A stepwise methodology for tracing computer usage

Seung Bong Lee; Jewan Bang; Kyung Soo Lim; Jongsung Kim; Sangjin Lee

doi:10.1109/NCM.2009.246

A stepwise methodology for tracing computer usage

Seung Bong Lee, Jewan Bang, Kyung Soo Lim, Jongsung Kim, Sangjin Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.

Original language	English
Title of host publication	NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
Pages	1852-1857
Number of pages	6
DOIs	https://doi.org/10.1109/NCM.2009.246
Publication status	Published - 2009
Event	NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of Duration: 2009 Aug 25 → 2009 Aug 27

Publication series

Name	NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

Other

Other	NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
Country/Territory	Korea, Republic of
City	Seoul
Period	09/8/25 → 09/8/27

Keywords

PIM
Pre-investigation
Selectively acquisition

ASJC Scopus subject areas

Computer Graphics and Computer-Aided Design
Computer Science Applications
Software

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/NCM.2009.246

Cite this

Lee, SB, Bang, J, Lim, KS, Kim, J & Lee, S 2009, A stepwise methodology for tracing computer usage. in NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC., 5331447, NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC, pp. 1852-1857, NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications, Seoul, Korea, Republic of, 09/8/25. https://doi.org/10.1109/NCM.2009.246

@inproceedings{90de380203b74f1b979bca5fb26f4d21,

title = "A stepwise methodology for tracing computer usage",

abstract = "In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.",

keywords = "PIM, Pre-investigation, Selectively acquisition",

author = "Lee, {Seung Bong} and Jewan Bang and Lim, {Kyung Soo} and Jongsung Kim and Sangjin Lee",

year = "2009",

doi = "10.1109/NCM.2009.246",

language = "English",

isbn = "9780769537696",

series = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

pages = "1852--1857",

booktitle = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

note = "NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications ; Conference date: 25-08-2009 Through 27-08-2009",

}

TY - GEN

T1 - A stepwise methodology for tracing computer usage

AU - Lee, Seung Bong

AU - Bang, Jewan

AU - Lim, Kyung Soo

AU - Kim, Jongsung

AU - Lee, Sangjin

PY - 2009

Y1 - 2009

N2 - In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.

AB - In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.

KW - PIM

KW - Pre-investigation

KW - Selectively acquisition

UR - http://www.scopus.com/inward/record.url?scp=73549122376&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=73549122376&partnerID=8YFLogxK

U2 - 10.1109/NCM.2009.246

DO - 10.1109/NCM.2009.246

M3 - Conference contribution

AN - SCOPUS:73549122376

SN - 9780769537696

T3 - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

SP - 1852

EP - 1857

BT - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

T2 - NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications

Y2 - 25 August 2009 through 27 August 2009

ER -

A stepwise methodology for tracing computer usage

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this