A framework to (Im)Prove „Chain of Custody“ in Digital Investigation Process
暂无分享,去创建一个
Normal 0 21 false false false BS-LATN-BA X-NONE X-NONE MicrosoftInternetExplorer4 Chain of custody plays very important role in digital forensic investigation process. To prove chain of custody, investigators must know all details on how the evidence was handled every step of the way. „Five WS (and one H) “must be applied. Life cycle of digital evidence is very complex, and at each stage there is more impact that can violate a chain of custody. Proper chain of custody must include information on how evidence is collected, transported, analyzed, preserved, and handled with. In this paper will be presents a framework which can im(prove) chain of custody of digital evidence in all stages of digital investigation process.
[1] Jasmin Cosic,et al. Do we have full control over integrity in digital evidence life cycle? , 2010, Proceedings of the ITI 2010, 32nd International Conference on Information Technology Interfaces.
[2] Yong Shi,et al. Data Mining and Knowledge Management , 2008 .
[3] Mark Pollitt,et al. Exploring Big Haystacks: Data Mining and Knowledge Management , 2006, IFIP Int. Conf. Digital Forensics.
[4] Chet Hosmer. Proving the Integrity of Digital Evidence with Time , 2002, Int. J. Digit. EVid..