Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
Considerations towards the development of a forensic evidence management system
Dissertation (MSc)--University of Pretoria, 2010.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Published: |
University of Pretoria
2013
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613688256528386 |
|---|---|
| access_status_str | Open Access |
| author2 | Olivier, Martin S. |
| author_browse | Olivier, Martin S. |
| author_facet | Olivier, Martin S. |
| collection | Thesis |
| dc_rights_str_mv | © 2010, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Dissertation (MSc)--University of Pretoria, 2010. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/26567 |
| institution | University of Pretoria (South Africa) |
| last_indexed | 2026-06-10T12:40:07.413Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2013 |
| publishDateRange | 2013 |
| publishDateSort | 2013 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/26567 Considerations towards the development of a forensic evidence management system Olivier, Martin S. karthur@cs.up.ac.za Arthur, Kweku Kwakye Investigations Finite state automata Forensic evidence management system Computer forensics Digital forensics UCTD Dissertation (MSc)--University of Pretoria, 2010. The decentralized nature of the Internet forms its very foundation, yet it is this very nature that has opened networks and individual machines to a host of threats and attacks from malicious agents. Consequently, forensic specialists - tasked with the investigation of crimes commissioned through the use of computer systems, where evidence is digital in nature - are often unable to adequately reach convincing conclusions pertaining to their investigations. Some of the challenges within reliable forensic investigations include the lack of a global view of the investigation landscape and the complexity and obfuscated nature of the digital world. A perpetual challenge within the evidence analysis process is the reliability and integrity associated with digital evidence, particularly from disparate sources. Given the ease with which digital evidence (such as metadata) can be created, altered, or destroyed, the integrity attributed to digital evidence is of paramount importance. This dissertation focuses on the challenges relating to the integrity of digital evidence within reliable forensic investigations. These challenges are addressed through the proposal of a model for the construction of a Forensic Evidence Management System (FEMS) to preserve the integrity of digital evidence within forensic investigations. The Biba Integrity Model is utilized to maintain the integrity of digital evidence within the FEMS. Casey's Certainty Scale is then employed as the integrity classifcation scheme for assigning integrity labels to digital evidence within the system. The FEMS model consists of a client layer, a logic layer and a data layer, with eight system components distributed amongst these layers. In addition to describing the FEMS system components, a fnite state automata is utilized to describe the system component interactions. In so doing, we reason about the FEMS's behaviour and demonstrate how rules within the FEMS can be developed to recognize and pro le various cyber crimes. Furthermore, we design fundamental algorithms for processing of information by the FEMS's core system components; this provides further insight into the system component interdependencies and the input and output parameters for the system transitions and decision-points infuencing the value of inferences derived within the FEMS. Lastly, the completeness of the FEMS is assessed by comparing the constructs and operation of the FEMS against the published work of Brian D Carrier. This approach provides a mechanism for critically analyzing the FEMS model, to identify similarities or impactful considerations within the solution approach, and more importantly, to identify shortcomings within the model. Ultimately, the greatest value in the FEMS is in its ability to serve as a decision support or enhancement system for digital forensic investigators. Copyright Computer Science unrestricted 2013-09-07T06:37:20Z 2010-09-13 2013-09-07T06:37:20Z 2010-09-02 2010-09-13 2010-07-23 Dissertation Arthur, KK 2010, Considerations towards the development of a forensic evidence management system, MSc dissertation, University of Pretoria, Pretoria, viewed yymmdd < http://hdl.handle.net/2263/26567 > C10/539/gm http://hdl.handle.net/2263/26567 http://upetd.up.ac.za/thesis/available/etd-07232010-192957/ © 2010, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | Investigations Finite state automata Forensic evidence management system Computer forensics Digital forensics UCTD Considerations towards the development of a forensic evidence management system |
| title | Considerations towards the development of a forensic evidence management system |
| title_full | Considerations towards the development of a forensic evidence management system |
| title_fullStr | Considerations towards the development of a forensic evidence management system |
| title_full_unstemmed | Considerations towards the development of a forensic evidence management system |
| title_short | Considerations towards the development of a forensic evidence management system |
| title_sort | considerations towards the development of a forensic evidence management system |
| topic | Investigations Finite state automata Forensic evidence management system Computer forensics Digital forensics UCTD |
| url | http://hdl.handle.net/2263/26567 http://upetd.up.ac.za/thesis/available/etd-07232010-192957/ |