상세정보
학술대회
Applying Forensic Approach to Live Investigation using XeBag
- 저자
- 임경수, 이창훈
- 발행일
- 201211
- 출처
- International Conference on Computer Science and its Applications (CSA) 2012 (LNEE 203), v.203, pp.389-397
- 협약과제
- 12MG1400, 개인신변 안전보장을 위한 영상보안 기술개발, 한종욱
- 초록
- The law enforcement agencies in the worldwide are confiscating or retaining computer systems involved in a crime/civil case at the preliminary investigation stage, even though the case does not involve a cyber-crime. They are collecting digital evidences from the suspects's systems and using them in the essential investigation procedure. It requires much time, though, to collect, duplicate and analyze disk images in general crime cases, especially in cases in which rapid response must be taken such as kidnapping and murder cases. It is efficient and effective to selectively collect only traces of the behavior of the user activities on operating systems or particular files in focus of triage investigation in live system. On the other hand, if we just acquire essential files from target computer, it is not suitable forensically soundness. Therefore, we need to use standard digital evidence container to prove integrity and probative of evidence from various digital sources. In this article, we describe a forensic approach to live investigation using Xebeg, which is easily able to preserve collected digital evidences selectively for using general technology such as XML and PKZIP compression technology, which is satisfied with generality, integrity, unification, scalability and security. © 2012 Springer Science+Business Media.
- KSP 제안 키워드
- Computer systems, Cyber-crime, Rapid Response, compression technology, digital evidence, law enforcement, operating system