Digital forensics research: The next 10 years

Today's Golden Age of computer forensics is quickly coming to an end. Without a clear strategy for enabling research efforts that build upon one another, forensic research will fall behind the market, tools will become increasingly obsolete, and law enforcement, military and other users of computer forensics products will be unable to rely on the results of forensic analysis. This article summarizes current forensic research directions and argues that to move forward the community needs to adopt standardized, modular approaches for data representation and forensic processing.

[1]  Matt Bishop,et al.  Proceedings of the 42nd Hawaii International Conference on System Sciences- 2009 Digital Forensics: Defining a Research Agenda , 2022 .

[2]  Simson L. Garfinkel,et al.  Forensic feature extraction and cross-drive analysis , 2006, Digit. Investig..

[3]  Michael Cohen,et al.  PyFlag - An advanced network forensic framework , 2008, Digit. Investig..

[4]  Ronald C. Dodge,et al.  Virtualization and Digital Forensics: A Research and Education Agenda , 2008, J. Digit. Forensic Pract..

[5]  Nasir Memon,et al.  Identification and recovery of JPEG files with missing fragments , 2009, Digit. Investig..

[6]  Simson L. Garfinkel,et al.  Using purpose-built functions and block hashes to enable small block and sub-file forensics , 2010, Digit. Investig..

[7]  Jerome H. Saltzer,et al.  Principles of Computer System Design: An Introduction , 2009 .

[8]  Simson L. Garfinkel,et al.  Carving contiguous and fragmented files with fast object validation , 2007, Digit. Investig..

[9]  Doris L. Carver,et al.  Weaving ontologies to support digital forensic analysis , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[10]  Eoghan Casey,et al.  The impact of full disk encryption on digital forensics , 2008, OPSR.

[11]  Nasir D. Memon,et al.  Digital Forensics , 2009, IEEE Secur. Priv..

[12]  Robert Taylor,et al.  The Anatomy of Electronic Evidence – Quantitative Analysis of Police E-Crime Data , 2009, 2009 International Conference on Availability, Reliability and Security.

[13]  Simson L. Garfinkel,et al.  Automating Disk Forensic Processing with SleuthKit, XML and Python , 2009, 2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering.

[14]  L GarfinkelSimson,et al.  Remembrance of Data Passed , 2003, S&P 2003.

[15]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2009, CACM.

[16]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[17]  Charles Cresson Wood,et al.  Computer Security: A Comprehensive Controls Checklist , 1987 .

[18]  C. Stoll The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage , 1990 .

[19]  Daniel Ayers,et al.  A second generation computer forensic analysis system , 2009, Digit. Investig..

[20]  Phillip G. Bradford,et al.  Towards proactive computer-system forensics , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[21]  Michael S. Greenberg,et al.  Network Forensics Analysis , 2002, IEEE Internet Comput..

[22]  Chris Buzelli,et al.  Next-Generation DIGITAL FORENSICS , 2006 .

[23]  Simson L. Garfinkel,et al.  Bringing science to digital forensics with standardized forensic corpora , 2009, Digit. Investig..

[24]  J. Looney,et al.  Conference Report: Workshop on Water: its Measurement and Control in Vacuum Gaithersburg, MD May 23–25, 1994 , 1995, Journal of research of the National Institute of Standards and Technology.

[25]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[26]  A. Cerezo,et al.  International Cooperation to Fight Transnational Cybercrime , 2007, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007).

[27]  Clifford Stoll,et al.  Stalking the wily hacker , 1988, CACM.

[28]  Donald E. Shelton,et al.  The 'CSI Effect': Does it Really Exist? , 2008 .

[29]  Sarah Mocas,et al.  Building theoretical underpinnings for digital forensics research , 2004, Digit. Investig..

[30]  Abhi Shelat,et al.  Remembrance of Data Passed: A Study of Disk Sanitization Practices , 2003, IEEE Secur. Priv..

[31]  A Min Tjoa,et al.  First International Conference on Availability, Reliability and Security (ARES´06) , 2006 .

[32]  Simson L. Garfinkel,et al.  Finding and Archiving the Internet Footprint , 2009 .

[33]  Wayne Jansen,et al.  Guidelines on Cell Phone Forensics , 2007 .

[34]  Golden G. Richard,et al.  Next-generation digital forensics , 2006, CACM.

[35]  Mark Pollitt,et al.  An Ad Hoc Review of Digital Forensic Models , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[36]  Matt Bishop,et al.  Digital Forensics: Defining a Research Agenda , 2009 .

[37]  Paul Douglas,et al.  International Conference on Information Technology : Coding and Computing , 2003 .