Abstract
The digital forensic process as traditionally laid out is very time intensive – it begins with the collection, duplication and authentication of every piece of digital media prior to examination. Digital triage, a process that takes place prior to this standard methodology, can be used to speed up the process and provide valuable intelligence without subjecting digital evidence to a full examination. This quick intelligence can be used in the field for search and seizure guidance, in the office to determine if media is worth sending out for an examination, or in the laboratory to prioritize cases for analysis. For digital triage to become accepted by the forensic community, it must be modeled, tested and peer reviewed, but there have been very few attempts to model digital triage. This work describes the evaluation of the Semi-Automated Crime-Specific Digital Triage Process Model, and presents the results of five experimental trials.
Chapter PDF
Similar content being viewed by others
References
F. Adelstein, Live forensics: Diagnosing your system without killing it first, Communications of the ACM, vol. 49(2), pp. 63–66, 2005.
V. Baryamureeba and F. Tushabe, The enhanced digital investigation process model, Asian Journal of Information Technology, vol. 5(7), pp. 790–794, 2006.
N. Beebe and J. Clark, A hierarchical, objectives-based framework for the digital investigation process, Digital Investigation, vol. 2(2), pp. 147–167, 2005.
A. Bogen and D. Dampier, Unifying computer forensics modeling approaches: A software engineering perspective, Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 27–39, 2005.
G. Cantrell, D. Dampier, Y. Dandass, N. Niu and A. Bogen, Research toward a partially-automated and crime-specific digital triage process model, Computer and Information Science, vol. 5(2), pp. 29–38, 2012.
B. Carrier and E. Spafford, Getting physical with the digital investigation process, International Journal of Digital Evidence, vol. 2(2), 2003.
B. Carrier and E. Spafford, An event-based digital forensic investigation framework, Proceedings of the Digital Forensics Research Workshop, 2004.
H. Carvey, RegRipper ( regripper.wordpress.com ).
H. Carvey, The Windows registry as a forensic resource, Digital Investigation, vol. 2(3), pp. 201–205, 2005.
B. Dolan-Gavitt, Forensic analysis of the Windows registry in memory, Digital Investigation, vol. 5S, pp. S26–S32, 2008.
D. Farmer and W. Venema, Forensic Discovery, Addison-Wesley, Upper Saddle River, New Jersey, 2004.
A. Grillo, A. Lentini, G. Me and M. Ottoni, Fast user classifying to establish forensic analysis priorities, Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics, pp. 69–77, 2009.
T. Hill and P. Lewicki, Statistics: Methods and Applications, StatSoft, Tulsa, Oklahoma, 2006.
K. Jones and R. Blani, Web Browser Forensics, Part 1, Symantec, Mountain View, California ( www.symantec.com/connect/articles/web-browser-forensics-part-1 ), 2010.
K. Jones and R. Blani, Web Browser Forensics, Part 2, Symantec, Mountain View, California ( www.symantec.com/connect/articles/web-browser-forensics-part-2 ), 2010.
W. Kruse and J. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley, Boston, Massachusetts, 2001.
J. Oh, S. Lee, and S. Lee, Advanced evidence collection and analysis of web browser activity, Digital Investigation, vol. 8S, pp. S62–S70, 2011.
M. Rogers, J. Goldman, R. Mislan, T. Wedge and S. Debrota, Computer forensics field triage process model, Journal of Digital Forensics, Security and Law, vol. 1(2), pp. 27–40, 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Cantrell, G., Dampier, D. (2013). Evaluation of the Semi-automated Crime-Specific Digital Triage Process Model. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics IX. DigitalForensics 2013. IFIP Advances in Information and Communication Technology, vol 410. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41148-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-41148-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41147-2
Online ISBN: 978-3-642-41148-9
eBook Packages: Computer ScienceComputer Science (R0)