A stepwise methodology for tracing computer usage

SeungBong Lee, Jewan Bang, KyungSoo Lim, Jongsung Kim, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.

Original languageEnglish
Title of host publicationNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
Pages1852-1857
Number of pages6
DOIs
Publication statusPublished - 2009 Dec 1
EventNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of
Duration: 2009 Aug 252009 Aug 27

Other

OtherNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
CountryKorea, Republic of
CitySeoul
Period09/8/2509/8/27

Fingerprint

Imaging techniques
Web browsers
Crime
Metadata
Digital forensics

Keywords

  • PIM
  • Pre-investigation
  • Selectively acquisition

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Computer Science Applications
  • Software

Cite this

Lee, S., Bang, J., Lim, K., Kim, J., & Lee, S. (2009). A stepwise methodology for tracing computer usage. In NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC (pp. 1852-1857). [5331447] https://doi.org/10.1109/NCM.2009.246

A stepwise methodology for tracing computer usage. / Lee, SeungBong; Bang, Jewan; Lim, KyungSoo; Kim, Jongsung; Lee, Sangjin.

NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. p. 1852-1857 5331447.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lee, S, Bang, J, Lim, K, Kim, J & Lee, S 2009, A stepwise methodology for tracing computer usage. in NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC., 5331447, pp. 1852-1857, NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications, Seoul, Korea, Republic of, 09/8/25. https://doi.org/10.1109/NCM.2009.246
Lee S, Bang J, Lim K, Kim J, Lee S. A stepwise methodology for tracing computer usage. In NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. p. 1852-1857. 5331447 https://doi.org/10.1109/NCM.2009.246
Lee, SeungBong ; Bang, Jewan ; Lim, KyungSoo ; Kim, Jongsung ; Lee, Sangjin. / A stepwise methodology for tracing computer usage. NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. pp. 1852-1857
@inproceedings{90de380203b74f1b979bca5fb26f4d21,
title = "A stepwise methodology for tracing computer usage",
abstract = "In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.",
keywords = "PIM, Pre-investigation, Selectively acquisition",
author = "SeungBong Lee and Jewan Bang and KyungSoo Lim and Jongsung Kim and Sangjin Lee",
year = "2009",
month = "12",
day = "1",
doi = "10.1109/NCM.2009.246",
language = "English",
isbn = "9780769537696",
pages = "1852--1857",
booktitle = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

}

TY - GEN

T1 - A stepwise methodology for tracing computer usage

AU - Lee, SeungBong

AU - Bang, Jewan

AU - Lim, KyungSoo

AU - Kim, Jongsung

AU - Lee, Sangjin

PY - 2009/12/1

Y1 - 2009/12/1

N2 - In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.

AB - In digital forensics investigation, a general method of investigating the suspect's computer was to duplicate storage media or image and then obtain the case-related data from these. However, the increase in the capacity of storage media made this method take much longer time. Also, this implies that more data can exist in the suspect's computer so that finding relevant data will take a lot of time and efforts. Moreover, in case where imaging of the entire disk is not possible due to legal matters, selective acquisition of data is needed. In this paper, we propose methods for selective acquisition of file system metadata, registry & prefetch files, web browser files, specific document files without duplicating or imaging the storage media. Furthermore, we suggest a method to analyze the acquired data stepwise and quickly and effectively trace the use of computer in the crime scene.

KW - PIM

KW - Pre-investigation

KW - Selectively acquisition

UR - http://www.scopus.com/inward/record.url?scp=73549122376&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=73549122376&partnerID=8YFLogxK

U2 - 10.1109/NCM.2009.246

DO - 10.1109/NCM.2009.246

M3 - Conference contribution

SN - 9780769537696

SP - 1852

EP - 1857

BT - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

ER -