Digital forensics XML and the DFXML toolset

Digital Forensics XML (DFXML) is an XML language that enables the exchange of structured forensic information. DFXML can represent the provenance of data subject to forensic investigation, document the presence and location of file systems, files, Microsoft Windows Registry entries, JPEG EXIFs, and other technical information of interest to the forensic analyst. DFXML can also document the specific tools and processing techniques that were used to produce the results, making it possible to automatically reprocess forensic information as tools are improved. This article presents the motivation, design, and use of DFXML. It also discusses tools that have been creased that both ingest and emit DFXML files. Published by Elsevier Ltd.

[1]  Robert D. Cameron,et al.  High performance XML parsing using parallel bit stream technology , 2008, CASCON '08.

[2]  Dan Farmer,et al.  Forensic Discovery , 2004 .

[3]  Simson L. Garfinkel,et al.  Finding and Archiving the Internet Footprint , 2009 .

[4]  Valentin Jijkoun,et al.  Representing and Querying Multi-dimensional Markup for Question Answering , 2006, NLPXML@EACL.

[5]  Marsha Chechik,et al.  Proceedings of the 2008 conference of the center for advanced studies on collaborative research: meeting of minds , 2008 .

[6]  Jonathan Robie,et al.  Editors , 2003 .

[7]  Bradley L. Schatz,et al.  Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow , 2009, Digit. Investig..

[8]  Simson L. Garfinkel,et al.  Bringing science to digital forensics with standardized forensic corpora , 2009, Digit. Investig..

[9]  Joe Marini,et al.  Document Object Model , 2002, Encyclopedia of GIS.

[10]  Simson L. Garfinkel,et al.  AFF: a new format for storing hard drive images , 2006, CACM.

[11]  Simson L. Garfinkel,et al.  An Automated Solution to the Multiuser Carved Data Ascription Problem , 2010, IEEE Transactions on Information Forensics and Security.

[12]  James J. Migletz Automated Metadata Extraction , 2008 .

[13]  Li Zhang,et al.  Leap Second support in computers , 2010, 2010 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication.

[14]  Hong Ding,et al.  Carving the Windows Registry Files Based on the Internal Structure , 2009, 2009 First International Conference on Information Science and Engineering.

[15]  Philip Turner,et al.  Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) , 2005, DFRWS.

[16]  Arvind Malhotra,et al.  Xml schema part 2: datatypes , 1999 .

[17]  Simson L. Garfinkel,et al.  Automating Disk Forensic Processing with SleuthKit, XML and Python , 2009, 2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering.

[18]  Wei Zhang,et al.  TDX: a high-performance table-driven XML parser , 2006, ACM-SE 44.

[19]  Arjen P. de Vries,et al.  XIRAF - XML-based indexing and querying for digital forensics , 2006, Digit. Investig..

[20]  Daniel P. Huynh Exploring and Validating Data Mining Algorithms for Use in Data Ascription , 2008 .

[21]  Ronaldo Menezes,et al.  Proceedings of the 44th annual Southeast regional conference , 2006 .

[22]  Brian Neil Levine,et al.  DEX: Digital evidence provenance supporting reproducibility and comparison , 2009 .

[23]  Bruce Allen,et al.  Implementation of Libewfcs , 2011 .