Abstract
It is well acknowledged that there is a pressing need for a general solution to the problem of storing digital evidence, both in terms of copied bitstream images and general information that describes the images and context surrounding a case. In a prior paper, we introduced the AFF4 evidence container format, focusing on the description of an efficient, layered bitstream storage architecture, a general approach to representing arbitrary information, and a compositional approach to managing and sharing evidence. This paper describes refinements to the representation schemes embodied in AFF4 that address the accurate representation of discontiguous data and the description of the provenance of data and information.
Chapter PDF
Similar content being viewed by others
References
M. Bartel, J. Boyer, B. Fox, B. LaMacchia and E. Simon, XML-Signature Syntax and Processing, World Wide Web Consortium, Cambridge, Massachusetts (www.w3.org/TR/xmldsig-core), 2009.
D. Beckett and T. Berners-Lee, Turtle: Terse RDF Tripe Language, World Wide Web Consortium, Cambridge, Massachusetts (www .w3.org/TeamSubmission/turtle), 2008.
T. Berners-Lee, R. Fielding and L. Masinter, Uniform Resource Identifiers (URI): Generic Syntax, RFC 2396 (www.ietf.org/rfc/rfc2396.txt), 1998.
B. Carrier, Defining digital forensic examination and analysis tools using abstraction layers, International Journal of Digital Evidence, vol. 1(4), 2003.
J. Carroll, Signing RDF graphs, Proceedings of the Second International Semantic Web Conference, pp. 369–384, 2003.
J. Carroll, C. Bizer, P. Hayes and P. Stickler, Named graphs, provenance and trust, Proceedings of the Fourteenth International Conference on the World Wide Web, pp. 613–622, 2005.
J. Carroll and P. Stickler, TriX: RDF Triples in XML, Technical Report HPL-2003-268, HP Labs, Palo Alto, California (www.hpl.hp.com/techreports/2004/HPL-2004-56.pdf), 2004.
M. Cohen, PyFlag: An advanced network forensic framework, Digital Investigation, vol. 5(S1), pp. S112–S120, 2008.
M. Cohen, S. Garfinkel and B. Schatz, Extending the Advanced Forensic Format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow, Digital Evidence, vol. 6(S1), pp. S57–S68, 2009.
S. Garfinkel, Providing cryptographic security and evidentiary chain-of-custody with the Advanced Forensic Format, library and tools, International Journal of Digital Crime and Forensics, vol. 1(1), pp. 1–28, 2009.
S. Garfinkel D. Malan, K. Dubec, C. Stevens and C. Pham, Advanced Forensic Format: An open, extensible format for disk imaging, in Advances in Digital Forensics II, M. Olivier and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 13–27, 2006.
R. Meijer, The Carve Path Zero Storage Library and Filesystem (ocfa.sourceforge.net/libcarvpath), 2006.
R. Moats, URN Syntax, RFC 2141 (www.ietf.org/rfc/rfc2141.txt), 1997.
B. Schatz and A. Clark, An information architecture for digital evidence integration, Proceedings of the AusCERT Asia Pacific Information Technology Security Conference, pp. 15–29, 2006.
P. Turner, Unification of digital evidence from disparate sources (digital evidence bags), Digital Investigation, vol. 2(3), pp. 223–228, 2005.
K. Watkins, M. McWhorte, J. Long and B. Hill, Teleporter: An analytically and forensically sound duplicate transfer system, Digital Investigation, vol. 6(S1), pp. S43–S47, 2009.
World Wide Web Consortium, RDF/XML Syntax Specification (Revised), Cambridge, Massachusetts (www.w3.org/TR/REC-rdf-syntax), 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 International Federation for Information Processing
About this paper
Cite this paper
Schatz, B., Cohen, M. (2010). Refining Evidence Containers for Provenance and Accurate Data Representation. In: Chow, KP., Shenoi, S. (eds) Advances in Digital Forensics VI. DigitalForensics 2010. IFIP Advances in Information and Communication Technology, vol 337. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15506-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-15506-2_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15505-5
Online ISBN: 978-3-642-15506-2
eBook Packages: Computer ScienceComputer Science (R0)