Early digital forensic examinations were conducted in toto - every file on the storage media was examined along with the entire file system structure. However, this is no longer practical as operating systems have become extremely complex and storage capacities are growing geometrically. Examiners now perform targeted examinations using forensic tools and databases of known files, selecting specific files and data types for review while ignoring files of irrelevant type and content. Despite the application of sophisticated tools, the forensic process still relies on the examiner's knowledge of the technical aspects of the specimen and understanding of the case and the law. Indeed, the success of a forensic examination is strongly dependent on how it is designed. This paper discusses the application of traditional forensic taxonomy to digital forensics. The forensic processes of identification, classification/individualization, association and reconstruction are used to develop "forensic questions," which are applied to objectively design digital forensic examinations. © 2008 International Federation for Information Processing.
CITATION STYLE
Pollitt, M. (2008). Applying traditional forensic taxonomy to digital forensics. IFIP International Federation for Information Processing, 285, 17–26. https://doi.org/10.1007/978-0-387-84927-0_2
Mendeley helps you to discover research relevant for your work.