Skip to main content
Conference ProceedingsOPEN ACCESS

Case-based reasoning in live forensics

IFIP Advances in Information and Communication Technology (2011) 361 77-88
DOI: 10.1007/978-3-642-24212-0_6
3Citations
Citations of this article
14Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The traditional forensic search and seizure process employed by law enforcement is not always appropriate given large data volumes and the potential of hard drive encryption. This paper proposes a framework built on case-based reasoning to support a live forensic response during the search and seizure process. The framework assists a first responder by identifying the risks and the procedures to ensure the optimal collection of evidence based on prior cases. Test results demonstrate that the framework provides valuable assistance to first responders, reducing the time taken to complete a response and increasing the likelihood of a successful conclusion.

Author supplied keywords

Cite

CITATION STYLE

APA

Hoelz, B., Ralha, C., & Mesquita, F. (2011). Case-based reasoning in live forensics. In IFIP Advances in Information and Communication Technology (Vol. 361, pp. 77–88). Springer New York LLC. https://doi.org/10.1007/978-3-642-24212-0_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free