Bradley L. Schatz

Learn More
Readers will have access to the author's accompanying Web site with supporting materials that integrate many of the topics in the text. xiii Acknowledgments In the six years since the second edition of this text, I have worked with many brilliant digital investigators and I have taught hundreds of students. Together we tackled sophisticated network(More)
In cases involving computer related crime, event oriented evidence such as computer event logs, and telephone call records are coming under increased scrutiny. The amount of technical knowledge required to manually interpret event logs encompasses multiple domains of expertise, ranging from computer networking to forensic accounting. Automated methods of(More)
Cryptography Forensic Integrity a b s t r a c t Forensic analysis requires the acquisition and management of many different types of evidence, including individual disk drives, RAID sets, network packets, memory images, and extracted files. Often the same evidence is reviewed by several different tools or examiners in different locations. We propose a(More)
Establishing the time at which a particular event happened is a fundamental concern when relating cause and effect in any forensic investigation. Reliance on computer generated timestamps for correlating events is complicated by uncertainty as to clock skew and drift, environmental factors such as location and local time zone offsets, as well as human(More)
Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a(More)
Within the theoretical framework of adaptive significance, it is often claimed that insects learn just what they are genetically programmed to learn. Consequently, because of the alleged lack of plasticity of their behaviour, many learning tests applied to insects are limited to very simple associative Stimulus-Response research paradigms. If the(More)
Forensic imaging has been facing scalability challenges for some time. As disk capacity growth continues to outpace storage IO bandwidth, the demands placed on storage and time are ever increasing. Data reduction and de-duplication technologies are now commonplace in the Enterprise space, and are potentially applicable to forensic acquisition. Using the new(More)
Recently the need for " digital evidence bags " – a common storage format for digital evidence – has been identified as a key requirement for enabling inter-organisational sharing of digital evidence, and interoperability between forensic analysis tools. Recent work has described an ontology based approach to correlation of event log based evidence, using(More)