A proposal for automating investigations in live forensics

Seokhee Lee; Antonio Savoldi; Kyoung Soo Lim; Jong Hyuk Park; Sangjin Lee

doi:10.1016/j.csi.2009.09.001

A proposal for automating investigations in live forensics

Seokhee Lee, Antonio Savoldi, Kyoung Soo Lim, Jong Hyuk Park, Sangjin Lee

School of Cybersecurity

Research output: Contribution to journal › Review article › peer-review

8 Citations (Scopus)

Abstract

In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

Original language	English
Pages (from-to)	246-255
Number of pages	10
Journal	Computer Standards and Interfaces
Volume	32
Issue number	5-6
DOIs	https://doi.org/10.1016/j.csi.2009.09.001
Publication status	Published - 2010 Oct

Keywords

Automated digital investigation process
Digital evidence collection
Live forensics
XML technology

ASJC Scopus subject areas

Software
Hardware and Architecture
Law

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1016/j.csi.2009.09.001

Cite this

@article{08383958dbc04aba85386cddadcedcc2,

title = "A proposal for automating investigations in live forensics",

abstract = "In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.",

keywords = "Automated digital investigation process, Digital evidence collection, Live forensics, XML technology",

author = "Seokhee Lee and Antonio Savoldi and Lim, {Kyoung Soo} and Park, {Jong Hyuk} and Sangjin Lee",

note = "Funding Information: This work was supported by the IT R&D program of MKE/IITA [ 2007-S019-03 , Development of Digital Forensic System for Information Transparency]. We also thank anonymous referees for the valuable comments on our research. ",

year = "2010",

month = oct,

doi = "10.1016/j.csi.2009.09.001",

language = "English",

volume = "32",

pages = "246--255",

journal = "Computer Standards and Interfaces",

issn = "0920-5489",

publisher = "Elsevier",

number = "5-6",

}

TY - JOUR

T1 - A proposal for automating investigations in live forensics

AU - Lee, Seokhee

AU - Savoldi, Antonio

AU - Lim, Kyoung Soo

AU - Park, Jong Hyuk

AU - Lee, Sangjin

N1 - Funding Information: This work was supported by the IT R&D program of MKE/IITA [ 2007-S019-03 , Development of Digital Forensic System for Information Transparency]. We also thank anonymous referees for the valuable comments on our research.

PY - 2010/10

Y1 - 2010/10

N2 - In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

AB - In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

KW - Automated digital investigation process

KW - Digital evidence collection

KW - Live forensics

KW - XML technology

UR - http://www.scopus.com/inward/record.url?scp=77955339339&partnerID=8YFLogxK

U2 - 10.1016/j.csi.2009.09.001

DO - 10.1016/j.csi.2009.09.001

M3 - Review article

AN - SCOPUS:77955339339

SN - 0920-5489

VL - 32

SP - 246

EP - 255

JO - Computer Standards and Interfaces

JF - Computer Standards and Interfaces

IS - 5-6

ER -

A proposal for automating investigations in live forensics

Abstract

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this