Abstract
Open source software tools designed for disk analysis play a critical role in digital forensic investigations. The tools typically are onerous to use and rely on expertise in investigative techniques and disk structures. Previous research presented the design and initial development of a toolkit that can be used as an automated assistant in forensic investigations. This chapter builds on the previous work and presents an advanced automated disk investigation toolkit (AUDIT) that leverages a dynamic knowledge base and database. AUDIT has new reporting and inference functionality. It facilitates the investigative process by handling core information technology expertise, including the choice and operational sequence of tools and their configurations. The ability of AUDIT to serve as an intelligent digital assistant is evaluated using a series of tests that compare it against standard benchmark disk images and examine the support it provides to human investigators.
Author supplied keywords
Cite
CITATION STYLE
Karabiyik, U., & Aggarwal, S. (2016). Advanced automated disk investigation toolkit. In IFIP Advances in Information and Communication Technology (Vol. 484, pp. 379–396). Springer New York LLC. https://doi.org/10.1007/978-3-319-46279-0_20
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
