Home   >   CSC-OpenAccess Library   >    Manuscript Information
An Approach for Managing Knowledge in Digital Forensics Examinations
April Tanner, David Dampier
Pages - 451 - 465     |    Revised - 30-11-2010     |    Published - 20-12-2010
Volume - 4   Issue - 5    |    Publication Date - December 2010  Table of Contents
MORE INFORMATION
KEYWORDS
digital forensics, concept mapping, case domain modeling, digital investigations
ABSTRACT
Computers and digital devices are continuing to evolve in the areas of storage, processing power, memory, and features. Resultantly, digital forensic investigations are becoming more complex due to the increasing size of digital storage reaching gigabytes and terabytes. Due to this growth in disk storage, new approaches for managing the case details of a digital forensics investigation must be developed. In this paper, the importance of managing and reusing knowledge in digital forensic examinations is discussed, a modeling approach for managing knowledge is presented, and experimental results are presented that show how this modeling approach was used by law enforcement to manage the case details of a digital forensic examination.
CITED BY (6)  
1 Kishore, N. (2015). Parllel hashing algorithms for security and Forensic Applicatons.
2 Tanner, A., & Duncan, S. On Integrating Mobile Applications into the Digital Forensic Investigative Process.
3 Hoelz, B. W., & Ralha, C. G. (2013, March). A framework for semantic annotation of digital evidence. In Proceedings of the 28th Annual ACM Symposium on Applied Computing (pp. 1966-1971). ACM.
4 Tanner, A., Dampier, D., & Thompson, J. (2012, November). On developing a conceptual modeling report management tool for digital forensic investigations. In Homeland Security (HST), 2012 IEEE Conference on Technologies for (pp. 445-450). IEEE.
5 Al-Fedaghi, S., & Al-Babtain, B. (2012). Modeling the forensics process. Int. J. Security Appl, 6(4).
6 Buang, M. F. M., & Daud, S. M. (2012, May). A web-based KM system for digital forensics-knowledge sharing capability. In Multimedia Computing and Systems (ICMCS), 2012 International Conference on (pp. 528-533). IEEE.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 refSeek 
5 iSEEK 
6 Socol@r  
7 ResearchGATE 
8 Libsearch 
9 Bielefeld Academic Search Engine (BASE) 
10 Scribd 
11 SlideShare 
12 PDFCAST 
13 PdfSR 
Carrier, E. Spafford. “Getting Physical with the Digital Investigation Process”. International Journal of Digital Evidence, 2(2):1G20, 2003
. S. Peisert, M.Bishop, S. Karin and K. Marzullo. “Toward Models for Forensic Analysis”. In Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering. Bell Harbor, WA, 2007
B. Carrier and E. Spafford. “An Event-Based Digital Forensic Investigation Framework”. In Proceedings of the Fourth Annual Digital Forensic Research Workshop, Baltimore, MD, 2004
Bruschi, M. Monga, and L. Martignoni. “How to Reuse Knowledge about Forensic Investigations”. In Proceedings of the 4 th Annual Digital Forensic Research Workshop. Baltimore, MD, 2004
C. Bogen. “Selecting Keyword Search Terms in Computer Forensics Examinations using Domain Analysis and Modeling”, PhD Thesis, Department of Computer Science and Engineering, Mississippi State University, 2006
Cañas, D. Leake, and D. Wilson. “Managing, Mapping, and Manipulating Conceptual Knowledge”. IHMC, 2007
G. Ruibin, T. Yun, M. Gaertner. “Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework”. International Journal of Digital Evidence, 4(1):1G13, 2005
J. D. Novak and A. J. Cañas. “The Theory Underlying Concept Maps and How to Construct Them”. Technical Report IHMC Cmap Tools 2006G01, Florida Institute for Human and Machine Cognition, 2006
J. Venter. “Process Flow Diagrams for Training and Operations”. Advances in Digital Forensics II, Springer, pp. 331G342 (2006)
M. Khatir, S. M. Hejazi and E. Sneiders. “Two Dimensional Evidence Reliability Amplification Process Model for Digital Forensics”. In Proceedings of the Third International Workshop on Digital Forensics and Incident Analysis. Malaga, Spain, 2008
M. Kramer. Using Concept Maps for Knowledge Acquisition in Satellite Design: Translating “Statement of Requirements on Orbit” to “Design Requirements”. PhD Thesis, Nova Southeastern University, 2005
M. Pollitt and A. Whitledge. “Exploring Big Haystacks: Data Mining and Knowledge Management”. Advances in Digital Forensics II, Springer, pp. 67G76 (2006)
M. Pollitt. “An Ad Hoc Review of Digital Forensic Models”. In Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering. Bell Harbor, WA, 2007
M. Reith, C. Carr, G. Gunsch. “An Examination of Digital Forensic Models”. International Journal of Digital Evidence, 1(3):1G20, 2002
N. Beebe and J. Clark. “A Hierarchical, Objectives-Based Framework for the Digital Investigations Process”. In Proceedings of the 4 th Annual Digital Forensic Research Workshop, Baltimore, MD, 2004
National Institute of Justice. Electronic Crime Scene Investigation: A Guide for First Responders 2001 [Online]. Available at: http://www.ncjrs.gov/pdffiles1/nij/187736.pdf, 2001
P. Stephenson. “Modeling of Post-Incident Root Cause Analysis”. International Journal of Digital Evidence, 2(2):1G16, 2003
R. Rowlingson. “A Ten Step Process for Forensic Readiness”. International Journal of Digital Evidence, 2(3):1G28, 2004
S. Ciardhuáin. “An Extended Model of Cybercrime Investigations”. International Journal of Digital Evidence, 3(1):1G22, 2004
S.O. Tergan, “Digital Concept Maps for Managing Knowledge and Information: Searching for Synergies”. Knowledge and Information Visualization, Springer, pp. 185–204 (2005)
Tanner and D. Dampier. “Improving Digital Forensics Investigations with Concept Mapping”. In Proceedings of the Fifth International Conference on Digital Forensics, Orlando, FL, 2009
Tanner and D. Dampier. “Concept Mapping for Digital Forensics Investigations”. Advances in Digital Forensics V, Springer, pp. 201G300 (2009)
V. Baryamureeba, F. Tushabe. “The Enhanced Digital Investigation Process Model”. In Proceedings of the 4th Annual Digital Forensic Research Workshop, Baltimore, MD, 2004
Y. Shin. “New Digital Forensics Investigation Procedure Model”. In Proceedings of the Fourth International Conference on Networked Computing and Advanced Information Management. Gyeongju, Korea, 2008
Mr. April Tanner
Mississippi State University - United States of America
alb117@msstate.edu
Associate Professor David Dampier
- United States of America