Since the current standard and open formats for forensic data describe whole disk and memory image properties, but do not describe the products of detailed investigations, the authors propose a simple canonical description of digital evidence provenance that explicitly states the set of tools and transformations that led from acquired raw data to the resulting product.
The format, called Digital Evidence Exchange (DEX), is independent of the forensic tool that discovered the evidence, which has several advantages. Using a DEX description and the raw image file, evidence can be reproduced by other tools with the same functionality. Additionally, DEX descriptions can identify differences between two separate investigations of the same raw evidence. Finally, as a standard product of tools, DEX can allow quick fabrication of tool chains either as best-of-breed amalgams or for tool testing. The authors have implemented DEX as an open-source library. (Publisher abstract provided)
Downloads
Similar Publications
- GC-MS Analysis of Acylated Derivatives of The Side Chain and Ring Regioisomers of Methylenedioxymethamphetamine
- Deconvolution of Dust Mixtures by Latent Dirichlet Allocation in Forensic Science
- Development of an Alternative Liquid Chromatography Diode Array Detector Method With Optional Electrospray Ionization Time-off-Light Mass Spectrometry for the Quantification of Eighteen Phytocannabinoids in Hemp