Characterizing loss of digital evidence due to abstraction layers

Freiling F, Glanzmann T, Reiser H (2017)


Publication Language: English

Publication Type: Journal article, Original article

Publication year: 2017

Journal

Book Volume: 20

Pages Range: 107-115

Journal Issue: S

DOI: 10.1016/j.diin.2017.01.012

Open Access Link: https://doi.org/10.1016/j.diin.2017.01.012

Abstract

We study the problem of evidence collection in environments where abstraction layers are used to organize data storage. Based on a formal model, the problem of evidence collection is defined as the task to reconstruct high-level from low-level storage. We investigate the conditions under which different levels of evidence collection can be performed and show that abstraction layers, in general, make it harder to acquire evidence. We illustrate our findings by describing several practical scenarios from file systems, memory management, and disk volume management.

Authors with CRIS profile

How to cite

APA:

Freiling, F., Glanzmann, T., & Reiser, H. (2017). Characterizing loss of digital evidence due to abstraction layers. Forensic Science International: Digital Investigation, 20(S), 107-115. https://doi.org/10.1016/j.diin.2017.01.012

MLA:

Freiling, Felix, Thomas Glanzmann, and Hans Reiser. "Characterizing loss of digital evidence due to abstraction layers." Forensic Science International: Digital Investigation 20.S (2017): 107-115.

BibTeX: Download