Risks of live digital forensic analysis

@article{Carrier2006RisksOL,
  title={Risks of live digital forensic analysis},
  author={Brian D. Carrier},
  journal={Commun. ACM},
  year={2006},
  volume={49},
  pages={56-61}
}
Live analysis tools have made a significant difference in capturing evidence during forensic investigations. Such tools, however, are far from infallible. 

Figures from this paper

Mobile handset forensic evidence: a challenge for law enforcement

4th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 4th 2006.

The impact of triggers on forensic acquisition and analysis of databases

“The Role of Triggers in Database Forensics”, by Werner Hauger and Martin Olivier which appeared in the Proceedings of Information Security South African (ISSA) 2014, Johannesburg, 13 & 14 August

Pypette: A Framework for the Evaluation of Live Digital Forensic Acquisition Techniques

Pypette is presented, a novel framework enabling the automated, repeatable analysis of live digital forensic acquisition techniques, and how the effects of these approaches, and their improvements over other techniques, can be evaluated and quantified.

Pypette: A Platform for the Evaluation of Live Digital Forensics

Pypette is presented, a novel platform enabling the automated, repeatable analysis of live digital forensic acquisition techniques, and the effects of these approaches, and their improvements over other techniques, can be evaluated and quantified.

Pypette : A Framework for the Automated Evaluation of Live Digital Forensic Techniques

This paper presents a framework for the automated evaluation of live digital forensic acquisition tools on a variety of platform configurations and identifies how the effects of these tools, and their improvements over other techniques, can be evaluated and quantified.

An Evidence Acquisition Tool for Live Systems

A forensic acquisition tool that may be used to access files on a live system without compromising the state of the files in question is described.

An Open-Source Forensics Platform

An open-source forensics platform that may be used as a base for other digital forensics projects and enable researchers to develop forensic prototypes more rapidly and help to ensure the quality of the tools making use of the platform.

Patlet for Digital Forensics First Responders

  • D. KotzéM. Olivier
  • Computer Science
    18th International Workshop on Database and Expert Systems Applications (DEXA 2007)
  • 2007
The authors propose a DF pattern template (patlet) to govern the above-mentioned issue and illustrated by its application using a live-CD based tool for first responder validation of DF evidence.

Live Analysis: Progress and Challenges

This article describes some live analysis approaches as well as tools and techniques for live analysis on real and virtual machines.

Digital Forensics through Application Behavior Analysis

A module for profiling behavior of application programs is introduced to trace the unique process name, loaded services and called modules of the target system and store it in a database for future forensic and malware analysis.
...

References

SHOWING 1-10 OF 11 REFERENCES

File System Forensic Analysis

Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Incident Response: Investigating Computer Crime

Packed with technical examples and loads of how-to scenarios, this book will show you how to recognize unauthorized access, uncover unusual or hidden files, and monitor Web traffic.

Detecting stealth software with Strider GhostBuster

This paper describes the design and implementation of the Strider GhostBuster tool and demonstrates its efficiency and effectiveness in detecting resources hidden by real-world malware such as rootkits, Trojans, and key-loggers.

Reflections on trusting trust

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

A hardware-based memory acquisition procedure for digital investigations

Malware: Fighting Malicious Code

Real-world examples of malware attacks help you translate thought into action, and a special defender's toolbox chapter shows how to build your own inexpensive code analysis lab to investigate new malware specimens on your own.

Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor

Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host's kernel and has correctly detected the presence of 12

Incident Response and Computer Forensics 2nd Ed

  • Incident Response and Computer Forensics 2nd Ed
  • 2003

Guidance Software. EnCase Enterprise

  • Guidance Software. EnCase Enterprise

The Sleuth Kit; www.sleuthkit.org

  • The Sleuth Kit; www.sleuthkit.org