Skip to main content
Conference ProceedingsOPEN ACCESS

Automated collection and correlation of file provenance information

IFIP Advances in Information and Communication Technology (2017) 511 269-284
DOI: 10.1007/978-3-319-67208-3_15
1Citations
Citations of this article
8Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The provenance of a file is a detailing of its origins and activities. Tools have been developed that help maintain the provenance of files. However, these tools require prior installation on a computer of interest before and while provenance-generating events occur. The automated tool described in this chapter can reconstruct the provenance of a file from a variety of artifacts. It identifies relevant temporal and user correlations between the artifacts and presents them to an investigator. Results from six use cases demonstrate that these correlations are reliable and valuable in digital forensic investigations.

Author supplied keywords

Cite

CITATION STYLE

APA

Good, R., & Peterson, G. (2017). Automated collection and correlation of file provenance information. In IFIP Advances in Information and Communication Technology (Vol. 511, pp. 269–284). Springer New York LLC. https://doi.org/10.1007/978-3-319-67208-3_15

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free