A proposal for automating investigations in live forensics

Seokhee Lee, Antonio Savoldi, Kyoung Soo Lim, Jong Hyuk Park, Sangjin Lee

Research output: Contribution to journalArticle

8 Citations (Scopus)

Abstract

In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

Original languageEnglish
Pages (from-to)246-255
Number of pages10
JournalComputer Standards and Interfaces
Volume32
Issue number5-6
DOIs
Publication statusPublished - 2010 Oct 1

Fingerprint

Crime
XML
offense
examination
resources

Keywords

  • Automated digital investigation process
  • Digital evidence collection
  • Live forensics
  • XML technology

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Law

Cite this

A proposal for automating investigations in live forensics. / Lee, Seokhee; Savoldi, Antonio; Lim, Kyoung Soo; Park, Jong Hyuk; Lee, Sangjin.

In: Computer Standards and Interfaces, Vol. 32, No. 5-6, 01.10.2010, p. 246-255.

Research output: Contribution to journalArticle

Lee, Seokhee ; Savoldi, Antonio ; Lim, Kyoung Soo ; Park, Jong Hyuk ; Lee, Sangjin. / A proposal for automating investigations in live forensics. In: Computer Standards and Interfaces. 2010 ; Vol. 32, No. 5-6. pp. 246-255.
@article{08383958dbc04aba85386cddadcedcc2,
title = "A proposal for automating investigations in live forensics",
abstract = "In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.",
keywords = "Automated digital investigation process, Digital evidence collection, Live forensics, XML technology",
author = "Seokhee Lee and Antonio Savoldi and Lim, {Kyoung Soo} and Park, {Jong Hyuk} and Sangjin Lee",
year = "2010",
month = "10",
day = "1",
doi = "10.1016/j.csi.2009.09.001",
language = "English",
volume = "32",
pages = "246--255",
journal = "Computer Standards and Interfaces",
issn = "0920-5489",
publisher = "Elsevier",
number = "5-6",

}

TY - JOUR

T1 - A proposal for automating investigations in live forensics

AU - Lee, Seokhee

AU - Savoldi, Antonio

AU - Lim, Kyoung Soo

AU - Park, Jong Hyuk

AU - Lee, Sangjin

PY - 2010/10/1

Y1 - 2010/10/1

N2 - In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

AB - In this paper we present an XML-based framework, called XLIVE, which provides an efficient way to collect data in live forensic cases, according to well-known crime categories. XLIVE is a forensic automated framework that can be used in live forensic investigations for gathering live data on a Windows-based system. In addition, we have also implemented a proof-of-concept, called LRDS (Live Resource Detection System). This approach of examination will be used extensively to deal with terabyte/petabyte digital systems, where other approaches, such as a post-mortem analysis, cannot be adopted.

KW - Automated digital investigation process

KW - Digital evidence collection

KW - Live forensics

KW - XML technology

UR - http://www.scopus.com/inward/record.url?scp=77955339339&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77955339339&partnerID=8YFLogxK

U2 - 10.1016/j.csi.2009.09.001

DO - 10.1016/j.csi.2009.09.001

M3 - Article

AN - SCOPUS:77955339339

VL - 32

SP - 246

EP - 255

JO - Computer Standards and Interfaces

JF - Computer Standards and Interfaces

SN - 0920-5489

IS - 5-6

ER -