Abstract
The traditional forensic search and seizure process employed by law enforcement is not always appropriate given large data volumes and the potential of hard drive encryption. This paper proposes a framework built on case-based reasoning to support a live forensic response during the search and seizure process. The framework assists a first responder by identifying the risks and the procedures to ensure the optimal collection of evidence based on prior cases. Test results demonstrate that the framework provides valuable assistance to first responders, reducing the time taken to complete a response and increasing the likelihood of a successful conclusion.
Chapter PDF
Similar content being viewed by others
References
A. Aamodt and E. Plaza, Case-based reasoning: Foundational issues, methodological variations and system approaches, Artificial Intelligence Communications, vol. 7(1), pp. 39–59, 1994.
F. Adelstein, Live forensics: Diagnosing your system without killing it first, Communications of the ACM, vol. 49(2), pp. 63–66, 2006.
B. Carrier, Risks of live digital forensic analysis, Communications of the ACM, vol. 49(2), pp. 56–61, 2006.
B. Hay, M. Bishop and K. Nance, Live analysis: Progress and challenges, IEEE Security and Privacy, vol. 7(2), pp. 30–37, 2009.
B. Hoelz, C. Ralha and R. Geeverghese, Artificial intelligence applied to computer forensics, Proceedings of the ACM Symposium on Applied Computing, pp. 883–888, 2009.
T. Kohonen, The self-organizing map, Proceedings of the IEEE, vol. 78(9), pp. 1464–1480, 1990.
J. Kolodner, Case-Based Reasoning, Morgan Kaufmann, San Mateo, California, 1993.
W. Kruse and J. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley, Boston, Massachusetts, 2002.
D. Leake (Ed.), Case-Based Reasoning: Experiences, Lessons and Future Directions, AAAI Press, Menlo Park, California, 1996.
C. Waits, J. Akinyele, R. Nolan and L. Rogers, Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis, Technical Note CMU/SEI-2008-TN-017, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, 2008.
A. Walters and N. Petroni, Volatools: Integrating volatile memory forensics into the digital investigation process, presented at the 2007 Black Hat DC Conference (www.blackhat.com/presentations/bh-dc-07/Walters/Paper/bh-dc-07-Walters-WP.pdf), 2007.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hoelz, B., Ralha, C., Mesquita, F. (2011). Case-Based Reasoning in Live Forensics. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics VII. DigitalForensics 2011. IFIP Advances in Information and Communication Technology, vol 361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24212-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-24212-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24211-3
Online ISBN: 978-3-642-24212-0
eBook Packages: Computer ScienceComputer Science (R0)