Vorschau! Die Detailseite für diese Publikation wurde nicht aktiviert!
Selective Imaging of File System Data on Live Systems (Extended Abstract)
Abstract
In contrast to the common habit of taking full bitwise copies of storage devices before analysis, selective imaging promises to alleviate the problems created by the increasing capacity of storage devices. Imaging is selective if only selected data objects from an image that were explicitly chosen are included in the copied data. While selective imaging has been defined for post-mortem data acquisition, performing this process live, i.e., by using the system that contains the evidence also to execute the imaging software, is less well defined and understood. We present the design and implementation of a new live Selective Imaging Tool for Windows, called SIT, which is based on the DFIR ORC framework and uses AFF4 as a container format.Mehr zum Titel
| Titel | Selective Imaging of File System Data on Live Systems (Extended Abstract) |
|---|---|
| Medien | Forensic Science International: Digital Investigation |
| Verlag | Elsevier Ltd. |
| Band | 36 |
| Verfasser | Fabian Faust, Aurelien Thierry, Prof. Dr. Tilo Müller, Felix Freiling |
| Veröffentlichungsdatum | 02.04.2021 |
| Zitation | Faust, Fabian; Thierry, Aurelien; Müller, Tilo; Freiling, Felix (2021): Selective Imaging of File System Data on Live Systems (Extended Abstract). Forensic Science International: Digital Investigation 36. |