An Ontology for Digital Forensics in IT Security Incidents - OPUS
Share Embed Flag
Download ePaper

An Ontology for Digital Forensics in IT Security Incidents - OPUS

An Ontology for Digital Forensics in IT Security Incidents - OPUS An Ontology for Digital Forensics in IT Security Incidents - OPUS

opus.bibliothek.uni.augsburg.de
from opus.bibliothek.uni.augsburg.de More from this publisher
15.01.2014 Views

6 CONTENTS

Chapter 1 Introduction "[The] [...] Golden Age of Digital Forensics, [...] is quickly coming to an end." [Garnkel, 2010] Ontologie, die Lehre des Seienden. (von ὄν seiend, Partizip von εἶναι sein, und λόγο(ς) Lehre) For a long time computers have been utilized for investigating criminal cases. Computer databases are used to nd information faster than in large paper document stores. If evidence has to be reconstructed, computers for example help reconstruct ripped up documents[De Smet, 2009]. As seen in television series, computers can help identify footprints[Huynh et al., 2003]. But computers and other electronic devices can contain evidence or be evidence themselves, too. Guidelines for what evidence can be found in which electronic device, how the evidence can be retrieved and what precautions to take are available for example in [National Institute of Justice (U.S.), 2001]. Digital forensics has to face several diculties. The solutions for these do not necessarily go in the same direction. On the one hand the available data should be processed completely. On the other hand this has to be done as fast as possible. One factor that leads to problems is the lately increasing number of mobile devices. Many of them have dierent structures and require dierent approaches. An additional point is that the memory of such a device cannot easily be taken out as it is possible to remove the hard disk from a common computer. This leads to problems if the memory is used as legal evidence. Another aspect is the amount of space available for and used by users. Today they can have large storage built in their computer. Furthermore most of them have several external storage media. All these points increase the complexity of retrieving the required information and the time needed for analysing it. Caused by the fact that the digital forensic analysis is based on traditional forensics, the rst approach comprises that the data is acquired rst and analysed later on. Caused by the rapidly growing amount of data, it is more ecient to rst lter what 7

Chapter 1<br />

Introduction<br />

"[The] [...] Golden Age of <strong>Digital</strong> <strong>Forensics</strong>, [...] is quickly<br />

com<strong>in</strong>g to an end." [Garnkel, 2010]<br />

Ontologie, die Lehre des Seienden.<br />

(von ὄν seiend, Partizip von εἶναι se<strong>in</strong>, und λόγο(ς) Lehre)<br />

For a long time computers have been utilized <strong>for</strong> <strong>in</strong>vestigat<strong>in</strong>g crim<strong>in</strong>al cases.<br />

Computer databases are used to nd <strong>in</strong><strong>for</strong>mation faster than <strong>in</strong> large paper<br />

document stores. If evidence has to be reconstructed, computers <strong>for</strong> example<br />

help reconstruct ripped up documents[De Smet, 2009]. As seen <strong>in</strong> television<br />

series, computers can help identify footpr<strong>in</strong>ts[Huynh et al., 2003].<br />

But computers and other electronic devices can conta<strong>in</strong> evidence or be<br />

evidence themselves, too. Guidel<strong>in</strong>es <strong>for</strong> what evidence can be found <strong>in</strong> which<br />

electronic device, how the evidence can be retrieved and what precautions to<br />

take are available <strong>for</strong> example <strong>in</strong> [National Institute of Justice (U.S.), 2001].<br />

<strong>Digital</strong> <strong>for</strong>ensics has to face several diculties. The solutions <strong>for</strong> these<br />

do not necessarily go <strong>in</strong> the same direction. On the one hand the available<br />

data should be processed completely. On the other hand this has to be done<br />

as fast as possible.<br />

One factor that leads to problems is the lately <strong>in</strong>creas<strong>in</strong>g number of<br />

mobile devices. Many of them have dierent structures and require dierent<br />

approaches. <strong>An</strong> additional po<strong>in</strong>t is that the memory of such a device cannot<br />

easily be taken out as it is possible to remove the hard disk from a common<br />

computer. This leads to problems if the memory is used as legal evidence.<br />

<strong>An</strong>other aspect is the amount of space available <strong>for</strong> and used by users. Today<br />

they can have large storage built <strong>in</strong> their computer. Furthermore most of<br />

them have several external storage media.<br />

All these po<strong>in</strong>ts <strong>in</strong>crease the complexity of retriev<strong>in</strong>g the required <strong>in</strong><strong>for</strong>mation<br />

and the time needed <strong>for</strong> analys<strong>in</strong>g it. Caused by the fact that the<br />

digital <strong>for</strong>ensic analysis is based on traditional <strong>for</strong>ensics, the rst approach<br />

comprises that the data is acquired rst and analysed later on. Caused by<br />

the rapidly grow<strong>in</strong>g amount of data, it is more ecient to rst lter what<br />

7

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!