期刊名称:Journal of Digital Forensics, Security and Law
印刷版ISSN:1558-7215
电子版ISSN:1558-7223
出版年度:2014
卷号:9
期号:2
页码:11
出版社:Association of Digital Forensics, Security and Law
摘要:Software tools designed for disk analysis play a critical role today in forensics investigations. However, these digital forensics tools are often difficult to use, usually task specific, and generally require professionally trained users with IT backgrounds. The relevant tools are also often open source requiring additional technical knowledge and proper configuration. This makes it difficult for investigators without some computer science background to easily conduct the needed disk analysis. In this paper, we present AUDIT, a novel automated disk investigation toolkit that supports investigations conducted by non-expert (in IT and disk technology) and expert investigators. Our proof of concept design and implementation of AUDIT intelligently integrates open source tools and guides non-IT professionals while requiring minimal technical knowledge about the disk structures and file systems of the target disk image.
关键词:digital forensics; expert systems; disk forensics; forensic tools; CLIPS
