Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A Chain of findings for digital investigations
Dissertation (MSc)--University of Pretoria, 2013.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
University of Pretoria
2014
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613436204023808 |
|---|---|
| access_status_str | Open Access |
| author2 | Olivier, Martin S. |
| author_browse | Olivier, Martin S. |
| author_facet | Olivier, Martin S. |
| collection | Thesis |
| dc_rights_str_mv | © 2013 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Dissertation (MSc)--University of Pretoria, 2013. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/40842 |
| institution | University of Pretoria (South Africa) |
| language | English |
| last_indexed | 2026-06-10T12:36:06.757Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2014 |
| publishDateRange | 2014 |
| publishDateSort | 2014 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/40842 A Chain of findings for digital investigations Olivier, Martin S. s27041591@gmail.com De Souza, Pedro Digital Forensic Readiness Digital Forensic investigations Investigator Chain of Findings UCTD Dissertation (MSc)--University of Pretoria, 2013. Digital Forensic investigations play a vital role in our technologically enhanced world, and it may incorporate a number of different types of evidence — ranging from digital to physical. During a Digital Forensics investigation an investigator may formulate a number of hypotheses, and in order to reason objectively about them, an investigator must take into account such evidence in its entirety, relying on multiple sources. When formulating such objective reasoning an investigator must take into account not only inculpatory evidence but also exculpatory evidence and evidence of tampering. In addition, the investigator must factor in the reliability of the evidence used, the potential for error (tool and human based) and they must factor in the certainty with which they can make various claims. By doing so and creating a detailed audit trail of all actions performed by the investigator they can be better prepared against challenges against their work when it is presented. An investigator must also take into account the dynamic aspects of an investigation, such as certain evidence no longer being admissible, and they must continuously factor these aspects into their reasoning, to ensure that their conclusions still hold. Investigations may draw over a large period of time, and should the relevant information not be captured in detail, it may be lost or forgotten, affecting the reliability of an investigator’s findings and affecting future investigators’ capability to build on and continue an investigator’s work. In this dissertation we investigate whether it is possible to provide a formalised means for capturing and encoding an investigator’s reasoning process, in a detailed and structured manner. By this we mean we would like to capture and encode an investigator’s hypotheses, their arguments, their conclusions and the certainty with which they can make such claims, as well as the various pieces of evidence (digital and physical) that they use as a foundation for their arguments. We also want to capture the steps an investigator took when formulating these arguments and the steps an investigator took in order to get evidence into its intended form. The capturing of such a detailed reasoning process helps to allow for a more thorough reconstruction of an investigator’s finding, further improving the reliability that can be placed in them. By encoding the investigator’s reasoning process, an investigator can more easily receive feedback on the impacts that the various dynamic aspects of an investigation have upon their reasoning. In order to achieve these goals, our dissertation presents a model, called the Chain of Findings, allowing investigators to formulate and capture their reasoning process throughout the investigation, using a combination of goal-driven and data-driven approaches. When formulating their reasoning, the model allows investigators to treat evidence, digital and physical, uniformly as building blocks for their arguments and capture detailed information of how and why they serve their role in an investigator’s reasoning process. In addition, the Chain of Findings offers a number of other uses and benefits including the training of investigators and Digital Forensic Readiness. gm2014 Computer Science unrestricted 2014-07-17T12:15:43Z 2014-07-17T12:15:43Z 2014-04-08 2013 Dissertation De Souza, P 2013, A Chain of findings for digital investigations, MSc dissertation, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/40842> E14/4/293/gm http://hdl.handle.net/2263/40842 en © 2013 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | Digital Forensic Readiness Digital Forensic investigations Investigator Chain of Findings UCTD A Chain of findings for digital investigations |
| title | A Chain of findings for digital investigations |
| title_full | A Chain of findings for digital investigations |
| title_fullStr | A Chain of findings for digital investigations |
| title_full_unstemmed | A Chain of findings for digital investigations |
| title_short | A Chain of findings for digital investigations |
| title_sort | chain of findings for digital investigations |
| topic | Digital Forensic Readiness Digital Forensic investigations Investigator Chain of Findings UCTD |
| url | http://hdl.handle.net/2263/40842 |