Since the current standard and open formats for forensic data describe whole disk and memory image properties, but do not describe the products of detailed investigations, the authors propose a simple canonical description of digital evidence provenance that explicitly states the set of tools and transformations that led from acquired raw data to the resulting product.
The format, called Digital Evidence Exchange (DEX), is independent of the forensic tool that discovered the evidence, which has several advantages. Using a DEX description and the raw image file, evidence can be reproduced by other tools with the same functionality. Additionally, DEX descriptions can identify differences between two separate investigations of the same raw evidence. Finally, as a standard product of tools, DEX can allow quick fabrication of tool chains either as best-of-breed amalgams or for tool testing. The authors have implemented DEX as an open-source library. (Publisher abstract provided)
Downloads
Similar Publications
- The Cross-Reactivity of the Cannabinoid Analogs (delta-8-THC, delta-10-THC and CBD) and their metabolites in Urine of Six Commercially Available Homogeneous Immunoassays, Grant Report
- Memory Enhancement Techniques for Interviewing Victims and Witnesses of Crime
- Multi-isotopes in human hair: A tool to initiate cross-border collaboration in international cold-cases