Stüttgen J, Dewald A, Freiling F (2013)
Publication Language: English
Publication Type: Conference contribution, Original article
Publication year: 2013
Publisher: IEEE Computer Society
Edited Volumes: Proceedings - 7th International Conference on IT Security Incident Management and IT Forensics, IMF 2013
Conference Proceedings Title: Proceedings of the 7th International Conference on IT Security Incident Management & IT Forensics
Event location: Nuremberg
ISBN: 978-1-4673-6307-5
DOI: 10.1109/IMF.2013.16
The standard procedure for the acquisition of digital evidence in forensic investigations is to produce a bit-wise 1:1 copy of the original data on a digital storage device. This is often called imaging and becoming a bottleneck in modern digital investigations. The notion of selective imaging was introduced by Turner in 2005 and associated with the decision not to acquire all possible information during the evidence capture process. In this paper, we precisely define the term selective imaging, thereby generalizing the concept to allow acquisition of data objects in any combination and from any level of abstraction. We have implemented this approach as a plug in for the open source Digital Forensics Framework (DFF) using a container format based on the Advanced Forensic Framework 4 (AFF4). We present some design and implementation details as well as a performance evaluation. © 2013 IEEE.
APA:
Stüttgen, J., Dewald, A., & Freiling, F. (2013). Selective Imaging Revisited. In Proceedings of the 7th International Conference on IT Security Incident Management & IT Forensics. Nuremberg: IEEE Computer Society.
MLA:
Stüttgen, Johannes, Andreas Dewald, and Felix Freiling. "Selective Imaging Revisited." Proceedings of the 7th International Conference on IT Security Incident Management & IT Forensics (IMF), Nuremberg IEEE Computer Society, 2013.
BibTeX: Download