Situational Tool and Method Selection for Digital Forensic Data Collection: Performance Issues

aut.embargoNoen_NZ
aut.thirdpc.containsNoen_NZ
aut.thirdpc.permissionNoen_NZ
aut.thirdpc.removedNoen_NZ
dc.contributor.advisorCusack, Brian
dc.contributor.authorPearse, Jon Graham
dc.date.accessioned2012-05-28T23:21:45Z
dc.date.available2012-05-28T23:21:45Z
dc.date.copyright2012
dc.date.created2012
dc.date.issued2012
dc.date.updated2012-05-28T09:43:17Z
dc.description.abstractOver the last ten years there has been rapid growth in the digital forensics field. Forensically sound computer analysis and testimony is becoming a requirement during investigations related to frauds, missing persons, homicides etc. One of the phases of the digital forensic process is data preservation, where a copy of data from an original electronic storage device is collected in a verifiable manner, producing a forensic copy of the data. A best practice for digital forensics is to capture a bit for bit or physical copy of the source device. However, the sizes of hard drive volumes have been increasing exponentially and in 2011, volume sizes for a single hard drive have reached the three terabyte threshold. The increase in volume size equates to an increase in processing time to collect the data and an increase in media capacity to store the acquired data. The purpose of this research is to explore new tools and methods that will allow an examiner to collect data from a source device in a time-efficient manner. Prior research has been conducted by the author, who concluded that data collection processing times can be reduced by the use of compression algorithms during data collection activities. However, the amount of time reduction depends on the type of data that is resident on the storage device. A reduction in processing time is observed when collecting highly compressible data. Conversely, an increase in processing time can occur when attempting to compress data that does not compress well, during a collection process. The focus of the research was to develop a means that would be able to determine and report the type of data residing on a storage device. A fast and easy to use scanning tool is developed during the research. The scanning tool is capable of processing a storage device in four minutes and provides a report that accurately details the type of stored data in terms of its compressibility. The information in the report regarding the data’s compressibility can assist the examiner when making decisions concerning the use of compression to reduce processing time during data collection activities.en_NZ
dc.identifier.urihttps://hdl.handle.net/10292/4281
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.rights.accessrightsOpenAccess
dc.subjectForensic acquisitionen_NZ
dc.subjectForensic imageen_NZ
dc.subjectAcquire dataen_NZ
dc.subjectEncaseen_NZ
dc.titleSituational Tool and Method Selection for Digital Forensic Data Collection: Performance Issuesen_NZ
dc.typeThesis
thesis.degree.discipline
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Forensic Information Technologyen_NZ
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
PearseJ.pdf
Size:
2.39 MB
Format:
Adobe Portable Document Format
Description:
Whole thesis
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
897 B
Format:
Item-specific license agreed upon to submission
Description:
Collections