BROWSE
Detail
Conference Paper
Applying Forensic Approach to Live Investigation using XeBag
Cited 2 time in 
Share 
Share
- Authors
- Kyung-Soo Lim, Changhoon Lee
- Issue Date
- 2012-11
- Citation
- International Conference on Computer Science and its Applications (CSA) 2012 (LNEE 203), v.203, pp.389-397
- Publisher
- Springer
- Language
- English
- Type
- Conference Paper
- Abstract
- The law enforcement agencies in the worldwide are confiscating or retaining computer systems involved in a crime/civil case at the preliminary investigation stage, even though the case does not involve a cyber-crime. They are collecting digital evidences from the suspects's systems and using them in the essential investigation procedure. It requires much time, though, to collect, duplicate and analyze disk images in general crime cases, especially in cases in which rapid response must be taken such as kidnapping and murder cases. It is efficient and effective to selectively collect only traces of the behavior of the user activities on operating systems or particular files in focus of triage investigation in live system. On the other hand, if we just acquire essential files from target computer, it is not suitable forensically soundness. Therefore, we need to use standard digital evidence container to prove integrity and probative of evidence from various digital sources. In this article, we describe a forensic approach to live investigation using Xebeg, which is easily able to preserve collected digital evidences selectively for using general technology such as XML and PKZIP compression technology, which is satisfied with generality, integrity, unification, scalability and security. © 2012 Springer Science+Business Media.
- KSP Keywords
- Computer systems, Cyber-crime, Rapid Response, compression technology, digital evidence, law enforcement, operating system