the Efficacy of Digital Forensics Investigations, University of New Orleans 2009 Abstract Digital forensics is the science concerned with discovering, preserving, and analyzing evidence on digital devices. The intent is to be able to determine what events have taken place, when they occurred, who performed them, and how they […]

MMR: A Platform for Large-Scale Forensic Computing

Full Text MMR: A Platform for Large-Scale Forensic Computing, IFIP 2009 Abstract The timely processing of large-scale digital forensic targets demands the empoyment of large-scale distributed resources, as well as the flexibility to customize the processing performed on the target. We presentMMR– a new, open implementation of the MapReduce processing model, which significantly outperforms prior […]

Dynamic Recreation of Kernel Data Structures for Live Forensics

Full Text Dynamic Recreation of Kernel Data Structures for Live Forensics, DFRWS 2010 Abstract The role of live forensics in digital forensic investigations has become vital due to the importance of volatile data such as encryption keys, network activity, currently running processes, in memory only malware, and other key pieces of data that are lost […]

Treasure and Tragedy in kmem_cache Mining for Live Forensics Investigation

Full Text Treasure and Tragedy in kmem_cache Mining for Live Forensics Investigation, DFRWS 2010 Abstract This paper presents the first deep investigation of the kmem_cache facility in Linux from a forensics perspective. The kmem_cache is used by the Linux kernel to quickly allocate and deallocate kernel structures associated with processes, files, and the network stack. […]

FACE: Automated Digital Evidence Discovery and Correlation

Full Text FACE: Automated Digital Evidence Discovery and Correlation, DFRWS 2008 Abstract Digital forensic tools are being developed at a brisk pace in response to the ever increasing variety of forensic targets. Most tools are created for specific tasks–file system analysis, memory analysis, network analysis, etc.–and make little effort to inter-operate with one another. This […]

Hash-based Classification of Data: Class-based Similarity Hashing

Full Text Hash-based Classification of Data: Class-based Similarity Hashing, IFIP 2008 Abstract In this paper, we introduce the notion of class-aware similarity hashes, or classprints which is an outgrowth of recent work on similarity hashing. Specifically, we build on the notion of context-based hashing to design a framework both for identifying data type based on […]

In-place File Carving

Full Text In-place File Carving, IFIP 2007 Abstract File carving is the process of recovering files from an investigative target, potentially without knowledge of the file system structures. The process is based on information about the format of the file types of interest, as well as on assumptions about how files are typically laid out […]

Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools

Full Text Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools, DFRWS 2007 Abstract The current generation of Graphics Processing Units (GPUs) contain a large number of general purpose processors, in sharp contrast to previous generation designs, where special-purpose hardware units (such as texture and vertex shaders) were commonly used. This fact, […]

Multi-Resolution Similarity Hashing

Full Text Multi-Resolution Similarity Hashing, DFRWS 2007 Abstract Large-scale digital forensic investigations present at least two fundamental challenges. The first one is accommodating the computational needs of a large amount of data to be processed. The second one is extracting useful information from the raw data in an automated fashion. Both of these problems could […]

Forensic discovery auditing of digital evidence containers

Full Text Forensic discovery auditing of digital evidence containers, Journal of Digital Investigation 2007 Abstract Current digital forensics methods capture, preserve, and analyze digital evidence in generalpurpose electronic containers (typically, plain files)with no dedicated support to help establish that the evidence has been properly handled. Auditing of a digital investigation, from identification and seizure of […]