Skip to main content
Journal ArticleOPEN ACCESS

File system support for digital evidence bags

IFIP International Federation for Information Processing (2006) 222 29-40
DOI: 10.1007/0-387-36891-4_3
1Citations
Citations of this article
18Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Digital Evidence Bags (DEBs) are a mechanism for bundling digital evidence, associated metadata and audit logs into a single structure. DEB-compliant applications can update a DEB's audit log as evidence is introduced into the bag and as data in the bag is processed. This paper investigates native file system support for DEBs, which has a number of benefits over ad hoc modification of digital evidence bags. The paper also describes an API for DEB-enabled applications and methods for providing DEB access to legacy applications through a DEB-aware file system. The paper addresses an urgent need for digital-forensics-aware operating system components that can enhance the consistency, security and performance of investigations.

Author supplied keywords

Cite

CITATION STYLE

APA

Richard, G., & Roussev, V. (2006). File system support for digital evidence bags. IFIP International Federation for Information Processing, 222, 29–40. https://doi.org/10.1007/0-387-36891-4_3

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free