Abstract
The goal of live digital forensics is to collect crucial evidence that cannot be acquired under the well-known paradigm of post-mortem analysis. Volatile information in computer memory is ephemeral by definition and can be altered as a consequence of the live forensic approach. Every running tool on an investigated system leaves artifacts and changes the system state. This paper focuses on the understanding and measurement of the uncertainty related to the important and emerging paradigm of live forensic investigations. It also presents some practical examples related to the evaluation of uncertainty.
Chapter PDF
Similar content being viewed by others
References
D. Bem, Computer forensic analysis in a virtual environment, International Journal of Digital Evidence, vol. 6(2), 2007.
D. Bovet and M. Cesati, Understanding the Linux Kernel, O’Reilly, Sebastopol, California, 2006.
E. Casey, Error, uncertainty and loss in digital evidence, International Journal of Digital Evidence, vol. 1(2), 2002.
e-fense, Helix3 Enterprise, Washington, DC (www.e-fense.com/helix), 2009.
G. Garner, Forensic Acquisition Utilities (www.gmgsystemsinc.com/fau), 2009.
J. Halpern, Reasoning about Uncertainty, MIT Press, Cambridge, Massachusetts, 2005.
HBGary, FastDump Pro, Sacramento, California (www.hbgary.com/products-services/fastdump-pro).
J. Kornblum, Using every part of the buffalo in Windows memory analysis, Digital Investigation, vol. 4(1), pp. 24–29, 2007.
D. Lindley, Understanding Uncertainty, John Wiley, Hoboken, New Jersey, 2006.
C. Malin, E. Casey and J. Aquilina, Malware Forensics: Investigating and Analyzing Malicious Code, Syngress, Burlington, Massachusetts, 2008.
Mandiant, Memoryze, Washington, DC (www.mandiant.com/soft ware/memoryze.htm).
ManTech, Memory DD, Vienna, Virginia (cybersolutions.mantech.com/products.htm).
M. McDougal, Windows Forensic Toolchest (WFT) (www.foolmoon.net/security/wft), 2005.
National Institute of Standards and Technology, The NIST Reference on Constants, Units and Uncertainty, Gaithersburg, Maryland, 2006.
M. Oliveira, R. Redin, L. Carro, L. da Cunha Lamb and F. Wagner, Software quality metrics and their impact on embedded software, Proceedings of the Fifth International Workshop on Model-Based Methodologies for Pervasive and Embedded Software, pp. 68–77, 2008.
P. Rubin, D. MacKenzie and S. Kemp, GNU dd (www.gnu.org/soft ware/coreutils).
P. Rubin, D. MacKenzie, S. Kemp, J. Kornblum and A. Medico, dc3dd (dc3dd.sourceforge.net).
A. Savoldi and P. Gubian, Blurriness in live forensics: An introduction, Proceedings of the Third International Conference on Information Security and Assurance, pp. 119–126, 2009.
A. Savoldi and P. Gubian, Volatile memory collection and analysis for Windows mission-critical computer systems, International Journal of Digital Crime and Forensics, vol. 1(3), pp. 42–61, 2009.
M. Suiche, win32dd (win32dd.msuiche.net).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 International Federation for Information Processing
About this paper
Cite this paper
Savoldi, A., Gubian, P., Echizen, I. (2010). Uncertainty in Live Forensics. In: Chow, KP., Shenoi, S. (eds) Advances in Digital Forensics VI. DigitalForensics 2010. IFIP Advances in Information and Communication Technology, vol 337. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15506-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-15506-2_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15505-5
Online ISBN: 978-3-642-15506-2
eBook Packages: Computer ScienceComputer Science (R0)