Open Access. Powered by Scholars. Published by Universities.®

Forensic Science and Technology Commons

Open Access. Powered by Scholars. Published by Universities.®

Computer and Systems Architecture

Selected Works

Articles 1 - 5 of 5

Full-Text Articles in Forensic Science and Technology

Forensicloud: An Architecture For Digital Forensic Analysis In The Cloud, Cody Miller, Dae Glendowne, David Dampier, Kendall Blaylock Oct 2019

Forensicloud: An Architecture For Digital Forensic Analysis In The Cloud, Cody Miller, Dae Glendowne, David Dampier, Kendall Blaylock

David Dampier

The amount of data that must be processed in current digital forensic examinations continues to rise. Both the volume and diversity of data are obstacles to the timely completion of forensic investigations. Additionally, some law enforcement agencies do not have the resources to handle cases of even moderate size. To address these issues we have developed an architecture for a cloud-based distributed processing platform we have named Forensicloud. This architecture is designed to reduce the time taken to process digital evidence by leveraging the power of a high performance computing platform and by adapting existing tools to operate within this …

Go to article

Forensic Analysis Of A Playstation 3 Console, Scott Conrad, Greg Dorn, Philip Craiger Dec 2009

Forensic Analysis Of A Playstation 3 Console, Scott Conrad, Greg Dorn, Philip Craiger

J. Philip Craiger, Ph.D.

The Sony PlayStation 3 (PS3) is a powerful gaming console that supports Internet-related activities, local file storage and the playing of Blu-ray movies. The PS3 also allows users to partition and install a secondary operating system on the hard drive. This “desktop-like” functionality along with the encryption of the primary hard drive containing the gaming software raises significant issues related to the forensic analysis of PS3 systems. This paper discusses the PS3 architecture and behavior, and provides recommendations for conducting forensic investigations of PS3 systems.

Go to article

Analyzing The Impact Of A Virtual Machine On A Host Machine, Greg Dorn, Chris Marberry, Scott Conrad, Philip Craiger Dec 2008

Analyzing The Impact Of A Virtual Machine On A Host Machine, Greg Dorn, Chris Marberry, Scott Conrad, Philip Craiger

J. Philip Craiger, Ph.D.

As virtualization becomes more prevalent in the enterprise and in personal computing, there is a great need to understand the technology as well as its ramifications for recovering digital evidence. This paper focuses on trace evidence related to the installation and execution of virtual machines (VMs) on a host machine. It provides useful information regarding the types and locations of files installed by VM applications, the processes created by running VMs and the structure and identity of VMs, ancillary files and associated artifacts

Go to article

Mac Os X Forensics, Philip Craiger, Paul Burke Dec 2005

Mac Os X Forensics, Philip Craiger, Paul Burke

J. Philip Craiger, Ph.D.

This paper describes procedures for conducting forensic examinations of Apple Macs running Mac OS X. The target disk mode is used to create a forensic duplicate of a Mac hard drive and preview it. Procedures are discussed for recovering evidence from allocated space, unallocated space, slack space and virtual memory. Furthermore, procedures are described for recovering trace evidence from Mac OS X default email, web browser and instant messaging applications, as well as evidence pertaining to commands executed from a terminal.

Go to article

Assessing Trace Evidence Left By Secure Deletion Programs, Paul Burke, Philip Craiger Dec 2005

Assessing Trace Evidence Left By Secure Deletion Programs, Paul Burke, Philip Craiger

J. Philip Craiger, Ph.D.

Secure deletion programs purport to permanently erase files from digital media. These programs are used by businesses and individuals to remove sensitive information from media, and by criminals to remove evidence of the tools or fruits of illegal activities. This paper focuses on the trace evidence left by secure deletion programs. In particular, five Windows-based secure deletion programs are tested to determine if they leave identifiable signatures after deleting a file. The results show that the majority of the programs leave identifiable signatures. Moreover, some of the programs do not completely erase file metadata, which enables forensic investigators to extract …

Go to article