Since the current standard and open formats for forensic data describe whole disk and memory image properties, but do not describe the products of detailed investigations, the authors propose a simple canonical description of digital evidence provenance that explicitly states the set of tools and transformations that led from acquired raw data to the resulting product.
The format, called Digital Evidence Exchange (DEX), is independent of the forensic tool that discovered the evidence, which has several advantages. Using a DEX description and the raw image file, evidence can be reproduced by other tools with the same functionality. Additionally, DEX descriptions can identify differences between two separate investigations of the same raw evidence. Finally, as a standard product of tools, DEX can allow quick fabrication of tool chains either as best-of-breed amalgams or for tool testing. The authors have implemented DEX as an open-source library. (Publisher abstract provided)
Downloads
Similar Publications
- Detecting fentanyl analogs in counterfeit pharmaceuticals by surface-enhanced Raman spectroscopy using handheld Raman spectrometers
- Transfer, Persistence and DNA Source Attribution of Trace Biological Material in Digital Penetration Assault Cases
- Assessing Methods to Enhance and Preserve Proteinaceous Impressions from the Skin of Decedents during the Early Stages of Decomposition