Forensic zero-knowledge event reconstruction on filesystem metadata
| dc.contributor.author | Kälber, Sven | |
| dc.contributor.author | Dewald, Andreas | |
| dc.contributor.author | Idler, Steffen | |
| dc.contributor.editor | Katzenbeisser, Stefan | |
| dc.contributor.editor | Lotz, Volkmar | |
| dc.contributor.editor | Weippl, Edgar | |
| dc.date.accessioned | 2019-01-25T14:17:27Z | |
| dc.date.available | 2019-01-25T14:17:27Z | |
| dc.date.issued | 2014 | |
| dc.description.abstract | Criminal investigations today can hardly be imagined without the forensic analysis of digital devices, regardless of whether it is a desktop computer, a mobile phone, or a navigation system. This not only holds true for cases of cybercrime, but also for traditional delicts such as murder or blackmail, and also private corporate investigations rely on digital forensics. This leads to an increasing number of cases with an ever-growing amount of data, that exceeds the capacity of the forensic experts. To support investigators to work more efficiently, we introduce a novel approach to automatically reconstruct events that previously occurred on the examined system and to provide a quick overview to the investigator as a starting point for further investigation. In contrast to the few existing approaches, our solution does not rely on any previously profiled system behavior or knowledge about specific applications, log files, or file formats. We further present a prototype implementation of our so-called zero knowledge event reconstruction approach, that solely tries to make sense of characteristic structures in file system metadata such as fileand folder-names and timestamps. | en |
| dc.identifier.isbn | 978-3-88579-622-0 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/20054 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Sicherheit 2014 – Sicherheit, Schutz und Zuverlässigkeit | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-254 | |
| dc.title | Forensic zero-knowledge event reconstruction on filesystem metadata | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 343 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 331 | |
| gi.conference.date | 19.-21. März 2014 | |
| gi.conference.location | Wien, Österreich | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1